Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/UU-ZPgHLSl7n9-aFlFBn6cpPmcU.roa
File:                     UU-ZPgHLSl7n9-aFlFBn6cpPmcU.roa (raw, json)
Hash identifier:          Q6YDAvzuzbvQcAN8CcizevWV2gHJhbtqI7OUoG4zkxk=
Subject key identifier:   51:4F:99:3E:01:CB:4A:5E:E7:F7:E6:85:94:50:67:E9:CA:4F:99:C5
Certificate issuer:       /CN=03cbdb0595fc48902938a78f42c1eaf0a159bf46
Certificate serial:       019A1273FE935248B701BE5C353FDDFD8AFE
Authority key identifier: 03:CB:DB:05:95:FC:48:90:29:38:A7:8F:42:C1:EA:F0:A1:59:BF:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A8vbBZX8SJApOKePQsHq8KFZv0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/UU-ZPgHLSl7n9-aFlFBn6cpPmcU.roa
Signing time:             Thu 23 Oct 2025 19:03:02 +0000
ROA not before:           Thu 23 Oct 2025 19:03:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34696
IP address blocks:        185.128.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/A8vbBZX8SJApOKePQsHq8KFZv0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/A8vbBZX8SJApOKePQsHq8KFZv0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A8vbBZX8SJApOKePQsHq8KFZv0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Oct 2025 22:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:12:73:fe:93:52:48:b7:01:be:5c:35:3f:dd:fd:8a:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03cbdb0595fc48902938a78f42c1eaf0a159bf46
        Validity
            Not Before: Oct 23 19:03:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=514f993e01cb4a5ee7f7e685945067e9ca4f99c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b1:c8:35:69:05:46:eb:d0:ef:ac:27:d0:9a:
                    c2:5b:bc:6b:f9:d7:09:f8:84:d6:64:2f:bc:43:41:
                    ae:6b:d7:39:ca:83:cd:ba:09:9e:d6:7b:44:4b:e7:
                    56:ea:dd:d0:10:8b:61:68:88:f0:ca:e2:d3:8c:e2:
                    5d:0b:c6:64:24:0c:e7:b8:63:7d:21:cf:a1:e3:00:
                    22:05:f8:ea:08:4b:d8:cc:5a:eb:73:a5:27:84:e6:
                    23:e1:d0:63:c6:e1:7a:ff:8e:04:f8:54:ce:d8:10:
                    8d:5c:11:26:a6:c4:dc:b7:61:4b:20:53:11:9f:57:
                    8a:2a:89:a3:ee:3c:30:a0:67:af:24:0c:b4:83:d5:
                    28:0c:ad:0d:06:87:36:9b:ea:29:5b:a7:05:4d:42:
                    61:a1:6b:25:9d:43:32:95:50:27:f5:96:ac:9d:87:
                    d2:7e:22:08:a4:f2:f4:21:7a:cd:63:7a:36:20:31:
                    a0:8f:7f:92:e6:50:be:60:c8:48:08:c5:58:32:f5:
                    a0:f6:69:1f:56:62:b1:04:38:e2:3d:c9:92:99:95:
                    c5:eb:36:11:29:4e:b3:70:fb:67:27:e8:95:6b:01:
                    59:fa:8d:f0:7b:f1:40:d8:ff:f6:3e:1f:49:ef:a4:
                    3a:a0:77:a0:e4:2d:d5:02:11:34:5b:94:26:a8:54:
                    6e:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:4F:99:3E:01:CB:4A:5E:E7:F7:E6:85:94:50:67:E9:CA:4F:99:C5
            X509v3 Authority Key Identifier:
                keyid:03:CB:DB:05:95:FC:48:90:29:38:A7:8F:42:C1:EA:F0:A1:59:BF:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A8vbBZX8SJApOKePQsHq8KFZv0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/UU-ZPgHLSl7n9-aFlFBn6cpPmcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/A8vbBZX8SJApOKePQsHq8KFZv0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:d9:7d:8e:aa:bb:19:4a:f1:7f:04:cd:cc:a1:e4:cd:c4:d8:
         92:85:6a:8d:98:8d:8a:af:44:17:bf:ae:d7:42:c2:8d:ed:e6:
         16:e6:42:fc:ec:72:ec:c8:67:3c:c7:6d:46:a4:99:db:9a:92:
         86:0e:50:d9:eb:5c:5f:e3:27:1f:2a:45:0c:56:3d:1c:59:ec:
         61:23:98:38:4d:e0:f9:46:7c:6b:75:3c:83:81:3f:14:ad:68:
         6d:ae:76:93:be:6a:0a:41:f5:48:21:59:7d:74:3f:47:d5:f9:
         a5:2e:ca:4f:4e:a0:fe:b2:9a:51:ad:45:77:05:ba:af:61:8e:
         b7:c4:9f:c4:2a:16:4e:42:8f:62:4e:08:a9:ff:dd:75:76:b5:
         94:0e:00:d8:c9:fa:c7:45:0a:66:b6:dd:21:f1:b6:35:67:e0:
         a0:c1:bb:5c:24:39:ec:e6:46:ad:2a:4e:0c:3b:47:4d:57:82:
         c6:1b:37:e3:d9:eb:bc:ee:9d:d8:e6:c3:1d:92:f8:b5:00:44:
         46:7a:92:e0:87:3a:c1:26:4e:39:4d:35:88:25:d2:c3:1a:73:
         09:66:07:6e:e6:17:4d:26:f0:7c:cd:d7:a6:81:f2:89:4a:e2:
         da:af:8f:c8:7a:37:91:a0:96:1e:55:c0:82:bc:34:f3:a4:47:
         de:fa:f6:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoSc/6TUki3Ab5cNT/d/Yr+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzY2JkYjA1OTVmYzQ4OTAyOTM4YTc4ZjQyYzFlYWYwYTE1
OWJmNDYwHhcNMjUxMDIzMTkwMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTRmOTkzZTAxY2I0YTVlZTdmN2U2ODU5NDUwNjdlOWNhNGY5OWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17HINWkFRuvQ76wn0JrCW7xr+dcJ
+ITWZC+8Q0Gua9c5yoPNugme1ntES+dW6t3QEIthaIjwyuLTjOJdC8ZkJAznuGN9
Ic+h4wAiBfjqCEvYzFrrc6UnhOYj4dBjxuF6/44E+FTO2BCNXBEmpsTct2FLIFMR
n1eKKomj7jwwoGevJAy0g9UoDK0NBoc2m+opW6cFTUJhoWslnUMylVAn9ZasnYfS
fiIIpPL0IXrNY3o2IDGgj3+S5lC+YMhICMVYMvWg9mkfVmKxBDjiPcmSmZXF6zYR
KU6zcPtnJ+iVawFZ+o3we/FA2P/2Ph9J76Q6oHeg5C3VAhE0W5QmqFRuSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFFPmT4By0pe5/fmhZRQZ+nKT5nFMB8GA1UdIwQY
MBaAFAPL2wWV/EiQKTinj0LB6vChWb9GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTh2YkJaWDhTSkFwT0tlUFFzSHE4S0ZadjBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My80YTdkN2YtODg2ZC00YmRmLTgzZDYt
ZjY2MTM4MDY2MzU4LzEvVVUtWlBnSExTbDduOS1hRmxGQm42Y3BQbWNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My80YTdkN2YtODg2ZC00YmRmLTgzZDYtZjY2MTM4MDY2MzU4
LzEvQTh2YkJaWDhTSkFwT0tlUFFzSHE4S0ZadjBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYA8MA0G
CSqGSIb3DQEBCwUAA4IBAQCX2X2OqrsZSvF/BM3MoeTNxNiShWqNmI2Kr0QXv67X
QsKN7eYW5kL87HLsyGc8x21GpJnbmpKGDlDZ61xf4ycfKkUMVj0cWexhI5g4TeD5
RnxrdTyDgT8UrWhtrnaTvmoKQfVIIVl9dD9H1fmlLspPTqD+sppRrUV3BbqvYY63
xJ/EKhZOQo9iTgip/911drWUDgDYyfrHRQpmtt0h8bY1Z+CgwbtcJDns5katKk4M
O0dNV4LGGzfj2eu87p3Y5sMdkvi1AERGepLghzrBJk45TTWIJdLDGnMJZgdu5hdN
JvB8zdemgfKJSuLar4/IejeRoJYeVcCCvDTzpEfe+vZ4
-----END CERTIFICATE-----