Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/UM40IJoMbmC2E6_NVNk7myz37CE.roa
File:                     UM40IJoMbmC2E6_NVNk7myz37CE.roa (raw, json)
Hash identifier:          ho6wywXgZcMzdgmZ/BHVUcsSpC5snRTwoXFhr5WOwMg=
Subject key identifier:   50:CE:34:20:9A:0C:6E:60:B6:13:AF:CD:54:D9:3B:9B:2C:F7:EC:21
Certificate issuer:       /CN=4ee843a85dd664e9dc0310892bd7dd9ce52591c7
Certificate serial:       0197C5ECD82875E053FECFF90B3EBE2EF9BD
Authority key identifier: 4E:E8:43:A8:5D:D6:64:E9:DC:03:10:89:2B:D7:DD:9C:E5:25:91:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/UM40IJoMbmC2E6_NVNk7myz37CE.roa
Signing time:             Tue 01 Jul 2025 12:18:42 +0000
ROA not before:           Tue 01 Jul 2025 12:18:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50056
IP address blocks:        185.217.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 17:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c5:ec:d8:28:75:e0:53:fe:cf:f9:0b:3e:be:2e:f9:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ee843a85dd664e9dc0310892bd7dd9ce52591c7
        Validity
            Not Before: Jul  1 12:18:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50ce34209a0c6e60b613afcd54d93b9b2cf7ec21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:06:37:55:11:88:af:aa:54:7b:6d:92:55:b7:
                    7d:fa:44:9d:b1:81:8c:3d:6c:0d:ee:eb:ce:ea:ef:
                    16:9d:94:fa:50:d2:ed:4a:0d:32:24:94:59:c2:c0:
                    20:94:c7:a8:9b:57:8a:31:4b:81:5c:cb:c4:b2:02:
                    96:53:6f:0f:ba:a9:fa:c1:06:a3:89:3f:46:7b:3f:
                    0b:58:e2:46:86:d8:14:00:34:95:e2:d3:fc:e0:54:
                    5b:8a:bc:97:1e:e5:57:0f:f8:e0:4d:6d:58:ce:a8:
                    f0:6f:2c:44:ce:5d:f8:81:a4:92:49:a0:31:76:e3:
                    dc:8b:8f:b5:2a:bb:92:c0:c2:59:0c:72:86:8a:89:
                    02:f1:f2:bf:f5:46:12:a1:99:3b:f8:47:fc:c6:45:
                    0f:16:c8:9a:07:11:37:b3:28:6d:8d:6a:df:94:ca:
                    8a:64:49:61:1a:89:d0:13:4a:72:ab:8f:65:f5:fb:
                    d5:ff:d9:25:25:4b:03:b0:24:d7:d3:81:3a:ac:51:
                    09:d0:7b:79:4c:33:dd:7e:a8:60:61:23:5c:33:f4:
                    46:e3:e7:7f:3a:2c:62:f5:3e:ed:37:f7:ad:b7:6c:
                    0f:76:85:43:92:49:9f:30:90:49:fe:30:9c:49:e3:
                    1a:d1:83:f6:e7:df:1c:83:0a:a9:34:42:4b:63:3e:
                    06:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:CE:34:20:9A:0C:6E:60:B6:13:AF:CD:54:D9:3B:9B:2C:F7:EC:21
            X509v3 Authority Key Identifier:
                keyid:4E:E8:43:A8:5D:D6:64:E9:DC:03:10:89:2B:D7:DD:9C:E5:25:91:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/UM40IJoMbmC2E6_NVNk7myz37CE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:64:7e:50:d6:cc:f6:25:58:be:53:80:3d:10:99:8b:6e:0b:
         99:0b:ff:dd:10:2a:34:4a:0b:f6:e4:a2:a7:d2:5f:a5:78:ae:
         ed:28:d0:84:7e:63:14:e1:0b:30:d5:f2:b7:6d:b7:48:7e:a1:
         69:91:9e:a6:a0:80:82:21:a4:fd:92:9b:e6:f9:d8:71:da:47:
         54:ef:2a:72:b6:65:aa:74:d3:15:1d:b0:19:7c:22:98:00:e8:
         3b:9e:86:bc:d0:8a:83:e6:c8:dd:7c:0d:56:0a:9e:e0:6c:e0:
         58:70:0e:16:54:9f:8b:76:b0:73:2c:3b:28:34:c5:ea:81:3a:
         8a:17:4d:02:44:d9:9a:46:ae:a2:0d:56:3d:0a:56:24:39:b4:
         01:89:cd:44:c9:5f:c4:a7:eb:84:5b:e5:3d:e4:f0:52:f4:87:
         61:af:ef:07:55:52:9a:9b:80:eb:2f:95:9d:30:54:de:9f:29:
         3f:f6:1b:4a:82:e6:b0:f4:13:24:bf:a1:1e:3d:6d:e2:f6:54:
         bf:25:25:df:4b:a2:07:6c:2e:f0:22:33:ab:fc:58:92:91:a0:
         85:c6:79:54:cb:49:ee:39:a6:1f:ec:67:dc:70:de:a0:2c:2d:
         aa:9f:41:61:58:eb:13:64:9d:22:6c:aa:94:c2:05:7f:e4:c9:
         cf:56:e9:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfF7NgodeBT/s/5Cz6+Lvm9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZTg0M2E4NWRkNjY0ZTlkYzAzMTA4OTJiZDdkZDljZTUy
NTkxYzcwHhcNMjUwNzAxMTIxODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGNlMzQyMDlhMGM2ZTYwYjYxM2FmY2Q1NGQ5M2I5YjJjZjdlYzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyQY3VRGIr6pUe22SVbd9+kSdsYGM
PWwN7uvO6u8WnZT6UNLtSg0yJJRZwsAglMeom1eKMUuBXMvEsgKWU28Puqn6wQaj
iT9Gez8LWOJGhtgUADSV4tP84FRbiryXHuVXD/jgTW1YzqjwbyxEzl34gaSSSaAx
duPci4+1KruSwMJZDHKGiokC8fK/9UYSoZk7+Ef8xkUPFsiaBxE3syhtjWrflMqK
ZElhGonQE0pyq49l9fvV/9klJUsDsCTX04E6rFEJ0Ht5TDPdfqhgYSNcM/RG4+d/
Oixi9T7tN/ett2wPdoVDkkmfMJBJ/jCcSeMa0YP2598cgwqpNEJLYz4G5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFDONCCaDG5gthOvzVTZO5ss9+whMB8GA1UdIwQY
MBaAFE7oQ6hd1mTp3AMQiSvX3ZzlJZHHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHVoRHFGM1daT25jQXhDSks5ZmRuT1Vsa2NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9hZGFkMjAtYzUxMi00ZmIwLWExMjct
NDhjZjQxMmIzODdiLzEvVU00MElKb01ibUMyRTZfTlZOazdteXozN0NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9hZGFkMjAtYzUxMi00ZmIwLWExMjctNDhjZjQxMmIzODdi
LzEvVHVoRHFGM1daT25jQXhDSks5ZmRuT1Vsa2NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudmlMA0G
CSqGSIb3DQEBCwUAA4IBAQCnZH5Q1sz2JVi+U4A9EJmLbguZC//dECo0Sgv25KKn
0l+leK7tKNCEfmMU4Qsw1fK3bbdIfqFpkZ6moICCIaT9kpvm+dhx2kdU7ypytmWq
dNMVHbAZfCKYAOg7noa80IqD5sjdfA1WCp7gbOBYcA4WVJ+LdrBzLDsoNMXqgTqK
F00CRNmaRq6iDVY9ClYkObQBic1EyV/Ep+uEW+U95PBS9Idhr+8HVVKam4DrL5Wd
MFTenyk/9htKguaw9BMkv6EePW3i9lS/JSXfS6IHbC7wIjOr/FiSkaCFxnlUy0nu
OaYf7GfccN6gLC2qn0FhWOsTZJ0ibKqUwgV/5MnPVulP
-----END CERTIFICATE-----