Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/UPp8Qs73JhRTI4x0xKIW14-Mywc.roa
File:                     UPp8Qs73JhRTI4x0xKIW14-Mywc.roa (raw, json)
Hash identifier:          JIS89v1Y+gZKQ5YcLgLBR5YbKKbn6jaRimtAwO/HUsQ=
Subject key identifier:   50:FA:7C:42:CE:F7:26:14:53:23:8C:74:C4:A2:16:D7:8F:8C:CB:07
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       0199ABEF73DB7CC49AFAEC61A3073AAD417E
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/UPp8Qs73JhRTI4x0xKIW14-Mywc.roa
Signing time:             Fri 03 Oct 2025 21:17:00 +0000
ROA not before:           Fri 03 Oct 2025 21:17:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214305
IP address blocks:        45.9.30.0/24 maxlen: 24
                          45.132.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ab:ef:73:db:7c:c4:9a:fa:ec:61:a3:07:3a:ad:41:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Oct  3 21:17:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50fa7c42cef7261453238c74c4a216d78f8ccb07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:7e:b0:7f:f0:24:4b:e5:b7:e1:d5:84:65:ac:
                    37:52:25:f3:4c:4a:72:10:bb:66:e5:b9:a2:c9:e7:
                    27:cb:1f:f3:cb:45:a5:ae:94:71:f2:76:8b:a3:f5:
                    1f:d3:da:c9:a0:b8:0c:f5:35:7d:d3:71:67:b6:97:
                    23:0f:1d:e1:8a:c9:d3:99:16:4c:a9:26:97:b6:15:
                    c9:3b:03:c5:4f:0b:e8:9e:4b:fc:96:4a:9d:f8:3e:
                    d2:7e:be:f7:de:9f:d8:b9:9c:c4:db:59:3f:cf:44:
                    18:3f:a0:fe:12:19:ef:3c:11:ed:05:db:b0:13:88:
                    45:f8:e4:24:2d:05:b6:68:59:8f:67:a9:ef:88:d2:
                    09:9d:4b:5a:fc:cf:e3:03:00:a2:b9:0c:87:cd:7c:
                    e3:c9:84:22:42:6b:d6:74:59:1b:87:3e:81:44:6b:
                    5d:78:71:2b:16:6c:4f:4e:32:47:b2:db:ee:77:33:
                    30:41:b9:e2:37:9c:05:65:b3:48:9e:84:7e:f1:1e:
                    3b:57:d3:f7:71:0b:2a:7e:ea:3a:ef:7d:fc:32:f7:
                    50:0a:be:1e:7c:46:75:09:73:f4:29:73:cc:2e:47:
                    38:25:9f:bb:b4:fe:80:01:ce:ee:55:f5:90:f1:05:
                    12:14:7d:af:a3:05:db:7d:72:40:d7:10:b0:91:fc:
                    e1:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:FA:7C:42:CE:F7:26:14:53:23:8C:74:C4:A2:16:D7:8F:8C:CB:07
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/UPp8Qs73JhRTI4x0xKIW14-Mywc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.30.0/24
                  45.132.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:f1:dc:7c:e1:03:4d:d2:cd:8d:00:ed:34:7b:f2:83:35:cd:
         85:98:07:9e:a7:b7:39:fb:b0:31:a4:3a:7f:ed:a3:af:07:40:
         3d:c9:b4:54:fa:6a:82:7c:ad:9e:21:e5:4c:50:8a:0e:ff:76:
         b2:df:4d:cb:3a:a3:eb:4c:ec:f2:89:f5:e1:e0:73:2b:42:f0:
         7e:90:0b:bf:05:ea:33:cf:df:0e:7d:9d:0b:53:7b:06:f3:57:
         9c:f5:69:ff:bc:85:88:78:24:28:0f:b1:d1:c9:7a:2d:24:7a:
         df:db:12:8d:00:16:e5:02:63:a2:b9:24:ac:8a:f6:bb:3d:14:
         37:25:ef:98:fa:e8:19:b7:fd:b0:7a:60:c1:0b:d4:48:48:f4:
         df:e2:40:30:50:72:ba:2d:4f:8b:26:29:48:17:ec:1f:7c:4a:
         53:6d:f8:9d:51:e5:83:b1:51:1c:7b:8a:f1:90:86:e3:48:ea:
         b3:04:c7:57:08:d9:ac:dc:27:68:7f:ff:f8:02:a3:ce:49:f3:
         7b:cb:c6:37:21:5c:3f:29:aa:85:9f:f2:9f:35:0c:54:79:21:
         78:e6:f0:35:bc:ae:bc:cf:08:79:7f:26:4f:19:47:2b:9e:e4:
         9d:c5:4d:cb:b2:a9:a7:3f:e7:d6:a0:34:5b:53:05:44:44:27:
         de:2a:b4:0e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmr73PbfMSa+uxhowc6rUF+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUxMDAzMjExNzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGZhN2M0MmNlZjcyNjE0NTMyMzhjNzRjNGEyMTZkNzhmOGNjYjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArX6wf/AkS+W34dWEZaw3UiXzTEpy
ELtm5bmiyecnyx/zy0WlrpRx8naLo/Uf09rJoLgM9TV903FntpcjDx3hisnTmRZM
qSaXthXJOwPFTwvonkv8lkqd+D7Sfr733p/YuZzE21k/z0QYP6D+EhnvPBHtBduw
E4hF+OQkLQW2aFmPZ6nviNIJnUta/M/jAwCiuQyHzXzjyYQiQmvWdFkbhz6BRGtd
eHErFmxPTjJHstvudzMwQbniN5wFZbNInoR+8R47V9P3cQsqfuo67338MvdQCr4e
fEZ1CXP0KXPMLkc4JZ+7tP6AAc7uVfWQ8QUSFH2vowXbfXJA1xCwkfzhKwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFD6fELO9yYUUyOMdMSiFtePjMsHMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvVVBwOFFzNzNKaFJUSTR4MHhLSVcxNC1NeXdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQkeAwQA
LYS3MA0GCSqGSIb3DQEBCwUAA4IBAQBi8dx84QNN0s2NAO00e/KDNc2FmAeep7c5
+7AxpDp/7aOvB0A9ybRU+mqCfK2eIeVMUIoO/3ay303LOqPrTOzyifXh4HMrQvB+
kAu/Beozz98OfZ0LU3sG81ec9Wn/vIWIeCQoD7HRyXotJHrf2xKNABblAmOiuSSs
iva7PRQ3Je+Y+ugZt/2wemDBC9RISPTf4kAwUHK6LU+LJilIF+wffEpTbfidUeWD
sVEce4rxkIbjSOqzBMdXCNms3Cdof//4AqPOSfN7y8Y3IVw/KaqFn/KfNQxUeSF4
5vA1vK68zwh5fyZPGUcrnuSdxU3LsqmnP+fWoDRbUwVERCfeKrQO
-----END CERTIFICATE-----