Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/UyklqcY4QQ3ESWmiy5lj4wfy-lE.roa
File:                     UyklqcY4QQ3ESWmiy5lj4wfy-lE.roa (raw, json)
Hash identifier:          gDteXJLELGLpEyJXH+6t7iRhrt3b5/Agnwke1FnjUuY=
Subject key identifier:   53:29:25:A9:C6:38:41:0D:C4:49:69:A2:CB:99:63:E3:07:F2:FA:51
Certificate issuer:       /CN=e6c2e0d3fdc215a389c7043ca5a1a06be2c558ef
Certificate serial:       019997D54E37B1685B0B2B54C0D0387A271B
Authority key identifier: E6:C2:E0:D3:FD:C2:15:A3:89:C7:04:3C:A5:A1:A0:6B:E2:C5:58:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5sLg0_3CFaOJxwQ8paGga-LFWO8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/UyklqcY4QQ3ESWmiy5lj4wfy-lE.roa
Signing time:             Mon 29 Sep 2025 23:36:02 +0000
ROA not before:           Mon 29 Sep 2025 23:36:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39900
IP address blocks:        141.98.184.0/22 maxlen: 22
                          194.9.118.0/24 maxlen: 24
                          2a13:6c40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/5sLg0_3CFaOJxwQ8paGga-LFWO8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/5sLg0_3CFaOJxwQ8paGga-LFWO8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5sLg0_3CFaOJxwQ8paGga-LFWO8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:97:d5:4e:37:b1:68:5b:0b:2b:54:c0:d0:38:7a:27:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6c2e0d3fdc215a389c7043ca5a1a06be2c558ef
        Validity
            Not Before: Sep 29 23:36:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=532925a9c638410dc44969a2cb9963e307f2fa51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:8d:6e:70:a3:e8:b3:f7:2c:5d:b4:e3:41:70:
                    31:dc:b2:cd:4a:e7:ec:b7:ef:2f:66:50:c2:ea:dc:
                    55:21:b3:6c:6f:6e:f5:da:f7:3b:b2:04:7b:bb:18:
                    70:c7:9b:60:0b:a6:3e:1d:cd:22:ca:49:2b:20:c0:
                    bc:77:ca:a6:55:16:27:2c:9a:d4:e3:1a:d7:cb:4a:
                    53:3f:80:77:cb:36:8b:3c:64:67:4e:ed:bb:3b:5f:
                    88:a4:46:38:c1:6e:3c:9f:ec:c6:fb:e4:60:4a:f5:
                    55:be:3a:15:c5:66:f3:36:90:79:5c:b8:6a:3b:1f:
                    68:d3:d6:d5:fe:f5:06:05:ab:e1:1e:97:42:d9:3a:
                    fc:20:96:af:53:ae:57:10:54:b5:b2:ec:7c:a5:fa:
                    87:4f:53:d0:8e:b2:4a:af:c2:59:42:5b:c1:18:2f:
                    6f:88:5b:03:30:59:f9:33:6a:7c:de:99:b2:2e:91:
                    03:0f:3a:c9:dd:01:34:82:ce:0d:55:cd:06:65:79:
                    9a:06:28:fc:94:da:71:ec:c0:1b:a6:36:ef:98:0f:
                    a7:be:a4:85:16:b7:9f:21:62:67:f0:85:d1:5c:d0:
                    c4:ab:02:2c:82:d7:3b:7f:9c:d9:b4:b4:e3:31:5b:
                    53:57:ef:af:48:27:58:cd:75:b1:7f:95:cf:39:b5:
                    97:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:29:25:A9:C6:38:41:0D:C4:49:69:A2:CB:99:63:E3:07:F2:FA:51
            X509v3 Authority Key Identifier:
                keyid:E6:C2:E0:D3:FD:C2:15:A3:89:C7:04:3C:A5:A1:A0:6B:E2:C5:58:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5sLg0_3CFaOJxwQ8paGga-LFWO8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/UyklqcY4QQ3ESWmiy5lj4wfy-lE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/5sLg0_3CFaOJxwQ8paGga-LFWO8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.184.0/22
                  194.9.118.0/24
                IPv6:
                  2a13:6c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         30:33:7d:66:24:cd:04:e4:c5:11:26:f8:86:80:28:82:da:ed:
         c1:4b:a2:65:98:94:4a:58:a0:56:94:39:a8:56:3e:9c:95:89:
         56:ef:a9:ea:3e:78:d4:e6:f8:52:d9:9c:e6:2e:cb:57:18:e0:
         a5:6b:7d:b1:69:a1:a8:93:66:07:7a:fc:19:a0:90:f1:a6:5d:
         a2:4b:a2:5e:8e:a7:3e:98:36:92:b1:d5:c8:fe:fa:a5:58:50:
         0b:f5:5b:4b:9d:fb:00:3d:8d:da:89:f2:3e:22:96:96:33:a2:
         00:98:75:cf:2d:61:17:a2:b9:bb:d6:b9:b9:6b:ee:c6:16:b1:
         1b:89:ac:11:01:0d:4e:9a:8f:ab:30:fd:8c:e9:b5:8a:9d:8b:
         48:09:71:fa:6c:ce:36:c8:5e:73:d2:a8:64:9e:4a:c5:4e:20:
         b7:8a:45:d4:c1:51:56:be:34:fb:14:df:90:e0:a8:72:fc:e5:
         ae:07:e2:94:1a:35:16:6d:a0:1a:1c:c2:91:65:af:eb:ed:ad:
         68:4b:12:15:81:85:4a:54:a1:89:2d:ae:96:5a:ed:00:0a:23:
         f2:09:c9:98:38:d4:18:01:c5:f1:fd:1f:4d:af:30:69:46:53:
         40:e9:b3:84:b2:80:3b:c7:b9:32:b3:b9:65:df:31:a9:3e:00:
         3b:ea:4e:6e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZmX1U43sWhbCytUwNA4eicbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2YzJlMGQzZmRjMjE1YTM4OWM3MDQzY2E1YTFhMDZiZTJj
NTU4ZWYwHhcNMjUwOTI5MjMzNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzI5MjVhOWM2Mzg0MTBkYzQ0OTY5YTJjYjk5NjNlMzA3ZjJmYTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2I1ucKPos/csXbTjQXAx3LLNSufs
t+8vZlDC6txVIbNsb2712vc7sgR7uxhwx5tgC6Y+Hc0iykkrIMC8d8qmVRYnLJrU
4xrXy0pTP4B3yzaLPGRnTu27O1+IpEY4wW48n+zG++RgSvVVvjoVxWbzNpB5XLhq
Ox9o09bV/vUGBavhHpdC2Tr8IJavU65XEFS1sux8pfqHT1PQjrJKr8JZQlvBGC9v
iFsDMFn5M2p83pmyLpEDDzrJ3QE0gs4NVc0GZXmaBij8lNpx7MAbpjbvmA+nvqSF
FrefIWJn8IXRXNDEqwIsgtc7f5zZtLTjMVtTV++vSCdYzXWxf5XPObWXgwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFMpJanGOEENxElposuZY+MH8vpRMB8GA1UdIwQY
MBaAFObC4NP9whWjiccEPKWhoGvixVjvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXNMZzBfM0NGYU9KeHdROHBhR2dhLUxGV084LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8yOTE3NmItMTAzOC00NDE3LWJkYWQt
ZjNlMDUyYmFiMTQ0LzEvVXlrbHFjWTRRUTNFU1dtaXk1bGo0d2Z5LWxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8yOTE3NmItMTAzOC00NDE3LWJkYWQtZjNlMDUyYmFiMTQ0
LzEvNXNMZzBfM0NGYU9KeHdROHBhR2dhLUxGV084LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCjWK4AwQA
wgl2MA0EAgACMAcDBQMqE2xAMA0GCSqGSIb3DQEBCwUAA4IBAQAwM31mJM0E5MUR
JviGgCiC2u3BS6JlmJRKWKBWlDmoVj6clYlW76nqPnjU5vhS2ZzmLstXGOCla32x
aaGok2YHevwZoJDxpl2iS6Jejqc+mDaSsdXI/vqlWFAL9VtLnfsAPY3aifI+IpaW
M6IAmHXPLWEXorm71rm5a+7GFrEbiawRAQ1Omo+rMP2M6bWKnYtICXH6bM42yF5z
0qhknkrFTiC3ikXUwVFWvjT7FN+Q4Khy/OWuB+KUGjUWbaAaHMKRZa/r7a1oSxIV
gYVKVKGJLa6WWu0ACiPyCcmYONQYAcXx/R9NrzBpRlNA6bOEsoA7x7kys7ll3zGp
PgA76k5u
-----END CERTIFICATE-----