Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/UItLZsiO26x7QiRXdGLqfBj5i3A.roa
File:                     UItLZsiO26x7QiRXdGLqfBj5i3A.roa (raw, json)
Hash identifier:          YEdG4y28dnG+6B0iGrSVjqk69La+oWZl6VDLolSPKHk=
Subject key identifier:   50:8B:4B:66:C8:8E:DB:AC:7B:42:24:57:74:62:EA:7C:18:F9:8B:70
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       0198A333E94341183DFE94FE5F5765412EAE
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/UItLZsiO26x7QiRXdGLqfBj5i3A.roa
Signing time:             Wed 13 Aug 2025 11:32:24 +0000
ROA not before:           Wed 13 Aug 2025 11:32:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137557
IP address blocks:        45.141.168.0/23 maxlen: 24
                          148.222.240.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a3:33:e9:43:41:18:3d:fe:94:fe:5f:57:65:41:2e:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Aug 13 11:32:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=508b4b66c88edbac7b4224577462ea7c18f98b70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:0f:43:f1:6b:5b:c2:c6:b8:ef:63:cc:cd:36:
                    34:f7:c3:b6:ad:b8:91:86:3c:61:8f:f8:ff:3d:cc:
                    ae:c1:fa:16:8d:a6:e3:b5:e6:d0:80:4f:0a:26:e3:
                    f9:b5:80:cb:74:b3:c8:b7:27:f1:e0:c5:d8:be:aa:
                    bd:d8:66:7a:3d:47:04:95:c5:ef:51:55:be:0a:a0:
                    df:5a:32:aa:69:92:ad:59:f8:74:e7:7f:18:d0:7d:
                    aa:00:0a:43:67:bd:57:24:f0:1d:6b:50:c6:e7:4d:
                    7a:e1:95:e7:9b:25:c9:42:08:bc:02:2c:79:d5:b4:
                    aa:e0:a4:9c:1d:4f:06:eb:bb:94:1b:e6:b5:a3:48:
                    5c:a9:ba:9d:c8:f8:93:4e:77:d9:4f:2a:e2:16:2c:
                    05:eb:f0:7a:45:0d:e9:19:d7:da:e8:a3:a6:15:03:
                    41:27:1f:66:10:15:68:a1:e5:11:5d:b8:d2:61:bd:
                    0c:96:6a:4a:c1:c4:8a:3a:83:c3:ec:f6:89:7b:f2:
                    17:75:36:c3:5d:31:b0:92:6b:44:c9:e0:00:00:e9:
                    92:75:12:1e:a8:0a:4f:99:1a:76:68:f0:07:ec:11:
                    20:6a:30:73:6a:31:66:ca:d3:18:1f:2f:d8:ed:d5:
                    a0:d6:ed:b5:bf:d6:04:00:17:04:f5:40:61:20:b2:
                    a9:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:8B:4B:66:C8:8E:DB:AC:7B:42:24:57:74:62:EA:7C:18:F9:8B:70
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/UItLZsiO26x7QiRXdGLqfBj5i3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.168.0/23
                  148.222.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a9:73:be:7a:f9:79:2c:7d:52:03:22:7a:66:59:ef:db:a0:c1:
         ed:3a:b6:61:63:5f:0a:70:70:21:0d:13:5f:d4:45:c6:0c:28:
         74:e6:1b:a3:40:6c:3a:c4:3a:e0:1f:a9:17:75:1d:2d:c9:fb:
         80:eb:86:5b:f3:2c:b4:3c:cc:2c:ec:42:85:df:c1:35:92:51:
         e9:15:d0:94:11:24:4e:33:20:27:89:54:ed:1a:8c:3c:52:24:
         f9:89:31:97:18:68:3e:c4:56:69:fe:38:3d:ad:d1:31:c6:8f:
         e9:72:6c:9e:2a:bc:67:eb:d8:41:7b:09:e3:80:8a:1d:b6:1a:
         00:81:bd:a9:97:f2:ce:0b:63:21:3b:4a:ce:6b:01:86:b9:90:
         50:84:63:b9:87:9f:87:3d:fa:48:92:9f:47:7f:70:23:8a:70:
         76:85:db:37:cb:f2:52:60:1a:61:0e:dc:21:83:f4:ad:1e:93:
         ec:e4:c3:c3:37:a7:fb:b0:4a:5c:10:ab:d9:31:0f:f2:ad:a2:
         d0:ca:34:f3:15:14:e3:52:0d:1a:64:9c:79:02:08:14:b0:a3:
         3d:5e:b6:7e:ba:5f:e4:aa:52:b6:6b:31:6a:95:c3:2e:81:90:
         69:36:04:3a:05:0d:f0:58:a9:df:af:8d:44:02:32:66:26:31:
         ca:86:f0:a7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZijM+lDQRg9/pT+X1dlQS6uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjUwODEzMTEzMjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDhiNGI2NmM4OGVkYmFjN2I0MjI0NTc3NDYyZWE3YzE4Zjk4YjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlA9D8Wtbwsa472PMzTY098O2rbiR
hjxhj/j/PcyuwfoWjabjtebQgE8KJuP5tYDLdLPItyfx4MXYvqq92GZ6PUcElcXv
UVW+CqDfWjKqaZKtWfh0538Y0H2qAApDZ71XJPAda1DG50164ZXnmyXJQgi8Aix5
1bSq4KScHU8G67uUG+a1o0hcqbqdyPiTTnfZTyriFiwF6/B6RQ3pGdfa6KOmFQNB
Jx9mEBVooeURXbjSYb0MlmpKwcSKOoPD7PaJe/IXdTbDXTGwkmtEyeAAAOmSdRIe
qApPmRp2aPAH7BEgajBzajFmytMYHy/Y7dWg1u21v9YEABcE9UBhILKp7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFCLS2bIjtuse0IkV3Ri6nwY+YtwMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvVUl0TFpzaU8yNng3UWlSWGRHTHFmQmo1aTNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLY2oAwQC
lN7wMA0GCSqGSIb3DQEBCwUAA4IBAQCpc756+XksfVIDInpmWe/boMHtOrZhY18K
cHAhDRNf1EXGDCh05hujQGw6xDrgH6kXdR0tyfuA64Zb8yy0PMws7EKF38E1klHp
FdCUESROMyAniVTtGow8UiT5iTGXGGg+xFZp/jg9rdExxo/pcmyeKrxn69hBewnj
gIodthoAgb2pl/LOC2MhO0rOawGGuZBQhGO5h5+HPfpIkp9Hf3AjinB2hds3y/JS
YBphDtwhg/StHpPs5MPDN6f7sEpcEKvZMQ/yraLQyjTzFRTjUg0aZJx5AggUsKM9
XrZ+ul/kqlK2azFqlcMugZBpNgQ6BQ3wWKnfr41EAjJmJjHKhvCn
-----END CERTIFICATE-----