Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/UGz5ST9xLeR326lNlIlQUU1TOM0.roa
File:                     UGz5ST9xLeR326lNlIlQUU1TOM0.roa (raw, json)
Hash identifier:          eBdiuMt/l6dkQCdthTlhmOdw9OFMh/UNcOXGzcvKrwo=
Subject key identifier:   50:6C:F9:49:3F:71:2D:E4:77:DB:A9:4D:94:89:50:51:4D:53:38:CD
Certificate issuer:       /CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Certificate serial:       0196F72F4F83292263E66CBE60840ABD6FC2
Authority key identifier: 12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/UGz5ST9xLeR326lNlIlQUU1TOM0.roa
Signing time:             Thu 22 May 2025 08:49:54 +0000
ROA not before:           Thu 22 May 2025 08:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     395793
IP address blocks:        31.22.74.0/24 maxlen: 24
                          31.22.78.0/24 maxlen: 24
                          31.22.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f7:2f:4f:83:29:22:63:e6:6c:be:60:84:0a:bd:6f:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
        Validity
            Not Before: May 22 08:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=506cf9493f712de477dba94d948950514d5338cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:3e:ed:1f:01:e6:c0:55:33:89:f5:fa:6f:38:
                    9e:87:88:ac:40:bd:d7:a9:a7:bf:ff:a1:a9:ea:3d:
                    92:88:81:97:4d:14:a0:29:b5:66:60:b0:ee:48:40:
                    b1:f3:a4:ca:f7:68:1a:a3:ec:85:fa:08:a7:9c:f9:
                    ef:f9:98:0b:ae:f9:6d:b4:40:fd:7a:f1:bf:ee:7c:
                    48:49:a0:f7:87:d8:f2:ff:71:6e:e9:b0:78:69:fa:
                    d8:1f:bf:c4:cf:1b:59:4f:5c:05:e1:7e:d3:b5:b3:
                    db:06:a3:aa:29:0e:bd:3a:5f:38:3e:c2:aa:c1:92:
                    43:11:0e:61:49:0c:d5:1d:4f:4e:b4:7f:55:7a:8f:
                    34:a3:83:7c:08:2d:b5:80:cb:db:56:ea:91:af:db:
                    67:f5:4b:97:b0:f5:46:a9:ae:30:77:e0:28:18:21:
                    a1:10:b0:93:84:7c:e8:b4:a9:a5:36:2a:e9:0c:c1:
                    bf:df:6d:2c:02:cb:18:9c:19:f8:1b:d7:a1:0d:e6:
                    4e:c2:e5:87:c9:36:a1:47:7d:a1:51:55:ad:c5:32:
                    ad:e3:00:9e:a5:fc:76:f5:f3:eb:dd:37:28:72:03:
                    2e:4e:d3:d4:13:ca:56:44:64:d9:31:9a:e7:11:78:
                    b6:7b:af:fd:1a:4c:63:b7:bf:0c:8f:e5:6b:d9:a1:
                    f0:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:6C:F9:49:3F:71:2D:E4:77:DB:A9:4D:94:89:50:51:4D:53:38:CD
            X509v3 Authority Key Identifier:
                keyid:12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/UGz5ST9xLeR326lNlIlQUU1TOM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.22.74.0/24
                  31.22.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:8a:5b:7e:24:a0:98:9c:ef:a7:40:9b:80:a0:e0:0d:19:d7:
         78:70:69:87:3d:fd:60:a6:fb:85:ea:0f:e8:2f:52:8f:ae:e4:
         9c:94:6f:e6:a6:05:2f:81:82:82:05:7d:15:03:40:43:02:bc:
         98:86:9e:2b:b1:54:9b:47:93:fd:f1:22:95:7c:e6:d0:61:55:
         45:ae:df:99:a1:0f:69:60:e0:73:86:f6:3c:28:04:2c:0c:bf:
         3c:b7:66:cc:aa:eb:79:2c:d2:83:ce:cc:ea:cd:b4:c2:8d:bd:
         e4:02:5f:75:f4:09:68:29:a1:11:0a:24:da:6d:5e:a7:45:b6:
         17:a2:77:09:ba:19:cd:c8:ea:81:8e:d8:a4:82:5e:9f:cc:72:
         09:77:97:59:9a:3d:8c:99:f4:30:d4:dc:46:f1:0b:74:a6:4f:
         9a:c6:3a:a2:40:8f:8a:8a:af:80:2b:09:42:e4:f1:7f:36:a7:
         13:29:b0:dc:d5:5c:40:5e:f1:42:f2:ce:7b:08:d6:31:20:e3:
         9c:ef:1c:b4:0b:41:e9:a9:bd:ab:d6:3b:eb:c7:77:2e:22:57:
         ae:07:70:01:49:51:5b:8d:ec:d6:67:d1:74:e4:8d:56:da:c0:
         47:d9:96:b1:1c:5b:14:65:36:35:88:26:6a:8d:28:6b:f3:65:
         8d:44:e5:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZb3L0+DKSJj5my+YIQKvW/CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYmUyOWM5NTY4OTRjNDljNmQ0YmUwZWQ5ODg4MmI5MGQx
YmM3N2YwHhcNMjUwNTIyMDg0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDZjZjk0OTNmNzEyZGU0NzdkYmE5NGQ5NDg5NTA1MTRkNTMzOGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4T7tHwHmwFUzifX6bzieh4isQL3X
qae//6Gp6j2SiIGXTRSgKbVmYLDuSECx86TK92gao+yF+ginnPnv+ZgLrvlttED9
evG/7nxISaD3h9jy/3Fu6bB4afrYH7/EzxtZT1wF4X7TtbPbBqOqKQ69Ol84PsKq
wZJDEQ5hSQzVHU9OtH9Veo80o4N8CC21gMvbVuqRr9tn9UuXsPVGqa4wd+AoGCGh
ELCThHzotKmlNirpDMG/320sAssYnBn4G9ehDeZOwuWHyTahR32hUVWtxTKt4wCe
pfx29fPr3TcocgMuTtPUE8pWRGTZMZrnEXi2e6/9Gkxjt78Mj+Vr2aHwnwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFBs+Uk/cS3kd9upTZSJUFFNUzjNMB8GA1UdIwQY
MBaAFBK+KclWiUxJxtS+DtmIgrkNG8d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjIt
YWE2ZWQ0ZGFmYjNiLzEvVUd6NVNUOXhMZVIzMjZsTmxJbFFVVTFUT00wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjItYWE2ZWQ0ZGFmYjNi
LzEvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHxZKAwQB
HxZOMA0GCSqGSIb3DQEBCwUAA4IBAQBeilt+JKCYnO+nQJuAoOANGdd4cGmHPf1g
pvuF6g/oL1KPruSclG/mpgUvgYKCBX0VA0BDAryYhp4rsVSbR5P98SKVfObQYVVF
rt+ZoQ9pYOBzhvY8KAQsDL88t2bMqut5LNKDzszqzbTCjb3kAl919AloKaERCiTa
bV6nRbYXoncJuhnNyOqBjtikgl6fzHIJd5dZmj2MmfQw1NxG8Qt0pk+axjqiQI+K
iq+AKwlC5PF/NqcTKbDc1VxAXvFC8s57CNYxIOOc7xy0C0Hpqb2r1jvrx3cuIleu
B3ABSVFbjezWZ9F05I1W2sBH2ZaxHFsUZTY1iCZqjShr82WNROXB
-----END CERTIFICATE-----