Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/Ulmk7HfyYHX1PWttEjCIT5OrO-k.roa
File:                     Ulmk7HfyYHX1PWttEjCIT5OrO-k.roa (raw, json)
Hash identifier:          OVc1v3Tt3GjpdKfYL5NZu3Gd/DEisCFgv4h0PvPvhDs=
Subject key identifier:   52:59:A4:EC:77:F2:60:75:F5:3D:6B:6D:12:30:88:4F:93:AB:3B:E9
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019787F97AF926A26842DE3D0E3720218FB7
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/Ulmk7HfyYHX1PWttEjCIT5OrO-k.roa
Signing time:             Thu 19 Jun 2025 11:36:03 +0000
ROA not before:           Thu 19 Jun 2025 11:36:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216246
IP address blocks:        193.233.21.0/24 maxlen: 24
                          193.233.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 16:57:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:87:f9:7a:f9:26:a2:68:42:de:3d:0e:37:20:21:8f:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jun 19 11:36:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5259a4ec77f26075f53d6b6d1230884f93ab3be9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:24:7c:d1:7d:37:9c:99:34:fe:b9:b6:53:81:
                    84:ae:26:f9:b0:6c:16:0e:32:0e:1e:5d:19:4d:b4:
                    4a:f6:49:fc:b2:a2:36:e8:2e:f3:80:e5:12:03:b3:
                    57:22:e8:8e:1f:f6:c2:7a:c8:11:2e:69:e6:8d:4e:
                    80:ed:d0:b3:33:e6:42:91:00:91:29:52:b8:8c:c3:
                    a3:19:3b:4f:c7:7b:d5:3c:48:86:10:29:b1:46:f2:
                    ca:69:00:00:b0:37:ca:fc:15:a9:2d:e8:f0:bf:1b:
                    f0:f5:c0:01:4f:2f:43:10:7e:55:04:0b:b4:e6:1c:
                    63:c0:03:66:2b:8d:39:f2:a0:fb:ad:86:e9:48:b6:
                    93:7e:23:3a:8f:80:0a:43:18:8c:20:b9:09:85:89:
                    2b:0e:3f:0e:29:2f:ec:0c:53:b0:cc:ee:99:ed:fb:
                    14:5d:c9:94:ce:1e:2f:e2:e6:93:6e:54:20:b4:4e:
                    66:c9:8b:e1:27:d0:8d:61:20:f5:87:72:78:e5:15:
                    cf:70:ad:e0:51:19:5c:7f:c8:c9:6f:e7:4b:70:76:
                    94:b8:54:66:89:9e:63:a3:1e:f3:3b:88:2b:48:21:
                    60:45:f1:da:56:41:9e:cd:4b:05:07:8d:23:95:49:
                    36:ca:ab:7f:ac:5d:7d:5a:03:4d:7e:bb:47:5c:52:
                    84:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:59:A4:EC:77:F2:60:75:F5:3D:6B:6D:12:30:88:4F:93:AB:3B:E9
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/Ulmk7HfyYHX1PWttEjCIT5OrO-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.21.0/24
                  193.233.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:46:6c:82:76:03:b1:a6:3c:c1:f5:6e:59:56:41:ea:9f:a5:
         27:4d:9f:26:d2:ec:88:b2:1d:89:33:be:21:bd:be:0d:f2:de:
         83:31:dc:64:ad:42:71:fd:3e:81:21:8c:c3:32:0d:8b:b9:df:
         56:f8:ad:7c:bd:51:00:a8:a0:16:a1:c8:db:25:05:7a:e1:ee:
         68:e3:cf:ce:9f:ab:9f:2f:0f:ab:4f:02:7d:8e:03:e3:88:d3:
         83:e2:18:20:44:a2:60:fb:81:15:fb:13:cc:6a:12:20:30:e4:
         93:0f:5a:3e:b3:6f:f3:0b:1d:42:5b:ae:26:dc:df:0c:af:6e:
         f1:57:d7:4d:4a:40:94:a8:6a:8e:40:11:de:b8:01:f2:d0:35:
         fc:66:30:2d:1e:f2:c9:0b:34:31:ab:d5:73:3a:68:b2:b7:6e:
         87:ba:be:8d:7a:dc:de:93:8d:be:32:d3:29:20:db:13:30:67:
         93:71:94:bd:0e:1b:2c:31:6f:e6:0a:21:ce:4e:b2:84:aa:38:
         93:88:df:f5:84:3a:a6:3e:92:d1:2e:6b:d2:c2:92:b8:45:78:
         f8:55:66:a9:f5:41:c2:44:2a:51:e8:ce:2c:7c:60:06:e5:2c:
         6a:c7:2f:ba:ee:23:aa:2a:aa:ab:1b:1e:4a:0d:31:18:24:07:
         ef:b4:c5:4c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZeH+Xr5JqJoQt49DjcgIY+3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwNjE5MTEzNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjU5YTRlYzc3ZjI2MDc1ZjUzZDZiNmQxMjMwODg0ZjkzYWIzYmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiR80X03nJk0/rm2U4GErib5sGwW
DjIOHl0ZTbRK9kn8sqI26C7zgOUSA7NXIuiOH/bCesgRLmnmjU6A7dCzM+ZCkQCR
KVK4jMOjGTtPx3vVPEiGECmxRvLKaQAAsDfK/BWpLejwvxvw9cABTy9DEH5VBAu0
5hxjwANmK4058qD7rYbpSLaTfiM6j4AKQxiMILkJhYkrDj8OKS/sDFOwzO6Z7fsU
XcmUzh4v4uaTblQgtE5myYvhJ9CNYSD1h3J45RXPcK3gURlcf8jJb+dLcHaUuFRm
iZ5jox7zO4grSCFgRfHaVkGezUsFB40jlUk2yqt/rF19WgNNfrtHXFKEPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFJZpOx38mB19T1rbRIwiE+TqzvpMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvVWxtazdIZnlZSFgxUFd0dEVqQ0lUNU9yTy1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwekVAwQA
wemEMA0GCSqGSIb3DQEBCwUAA4IBAQBJRmyCdgOxpjzB9W5ZVkHqn6UnTZ8m0uyI
sh2JM74hvb4N8t6DMdxkrUJx/T6BIYzDMg2Lud9W+K18vVEAqKAWocjbJQV64e5o
48/On6ufLw+rTwJ9jgPjiNOD4hggRKJg+4EV+xPMahIgMOSTD1o+s2/zCx1CW64m
3N8Mr27xV9dNSkCUqGqOQBHeuAHy0DX8ZjAtHvLJCzQxq9VzOmiyt26Hur6Netze
k42+MtMpINsTMGeTcZS9DhssMW/mCiHOTrKEqjiTiN/1hDqmPpLRLmvSwpK4RXj4
VWap9UHCRCpR6M4sfGAG5Sxqxy+67iOqKqqrGx5KDTEYJAfvtMVM
-----END CERTIFICATE-----