Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/40503a-6be9-4e1b-8243-716c0347aa76/1/UJadThgIY9kRl3yuOM0mvOp3eiw.roa
File:                     UJadThgIY9kRl3yuOM0mvOp3eiw.roa (raw, json)
Hash identifier:          NYhzFFlpnpad/HHC5kD2Bp7E8XgYHWJLlBn3GfXQ/6E=
Subject key identifier:   50:96:9D:4E:18:08:63:D9:11:97:7C:AE:38:CD:26:BC:EA:77:7A:2C
Certificate issuer:       /CN=19acf07f1352222658b789e4fe40ea38a8aa71df
Certificate serial:       0198656E11D4A9DBE5B573EC14F916069367
Authority key identifier: 19:AC:F0:7F:13:52:22:26:58:B7:89:E4:FE:40:EA:38:A8:AA:71:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GazwfxNSIiZYt4nk_kDqOKiqcd8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/40503a-6be9-4e1b-8243-716c0347aa76/1/UJadThgIY9kRl3yuOM0mvOp3eiw.roa
Signing time:             Fri 01 Aug 2025 11:39:28 +0000
ROA not before:           Fri 01 Aug 2025 11:39:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205881
IP address blocks:        151.136.0.0/16 maxlen: 16
                          2a07:4ac0:f002::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/40503a-6be9-4e1b-8243-716c0347aa76/1/GazwfxNSIiZYt4nk_kDqOKiqcd8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/40503a-6be9-4e1b-8243-716c0347aa76/1/GazwfxNSIiZYt4nk_kDqOKiqcd8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GazwfxNSIiZYt4nk_kDqOKiqcd8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 12 Aug 2025 02:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:65:6e:11:d4:a9:db:e5:b5:73:ec:14:f9:16:06:93:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19acf07f1352222658b789e4fe40ea38a8aa71df
        Validity
            Not Before: Aug  1 11:39:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50969d4e180863d911977cae38cd26bcea777a2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:5b:63:75:93:aa:20:89:25:23:9a:33:ee:2c:
                    72:15:a8:45:11:88:72:b8:04:08:a2:73:76:5f:a4:
                    15:e3:d4:a2:6b:64:1a:c1:cb:af:0a:79:42:0e:00:
                    e3:6e:22:02:6b:2a:75:30:de:36:0a:3a:20:9f:ba:
                    14:3d:75:ca:76:56:64:d5:5a:20:b8:55:8f:75:1a:
                    eb:df:7a:b6:06:11:dd:7d:ad:09:1a:04:d8:02:74:
                    f3:94:dc:10:45:a8:21:24:8c:96:4f:42:ed:4e:78:
                    aa:bf:bf:26:35:18:0a:3c:d8:d0:aa:e0:83:a0:c6:
                    07:de:d3:4d:37:2e:48:47:a5:b7:8b:0f:11:83:92:
                    ba:57:99:a1:b7:b7:05:84:50:be:82:55:47:a3:e6:
                    e8:c7:18:79:f2:89:70:f6:a1:44:d0:6a:94:80:99:
                    3f:c1:55:c7:7a:a9:37:dc:48:ae:c0:6d:d6:73:73:
                    05:29:c6:e6:0a:05:84:2b:22:5c:fd:1a:d2:5b:14:
                    62:5f:56:c4:21:84:28:22:21:78:48:03:f4:ed:9e:
                    8f:ca:b8:b4:60:df:93:fb:7e:9c:fb:9e:dc:9f:e8:
                    07:06:b7:9f:bd:b7:a7:fb:41:06:e3:f9:50:6b:8b:
                    3f:b6:c3:bf:fd:3d:57:c8:c7:eb:3f:9a:f8:d1:bd:
                    b2:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:96:9D:4E:18:08:63:D9:11:97:7C:AE:38:CD:26:BC:EA:77:7A:2C
            X509v3 Authority Key Identifier:
                keyid:19:AC:F0:7F:13:52:22:26:58:B7:89:E4:FE:40:EA:38:A8:AA:71:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GazwfxNSIiZYt4nk_kDqOKiqcd8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/40503a-6be9-4e1b-8243-716c0347aa76/1/UJadThgIY9kRl3yuOM0mvOp3eiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/40503a-6be9-4e1b-8243-716c0347aa76/1/GazwfxNSIiZYt4nk_kDqOKiqcd8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.136.0.0/16
                IPv6:
                  2a07:4ac0:f002::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:4a:65:c5:00:e9:29:7a:c3:fe:e3:95:4b:c8:9b:e8:71:02:
         0d:8e:49:f1:99:ae:16:88:46:31:99:16:93:3f:41:db:de:64:
         09:be:31:7f:8f:ad:87:88:d8:9a:61:ea:6b:e9:64:ff:19:7c:
         7f:27:88:f1:e6:1b:07:83:d3:72:7d:ba:db:c7:94:de:5e:86:
         e2:4e:5f:fd:91:a2:fd:63:f8:ba:79:56:28:fb:5a:07:51:52:
         bb:34:07:2f:6c:17:3c:e0:05:4d:21:93:dd:d3:4f:da:04:cb:
         b0:40:90:85:de:bc:a4:68:f8:0e:55:fe:30:db:03:ff:5f:17:
         2e:fc:e4:e8:16:00:6f:a9:49:23:e0:0a:23:92:1b:1d:0d:91:
         e4:79:12:6c:93:92:42:f1:06:73:9c:cf:2b:96:4b:7a:ec:f9:
         11:34:3e:db:b7:8b:f8:e6:5b:ff:58:be:06:97:2c:61:d2:f9:
         82:ed:a7:d3:e0:e1:32:ad:23:be:15:c2:47:3d:09:ef:be:03:
         2f:cb:de:75:5e:c2:f1:4e:83:e7:37:a5:66:26:70:52:9f:d8:
         4b:64:d1:18:5e:f1:d6:70:65:da:47:e4:64:e7:3b:75:8b:77:
         57:4d:84:7d:84:d3:d6:91:02:eb:eb:94:67:26:6f:9f:b4:2e:
         93:13:26:b9
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZhlbhHUqdvltXPsFPkWBpNnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5YWNmMDdmMTM1MjIyMjY1OGI3ODllNGZlNDBlYTM4YThh
YTcxZGYwHhcNMjUwODAxMTEzOTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDk2OWQ0ZTE4MDg2M2Q5MTE5NzdjYWUzOGNkMjZiY2VhNzc3YTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFtjdZOqIIklI5oz7ixyFahFEYhy
uAQIonN2X6QV49Sia2QawcuvCnlCDgDjbiICayp1MN42Cjogn7oUPXXKdlZk1Vog
uFWPdRrr33q2BhHdfa0JGgTYAnTzlNwQRaghJIyWT0LtTniqv78mNRgKPNjQquCD
oMYH3tNNNy5IR6W3iw8Rg5K6V5mht7cFhFC+glVHo+boxxh58olw9qFE0GqUgJk/
wVXHeqk33EiuwG3Wc3MFKcbmCgWEKyJc/RrSWxRiX1bEIYQoIiF4SAP07Z6Pyri0
YN+T+36c+57cn+gHBrefvben+0EG4/lQa4s/tsO//T1XyMfrP5r40b2y+QIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFFCWnU4YCGPZEZd8rjjNJrzqd3osMB8GA1UdIwQY
MBaAFBms8H8TUiImWLeJ5P5A6jioqnHfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2F6d2Z4TlNJaVpZdDRua19rRHFPS2lxY2Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy80MDUwM2EtNmJlOS00ZTFiLTgyNDMt
NzE2YzAzNDdhYTc2LzEvVUphZFRoZ0lZOWtSbDN5dU9NMG12T3AzZWl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy80MDUwM2EtNmJlOS00ZTFiLTgyNDMtNzE2YzAzNDdhYTc2
LzEvR2F6d2Z4TlNJaVpZdDRua19rRHFPS2lxY2Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjALBAIAATAFAwMAl4gwDwQC
AAIwCQMHACoHSsDwAjANBgkqhkiG9w0BAQsFAAOCAQEAoEplxQDpKXrD/uOVS8ib
6HECDY5J8ZmuFohGMZkWkz9B295kCb4xf4+th4jYmmHqa+lk/xl8fyeI8eYbB4PT
cn2628eU3l6G4k5f/ZGi/WP4unlWKPtaB1FSuzQHL2wXPOAFTSGT3dNP2gTLsECQ
hd68pGj4DlX+MNsD/18XLvzk6BYAb6lJI+AKI5IbHQ2R5HkSbJOSQvEGc5zPK5ZL
euz5ETQ+27eL+OZb/1i+BpcsYdL5gu2n0+DhMq0jvhXCRz0J774DL8vedV7C8U6D
5zelZiZwUp/YS2TRGF7x1nBl2kfkZOc7dYt3V02EfYTT1pEC6+uUZyZvn7QukxMm
uQ==
-----END CERTIFICATE-----