Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/4fbe10-9487-4115-9856-beb70fd415ca/1/uiAj7bl-SXv7JRxYm2NXVOyGIhs.roa
File:                     uiAj7bl-SXv7JRxYm2NXVOyGIhs.roa (raw, json)
Hash identifier:          a//eeH8sFnN4/flxUlmU/77Maqj7B9717/MAcvQSTcQ=
Subject key identifier:   BA:20:23:ED:B9:7E:49:7B:FB:25:1C:58:9B:63:57:54:EC:86:22:1B
Certificate issuer:       /CN=f57a4812a159ef6a9e92972e7572ad662d72215a
Certificate serial:       01992604F9172CA2A2E4E9B6590566CEE6C6
Authority key identifier: F5:7A:48:12:A1:59:EF:6A:9E:92:97:2E:75:72:AD:66:2D:72:21:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9XpIEqFZ72qekpcudXKtZi1yIVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/4fbe10-9487-4115-9856-beb70fd415ca/1/uiAj7bl-SXv7JRxYm2NXVOyGIhs.roa
Signing time:             Sun 07 Sep 2025 21:11:23 +0000
ROA not before:           Sun 07 Sep 2025 21:11:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47288
IP address blocks:        185.154.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/4fbe10-9487-4115-9856-beb70fd415ca/1/9XpIEqFZ72qekpcudXKtZi1yIVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/4fbe10-9487-4115-9856-beb70fd415ca/1/9XpIEqFZ72qekpcudXKtZi1yIVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9XpIEqFZ72qekpcudXKtZi1yIVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:26:04:f9:17:2c:a2:a2:e4:e9:b6:59:05:66:ce:e6:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f57a4812a159ef6a9e92972e7572ad662d72215a
        Validity
            Not Before: Sep  7 21:11:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba2023edb97e497bfb251c589b635754ec86221b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:51:fd:a4:01:d7:c2:9a:4e:5e:82:57:fa:f8:
                    bc:b1:7b:89:82:8f:61:1c:45:eb:e6:c0:bf:4e:0b:
                    57:c1:2a:a3:58:c6:2d:61:e0:c7:d9:a4:3a:0c:86:
                    b3:31:42:56:49:0f:98:45:8f:c3:aa:3b:ff:83:ee:
                    70:16:a9:29:e1:fa:1d:36:eb:dc:57:d3:75:2d:5f:
                    93:65:51:6c:96:eb:2f:ad:55:47:18:ee:c4:e3:8a:
                    61:42:39:c2:3e:33:d5:47:e3:49:aa:ed:b0:c9:83:
                    5f:3d:56:95:18:9b:75:7d:b5:6a:34:d1:f8:b6:b2:
                    6b:7f:bb:9a:48:31:c4:66:97:39:14:59:f6:8f:d3:
                    24:52:f7:4f:e6:6d:52:29:01:fc:e7:a2:cf:8b:ac:
                    1a:ad:f9:15:78:b7:4f:01:29:35:88:35:0f:4c:1e:
                    d7:bb:f8:42:0d:e1:c1:59:62:47:bb:9d:e6:fa:b8:
                    3a:16:f3:97:ad:c9:11:c9:b3:91:2f:e6:e6:d8:ae:
                    0c:b9:ca:ae:4c:75:e7:e0:10:c6:7d:9b:85:ed:a7:
                    07:3a:d5:b5:d2:25:c7:01:34:e3:40:69:c2:40:08:
                    c5:28:99:34:8c:39:d8:5b:fb:63:93:5a:cd:91:27:
                    4d:b2:34:9a:3a:91:98:0d:9a:01:1b:ae:3b:c5:d8:
                    06:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:20:23:ED:B9:7E:49:7B:FB:25:1C:58:9B:63:57:54:EC:86:22:1B
            X509v3 Authority Key Identifier:
                keyid:F5:7A:48:12:A1:59:EF:6A:9E:92:97:2E:75:72:AD:66:2D:72:21:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9XpIEqFZ72qekpcudXKtZi1yIVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/4fbe10-9487-4115-9856-beb70fd415ca/1/uiAj7bl-SXv7JRxYm2NXVOyGIhs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/4fbe10-9487-4115-9856-beb70fd415ca/1/9XpIEqFZ72qekpcudXKtZi1yIVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.154.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:21:7b:fd:61:25:64:91:59:d8:ca:aa:06:30:d9:7a:0a:ed:
         1a:68:34:b7:82:67:df:fb:93:ed:a1:b1:d4:5f:6a:a9:f0:d3:
         c8:49:38:f9:be:5c:c6:5d:cf:43:34:65:25:b3:79:6a:65:7c:
         44:c9:6c:8f:06:15:69:e5:7d:b0:2c:fc:76:9c:05:13:ca:06:
         51:41:62:6e:17:bf:cc:e3:1e:27:3e:f0:dc:5d:bb:c0:05:24:
         47:4e:76:45:80:31:a7:60:e2:65:47:4f:b3:6c:da:8c:51:8f:
         ce:84:d9:d3:6f:9c:b0:c2:f6:f6:c8:5c:f1:48:00:a1:12:c4:
         12:ee:2a:dc:61:bd:44:8a:6e:d0:8e:a9:a7:bd:4f:ec:ec:e0:
         45:c0:29:43:1c:4b:88:cc:11:da:c9:93:e4:95:12:56:b0:35:
         09:1d:f2:c5:4d:32:a7:1d:95:fb:61:7c:f8:74:ea:c1:2e:59:
         4f:6a:94:8f:6e:b5:4e:24:ef:99:22:0b:71:6b:d6:e9:19:63:
         c4:24:6c:37:11:26:fc:97:72:cb:fb:7f:45:f8:0a:0e:89:05:
         f9:06:9f:2e:da:b1:29:d0:e5:e7:28:74:dc:aa:20:7f:4c:0f:
         a8:65:bf:dc:5d:1f:eb:21:60:7a:d2:81:ad:e3:be:85:9d:2c:
         84:93:f5:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkmBPkXLKKi5Om2WQVmzubGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1N2E0ODEyYTE1OWVmNmE5ZTkyOTcyZTc1NzJhZDY2MmQ3
MjIxNWEwHhcNMjUwOTA3MjExMTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTIwMjNlZGI5N2U0OTdiZmIyNTFjNTg5YjYzNTc1NGVjODYyMjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVH9pAHXwppOXoJX+vi8sXuJgo9h
HEXr5sC/TgtXwSqjWMYtYeDH2aQ6DIazMUJWSQ+YRY/Dqjv/g+5wFqkp4fodNuvc
V9N1LV+TZVFslusvrVVHGO7E44phQjnCPjPVR+NJqu2wyYNfPVaVGJt1fbVqNNH4
trJrf7uaSDHEZpc5FFn2j9MkUvdP5m1SKQH856LPi6warfkVeLdPASk1iDUPTB7X
u/hCDeHBWWJHu53m+rg6FvOXrckRybORL+bm2K4MucquTHXn4BDGfZuF7acHOtW1
0iXHATTjQGnCQAjFKJk0jDnYW/tjk1rNkSdNsjSaOpGYDZoBG647xdgGMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLogI+25fkl7+yUcWJtjV1TshiIbMB8GA1UdIwQY
MBaAFPV6SBKhWe9qnpKXLnVyrWYtciFaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVhwSUVxRlo3MnFla3BjdWRYS3RaaTF5SVZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy80ZmJlMTAtOTQ4Ny00MTE1LTk4NTYt
YmViNzBmZDQxNWNhLzEvdWlBajdibC1TWHY3SlJ4WW0yTlhWT3lHSWhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy80ZmJlMTAtOTQ4Ny00MTE1LTk4NTYtYmViNzBmZDQxNWNh
LzEvOVhwSUVxRlo3MnFla3BjdWRYS3RaaTF5SVZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZqBMA0G
CSqGSIb3DQEBCwUAA4IBAQA3IXv9YSVkkVnYyqoGMNl6Cu0aaDS3gmff+5PtobHU
X2qp8NPISTj5vlzGXc9DNGUls3lqZXxEyWyPBhVp5X2wLPx2nAUTygZRQWJuF7/M
4x4nPvDcXbvABSRHTnZFgDGnYOJlR0+zbNqMUY/OhNnTb5ywwvb2yFzxSAChEsQS
7ircYb1Eim7QjqmnvU/s7OBFwClDHEuIzBHayZPklRJWsDUJHfLFTTKnHZX7YXz4
dOrBLllPapSPbrVOJO+ZIgtxa9bpGWPEJGw3ESb8l3LL+39F+AoOiQX5Bp8u2rEp
0OXnKHTcqiB/TA+oZb/cXR/rIWB60oGt476FnSyEk/UL
-----END CERTIFICATE-----