Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/6b66b4-064c-42ee-a5ee-1a65b91bee58/1/uIJozNFoP5XfidjBCM0P31eTvUk.roa
File:                     uIJozNFoP5XfidjBCM0P31eTvUk.roa (raw, json)
Hash identifier:          82dJmEh9Xee5pf4NlP3/OL/7fNmKhnVpCwcSGBoqspI=
Subject key identifier:   B8:82:68:CC:D1:68:3F:95:DF:89:D8:C1:08:CD:0F:DF:57:93:BD:49
Certificate issuer:       /CN=4c3c665e51cc4cb5caf05b8294843e2733a13dee
Certificate serial:       0197CF95D51BEC3E530E104802FA2470C048
Authority key identifier: 4C:3C:66:5E:51:CC:4C:B5:CA:F0:5B:82:94:84:3E:27:33:A1:3D:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TDxmXlHMTLXK8FuClIQ-JzOhPe4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/6b66b4-064c-42ee-a5ee-1a65b91bee58/1/uIJozNFoP5XfidjBCM0P31eTvUk.roa
Signing time:             Thu 03 Jul 2025 09:19:52 +0000
ROA not before:           Thu 03 Jul 2025 09:19:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58172
IP address blocks:        45.135.131.0/24 maxlen: 24
                          91.213.49.0/24 maxlen: 24
                          185.191.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/6b66b4-064c-42ee-a5ee-1a65b91bee58/1/TDxmXlHMTLXK8FuClIQ-JzOhPe4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/6b66b4-064c-42ee-a5ee-1a65b91bee58/1/TDxmXlHMTLXK8FuClIQ-JzOhPe4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TDxmXlHMTLXK8FuClIQ-JzOhPe4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Jul 2025 20:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:cf:95:d5:1b:ec:3e:53:0e:10:48:02:fa:24:70:c0:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c3c665e51cc4cb5caf05b8294843e2733a13dee
        Validity
            Not Before: Jul  3 09:19:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b88268ccd1683f95df89d8c108cd0fdf5793bd49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:bb:ea:b6:f8:de:55:1c:14:2f:25:ee:e5:57:
                    43:d6:19:0b:4b:39:4c:8a:85:90:3b:94:dd:a2:60:
                    bf:b9:e7:78:fb:9b:ed:b1:08:95:ff:d6:9f:3f:75:
                    e9:dc:74:ed:03:fc:be:6d:38:2f:a8:c1:24:60:09:
                    4d:54:13:56:97:5f:a6:74:b8:6b:3f:c3:07:db:15:
                    31:5a:78:fb:2f:ef:a6:41:00:61:77:5b:47:09:dc:
                    b5:49:5e:cc:30:d5:8d:0c:c2:1b:06:6f:47:f3:b3:
                    f0:36:61:a9:c0:d2:ab:e1:0d:b1:e0:c7:1d:a1:ff:
                    cf:b2:68:66:4e:a8:4c:55:fa:3b:f1:22:fd:ab:54:
                    b1:bb:d2:61:15:76:4e:6a:bc:f2:d8:64:c4:e1:35:
                    b0:7a:62:a1:1d:31:98:f0:f6:7a:92:55:84:d6:73:
                    e6:e9:77:07:c5:af:11:e8:38:52:c3:f9:38:81:a5:
                    4e:49:cf:bf:8d:1e:9d:2f:e4:0d:c7:c4:3b:77:e0:
                    06:25:d5:5e:1c:ef:11:39:95:cb:0a:6a:6f:14:de:
                    c3:c9:5d:71:be:b2:19:40:e4:b0:9f:bd:02:82:0d:
                    03:50:f0:19:cc:46:c2:7d:d9:f1:04:f0:11:8b:ce:
                    01:ce:23:56:48:0a:e3:e5:f8:f3:cd:fc:f9:ef:f8:
                    76:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:82:68:CC:D1:68:3F:95:DF:89:D8:C1:08:CD:0F:DF:57:93:BD:49
            X509v3 Authority Key Identifier:
                keyid:4C:3C:66:5E:51:CC:4C:B5:CA:F0:5B:82:94:84:3E:27:33:A1:3D:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TDxmXlHMTLXK8FuClIQ-JzOhPe4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/6b66b4-064c-42ee-a5ee-1a65b91bee58/1/uIJozNFoP5XfidjBCM0P31eTvUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/6b66b4-064c-42ee-a5ee-1a65b91bee58/1/TDxmXlHMTLXK8FuClIQ-JzOhPe4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.131.0/24
                  91.213.49.0/24
                  185.191.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:ab:0a:9f:00:17:b2:99:be:73:d9:2d:15:e9:ae:11:9a:c7:
         3e:02:08:62:17:f9:88:96:a5:f9:e7:6d:9e:47:7e:0e:e8:e6:
         51:39:8a:0f:bf:78:86:a8:47:63:10:17:e5:18:f3:b3:59:59:
         65:f6:47:6c:a1:d7:17:22:72:1c:fa:f5:25:5a:27:3b:bc:b2:
         4c:b0:38:13:98:7b:0c:0b:c1:9f:e9:a1:ee:43:c1:fc:fd:55:
         85:75:4d:85:f2:59:f3:6e:32:10:5e:4a:e2:15:ad:40:97:92:
         e4:cb:4e:52:8f:ae:f8:10:66:39:e4:f6:8e:f0:18:b5:e2:58:
         46:38:e4:2d:56:7c:2b:e5:b0:e5:bf:dc:86:28:f7:d6:3e:77:
         16:e2:4d:29:93:5b:ad:ac:0a:a0:b8:01:b0:cc:6a:ea:44:99:
         23:ef:cc:fd:78:a2:4a:8a:de:33:04:82:8f:59:97:a2:17:ab:
         29:d3:b2:c9:b4:f5:37:f1:c0:12:ee:9f:df:a5:43:b3:36:ea:
         49:fd:a8:be:5f:57:69:e5:4b:62:98:68:f1:ac:30:d6:50:e0:
         8c:37:f6:ad:c8:99:e3:ef:6b:96:54:50:02:cb:4f:a5:86:06:
         70:86:15:0a:08:cb:59:9b:d4:4b:71:8c:13:c5:8b:7a:9a:55:
         c7:1b:ad:06
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZfPldUb7D5TDhBIAvokcMBIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjM2M2NjVlNTFjYzRjYjVjYWYwNWI4Mjk0ODQzZTI3MzNh
MTNkZWUwHhcNMjUwNzAzMDkxOTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODgyNjhjY2QxNjgzZjk1ZGY4OWQ4YzEwOGNkMGZkZjU3OTNiZDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbvqtvjeVRwULyXu5VdD1hkLSzlM
ioWQO5TdomC/ued4+5vtsQiV/9afP3Xp3HTtA/y+bTgvqMEkYAlNVBNWl1+mdLhr
P8MH2xUxWnj7L++mQQBhd1tHCdy1SV7MMNWNDMIbBm9H87PwNmGpwNKr4Q2x4Mcd
of/PsmhmTqhMVfo78SL9q1Sxu9JhFXZOarzy2GTE4TWwemKhHTGY8PZ6klWE1nPm
6XcHxa8R6DhSw/k4gaVOSc+/jR6dL+QNx8Q7d+AGJdVeHO8ROZXLCmpvFN7DyV1x
vrIZQOSwn70Cgg0DUPAZzEbCfdnxBPARi84BziNWSArj5fjzzfz57/h2hQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLiCaMzRaD+V34nYwQjND99Xk71JMB8GA1UdIwQY
MBaAFEw8Zl5RzEy1yvBbgpSEPiczoT3uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVER4bVhsSE1UTFhLOEZ1Q2xJUS1Kek9oUGU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS82YjY2YjQtMDY0Yy00MmVlLWE1ZWUt
MWE2NWI5MWJlZTU4LzEvdUlKb3pORm9QNVhmaWRqQkNNMFAzMWVUdlVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS82YjY2YjQtMDY0Yy00MmVlLWE1ZWUtMWE2NWI5MWJlZTU4
LzEvVER4bVhsSE1UTFhLOEZ1Q2xJUS1Kek9oUGU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALYeDAwQA
W9UxAwQAub/UMA0GCSqGSIb3DQEBCwUAA4IBAQAbqwqfABeymb5z2S0V6a4Rmsc+
AghiF/mIlqX5522eR34O6OZROYoPv3iGqEdjEBflGPOzWVll9kdsodcXInIc+vUl
Wic7vLJMsDgTmHsMC8Gf6aHuQ8H8/VWFdU2F8lnzbjIQXkriFa1Al5Lky05Sj674
EGY55PaO8Bi14lhGOOQtVnwr5bDlv9yGKPfWPncW4k0pk1utrAqguAGwzGrqRJkj
78z9eKJKit4zBIKPWZeiF6sp07LJtPU38cAS7p/fpUOzNupJ/ai+X1dp5UtimGjx
rDDWUOCMN/atyJnj72uWVFACy0+lhgZwhhUKCMtZm9RLcYwTxYt6mlXHG60G
-----END CERTIFICATE-----