Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/39a5b5-3c51-46e2-9479-12f41a0cc0c1/1/uxkgUTNHz5hEl5ZXCX6UmUPRqGc.roa
File:                     uxkgUTNHz5hEl5ZXCX6UmUPRqGc.roa (raw, json)
Hash identifier:          L+VrhfELaxB0CKXlAjrRZtLxN2tzA9plKPHYSxcGzdo=
Subject key identifier:   BB:19:20:51:33:47:CF:98:44:97:96:57:09:7E:94:99:43:D1:A8:67
Certificate issuer:       /CN=1c7433fafa59f0d512a2bebb097e69463cc06759
Certificate serial:       0197C53A4FA3FF2018F972AB121675F22995
Authority key identifier: 1C:74:33:FA:FA:59:F0:D5:12:A2:BE:BB:09:7E:69:46:3C:C0:67:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHQz-vpZ8NUSor67CX5pRjzAZ1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/39a5b5-3c51-46e2-9479-12f41a0cc0c1/1/uxkgUTNHz5hEl5ZXCX6UmUPRqGc.roa
Signing time:             Tue 01 Jul 2025 09:03:42 +0000
ROA not before:           Tue 01 Jul 2025 09:03:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6205
IP address blocks:        5.250.255.0/24 maxlen: 24
                          185.123.54.0/24 maxlen: 24
                          194.53.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/39a5b5-3c51-46e2-9479-12f41a0cc0c1/1/HHQz-vpZ8NUSor67CX5pRjzAZ1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/39a5b5-3c51-46e2-9479-12f41a0cc0c1/1/HHQz-vpZ8NUSor67CX5pRjzAZ1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHQz-vpZ8NUSor67CX5pRjzAZ1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c5:3a:4f:a3:ff:20:18:f9:72:ab:12:16:75:f2:29:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7433fafa59f0d512a2bebb097e69463cc06759
        Validity
            Not Before: Jul  1 09:03:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb1920513347cf9844979657097e949943d1a867
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:a9:46:5c:d5:3e:99:d7:84:04:f5:08:67:d8:
                    56:81:2a:46:e3:c0:af:8d:b7:e5:69:f0:75:6c:da:
                    45:cc:2d:fd:3f:63:14:53:28:75:17:46:a2:33:bd:
                    2e:b8:62:dd:db:16:63:96:c6:89:f4:47:df:36:4a:
                    94:2c:92:ce:e2:0b:bf:cf:f1:5c:21:85:8a:5b:11:
                    e9:22:87:0a:1b:a1:e4:fe:3d:3d:a9:39:92:8a:7a:
                    62:99:a3:4b:06:a7:0e:5f:c7:b4:3b:84:b1:5a:5b:
                    16:9b:db:53:4e:d7:3b:02:65:2e:d6:58:92:c7:56:
                    77:cb:bd:ae:e6:8e:18:ef:fe:bd:6e:b2:0f:c0:56:
                    59:0b:bb:d7:f4:69:5c:42:75:81:c0:58:33:33:b1:
                    13:37:e6:ec:47:6e:3c:48:88:01:d3:8e:29:b1:a9:
                    4e:67:1a:c6:ab:15:21:98:de:ce:d8:86:b7:bb:c2:
                    d1:67:d5:e3:a3:39:f5:4d:6e:26:a0:38:79:19:55:
                    19:f8:32:bb:15:f9:c1:b2:9b:e4:d7:1d:df:08:4a:
                    37:03:ba:2f:11:c6:b0:04:79:67:40:80:f4:b6:2b:
                    32:43:4a:09:2e:24:eb:25:b5:48:c5:b7:a4:a3:ef:
                    7c:41:b5:68:4b:8d:d5:b3:83:1d:86:b1:7c:05:e7:
                    0a:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:19:20:51:33:47:CF:98:44:97:96:57:09:7E:94:99:43:D1:A8:67
            X509v3 Authority Key Identifier:
                keyid:1C:74:33:FA:FA:59:F0:D5:12:A2:BE:BB:09:7E:69:46:3C:C0:67:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHQz-vpZ8NUSor67CX5pRjzAZ1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/39a5b5-3c51-46e2-9479-12f41a0cc0c1/1/uxkgUTNHz5hEl5ZXCX6UmUPRqGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/39a5b5-3c51-46e2-9479-12f41a0cc0c1/1/HHQz-vpZ8NUSor67CX5pRjzAZ1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.250.255.0/24
                  185.123.54.0/24
                  194.53.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:e7:d2:24:f2:f0:fc:0b:f0:1c:dc:28:07:41:84:fe:fb:11:
         09:1d:15:71:8b:10:a7:13:61:34:94:86:68:e5:06:e5:e6:75:
         f4:22:0c:59:3c:8d:67:60:7a:aa:38:5b:aa:9e:e2:b3:4d:69:
         21:6d:f7:eb:76:a2:39:6f:e1:39:88:f5:e0:a1:a2:34:54:d0:
         b3:cd:f9:6b:e0:a3:22:05:38:b2:8a:a8:3c:02:ee:17:0f:79:
         9e:32:00:e9:aa:e4:53:28:ea:55:7d:73:73:9d:66:31:a6:ab:
         4c:aa:96:9f:2b:71:94:b1:ed:66:84:d5:4d:3c:36:40:e3:dc:
         e8:84:2c:16:a2:0c:82:f2:7c:84:f8:df:b6:ed:4b:97:11:a0:
         7e:d9:e9:ce:d6:06:38:68:cf:8c:e1:9d:97:a5:f3:aa:fc:f7:
         ae:30:9d:3a:5c:58:51:3e:1f:8c:4a:77:31:5c:b0:8f:0c:71:
         fe:60:e2:b0:78:9c:1b:8e:6c:4a:24:8f:84:41:48:0b:11:6e:
         20:f1:43:9e:ab:9e:32:a0:74:a6:21:09:11:4f:e3:ae:cb:0c:
         5a:cf:dd:13:b2:0d:87:5e:34:34:4c:88:f8:f3:2b:7f:15:9e:
         8f:d3:97:1a:b3:5e:e1:ac:8a:94:6f:82:68:aa:b3:84:41:2f:
         9c:58:28:e6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZfFOk+j/yAY+XKrEhZ18imVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNzQzM2ZhZmE1OWYwZDUxMmEyYmViYjA5N2U2OTQ2M2Nj
MDY3NTkwHhcNMjUwNzAxMDkwMzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjE5MjA1MTMzNDdjZjk4NDQ5Nzk2NTcwOTdlOTQ5OTQzZDFhODY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA76lGXNU+mdeEBPUIZ9hWgSpG48Cv
jbflafB1bNpFzC39P2MUUyh1F0aiM70uuGLd2xZjlsaJ9EffNkqULJLO4gu/z/Fc
IYWKWxHpIocKG6Hk/j09qTmSinpimaNLBqcOX8e0O4SxWlsWm9tTTtc7AmUu1liS
x1Z3y72u5o4Y7/69brIPwFZZC7vX9GlcQnWBwFgzM7ETN+bsR248SIgB044psalO
ZxrGqxUhmN7O2Ia3u8LRZ9Xjozn1TW4moDh5GVUZ+DK7FfnBspvk1x3fCEo3A7ov
EcawBHlnQID0tisyQ0oJLiTrJbVIxbeko+98QbVoS43Vs4MdhrF8BecKgQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLsZIFEzR8+YRJeWVwl+lJlD0ahnMB8GA1UdIwQY
MBaAFBx0M/r6WfDVEqK+uwl+aUY8wGdZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhRei12cFo4TlVTb3I2N0NYNXBSanpBWjFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8zOWE1YjUtM2M1MS00NmUyLTk0Nzkt
MTJmNDFhMGNjMGMxLzEvdXhrZ1VUTkh6NWhFbDVaWENYNlVtVVBScUdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8zOWE1YjUtM2M1MS00NmUyLTk0NzktMTJmNDFhMGNjMGMx
LzEvSEhRei12cFo4TlVTb3I2N0NYNXBSanpBWjFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABfr/AwQA
uXs2AwQAwjWKMA0GCSqGSIb3DQEBCwUAA4IBAQCo59Ik8vD8C/Ac3CgHQYT++xEJ
HRVxixCnE2E0lIZo5Qbl5nX0IgxZPI1nYHqqOFuqnuKzTWkhbffrdqI5b+E5iPXg
oaI0VNCzzflr4KMiBTiyiqg8Au4XD3meMgDpquRTKOpVfXNznWYxpqtMqpafK3GU
se1mhNVNPDZA49zohCwWogyC8nyE+N+27UuXEaB+2enO1gY4aM+M4Z2XpfOq/Peu
MJ06XFhRPh+MSncxXLCPDHH+YOKweJwbjmxKJI+EQUgLEW4g8UOeq54yoHSmIQkR
T+Ouywxaz90Tsg2HXjQ0TIj48yt/FZ6P05cas17hrIqUb4JoqrOEQS+cWCjm
-----END CERTIFICATE-----