Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/50fa7b-7561-47bb-b455-16d1f208f35d/1/UDwBWBhc7p3WNVdJtp5WShdrtpI.roa
File:                     UDwBWBhc7p3WNVdJtp5WShdrtpI.roa (raw, json)
Hash identifier:          xcnjrx2kx71cryAKZS4UhrLsHTkf1Xzut87xSakHcWk=
Subject key identifier:   50:3C:01:58:18:5C:EE:9D:D6:35:57:49:B6:9E:56:4A:17:6B:B6:92
Certificate issuer:       /CN=c66d45a24d1c785839fecabbe1b4731bc2417790
Certificate serial:       0198521B1B821CF264CD360754C3F2A27F4D
Authority key identifier: C6:6D:45:A2:4D:1C:78:58:39:FE:CA:BB:E1:B4:73:1B:C2:41:77:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm1Fok0ceFg5_sq74bRzG8JBd5A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/50fa7b-7561-47bb-b455-16d1f208f35d/1/UDwBWBhc7p3WNVdJtp5WShdrtpI.roa
Signing time:             Mon 28 Jul 2025 17:36:04 +0000
ROA not before:           Mon 28 Jul 2025 17:36:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200436
IP address blocks:        195.5.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/50fa7b-7561-47bb-b455-16d1f208f35d/1/xm1Fok0ceFg5_sq74bRzG8JBd5A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/50fa7b-7561-47bb-b455-16d1f208f35d/1/xm1Fok0ceFg5_sq74bRzG8JBd5A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm1Fok0ceFg5_sq74bRzG8JBd5A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:52:1b:1b:82:1c:f2:64:cd:36:07:54:c3:f2:a2:7f:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d45a24d1c785839fecabbe1b4731bc2417790
        Validity
            Not Before: Jul 28 17:36:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=503c0158185cee9dd6355749b69e564a176bb692
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:0f:0e:d4:39:65:12:4e:65:e5:62:6c:4b:7c:
                    b2:21:46:40:20:40:23:db:eb:b8:4a:c3:c8:47:72:
                    77:36:db:4f:01:0b:ac:02:20:14:3e:ce:c0:19:aa:
                    a9:8b:fd:f8:64:f8:18:27:d9:91:9a:4f:66:5c:11:
                    c1:5d:91:93:2d:53:49:de:b3:62:85:68:41:6d:56:
                    32:d0:95:82:dd:28:ba:f5:ca:f4:d9:8b:26:d0:e4:
                    15:42:30:3d:bc:e3:4d:3d:c1:2e:b2:b6:d5:76:4a:
                    49:0c:c2:1e:8c:18:45:7d:05:72:f9:f8:e4:65:dd:
                    ae:d4:19:0c:57:2b:43:ab:b4:44:49:4a:83:58:e3:
                    35:78:18:ef:39:4b:38:fd:20:8f:8a:c6:4a:a1:18:
                    b2:be:d1:e6:73:0a:91:9e:22:19:be:a5:42:80:27:
                    6e:60:d3:82:cb:4d:15:74:0d:93:f8:d6:28:85:bc:
                    b9:f0:f5:d1:cc:14:2b:bb:c8:2d:d6:54:6f:27:6f:
                    dc:e0:32:c5:00:03:03:66:1a:43:9b:b9:09:b2:ac:
                    06:b3:0a:6e:df:c9:cf:2e:d4:ed:34:c6:eb:a0:b5:
                    94:d4:28:24:84:bf:2b:24:6c:a3:3d:c5:25:2e:76:
                    0d:34:75:ff:ba:f8:36:38:3e:b5:1f:38:c8:e5:74:
                    51:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:3C:01:58:18:5C:EE:9D:D6:35:57:49:B6:9E:56:4A:17:6B:B6:92
            X509v3 Authority Key Identifier:
                keyid:C6:6D:45:A2:4D:1C:78:58:39:FE:CA:BB:E1:B4:73:1B:C2:41:77:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm1Fok0ceFg5_sq74bRzG8JBd5A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/50fa7b-7561-47bb-b455-16d1f208f35d/1/UDwBWBhc7p3WNVdJtp5WShdrtpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/50fa7b-7561-47bb-b455-16d1f208f35d/1/xm1Fok0ceFg5_sq74bRzG8JBd5A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.5.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:cb:67:75:ab:35:8d:5c:ea:dd:c2:04:9b:fd:3a:fe:38:e8:
         ea:d8:5f:1f:b9:cd:1c:96:76:82:54:1b:9b:d3:f7:7a:bd:94:
         49:e4:16:c7:9d:42:e4:22:95:64:7e:38:6a:54:c7:ec:b9:67:
         cf:dd:47:26:a8:9f:12:f6:0d:49:a5:8b:b8:3c:2b:89:9d:4e:
         c9:78:4d:73:47:f2:2d:e3:62:b0:48:5c:ce:5c:35:79:01:5a:
         f2:34:3a:06:95:0a:9e:66:dc:88:b4:e7:31:ef:7a:79:86:69:
         5b:6c:a4:e7:1e:2e:20:a7:5a:7a:bb:fb:90:99:18:7b:4b:03:
         c2:32:62:a2:12:ea:60:b9:fb:9c:ee:5f:a6:c0:0d:03:7a:e8:
         90:e5:48:53:64:25:d4:ec:3b:db:a1:6a:19:e2:18:a2:db:e0:
         27:24:e9:ae:7e:60:29:fc:bd:f7:5d:34:bc:72:19:70:b5:09:
         b3:79:91:de:98:03:39:91:d8:ef:ec:9b:34:ae:35:03:fe:1b:
         72:51:14:dc:22:87:5d:06:a9:5b:fd:75:15:a3:88:ac:75:8e:
         01:06:be:5a:d4:13:c6:5f:d2:5a:37:2b:7f:3e:4d:83:32:bd:
         ec:7b:6b:6c:26:58:d4:e4:28:77:56:72:ae:d5:34:49:0b:db:
         c5:fb:b4:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhSGxuCHPJkzTYHVMPyon9NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ0NWEyNGQxYzc4NTgzOWZlY2FiYmUxYjQ3MzFiYzI0
MTc3OTAwHhcNMjUwNzI4MTczNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDNjMDE1ODE4NWNlZTlkZDYzNTU3NDliNjllNTY0YTE3NmJiNjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQ8O1DllEk5l5WJsS3yyIUZAIEAj
2+u4SsPIR3J3NttPAQusAiAUPs7AGaqpi/34ZPgYJ9mRmk9mXBHBXZGTLVNJ3rNi
hWhBbVYy0JWC3Si69cr02Ysm0OQVQjA9vONNPcEusrbVdkpJDMIejBhFfQVy+fjk
Zd2u1BkMVytDq7RESUqDWOM1eBjvOUs4/SCPisZKoRiyvtHmcwqRniIZvqVCgCdu
YNOCy00VdA2T+NYohby58PXRzBQru8gt1lRvJ2/c4DLFAAMDZhpDm7kJsqwGswpu
38nPLtTtNMbroLWU1CgkhL8rJGyjPcUlLnYNNHX/uvg2OD61HzjI5XRRGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFA8AVgYXO6d1jVXSbaeVkoXa7aSMB8GA1UdIwQY
MBaAFMZtRaJNHHhYOf7Ku+G0cxvCQXeQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0xRm9rMGNlRmc1X3NxNzRiUnpHOEpCZDVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS81MGZhN2ItNzU2MS00N2JiLWI0NTUt
MTZkMWYyMDhmMzVkLzEvVUR3QldCaGM3cDNXTlZkSnRwNVdTaGRydHBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS81MGZhN2ItNzU2MS00N2JiLWI0NTUtMTZkMWYyMDhmMzVk
LzEveG0xRm9rMGNlRmc1X3NxNzRiUnpHOEpCZDVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwVpMA0G
CSqGSIb3DQEBCwUAA4IBAQAEy2d1qzWNXOrdwgSb/Tr+OOjq2F8fuc0clnaCVBub
0/d6vZRJ5BbHnULkIpVkfjhqVMfsuWfP3UcmqJ8S9g1JpYu4PCuJnU7JeE1zR/It
42KwSFzOXDV5AVryNDoGlQqeZtyItOcx73p5hmlbbKTnHi4gp1p6u/uQmRh7SwPC
MmKiEupgufuc7l+mwA0DeuiQ5UhTZCXU7DvboWoZ4hii2+AnJOmufmAp/L33XTS8
chlwtQmzeZHemAM5kdjv7Js0rjUD/htyURTcIoddBqlb/XUVo4isdY4BBr5a1BPG
X9JaNyt/Pk2DMr3se2tsJljU5Ch3VnKu1TRJC9vF+7RN
-----END CERTIFICATE-----