Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/UEFTphc5r_X08VC4KXcQxiS2shg.roa
File:                     UEFTphc5r_X08VC4KXcQxiS2shg.roa (raw, json)
Hash identifier:          7dECbcqaLL4E/mWcxOkfhjwmM0MPjpjuitKlI7h4KmU=
Subject key identifier:   50:41:53:A6:17:39:AF:F5:F4:F1:50:B8:29:77:10:C6:24:B6:B2:18
Certificate issuer:       /CN=189d6b55d6a688ee5e3381883bb5af68433276e3
Certificate serial:       01996290D85A8FC217C6AD61D6723D079576
Authority key identifier: 18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/UEFTphc5r_X08VC4KXcQxiS2shg.roa
Signing time:             Fri 19 Sep 2025 15:21:23 +0000
ROA not before:           Fri 19 Sep 2025 15:21:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214630
IP address blocks:        2a11:3b40::/32 maxlen: 32
                          2a12:6640::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 13:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:62:90:d8:5a:8f:c2:17:c6:ad:61:d6:72:3d:07:95:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=189d6b55d6a688ee5e3381883bb5af68433276e3
        Validity
            Not Before: Sep 19 15:21:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=504153a61739aff5f4f150b8297710c624b6b218
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:da:6d:a4:7e:9e:8d:6d:16:73:f9:25:e8:69:
                    82:16:30:1a:15:d4:4d:2f:de:e0:29:05:84:ad:bc:
                    cd:be:d1:c6:ba:1a:ca:d6:c7:61:a4:e9:b5:99:66:
                    64:5c:5a:c4:1f:10:7e:3f:da:bf:0c:8d:72:b8:fa:
                    a5:70:36:66:b1:e2:84:01:b2:f4:0d:13:7e:f3:0c:
                    c3:c7:2f:80:6f:26:e5:70:46:21:99:42:09:a6:8c:
                    7e:37:68:b3:28:85:51:ea:50:02:c7:f7:2e:ad:70:
                    5b:21:67:52:77:94:dd:78:9b:6d:74:88:bd:4f:2c:
                    70:32:73:fd:f0:f6:99:bb:65:95:90:84:d0:e2:88:
                    d4:75:3a:1e:0c:bf:f1:40:cc:98:13:31:ed:e2:fe:
                    0a:ca:d6:55:0b:21:af:5f:d4:15:68:8f:86:66:48:
                    36:5a:0c:ad:3a:37:70:c7:32:f1:49:5c:6a:2d:81:
                    d8:9b:2e:58:a3:56:ac:3c:fd:21:64:ff:1e:48:bf:
                    85:be:35:9d:13:36:93:68:c0:48:33:1a:12:16:a2:
                    1d:2b:72:92:18:61:98:af:26:ae:cb:ed:4e:60:69:
                    40:89:7d:fb:71:0f:aa:e1:10:a0:b6:61:36:be:7c:
                    a8:78:2e:ad:5a:7b:d3:85:80:b0:91:26:b7:d2:aa:
                    82:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:41:53:A6:17:39:AF:F5:F4:F1:50:B8:29:77:10:C6:24:B6:B2:18
            X509v3 Authority Key Identifier:
                keyid:18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/UEFTphc5r_X08VC4KXcQxiS2shg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:3b40::/32
                  2a12:6640::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:b3:19:12:73:3c:f8:64:54:91:ce:a6:14:37:22:e7:dc:cc:
         bb:69:72:21:d5:af:93:ef:e1:0c:bf:48:de:e8:82:97:ad:f7:
         0b:33:c5:85:93:73:57:3c:9f:d3:ab:3a:74:62:50:61:97:61:
         be:3c:4c:8b:74:56:56:78:9a:76:88:9f:a9:fb:aa:8b:ab:37:
         05:93:f1:b7:88:e8:f9:35:b6:a9:c8:bb:d5:a2:4d:c5:3d:4f:
         1f:58:6a:c7:d4:7b:86:55:49:9b:4f:c9:67:11:04:8d:a3:74:
         e0:b9:b0:38:26:10:10:3f:af:c8:7b:7e:23:21:7f:df:22:b5:
         8a:d0:5d:d0:fa:9c:78:03:9f:c5:ef:d4:e0:82:aa:26:7c:2a:
         60:db:79:6d:e8:97:c1:58:52:f9:13:30:ff:27:8a:4d:5f:df:
         4e:d8:ee:d1:b5:8c:c9:1b:3b:bc:1b:75:c1:fd:c5:4e:cb:39:
         ba:09:d2:19:84:71:3f:0e:55:5a:73:c0:23:76:21:d2:58:1a:
         1d:4a:7f:1c:05:f3:03:9a:0f:2c:3c:ae:9d:ef:7b:f5:ab:96:
         79:9d:97:18:05:ea:8c:33:86:9c:5a:21:e0:d6:f2:87:a8:ee:
         f7:3b:1b:bb:d4:3e:e3:a0:25:52:8c:a7:77:38:3f:90:79:c8:
         c2:bf:ec:06
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZlikNhaj8IXxq1h1nI9B5V2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4OWQ2YjU1ZDZhNjg4ZWU1ZTMzODE4ODNiYjVhZjY4NDMz
Mjc2ZTMwHhcNMjUwOTE5MTUyMTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDQxNTNhNjE3MzlhZmY1ZjRmMTUwYjgyOTc3MTBjNjI0YjZiMjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNptpH6ejW0Wc/kl6GmCFjAaFdRN
L97gKQWErbzNvtHGuhrK1sdhpOm1mWZkXFrEHxB+P9q/DI1yuPqlcDZmseKEAbL0
DRN+8wzDxy+AbyblcEYhmUIJpox+N2izKIVR6lACx/curXBbIWdSd5TdeJttdIi9
TyxwMnP98PaZu2WVkITQ4ojUdToeDL/xQMyYEzHt4v4KytZVCyGvX9QVaI+GZkg2
WgytOjdwxzLxSVxqLYHYmy5Yo1asPP0hZP8eSL+FvjWdEzaTaMBIMxoSFqIdK3KS
GGGYryauy+1OYGlAiX37cQ+q4RCgtmE2vnyoeC6tWnvThYCwkSa30qqCaQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFBBU6YXOa/19PFQuCl3EMYktrIYMB8GA1UdIwQY
MBaAFBida1XWpojuXjOBiDu1r2hDMnbjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUt
YTJhNGM2YTYyMWNkLzEvVUVGVHBoYzVyX1gwOFZDNEtYY1F4aVMyc2hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUtYTJhNGM2YTYyMWNk
LzEvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhE7QAMF
ACoSZkAwDQYJKoZIhvcNAQELBQADggEBAECzGRJzPPhkVJHOphQ3IufczLtpciHV
r5Pv4Qy/SN7ogpet9wszxYWTc1c8n9OrOnRiUGGXYb48TIt0VlZ4mnaIn6n7qour
NwWT8beI6Pk1tqnIu9WiTcU9Tx9YasfUe4ZVSZtPyWcRBI2jdOC5sDgmEBA/r8h7
fiMhf98itYrQXdD6nHgDn8Xv1OCCqiZ8KmDbeW3ol8FYUvkTMP8nik1f307Y7tG1
jMkbO7wbdcH9xU7LOboJ0hmEcT8OVVpzwCN2IdJYGh1KfxwF8wOaDyw8rp3ve/Wr
lnmdlxgF6owzhpxaIeDW8oeo7vc7G7vUPuOgJVKMp3c4P5B5yMK/7AY=
-----END CERTIFICATE-----