Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/UH8mYATqGd2LhlccdYCUKZ4JN64.roa
File:                     UH8mYATqGd2LhlccdYCUKZ4JN64.roa (raw, json)
Hash identifier:          zx6xKES79izKCK41WQG8kojfkl15CZD0vapTu3dVd94=
Subject key identifier:   50:7F:26:60:04:EA:19:DD:8B:86:57:1C:75:80:94:29:9E:09:37:AE
Certificate issuer:       /CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
Certificate serial:       01998D3BAE4137037A1E2B214AD60A455B86
Authority key identifier: 2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/UH8mYATqGd2LhlccdYCUKZ4JN64.roa
Signing time:             Sat 27 Sep 2025 22:12:02 +0000
ROA not before:           Sat 27 Sep 2025 22:12:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6939
IP address blocks:        167.160.19.0/24 maxlen: 24
                          167.160.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:8d:3b:ae:41:37:03:7a:1e:2b:21:4a:d6:0a:45:5b:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
        Validity
            Not Before: Sep 27 22:12:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=507f266004ea19dd8b86571c758094299e0937ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:df:2b:0d:4f:25:5a:16:57:81:d4:eb:f9:de:
                    cf:c0:2c:b9:d4:66:3c:f4:3a:a3:45:6c:a8:c6:74:
                    7a:61:5d:00:68:4b:bf:b3:99:20:9b:56:12:f7:98:
                    d5:19:85:bf:0b:94:f2:9e:cb:89:5f:3d:2f:a1:5d:
                    a1:c7:ba:6a:55:8d:51:78:bd:67:32:21:b4:df:c5:
                    fd:6d:68:29:eb:37:5e:e9:d3:e4:b1:58:5f:84:7f:
                    f7:9a:44:25:6d:3a:05:6c:73:a9:60:9f:6f:e0:e0:
                    72:69:24:fb:04:79:e1:92:e5:7a:75:95:3b:d3:2a:
                    df:76:ca:cb:6d:a1:40:c9:ae:fc:dd:aa:71:43:89:
                    db:bb:34:50:33:c8:d4:f4:64:e1:cc:fd:df:9f:21:
                    0b:9a:13:23:29:0b:38:57:ec:8d:9c:65:3d:27:ec:
                    15:00:d8:67:f8:22:3c:ee:4f:9b:11:51:5d:1b:d4:
                    3c:a5:ed:06:9c:43:a1:75:64:be:da:d0:28:e1:1f:
                    8f:52:94:ed:e9:e8:b4:7b:1a:f5:67:f5:12:5c:85:
                    be:ff:b0:78:b9:0f:f7:2c:1c:85:cb:d3:28:b1:23:
                    9c:57:c8:d4:b9:48:eb:c2:02:0c:96:ef:9c:01:c4:
                    b7:88:78:b9:25:37:07:99:3c:ea:56:6b:53:2c:ca:
                    8b:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:7F:26:60:04:EA:19:DD:8B:86:57:1C:75:80:94:29:9E:09:37:AE
            X509v3 Authority Key Identifier:
                keyid:2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/UH8mYATqGd2LhlccdYCUKZ4JN64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.160.19.0/24
                  167.160.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:2f:a0:b3:d6:3c:52:bc:58:97:11:e8:20:69:70:09:77:a6:
         c4:85:fc:36:60:a4:b7:94:f5:bc:33:a5:53:86:ae:b0:15:ea:
         e9:4f:45:cc:48:f8:ae:63:5d:6f:9c:3d:d0:3b:2c:d4:17:ca:
         ef:9d:ce:93:ed:54:6e:2b:60:e0:33:a6:bb:a6:bd:d9:12:ba:
         1c:49:ff:4e:50:6c:50:cb:86:85:9c:05:73:7a:d0:af:89:7d:
         df:2b:0b:62:5d:da:b9:ad:ce:0b:e3:6e:cb:4f:5c:af:c9:55:
         d4:3a:72:cf:83:46:b7:78:44:c5:cb:d8:ce:50:39:bc:e6:89:
         a0:ab:d1:8b:d8:02:2f:5e:12:d9:c7:57:63:69:47:b7:c1:57:
         d5:fd:1b:f5:a2:91:99:36:92:f7:f3:2a:61:b5:5e:39:d9:a5:
         67:65:61:c3:e1:9c:09:0f:e4:b6:67:9b:58:fd:3c:26:ab:12:
         0d:3c:3d:d8:da:f6:a6:43:86:c3:88:8a:f1:d0:15:95:6d:64:
         1b:eb:ca:4c:ef:e1:b2:83:56:7a:ea:e7:c9:1a:1a:a6:fd:a8:
         5d:e8:39:9b:4f:c6:15:6c:b4:02:2a:79:ce:29:4c:87:4f:cc:
         11:73:79:a3:82:21:e0:6f:a8:82:c0:02:ea:14:ea:34:1f:05:
         98:f8:eb:53
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmNO65BNwN6HishStYKRVuGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMzY4YjBhZWM2YzdmZDQ4ZDBkOTZiNDA3N2EyM2Y5MDZh
ODZhNDgwHhcNMjUwOTI3MjIxMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDdmMjY2MDA0ZWExOWRkOGI4NjU3MWM3NTgwOTQyOTllMDkzN2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqd8rDU8lWhZXgdTr+d7PwCy51GY8
9DqjRWyoxnR6YV0AaEu/s5kgm1YS95jVGYW/C5TynsuJXz0voV2hx7pqVY1ReL1n
MiG038X9bWgp6zde6dPksVhfhH/3mkQlbToFbHOpYJ9v4OByaST7BHnhkuV6dZU7
0yrfdsrLbaFAya783apxQ4nbuzRQM8jU9GThzP3fnyELmhMjKQs4V+yNnGU9J+wV
ANhn+CI87k+bEVFdG9Q8pe0GnEOhdWS+2tAo4R+PUpTt6ei0exr1Z/USXIW+/7B4
uQ/3LByFy9MosSOcV8jUuUjrwgIMlu+cAcS3iHi5JTcHmTzqVmtTLMqLRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFB/JmAE6hndi4ZXHHWAlCmeCTeuMB8GA1UdIwQY
MBaAFC42iwrsbH/UjQ2WtAd6I/kGqGpIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQt
MTQyN2RkMTZlZmE0LzEvVUg4bVlBVHFHZDJMaGxjY2RZQ1VLWjRKTjY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQtMTQyN2RkMTZlZmE0
LzEvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAp6ATAwQA
p6AeMA0GCSqGSIb3DQEBCwUAA4IBAQCFL6Cz1jxSvFiXEeggaXAJd6bEhfw2YKS3
lPW8M6VThq6wFerpT0XMSPiuY11vnD3QOyzUF8rvnc6T7VRuK2DgM6a7pr3ZEroc
Sf9OUGxQy4aFnAVzetCviX3fKwtiXdq5rc4L427LT1yvyVXUOnLPg0a3eETFy9jO
UDm85omgq9GL2AIvXhLZx1djaUe3wVfV/Rv1opGZNpL38yphtV452aVnZWHD4ZwJ
D+S2Z5tY/TwmqxINPD3Y2vamQ4bDiIrx0BWVbWQb68pM7+Gyg1Z66ufJGhqm/ahd
6DmbT8YVbLQCKnnOKUyHT8wRc3mjgiHgb6iCwALqFOo0HwWY+OtT
-----END CERTIFICATE-----