Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/9a18ad-087b-4d12-9f69-8cbf903e91cd/1/UEbyIO2QVlOQRHoJpjetZw63ZWc.roa
File:                     UEbyIO2QVlOQRHoJpjetZw63ZWc.roa (raw, json)
Hash identifier:          B817opIktL38b1nWyMw+3o8iSD6n1l22i7ARYEndhTU=
Subject key identifier:   50:46:F2:20:ED:90:56:53:90:44:7A:09:A6:37:AD:67:0E:B7:65:67
Certificate issuer:       /CN=f1f4609d0d053aec0307da44b0e678c388f641a4
Certificate serial:       01989E5EDE934110C2ED828A64B83F0419ED
Authority key identifier: F1:F4:60:9D:0D:05:3A:EC:03:07:DA:44:B0:E6:78:C3:88:F6:41:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8fRgnQ0FOuwDB9pEsOZ4w4j2QaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/9a18ad-087b-4d12-9f69-8cbf903e91cd/1/UEbyIO2QVlOQRHoJpjetZw63ZWc.roa
Signing time:             Tue 12 Aug 2025 13:01:14 +0000
ROA not before:           Tue 12 Aug 2025 13:01:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214973
IP address blocks:        185.18.221.0/24 maxlen: 24
                          2a13:2c0::/29 maxlen: 29
                          2a13:2c0::/48 maxlen: 48
                          2a13:2c0:3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/9a18ad-087b-4d12-9f69-8cbf903e91cd/1/8fRgnQ0FOuwDB9pEsOZ4w4j2QaQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/9a18ad-087b-4d12-9f69-8cbf903e91cd/1/8fRgnQ0FOuwDB9pEsOZ4w4j2QaQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8fRgnQ0FOuwDB9pEsOZ4w4j2QaQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:9e:5e:de:93:41:10:c2:ed:82:8a:64:b8:3f:04:19:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1f4609d0d053aec0307da44b0e678c388f641a4
        Validity
            Not Before: Aug 12 13:01:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5046f220ed90565390447a09a637ad670eb76567
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:bc:6d:be:49:86:01:9c:e0:15:10:5d:a5:ef:
                    c2:b2:a6:83:62:9c:54:7f:64:ed:1a:4a:83:2a:6f:
                    45:65:21:01:8f:c6:0f:43:1f:d9:16:0f:93:54:e8:
                    0e:55:32:f1:8c:91:52:24:0d:ac:22:01:2e:61:fb:
                    e6:bf:a8:50:36:13:08:3b:ac:ca:db:63:aa:d9:34:
                    fd:39:19:75:70:61:b2:11:7d:eb:6b:34:48:39:dd:
                    45:d9:ca:58:f8:3d:45:07:c1:3b:2d:de:54:a1:9c:
                    f2:5b:85:3c:e0:aa:9c:de:f0:9a:2b:01:b6:83:7f:
                    54:97:85:53:69:1f:c0:d5:0b:91:c9:f0:8f:f0:3f:
                    f2:60:16:18:b7:a7:10:71:8a:83:52:64:74:ef:59:
                    16:41:c3:f1:13:f2:79:dd:23:70:b4:c7:74:da:3e:
                    2f:96:6c:17:d1:1e:b7:47:b9:d7:62:b2:e9:29:98:
                    20:e9:56:4f:e7:c8:6c:fe:1f:50:0d:d0:75:63:33:
                    c4:a2:cf:42:7f:f5:72:2c:c7:e0:b2:b1:8d:e1:ce:
                    30:e1:67:a0:87:7e:52:e9:c0:fc:41:f9:a8:7a:e7:
                    9f:37:a8:f8:c2:09:d0:2e:8f:7f:03:68:01:7a:a5:
                    be:ea:30:f8:4e:5a:91:bb:53:6e:45:98:5e:0c:08:
                    17:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:46:F2:20:ED:90:56:53:90:44:7A:09:A6:37:AD:67:0E:B7:65:67
            X509v3 Authority Key Identifier:
                keyid:F1:F4:60:9D:0D:05:3A:EC:03:07:DA:44:B0:E6:78:C3:88:F6:41:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8fRgnQ0FOuwDB9pEsOZ4w4j2QaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/9a18ad-087b-4d12-9f69-8cbf903e91cd/1/UEbyIO2QVlOQRHoJpjetZw63ZWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/9a18ad-087b-4d12-9f69-8cbf903e91cd/1/8fRgnQ0FOuwDB9pEsOZ4w4j2QaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.18.221.0/24
                IPv6:
                  2a13:2c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         52:4c:d3:ed:cf:d9:c0:42:8b:98:47:dc:24:8b:1b:93:06:1a:
         09:ef:39:29:ec:b4:6f:96:c6:a1:23:9c:51:86:47:81:43:54:
         80:c0:29:cf:9a:88:6d:95:3b:1e:42:6b:f1:8b:a3:05:b0:f1:
         c2:99:e5:5c:d8:0b:57:dc:19:ab:34:54:42:55:b3:84:2b:97:
         b9:6c:3f:7f:c1:fb:96:df:e6:61:5d:0f:63:73:be:3b:a5:c8:
         53:11:9d:51:d6:09:75:0b:47:80:e7:a3:1a:05:f4:43:bb:99:
         59:b6:49:0b:2f:76:91:e7:1b:fa:a9:3d:18:ad:01:f6:fa:de:
         f8:db:dc:5e:0a:3a:c1:7c:50:cd:04:cd:c8:60:da:22:dd:2e:
         4b:c4:33:66:10:f4:27:84:82:77:19:6f:83:e2:4b:76:a6:bb:
         eb:5c:99:ff:2b:1f:59:75:61:b7:11:61:41:1a:16:71:df:ec:
         bd:43:14:d1:a1:ab:72:d4:43:4a:4c:29:0c:64:91:dc:d5:93:
         6f:83:7a:17:cf:1b:0e:4b:b5:aa:b4:eb:43:71:8e:ab:34:3d:
         3a:97:fc:0a:48:58:21:93:9c:09:28:a8:2e:85:1d:7c:47:60:
         1f:00:b6:0a:c3:74:20:f9:be:5a:f4:00:f5:63:4e:41:e3:c3:
         d1:3f:18:74
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZieXt6TQRDC7YKKZLg/BBntMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZjQ2MDlkMGQwNTNhZWMwMzA3ZGE0NGIwZTY3OGMzODhm
NjQxYTQwHhcNMjUwODEyMTMwMTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDQ2ZjIyMGVkOTA1NjUzOTA0NDdhMDlhNjM3YWQ2NzBlYjc2NTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLxtvkmGAZzgFRBdpe/CsqaDYpxU
f2TtGkqDKm9FZSEBj8YPQx/ZFg+TVOgOVTLxjJFSJA2sIgEuYfvmv6hQNhMIO6zK
22Oq2TT9ORl1cGGyEX3razRIOd1F2cpY+D1FB8E7Ld5UoZzyW4U84Kqc3vCaKwG2
g39Ul4VTaR/A1QuRyfCP8D/yYBYYt6cQcYqDUmR071kWQcPxE/J53SNwtMd02j4v
lmwX0R63R7nXYrLpKZgg6VZP58hs/h9QDdB1YzPEos9Cf/VyLMfgsrGN4c4w4Weg
h35S6cD8QfmoeuefN6j4wgnQLo9/A2gBeqW+6jD4TlqRu1NuRZheDAgXxwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFBG8iDtkFZTkER6CaY3rWcOt2VnMB8GA1UdIwQY
MBaAFPH0YJ0NBTrsAwfaRLDmeMOI9kGkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGZSZ25RMEZPdXdEQjlwRXNPWjR3NGoyUWFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85YTE4YWQtMDg3Yi00ZDEyLTlmNjkt
OGNiZjkwM2U5MWNkLzEvVUVieUlPMlFWbE9RUkhvSnBqZXRadzYzWldjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85YTE4YWQtMDg3Yi00ZDEyLTlmNjktOGNiZjkwM2U5MWNk
LzEvOGZSZ25RMEZPdXdEQjlwRXNPWjR3NGoyUWFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuRLdMA0E
AgACMAcDBQMqEwLAMA0GCSqGSIb3DQEBCwUAA4IBAQBSTNPtz9nAQouYR9wkixuT
BhoJ7zkp7LRvlsahI5xRhkeBQ1SAwCnPmohtlTseQmvxi6MFsPHCmeVc2AtX3Bmr
NFRCVbOEK5e5bD9/wfuW3+ZhXQ9jc747pchTEZ1R1gl1C0eA56MaBfRDu5lZtkkL
L3aR5xv6qT0YrQH2+t7429xeCjrBfFDNBM3IYNoi3S5LxDNmEPQnhIJ3GW+D4kt2
prvrXJn/Kx9ZdWG3EWFBGhZx3+y9QxTRoaty1ENKTCkMZJHc1ZNvg3oXzxsOS7Wq
tOtDcY6rND06l/wKSFghk5wJKKguhR18R2AfALYKw3Qg+b5a9AD1Y05B48PRPxh0
-----END CERTIFICATE-----