Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/bb548e-5c91-4658-8e01-b80ff2f1552b/1/UEiFsCsSTC0Pg31Jp2WQ3gV01xE.roa
File:                     UEiFsCsSTC0Pg31Jp2WQ3gV01xE.roa (raw, json)
Hash identifier:          ITQdPL8nWruiENBkvvq4/6T+xWub5wb4OWq1AfgZvKY=
Subject key identifier:   50:48:85:B0:2B:12:4C:2D:0F:83:7D:49:A7:65:90:DE:05:74:D7:11
Certificate issuer:       /CN=b900632d4f80157d69ef5b53fe624dbf8adfefaf
Certificate serial:       01985AF9FB4F693802119ACCA5D7D8F88AAD
Authority key identifier: B9:00:63:2D:4F:80:15:7D:69:EF:5B:53:FE:62:4D:BF:8A:DF:EF:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uQBjLU-AFX1p71tT_mJNv4rf768.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/bb548e-5c91-4658-8e01-b80ff2f1552b/1/UEiFsCsSTC0Pg31Jp2WQ3gV01xE.roa
Signing time:             Wed 30 Jul 2025 10:56:28 +0000
ROA not before:           Wed 30 Jul 2025 10:56:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207943
IP address blocks:        185.46.71.0/24 maxlen: 24
                          2a12:9440::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/bb548e-5c91-4658-8e01-b80ff2f1552b/1/uQBjLU-AFX1p71tT_mJNv4rf768.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/bb548e-5c91-4658-8e01-b80ff2f1552b/1/uQBjLU-AFX1p71tT_mJNv4rf768.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uQBjLU-AFX1p71tT_mJNv4rf768.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 10:02:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5a:f9:fb:4f:69:38:02:11:9a:cc:a5:d7:d8:f8:8a:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b900632d4f80157d69ef5b53fe624dbf8adfefaf
        Validity
            Not Before: Jul 30 10:56:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=504885b02b124c2d0f837d49a76590de0574d711
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:0f:a9:8f:79:17:e1:2d:9e:fe:73:04:5a:f0:
                    ac:99:f4:1a:ab:7d:f8:d0:e7:fd:02:74:c8:d4:05:
                    c5:ea:66:9e:57:24:84:26:b2:a3:86:6b:92:ad:ad:
                    b5:54:cf:b8:54:e3:11:f8:3c:61:22:ba:36:eb:0b:
                    13:75:be:52:f4:a1:be:6a:82:f0:38:17:2a:4b:87:
                    d4:c5:5b:ba:13:da:00:b7:d7:5c:68:bc:5c:cf:83:
                    18:53:68:f3:38:24:17:db:c8:b6:2a:88:b5:7a:25:
                    f5:98:6e:da:ff:67:10:22:a4:eb:42:d7:be:94:dd:
                    1e:23:c2:dd:18:79:a6:fa:66:f3:43:bb:a2:cf:fc:
                    e6:e0:03:81:cd:53:4d:9f:d5:06:61:a7:2f:8d:f8:
                    72:56:37:07:d3:5f:3b:a0:43:46:0e:69:88:1c:8b:
                    5a:ef:ad:84:de:bf:3d:f7:c9:97:b0:b4:4b:4f:09:
                    50:40:90:ba:1a:9b:82:3d:34:34:d2:c4:4f:3b:e0:
                    27:75:be:40:93:07:41:42:44:3f:7a:e1:d8:95:73:
                    28:99:61:0f:e2:46:68:8a:9d:58:74:0f:e3:d9:fc:
                    72:0a:64:7b:a1:06:ff:de:1c:d8:3b:67:ce:07:ca:
                    4e:c3:d1:8c:e8:c7:59:9e:d9:bc:2e:c5:e5:50:4a:
                    87:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:48:85:B0:2B:12:4C:2D:0F:83:7D:49:A7:65:90:DE:05:74:D7:11
            X509v3 Authority Key Identifier:
                keyid:B9:00:63:2D:4F:80:15:7D:69:EF:5B:53:FE:62:4D:BF:8A:DF:EF:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uQBjLU-AFX1p71tT_mJNv4rf768.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/bb548e-5c91-4658-8e01-b80ff2f1552b/1/UEiFsCsSTC0Pg31Jp2WQ3gV01xE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/bb548e-5c91-4658-8e01-b80ff2f1552b/1/uQBjLU-AFX1p71tT_mJNv4rf768.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.71.0/24
                IPv6:
                  2a12:9440::/29

    Signature Algorithm: sha256WithRSAEncryption
         2f:ac:db:50:50:0b:cf:9a:b2:f4:cc:cd:7d:2f:60:42:d5:de:
         fb:c1:15:ff:af:3f:68:7e:ba:7e:58:41:ec:11:8d:f4:4e:5a:
         b7:cb:7f:56:af:46:22:4f:c3:10:22:06:cd:e4:2c:5e:2f:78:
         31:51:15:25:c0:9a:26:9e:23:3c:5d:cc:ef:8f:03:10:72:ba:
         9b:9d:e7:16:bd:62:8e:bd:14:57:69:bd:fe:be:79:f4:8e:e6:
         9c:a4:87:da:b6:fc:03:75:26:42:87:1e:d5:ed:22:59:21:d7:
         4e:8f:04:aa:4f:87:9a:9e:86:77:45:fa:45:2a:96:c1:9f:08:
         5a:8e:11:08:74:ab:e7:0e:88:1a:1a:07:4b:b1:2b:15:c6:b5:
         3c:fc:97:7c:6e:79:d6:65:ab:d6:9e:d8:59:68:b1:ab:2f:17:
         a0:0d:65:66:43:1b:54:34:bf:f1:7d:b7:41:72:78:4e:83:57:
         3b:40:d7:bd:58:26:f0:24:f5:70:9c:e2:b9:67:43:3f:23:04:
         6c:09:61:36:29:9e:35:1b:8e:35:c8:2d:1b:cd:f5:ca:60:da:
         3f:ba:a2:a8:8a:33:b2:b3:56:b8:62:50:9c:8e:5d:b5:dd:21:
         27:ca:67:e1:ac:02:b6:a1:d6:08:1c:af:07:c4:22:14:a6:23:
         6e:7b:5c:51
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZha+ftPaTgCEZrMpdfY+IqtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MDA2MzJkNGY4MDE1N2Q2OWVmNWI1M2ZlNjI0ZGJmOGFk
ZmVmYWYwHhcNMjUwNzMwMTA1NjI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDQ4ODViMDJiMTI0YzJkMGY4MzdkNDlhNzY1OTBkZTA1NzRkNzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqw+pj3kX4S2e/nMEWvCsmfQaq334
0Of9AnTI1AXF6maeVySEJrKjhmuSra21VM+4VOMR+DxhIro26wsTdb5S9KG+aoLw
OBcqS4fUxVu6E9oAt9dcaLxcz4MYU2jzOCQX28i2Koi1eiX1mG7a/2cQIqTrQte+
lN0eI8LdGHmm+mbzQ7uiz/zm4AOBzVNNn9UGYacvjfhyVjcH0187oENGDmmIHIta
762E3r8998mXsLRLTwlQQJC6GpuCPTQ00sRPO+Andb5AkwdBQkQ/euHYlXMomWEP
4kZoip1YdA/j2fxyCmR7oQb/3hzYO2fOB8pOw9GM6MdZntm8LsXlUEqHuQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFBIhbArEkwtD4N9SadlkN4FdNcRMB8GA1UdIwQY
MBaAFLkAYy1PgBV9ae9bU/5iTb+K3++vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVFCakxVLUFGWDFwNzF0VF9tSk52NHJmNzY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9iYjU0OGUtNWM5MS00NjU4LThlMDEt
YjgwZmYyZjE1NTJiLzEvVUVpRnNDc1NUQzBQZzMxSnAyV1EzZ1YwMXhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9iYjU0OGUtNWM5MS00NjU4LThlMDEtYjgwZmYyZjE1NTJi
LzEvdVFCakxVLUFGWDFwNzF0VF9tSk52NHJmNzY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuS5HMA0E
AgACMAcDBQMqEpRAMA0GCSqGSIb3DQEBCwUAA4IBAQAvrNtQUAvPmrL0zM19L2BC
1d77wRX/rz9ofrp+WEHsEY30Tlq3y39Wr0YiT8MQIgbN5CxeL3gxURUlwJomniM8
XczvjwMQcrqbnecWvWKOvRRXab3+vnn0juacpIfatvwDdSZChx7V7SJZIddOjwSq
T4eanoZ3RfpFKpbBnwhajhEIdKvnDogaGgdLsSsVxrU8/Jd8bnnWZavWnthZaLGr
LxegDWVmQxtUNL/xfbdBcnhOg1c7QNe9WCbwJPVwnOK5Z0M/IwRsCWE2KZ41G441
yC0bzfXKYNo/uqKoijOys1a4YlCcjl213SEnymfhrAK2odYIHK8HxCIUpiNue1xR
-----END CERTIFICATE-----