Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/UNPMxUTpN6F_pgC91vCmD1HFspw.roa
File:                     UNPMxUTpN6F_pgC91vCmD1HFspw.roa (raw, json)
Hash identifier:          jTsyj9nrkYHMCYAdHXNg5BbHNZmwI4fUMjG/ubMSE0Y=
Subject key identifier:   50:D3:CC:C5:44:E9:37:A1:7F:A6:00:BD:D6:F0:A6:0F:51:C5:B2:9C
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       019A34DC49A343BF1F314414205685F409F9
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/UNPMxUTpN6F_pgC91vCmD1HFspw.roa
Signing time:             Thu 30 Oct 2025 11:24:03 +0000
ROA not before:           Thu 30 Oct 2025 11:24:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63199
IP address blocks:        46.29.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:34:dc:49:a3:43:bf:1f:31:44:14:20:56:85:f4:09:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Oct 30 11:24:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50d3ccc544e937a17fa600bdd6f0a60f51c5b29c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ae:95:94:2a:4a:2b:92:41:bc:a9:aa:39:51:
                    c3:84:f0:e3:6f:af:37:bf:3e:50:d9:50:5d:80:62:
                    07:a6:3e:ba:d4:b2:c7:45:30:06:f1:99:73:7c:19:
                    7f:69:6f:8f:de:00:6c:ee:43:73:5d:1e:17:d5:cc:
                    5b:78:26:7d:a0:db:07:0f:89:79:f6:eb:89:ac:28:
                    a5:d2:da:01:25:56:37:84:92:b9:0d:72:8f:36:25:
                    cc:3b:3c:a0:67:97:73:7d:31:2a:62:90:b8:6f:75:
                    d7:1f:56:79:a5:60:d3:57:2e:80:74:22:8e:ba:72:
                    f2:86:2f:d1:45:37:db:d3:8a:d7:61:eb:07:e4:67:
                    8d:6b:80:32:7d:fb:16:7a:48:55:f1:48:65:47:d0:
                    f8:f8:86:14:2b:db:60:d4:84:66:b3:0f:52:82:6a:
                    9f:ab:e3:7d:1a:15:5d:03:fa:50:87:fa:7b:f4:30:
                    81:17:c2:7f:0a:21:bb:8d:a3:24:01:81:7f:95:98:
                    c9:9a:19:c4:a4:fe:e3:2d:6f:04:f3:7a:ff:a8:b4:
                    aa:27:47:0a:97:62:eb:34:b8:f9:8d:69:be:ef:62:
                    83:59:90:fe:f0:7f:c8:48:1a:f5:f1:fe:ec:8a:06:
                    8b:45:ed:cb:45:16:90:7c:27:78:8c:de:d8:e8:b3:
                    92:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:D3:CC:C5:44:E9:37:A1:7F:A6:00:BD:D6:F0:A6:0F:51:C5:B2:9C
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/UNPMxUTpN6F_pgC91vCmD1HFspw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.29.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:2f:f9:3a:03:16:20:4b:ea:43:cf:69:80:05:c5:11:30:e3:
         34:7c:fc:e6:eb:b5:51:04:75:66:a8:04:59:a9:af:b6:31:54:
         a2:6b:3b:15:2c:32:7d:7d:5e:1e:da:23:19:d9:8e:08:dc:f5:
         7f:55:be:7b:fa:c7:7c:70:65:2f:d6:ba:99:b6:7a:95:0c:a5:
         15:6a:37:34:24:7c:ce:b9:9f:bd:52:55:4f:f3:18:79:48:3b:
         aa:d0:b6:32:f3:79:54:7d:77:d3:33:9c:de:9a:39:e6:c6:b3:
         e2:a9:29:6d:15:7c:34:b4:96:eb:81:0b:95:73:4e:c0:09:ef:
         01:b9:c2:6a:e3:cf:8f:20:bb:45:25:7d:fa:f0:67:bf:ae:3f:
         41:21:2d:d2:e5:d4:c9:22:b9:76:02:17:d1:e6:34:e0:49:b9:
         64:ea:04:be:6d:00:b8:b7:ee:5f:75:86:8e:49:2f:68:33:af:
         5f:83:34:6f:11:4b:49:78:79:d7:af:a4:5e:75:4b:bb:0a:7d:
         29:bd:df:1e:df:86:62:a5:41:f0:eb:d0:f8:4c:98:8f:12:0b:
         15:84:f9:43:cb:93:0c:87:f4:dc:a7:e9:61:7c:00:03:20:68:
         ea:de:09:78:70:d6:42:9b:29:62:33:f2:94:15:f7:72:7f:82:
         2e:2e:cd:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZo03EmjQ78fMUQUIFaF9An5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUxMDMwMTEyNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGQzY2NjNTQ0ZTkzN2ExN2ZhNjAwYmRkNmYwYTYwZjUxYzViMjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAua6VlCpKK5JBvKmqOVHDhPDjb683
vz5Q2VBdgGIHpj661LLHRTAG8ZlzfBl/aW+P3gBs7kNzXR4X1cxbeCZ9oNsHD4l5
9uuJrCil0toBJVY3hJK5DXKPNiXMOzygZ5dzfTEqYpC4b3XXH1Z5pWDTVy6AdCKO
unLyhi/RRTfb04rXYesH5GeNa4AyffsWekhV8UhlR9D4+IYUK9tg1IRmsw9Sgmqf
q+N9GhVdA/pQh/p79DCBF8J/CiG7jaMkAYF/lZjJmhnEpP7jLW8E83r/qLSqJ0cK
l2LrNLj5jWm+72KDWZD+8H/ISBr18f7sigaLRe3LRRaQfCd4jN7Y6LOSaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFDTzMVE6Tehf6YAvdbwpg9RxbKcMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvVU5QTXhVVHBONkZfcGdDOTF2Q21EMUhGc3B3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALh0YMA0G
CSqGSIb3DQEBCwUAA4IBAQAaL/k6AxYgS+pDz2mABcURMOM0fPzm67VRBHVmqARZ
qa+2MVSiazsVLDJ9fV4e2iMZ2Y4I3PV/Vb57+sd8cGUv1rqZtnqVDKUVajc0JHzO
uZ+9UlVP8xh5SDuq0LYy83lUfXfTM5zemjnmxrPiqSltFXw0tJbrgQuVc07ACe8B
ucJq48+PILtFJX368Ge/rj9BIS3S5dTJIrl2AhfR5jTgSblk6gS+bQC4t+5fdYaO
SS9oM69fgzRvEUtJeHnXr6RedUu7Cn0pvd8e34ZipUHw69D4TJiPEgsVhPlDy5MM
h/Tcp+lhfAADIGjq3gl4cNZCmyliM/KUFfdyf4IuLs1r
-----END CERTIFICATE-----