Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/UKSPoLqIB9OwePcX6MiaKIQ_BKk.roa
File:                     UKSPoLqIB9OwePcX6MiaKIQ_BKk.roa (raw, json)
Hash identifier:          r2Jdc8SrerX8AADHr5ZXdXpVsMbJMBhTSOZg2PzUZsc=
Subject key identifier:   50:A4:8F:A0:BA:88:07:D3:B0:78:F7:17:E8:C8:9A:28:84:3F:04:A9
Certificate issuer:       /CN=bea649ef6030fc80848fdfe21d4321ac8011fd10
Certificate serial:       0199A5BDCA5A39C62B967AA278ED345E1118
Authority key identifier: BE:A6:49:EF:60:30:FC:80:84:8F:DF:E2:1D:43:21:AC:80:11:FD:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/UKSPoLqIB9OwePcX6MiaKIQ_BKk.roa
Signing time:             Thu 02 Oct 2025 16:25:02 +0000
ROA not before:           Thu 02 Oct 2025 16:25:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205690
IP address blocks:        45.91.124.0/24 maxlen: 24
                          2a0e:f43:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 22:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a5:bd:ca:5a:39:c6:2b:96:7a:a2:78:ed:34:5e:11:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bea649ef6030fc80848fdfe21d4321ac8011fd10
        Validity
            Not Before: Oct  2 16:25:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50a48fa0ba8807d3b078f717e8c89a28843f04a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:88:82:fc:59:22:13:17:e4:14:1a:60:9a:b9:
                    e7:e0:7b:f9:7e:1c:bc:e6:63:16:98:95:e8:a2:40:
                    7c:55:47:73:39:75:f5:39:e6:3f:f8:83:b9:11:27:
                    58:1a:79:18:40:6f:76:b4:ea:06:f5:23:fc:82:dc:
                    5d:b2:56:4c:7a:ac:6d:f1:17:09:d0:4a:fd:df:73:
                    b9:0f:af:3b:28:f8:76:97:d8:08:7a:8b:ba:5e:c0:
                    62:93:70:8f:41:f3:73:88:8b:b3:c4:d9:dc:d9:d5:
                    57:f4:3d:53:35:08:3c:3a:94:70:66:99:9e:aa:30:
                    f1:53:97:c7:59:4e:1e:1e:b4:5b:2d:09:07:e5:74:
                    b5:f1:fb:03:fb:ed:1d:88:40:30:d3:d2:89:0c:58:
                    ca:91:e7:2d:c8:33:26:69:14:20:d8:92:a2:ed:60:
                    a6:3a:10:93:32:39:a8:6c:83:c8:68:ff:32:a3:1c:
                    ec:81:09:fd:6e:90:29:06:14:3e:a5:26:f9:0b:0a:
                    db:6e:cd:ae:6e:72:ae:0a:8b:e5:1a:36:3f:1d:4a:
                    ce:b7:e7:18:1a:c1:58:3e:d8:3c:ac:e9:96:e7:1f:
                    9d:53:aa:b4:e6:62:46:52:e9:d9:ca:67:75:2e:c0:
                    52:10:e4:0b:27:5a:7e:0c:87:9f:98:d2:93:46:4c:
                    80:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:A4:8F:A0:BA:88:07:D3:B0:78:F7:17:E8:C8:9A:28:84:3F:04:A9
            X509v3 Authority Key Identifier:
                keyid:BE:A6:49:EF:60:30:FC:80:84:8F:DF:E2:1D:43:21:AC:80:11:FD:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/UKSPoLqIB9OwePcX6MiaKIQ_BKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.124.0/24
                IPv6:
                  2a0e:f43:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         63:23:cb:04:54:77:28:83:5c:3e:26:31:5e:6d:2b:2b:21:5d:
         9d:74:dd:c1:96:1f:7e:f5:32:1e:75:c6:5c:5e:04:14:c0:18:
         e5:36:fe:1e:63:b6:b2:2e:5b:87:98:06:7f:06:f1:54:a2:56:
         21:e8:a5:12:dc:6c:93:6a:42:e2:89:d1:3f:3e:f6:18:ca:bf:
         12:53:3e:7b:d5:64:b4:54:4d:3a:57:68:6b:d2:34:7f:b5:74:
         99:6d:a9:99:92:e0:e9:2f:5f:00:d3:0a:21:dd:75:6c:29:ed:
         6f:e7:2f:e1:85:31:89:81:8f:22:6b:fe:37:94:3b:f4:2c:05:
         1c:38:ca:23:07:a4:f2:c4:6f:62:c7:e5:96:8b:9d:ea:62:06:
         4f:ef:33:00:e6:36:dc:d6:d6:c3:b2:3f:68:c8:a4:6a:40:8b:
         75:4f:39:d2:77:70:82:1b:27:b4:04:19:2e:45:3a:f6:50:30:
         41:26:92:c1:db:95:61:8a:eb:a7:99:17:ce:ab:ec:52:83:d9:
         1e:e3:cd:a3:37:6c:84:b1:8d:ba:8f:66:20:11:bd:09:c9:74:
         43:a5:de:20:61:17:ca:28:37:73:9b:de:78:6f:25:5b:75:86:
         31:0e:01:2a:9c:74:06:8c:cc:8d:c9:bb:ab:4b:94:b8:2b:4a:
         a3:c4:17:34
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZmlvcpaOcYrlnqieO00XhEYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYTY0OWVmNjAzMGZjODA4NDhmZGZlMjFkNDMyMWFjODAx
MWZkMTAwHhcNMjUxMDAyMTYyNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGE0OGZhMGJhODgwN2QzYjA3OGY3MTdlOGM4OWEyODg0M2YwNGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmoiC/FkiExfkFBpgmrnn4Hv5fhy8
5mMWmJXookB8VUdzOXX1OeY/+IO5ESdYGnkYQG92tOoG9SP8gtxdslZMeqxt8RcJ
0Er933O5D687KPh2l9gIeou6XsBik3CPQfNziIuzxNnc2dVX9D1TNQg8OpRwZpme
qjDxU5fHWU4eHrRbLQkH5XS18fsD++0diEAw09KJDFjKkectyDMmaRQg2JKi7WCm
OhCTMjmobIPIaP8yoxzsgQn9bpApBhQ+pSb5Cwrbbs2ubnKuCovlGjY/HUrOt+cY
GsFYPtg8rOmW5x+dU6q05mJGUunZymd1LsBSEOQLJ1p+DIefmNKTRkyAZQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFCkj6C6iAfTsHj3F+jImiiEPwSpMB8GA1UdIwQY
MBaAFL6mSe9gMPyAhI/f4h1DIayAEf0QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnFaSjcyQXdfSUNFajlfaUhVTWhySUFSX1JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8xOTQ1NWItZDJjZi00ZTVmLWJmNTgt
MjFkZjU1YmE5ZWJmLzEvVUtTUG9McUlCOU93ZVBjWDZNaWFLSVFfQktrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8xOTQ1NWItZDJjZi00ZTVmLWJmNTgtMjFkZjU1YmE5ZWJm
LzEvdnFaSjcyQXdfSUNFajlfaUhVTWhySUFSX1JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALVt8MA8E
AgACMAkDBwAqDg9DAAEwDQYJKoZIhvcNAQELBQADggEBAGMjywRUdyiDXD4mMV5t
KyshXZ103cGWH371Mh51xlxeBBTAGOU2/h5jtrIuW4eYBn8G8VSiViHopRLcbJNq
QuKJ0T8+9hjKvxJTPnvVZLRUTTpXaGvSNH+1dJltqZmS4OkvXwDTCiHddWwp7W/n
L+GFMYmBjyJr/jeUO/QsBRw4yiMHpPLEb2LH5ZaLnepiBk/vMwDmNtzW1sOyP2jI
pGpAi3VPOdJ3cIIbJ7QEGS5FOvZQMEEmksHblWGK66eZF86r7FKD2R7jzaM3bISx
jbqPZiARvQnJdEOl3iBhF8ooN3Ob3nhvJVt1hjEOASqcdAaMzI3Ju6tLlLgrSqPE
FzQ=
-----END CERTIFICATE-----