Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/77fa2a-13fc-4da6-aebb-7456f430c3f1/1/UALX_giHJIpWJY-WYBT5Q32MPc8.roa
File:                     UALX_giHJIpWJY-WYBT5Q32MPc8.roa (raw, json)
Hash identifier:          GxUJ4yIT9Xzo0JJuCDXvsLVFAMg4yoQwQ3Bhgyd6Mng=
Subject key identifier:   50:02:D7:FE:08:87:24:8A:56:25:8F:96:60:14:F9:43:7D:8C:3D:CF
Certificate issuer:       /CN=50f5fe99bc2232887116fdac82d4082adbc6acb7
Certificate serial:       0199CDBF70CED1355C30E9D8B71469ABD4F8
Authority key identifier: 50:F5:FE:99:BC:22:32:88:71:16:FD:AC:82:D4:08:2A:DB:C6:AC:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UPX-mbwiMohxFv2sgtQIKtvGrLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/77fa2a-13fc-4da6-aebb-7456f430c3f1/1/UALX_giHJIpWJY-WYBT5Q32MPc8.roa
Signing time:             Fri 10 Oct 2025 10:51:39 +0000
ROA not before:           Fri 10 Oct 2025 10:51:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8772
IP address blocks:        176.121.224.0/20 maxlen: 20
                          176.121.240.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/77fa2a-13fc-4da6-aebb-7456f430c3f1/1/UPX-mbwiMohxFv2sgtQIKtvGrLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/77fa2a-13fc-4da6-aebb-7456f430c3f1/1/UPX-mbwiMohxFv2sgtQIKtvGrLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UPX-mbwiMohxFv2sgtQIKtvGrLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:cd:bf:70:ce:d1:35:5c:30:e9:d8:b7:14:69:ab:d4:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50f5fe99bc2232887116fdac82d4082adbc6acb7
        Validity
            Not Before: Oct 10 10:51:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5002d7fe0887248a56258f966014f9437d8c3dcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b6:33:27:0a:8a:b9:1c:d5:7f:cb:d7:4b:57:
                    93:af:d9:2a:34:b5:38:f7:b1:8c:69:11:a9:24:58:
                    ec:18:98:22:5f:68:a6:a6:0d:a4:1e:ec:6c:d2:3f:
                    23:fd:3a:bd:c6:4c:da:fc:5c:c5:1d:32:8c:22:33:
                    db:b1:57:77:65:9f:09:77:93:94:a8:2b:17:6d:56:
                    31:71:52:5e:4a:13:5e:dc:4b:b8:d0:40:21:64:3f:
                    f2:06:77:13:9a:0c:8b:fb:97:3c:1d:a1:c2:99:3d:
                    5b:0f:d5:81:86:9d:35:16:bd:e2:02:5c:b8:c9:a8:
                    e3:02:2d:c7:d0:13:ee:ba:d5:fb:bc:6f:ce:75:5c:
                    38:1d:65:e2:4f:78:19:ce:3e:37:85:e6:41:a3:3a:
                    72:9e:de:ba:4d:bc:c8:00:90:bd:8f:33:f0:51:a6:
                    ea:26:e4:5d:e8:20:5c:2a:9a:17:ac:7c:23:54:68:
                    2e:0a:3b:05:a8:c8:b8:a4:04:70:7d:b4:d0:57:d3:
                    b0:26:f7:80:44:34:c1:c3:3a:aa:32:77:71:d8:fb:
                    02:5a:91:fd:df:cc:1d:01:c0:98:66:4d:67:f5:f0:
                    f9:44:f5:e2:13:51:50:15:b1:1e:de:17:a6:de:c7:
                    c0:df:ff:c2:b2:19:32:d3:49:18:eb:d1:d3:45:3d:
                    da:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:02:D7:FE:08:87:24:8A:56:25:8F:96:60:14:F9:43:7D:8C:3D:CF
            X509v3 Authority Key Identifier:
                keyid:50:F5:FE:99:BC:22:32:88:71:16:FD:AC:82:D4:08:2A:DB:C6:AC:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UPX-mbwiMohxFv2sgtQIKtvGrLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/77fa2a-13fc-4da6-aebb-7456f430c3f1/1/UALX_giHJIpWJY-WYBT5Q32MPc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/77fa2a-13fc-4da6-aebb-7456f430c3f1/1/UPX-mbwiMohxFv2sgtQIKtvGrLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.121.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         66:3a:4f:f4:d6:4f:63:e9:a2:17:6b:6d:7d:cd:57:06:1e:50:
         bc:ec:91:f0:e5:ad:dd:cd:a8:73:8a:58:4e:67:fd:78:4d:64:
         44:48:12:df:1e:93:f6:16:56:91:bc:63:11:0c:76:5c:79:65:
         e1:34:13:0b:57:e4:1a:cc:3e:fd:8b:58:1c:2c:6a:f4:fe:65:
         fb:e9:f9:e7:17:90:8d:a0:f8:fd:30:4b:33:ac:73:35:50:b3:
         1e:cf:a7:b1:6a:1e:81:fe:7d:67:91:3d:46:ca:b0:49:43:7c:
         13:94:22:e7:50:d2:bf:cc:14:56:14:f2:c6:92:c3:bf:45:e5:
         a9:93:0b:90:99:3d:1a:45:13:3d:3f:27:5f:b1:51:79:47:18:
         a6:62:ed:26:fb:e6:49:4e:a8:ff:68:74:f7:8c:b5:25:39:a1:
         33:ac:16:ad:0c:58:96:c9:bd:99:47:29:08:29:52:1c:f2:60:
         03:37:f9:70:81:22:89:9c:f7:d3:f5:33:1f:51:aa:e8:f3:90:
         0e:a9:55:e1:41:85:d5:0c:96:1f:70:70:13:25:40:75:fe:e0:
         26:c3:f7:ac:29:e2:3f:8e:6d:19:91:66:a3:c5:3f:ed:51:72:
         79:de:3d:ef:53:19:e5:04:ad:66:c8:50:ac:1a:4b:f6:f6:cc:
         14:f7:be:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnNv3DO0TVcMOnYtxRpq9T4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwZjVmZTk5YmMyMjMyODg3MTE2ZmRhYzgyZDQwODJhZGJj
NmFjYjcwHhcNMjUxMDEwMTA1MTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDAyZDdmZTA4ODcyNDhhNTYyNThmOTY2MDE0Zjk0MzdkOGMzZGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7YzJwqKuRzVf8vXS1eTr9kqNLU4
97GMaRGpJFjsGJgiX2impg2kHuxs0j8j/Tq9xkza/FzFHTKMIjPbsVd3ZZ8Jd5OU
qCsXbVYxcVJeShNe3Eu40EAhZD/yBncTmgyL+5c8HaHCmT1bD9WBhp01Fr3iAly4
yajjAi3H0BPuutX7vG/OdVw4HWXiT3gZzj43heZBozpynt66TbzIAJC9jzPwUabq
JuRd6CBcKpoXrHwjVGguCjsFqMi4pARwfbTQV9OwJveARDTBwzqqMndx2PsCWpH9
38wdAcCYZk1n9fD5RPXiE1FQFbEe3hem3sfA3//Cshky00kY69HTRT3a8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFAC1/4IhySKViWPlmAU+UN9jD3PMB8GA1UdIwQY
MBaAFFD1/pm8IjKIcRb9rILUCCrbxqy3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVBYLW1id2lNb2h4RnYyc2d0UUlLdHZHckxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC83N2ZhMmEtMTNmYy00ZGE2LWFlYmIt
NzQ1NmY0MzBjM2YxLzEvVUFMWF9naUhKSXBXSlktV1lCVDVRMzJNUGM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC83N2ZhMmEtMTNmYy00ZGE2LWFlYmItNzQ1NmY0MzBjM2Yx
LzEvVVBYLW1id2lNb2h4RnYyc2d0UUlLdHZHckxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFsHngMA0G
CSqGSIb3DQEBCwUAA4IBAQBmOk/01k9j6aIXa219zVcGHlC87JHw5a3dzahzilhO
Z/14TWRESBLfHpP2FlaRvGMRDHZceWXhNBMLV+QazD79i1gcLGr0/mX76fnnF5CN
oPj9MEszrHM1ULMez6exah6B/n1nkT1GyrBJQ3wTlCLnUNK/zBRWFPLGksO/ReWp
kwuQmT0aRRM9PydfsVF5RximYu0m++ZJTqj/aHT3jLUlOaEzrBatDFiWyb2ZRykI
KVIc8mADN/lwgSKJnPfT9TMfUaro85AOqVXhQYXVDJYfcHATJUB1/uAmw/esKeI/
jm0ZkWajxT/tUXJ53j3vUxnlBK1myFCsGkv29swU974E
-----END CERTIFICATE-----