Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/uyUdPh_jn53BgJ4hmqSF7yNziI0.roa
File:                     uyUdPh_jn53BgJ4hmqSF7yNziI0.roa (raw, json)
Hash identifier:          oNdnJvQHAFH+bVRPFBuFlzkwsgJTaV5dlPlgcjGY4i8=
Subject key identifier:   BB:25:1D:3E:1F:E3:9F:9D:C1:80:9E:21:9A:A4:85:EF:23:73:88:8D
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       019A0FF8A00B68920E9303BB5863C051FD18
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/uyUdPh_jn53BgJ4hmqSF7yNziI0.roa
Signing time:             Thu 23 Oct 2025 07:29:03 +0000
ROA not before:           Thu 23 Oct 2025 07:29:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25198
IP address blocks:        212.100.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 17:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0f:f8:a0:0b:68:92:0e:93:03:bb:58:63:c0:51:fd:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: Oct 23 07:29:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb251d3e1fe39f9dc1809e219aa485ef2373888d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:6f:31:d0:4f:35:c5:a9:bb:35:45:6f:84:f0:
                    da:41:68:42:59:76:69:8f:35:c2:29:73:ed:53:34:
                    95:6a:b9:02:61:e5:c7:76:a3:39:36:3a:28:02:b0:
                    8d:c2:a4:65:5e:63:f4:9b:44:95:f5:97:3f:5a:0e:
                    93:19:e9:65:ea:3b:8e:d6:33:40:f5:3e:c7:b1:dd:
                    5c:b4:6a:e4:57:bc:f7:66:a6:db:c9:b1:96:07:1c:
                    a5:9b:06:a1:b9:8f:1b:14:fc:c1:99:b3:6f:c1:78:
                    23:e6:16:d3:22:56:3a:16:78:b4:19:af:e7:4c:2c:
                    a9:e4:c6:5c:8b:3d:ef:19:c4:c0:c5:81:28:2c:5f:
                    35:24:24:e9:b3:83:39:af:7e:be:82:e8:db:18:81:
                    f5:43:ca:c2:62:4a:b5:e5:a3:05:32:00:5d:74:82:
                    0d:2f:26:6a:64:5c:db:d7:7a:6e:6f:0c:af:9d:8c:
                    4d:08:f0:ca:51:0c:36:4d:06:8e:c4:b7:35:3b:00:
                    d3:15:cb:d5:2a:a9:1e:ae:db:ce:8c:80:17:3b:b9:
                    43:bf:d7:d0:4b:98:7f:04:ff:b4:33:9b:59:34:d3:
                    ee:cf:c4:95:4c:b0:2c:57:ac:07:3c:66:8b:83:8c:
                    c7:9d:d0:83:ad:61:43:d3:85:4f:3e:f2:a8:96:2f:
                    5a:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:25:1D:3E:1F:E3:9F:9D:C1:80:9E:21:9A:A4:85:EF:23:73:88:8D
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/uyUdPh_jn53BgJ4hmqSF7yNziI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:f0:59:e9:d0:12:2f:d5:bc:b5:52:34:29:36:bc:a5:e3:52:
         49:c3:1f:2f:8e:1b:2f:56:2a:14:8c:3e:b3:6a:aa:60:84:e5:
         ae:05:bf:27:36:d8:1d:70:40:fd:09:00:59:7f:25:2d:23:ac:
         16:65:3c:21:1b:9b:bf:af:0c:d3:a2:59:c0:39:14:1c:fb:87:
         99:f5:18:fe:ba:2a:aa:ff:69:35:e5:40:78:ad:c2:fd:84:20:
         f8:a1:50:de:ff:7c:44:d5:a6:f4:93:c8:e1:23:e5:e3:6a:c8:
         53:ca:73:2b:28:f0:bf:4d:49:39:8b:82:50:6b:af:41:13:ad:
         73:35:90:eb:33:de:51:fb:57:02:a9:de:b7:2a:df:d3:57:a9:
         f3:f9:6f:00:ba:d9:7e:8d:a3:ec:be:89:59:a5:9f:27:13:3c:
         45:f5:c8:e4:ab:d5:b5:52:53:99:75:d8:2a:d0:62:c1:e7:f8:
         f2:4d:c7:c9:15:c0:d3:a2:3f:bb:e5:8d:e1:d6:3f:e2:28:e4:
         da:be:10:dd:a3:52:ca:a0:b2:6e:8e:8b:23:83:8f:40:44:71:
         28:0d:e2:0a:5a:71:5c:3a:3a:94:22:b5:67:10:c9:cd:0e:af:
         47:72:35:ad:d5:8a:e5:fe:dd:88:31:25:1a:f2:d3:56:d5:34:
         d0:1f:2f:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoP+KALaJIOkwO7WGPAUf0YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjUxMDIzMDcyOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjI1MWQzZTFmZTM5ZjlkYzE4MDllMjE5YWE0ODVlZjIzNzM4ODhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsm8x0E81xam7NUVvhPDaQWhCWXZp
jzXCKXPtUzSVarkCYeXHdqM5NjooArCNwqRlXmP0m0SV9Zc/Wg6TGell6juO1jNA
9T7Hsd1ctGrkV7z3ZqbbybGWBxylmwahuY8bFPzBmbNvwXgj5hbTIlY6Fni0Ga/n
TCyp5MZciz3vGcTAxYEoLF81JCTps4M5r36+gujbGIH1Q8rCYkq15aMFMgBddIIN
LyZqZFzb13pubwyvnYxNCPDKUQw2TQaOxLc1OwDTFcvVKqkertvOjIAXO7lDv9fQ
S5h/BP+0M5tZNNPuz8SVTLAsV6wHPGaLg4zHndCDrWFD04VPPvKoli9a6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLslHT4f45+dwYCeIZqkhe8jc4iNMB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvdXlVZFBoX2puNTNCZ0o0aG1xU0Y3eU56aUkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQtNGFiOWU4YWEzMjYy
LzEvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GS+MA0G
CSqGSIb3DQEBCwUAA4IBAQCm8Fnp0BIv1by1UjQpNryl41JJwx8vjhsvVioUjD6z
aqpghOWuBb8nNtgdcED9CQBZfyUtI6wWZTwhG5u/rwzTolnAORQc+4eZ9Rj+uiqq
/2k15UB4rcL9hCD4oVDe/3xE1ab0k8jhI+XjashTynMrKPC/TUk5i4JQa69BE61z
NZDrM95R+1cCqd63Kt/TV6nz+W8Autl+jaPsvolZpZ8nEzxF9cjkq9W1UlOZddgq
0GLB5/jyTcfJFcDToj+75Y3h1j/iKOTavhDdo1LKoLJujosjg49ARHEoDeIKWnFc
OjqUIrVnEMnNDq9HcjWt1Yrl/t2IMSUa8tNW1TTQHy8n
-----END CERTIFICATE-----