Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/5c3e6e-107d-47f8-9d3f-b5b629cbb43b/1/UO64m9ibLk2rTsljT57Uia501Gc.roa
File:                     UO64m9ibLk2rTsljT57Uia501Gc.roa (raw, json)
Hash identifier:          R5xwJY/tajP9Zn1EiQQypEd626WAr6SRihiqBg9Doig=
Subject key identifier:   50:EE:B8:9B:D8:9B:2E:4D:AB:4E:C9:63:4F:9E:D4:89:AE:74:D4:67
Certificate issuer:       /CN=eb5be331de09bbc58df65aea75334b490c6f7fc7
Certificate serial:       01995CE6A5BA070BA72578CC77D0DB7A285D
Authority key identifier: EB:5B:E3:31:DE:09:BB:C5:8D:F6:5A:EA:75:33:4B:49:0C:6F:7F:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/61vjMd4Ju8WN9lrqdTNLSQxvf8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/5c3e6e-107d-47f8-9d3f-b5b629cbb43b/1/UO64m9ibLk2rTsljT57Uia501Gc.roa
Signing time:             Thu 18 Sep 2025 12:57:23 +0000
ROA not before:           Thu 18 Sep 2025 12:57:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211731
IP address blocks:        91.214.156.0/23 maxlen: 23
                          91.214.158.0/23 maxlen: 23
                          2001:67c:26c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/5c3e6e-107d-47f8-9d3f-b5b629cbb43b/1/61vjMd4Ju8WN9lrqdTNLSQxvf8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/5c3e6e-107d-47f8-9d3f-b5b629cbb43b/1/61vjMd4Ju8WN9lrqdTNLSQxvf8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/61vjMd4Ju8WN9lrqdTNLSQxvf8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5c:e6:a5:ba:07:0b:a7:25:78:cc:77:d0:db:7a:28:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb5be331de09bbc58df65aea75334b490c6f7fc7
        Validity
            Not Before: Sep 18 12:57:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50eeb89bd89b2e4dab4ec9634f9ed489ae74d467
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:4b:d7:e8:16:a2:64:cf:1b:8e:f8:af:81:5a:
                    fe:36:17:3a:cf:7d:4e:bb:fd:7b:00:3f:1d:46:fd:
                    11:45:be:24:f7:2c:85:58:00:88:60:7c:59:39:84:
                    8b:76:12:97:a3:ca:41:cf:d7:13:81:4d:11:58:f2:
                    a6:65:17:92:d9:5c:bb:7f:dd:88:37:34:67:ef:80:
                    7c:71:56:1e:9a:cf:3a:46:11:e9:3e:c5:70:2a:43:
                    9d:73:70:9c:38:67:9c:a5:b7:57:d5:d3:a4:37:85:
                    12:0f:63:c0:41:fc:1f:10:b1:d1:e6:20:bf:0b:02:
                    61:95:b0:30:29:a0:3c:06:95:c1:5f:ab:18:cf:09:
                    ea:1e:2a:d0:03:1b:c9:6d:78:91:ee:de:e7:12:d2:
                    75:f8:fa:82:3c:96:25:65:e1:3f:cd:6b:44:42:5e:
                    94:f3:fe:e1:db:83:27:a2:84:0c:aa:de:2c:16:97:
                    b3:a7:86:bc:cf:52:f6:43:aa:ad:30:c9:0f:8e:39:
                    e1:d0:ac:6f:a1:79:3e:32:1a:d9:1d:6c:03:b6:95:
                    6f:26:23:f4:71:ac:77:9d:66:5d:a6:9f:11:b7:bf:
                    75:42:ac:06:f0:e4:52:3d:12:b8:f3:67:d3:06:b3:
                    a7:ad:f0:d8:b0:0d:6f:dc:ec:8e:0f:1e:b5:01:78:
                    c4:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:EE:B8:9B:D8:9B:2E:4D:AB:4E:C9:63:4F:9E:D4:89:AE:74:D4:67
            X509v3 Authority Key Identifier:
                keyid:EB:5B:E3:31:DE:09:BB:C5:8D:F6:5A:EA:75:33:4B:49:0C:6F:7F:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/61vjMd4Ju8WN9lrqdTNLSQxvf8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/5c3e6e-107d-47f8-9d3f-b5b629cbb43b/1/UO64m9ibLk2rTsljT57Uia501Gc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/5c3e6e-107d-47f8-9d3f-b5b629cbb43b/1/61vjMd4Ju8WN9lrqdTNLSQxvf8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.214.156.0/22
                IPv6:
                  2001:67c:26c::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:91:cf:c6:9e:87:32:49:d3:33:7f:fb:44:17:21:d9:2e:9d:
         2f:1f:1f:17:25:a6:bf:1c:01:8f:91:0f:b9:2d:cf:ed:e4:77:
         a7:c1:c5:2d:d9:c2:37:1a:f6:ff:af:d5:c1:5b:d5:b0:f5:3a:
         f5:bb:f6:c7:32:e6:a8:58:cc:d4:a9:24:c1:a0:10:37:41:93:
         f2:35:cd:27:84:e7:cc:1e:01:b4:be:95:19:42:90:b0:57:be:
         3a:8b:33:29:db:d8:d3:65:da:9a:33:4b:29:b4:ba:ad:04:d4:
         5e:da:41:3b:ff:9d:b6:2a:2d:ac:d5:5b:6b:eb:c6:e1:bc:89:
         20:d8:33:44:76:b0:30:86:e1:e1:a0:58:6a:69:e8:62:fd:a6:
         34:39:26:0f:2a:b9:d2:aa:cd:78:65:ad:ec:ba:e2:3d:aa:a1:
         bf:3c:1b:06:fe:04:53:30:18:3a:be:b8:a0:19:50:b2:58:ef:
         98:be:66:a5:15:a1:96:38:bc:10:ba:f2:c2:33:29:2b:1d:66:
         de:a8:99:33:f7:5a:05:f4:5f:d6:e0:cf:4a:4c:f1:bd:82:35:
         1d:b8:1c:16:f7:06:18:d9:73:de:1e:90:88:70:ff:ca:3f:76:
         50:83:0c:ce:ee:1c:32:7c:9b:e8:6e:40:3f:28:be:64:91:63:
         6e:b3:86:a9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZlc5qW6BwunJXjMd9DbeihdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViNWJlMzMxZGUwOWJiYzU4ZGY2NWFlYTc1MzM0YjQ5MGM2
ZjdmYzcwHhcNMjUwOTE4MTI1NzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGVlYjg5YmQ4OWIyZTRkYWI0ZWM5NjM0ZjllZDQ4OWFlNzRkNDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4UvX6BaiZM8bjvivgVr+Nhc6z31O
u/17AD8dRv0RRb4k9yyFWACIYHxZOYSLdhKXo8pBz9cTgU0RWPKmZReS2Vy7f92I
NzRn74B8cVYems86RhHpPsVwKkOdc3CcOGecpbdX1dOkN4USD2PAQfwfELHR5iC/
CwJhlbAwKaA8BpXBX6sYzwnqHirQAxvJbXiR7t7nEtJ1+PqCPJYlZeE/zWtEQl6U
8/7h24MnooQMqt4sFpezp4a8z1L2Q6qtMMkPjjnh0KxvoXk+MhrZHWwDtpVvJiP0
cax3nWZdpp8Rt791QqwG8ORSPRK482fTBrOnrfDYsA1v3OyODx61AXjEywIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFDuuJvYmy5Nq07JY0+e1ImudNRnMB8GA1UdIwQY
MBaAFOtb4zHeCbvFjfZa6nUzS0kMb3/HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjF2ak1kNEp1OFdOOWxycWRUTkxTUXh2ZjhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS81YzNlNmUtMTA3ZC00N2Y4LTlkM2Yt
YjViNjI5Y2JiNDNiLzEvVU82NG05aWJMazJyVHNsalQ1N1VpYTUwMUdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS81YzNlNmUtMTA3ZC00N2Y4LTlkM2YtYjViNjI5Y2JiNDNi
LzEvNjF2ak1kNEp1OFdOOWxycWRUTkxTUXh2ZjhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCW9acMA8E
AgACMAkDBwAgAQZ8AmwwDQYJKoZIhvcNAQELBQADggEBADSRz8aehzJJ0zN/+0QX
IdkunS8fHxclpr8cAY+RD7ktz+3kd6fBxS3Zwjca9v+v1cFb1bD1OvW79scy5qhY
zNSpJMGgEDdBk/I1zSeE58weAbS+lRlCkLBXvjqLMynb2NNl2pozSym0uq0E1F7a
QTv/nbYqLazVW2vrxuG8iSDYM0R2sDCG4eGgWGpp6GL9pjQ5Jg8qudKqzXhlrey6
4j2qob88Gwb+BFMwGDq+uKAZULJY75i+ZqUVoZY4vBC68sIzKSsdZt6omTP3WgX0
X9bgz0pM8b2CNR24HBb3BhjZc94ekIhw/8o/dlCDDM7uHDJ8m+huQD8ovmSRY26z
hqk=
-----END CERTIFICATE-----