Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/0ulj6TxYQNftbWoJpBbn4rmatg4.roa
File:                     0ulj6TxYQNftbWoJpBbn4rmatg4.roa (raw, json)
Hash identifier:          uw+D1myCkY+4J2fVWJpPMegABmujI3DhsPjQzwblvXc=
Subject key identifier:   D2:E9:63:E9:3C:58:40:D7:ED:6D:6A:09:A4:16:E7:E2:B9:9A:B6:0E
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B6270045F8DCED16EFD7BF3A301CA7
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/0ulj6TxYQNftbWoJpBbn4rmatg4.roa
Signing time:             Mon 14 Jul 2025 16:13:08 +0000
ROA not before:           Mon 14 Jul 2025 16:13:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209728
IP address blocks:        193.34.235.0/24 maxlen: 24
                          193.168.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 06:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b6:27:00:45:f8:dc:ed:16:ef:d7:bf:3a:30:1c:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:13:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d2e963e93c5840d7ed6d6a09a416e7e2b99ab60e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:82:94:1e:3e:33:80:50:26:52:0b:4d:b1:42:
                    09:0f:76:d7:a3:4f:56:d1:6f:ef:17:b3:a7:95:38:
                    f2:d5:df:9b:dd:bd:a3:a0:c3:d6:99:5f:5b:26:3e:
                    bb:39:1a:40:dc:64:f6:6a:30:78:cb:aa:bb:a6:53:
                    31:7c:f9:e8:66:30:98:be:54:e8:dd:57:7e:16:c6:
                    a4:2c:aa:5d:16:63:9b:e8:c4:7b:0e:30:5a:a6:6f:
                    31:22:9f:41:6f:91:da:88:e4:bc:ff:c9:a5:91:f2:
                    22:33:fb:fa:51:f9:12:93:31:41:d5:6d:f8:49:a1:
                    35:07:2c:e6:e3:74:30:17:14:bb:96:95:61:81:c5:
                    f4:d2:9f:1c:ad:33:18:d0:a7:b1:6d:48:9c:d8:e2:
                    bb:c1:53:21:a3:51:21:b3:ad:9f:64:9c:96:25:6a:
                    e3:1e:23:af:9e:8b:0f:29:ed:18:25:b0:16:ff:5a:
                    a1:6d:cd:a2:e2:e4:a5:7e:c5:f6:39:f3:39:91:cb:
                    9d:03:9c:d0:fb:46:13:80:2b:64:63:15:93:66:2b:
                    ad:8e:31:55:11:08:61:b9:8a:d8:f7:4a:e6:81:64:
                    79:64:37:f4:70:00:cf:9e:25:48:82:1c:a6:e8:ab:
                    a0:cc:a1:ad:f2:cb:51:eb:b9:cc:b8:e5:d0:6f:0e:
                    36:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:E9:63:E9:3C:58:40:D7:ED:6D:6A:09:A4:16:E7:E2:B9:9A:B6:0E
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/0ulj6TxYQNftbWoJpBbn4rmatg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.235.0/24
                  193.168.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:44:85:b7:38:ed:e2:28:17:59:cb:1f:24:2a:0a:1c:21:1e:
         8d:79:33:51:ba:f6:0e:56:be:10:0a:89:e6:94:61:82:15:a6:
         9d:c6:74:c6:b7:ed:d7:74:ee:22:83:b5:42:b2:3a:1b:e5:13:
         3d:85:8e:20:72:7a:f0:f6:9f:c0:b9:59:a0:75:e2:90:20:d5:
         b1:2e:f9:83:d8:e9:18:cf:85:6d:a8:f6:26:1e:e6:3d:23:7a:
         bc:1a:41:a4:c8:94:80:f8:f4:ad:50:0e:40:2c:28:05:68:91:
         f3:b0:b1:e7:a6:be:44:98:ed:d3:c8:32:82:d7:fc:c9:64:78:
         ee:34:06:0b:01:f7:c7:10:92:16:7f:56:c5:44:78:35:3a:9a:
         37:e8:7b:a5:59:a9:98:42:6f:e3:ce:f4:10:99:9b:df:3b:dd:
         24:48:8c:e9:36:63:20:e8:c6:06:d8:b0:05:2a:e8:bb:f5:be:
         b5:32:b7:25:81:e0:5e:7a:01:87:1e:48:96:25:cb:3f:c9:8c:
         52:df:94:47:18:50:cb:a4:4e:22:9d:a3:ff:5f:22:03:d9:27:
         6b:bf:d2:50:0c:4e:0f:8b:05:c3:7d:21:50:ed:1e:37:8c:7f:
         d0:02:83:db:7c:06:b1:e7:04:d7:74:27:3f:00:ca:8b:40:7d:
         d4:c2:50:d1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgJticARfjc7Rbv1786MBynMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYxMzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmU5NjNlOTNjNTg0MGQ3ZWQ2ZDZhMDlhNDE2ZTdlMmI5OWFiNjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyoKUHj4zgFAmUgtNsUIJD3bXo09W
0W/vF7OnlTjy1d+b3b2joMPWmV9bJj67ORpA3GT2ajB4y6q7plMxfPnoZjCYvlTo
3Vd+FsakLKpdFmOb6MR7DjBapm8xIp9Bb5HaiOS8/8mlkfIiM/v6UfkSkzFB1W34
SaE1Byzm43QwFxS7lpVhgcX00p8crTMY0KexbUic2OK7wVMho1Ehs62fZJyWJWrj
HiOvnosPKe0YJbAW/1qhbc2i4uSlfsX2OfM5kcudA5zQ+0YTgCtkYxWTZiutjjFV
EQhhuYrY90rmgWR5ZDf0cADPniVIghym6KugzKGt8stR67nMuOXQbw42YQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNLpY+k8WEDX7W1qCaQW5+K5mrYOMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvMHVsajZUeFlRTmZ0YldvSnBCYm40cm1hdGc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwSLrAwQA
wajhMA0GCSqGSIb3DQEBCwUAA4IBAQCnRIW3OO3iKBdZyx8kKgocIR6NeTNRuvYO
Vr4QConmlGGCFaadxnTGt+3XdO4ig7VCsjob5RM9hY4gcnrw9p/AuVmgdeKQINWx
LvmD2OkYz4VtqPYmHuY9I3q8GkGkyJSA+PStUA5ALCgFaJHzsLHnpr5EmO3TyDKC
1/zJZHjuNAYLAffHEJIWf1bFRHg1Opo36HulWamYQm/jzvQQmZvfO90kSIzpNmMg
6MYG2LAFKui79b61MrclgeBeegGHHkiWJcs/yYxS35RHGFDLpE4inaP/XyID2Sdr
v9JQDE4PiwXDfSFQ7R43jH/QAoPbfAax5wTXdCc/AMqLQH3UwlDR
-----END CERTIFICATE-----