Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/ui6VgepurFAjqijoXfZI-UKWHvg.roa
File:                     ui6VgepurFAjqijoXfZI-UKWHvg.roa (raw, json)
Hash identifier:          scFlFCy5twOQ0RXSQ6jhJwPHJG3QweFq7vZNzG6Ffo8=
Subject key identifier:   BA:2E:95:81:EA:6E:AC:50:23:AA:28:E8:5D:F6:48:F9:42:96:1E:F8
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       01973C204981251B970079833283DD6A3A18
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/ui6VgepurFAjqijoXfZI-UKWHvg.roa
Signing time:             Wed 04 Jun 2025 18:07:17 +0000
ROA not before:           Wed 04 Jun 2025 18:07:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4609
IP address blocks:        124.198.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 09:21:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3c:20:49:81:25:1b:97:00:79:83:32:83:dd:6a:3a:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jun  4 18:07:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba2e9581ea6eac5023aa28e85df648f942961ef8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:3c:80:de:f0:e6:b0:64:6b:ca:56:59:02:d4:
                    ff:41:c1:1b:10:0b:8b:ab:bb:1e:80:1e:07:d6:76:
                    0d:98:e5:97:86:23:99:8a:f0:cf:e3:17:7b:54:78:
                    73:ac:02:7e:d1:be:4c:fc:8a:b6:b3:99:97:99:35:
                    53:c9:5e:68:77:a1:7d:fc:d3:43:51:80:00:74:7e:
                    9b:90:89:f4:7c:9d:07:60:f9:4e:71:a9:15:6c:c0:
                    bb:4a:e2:f4:58:0e:9e:f3:5b:f0:3b:a7:58:b2:22:
                    a3:33:a6:39:3e:2f:8e:13:7a:fd:e0:13:3e:a5:42:
                    4e:32:bc:2b:ed:9a:4c:88:ef:64:d0:2d:69:9c:16:
                    c4:fa:f9:33:7b:2d:ea:d2:52:d4:57:da:15:30:33:
                    42:e3:a0:eb:fc:84:6b:18:e5:1b:9b:eb:20:00:6a:
                    0f:85:87:19:de:80:8f:cd:a6:cc:84:b3:85:4c:18:
                    b7:9a:2d:e1:16:45:89:c6:e0:01:b7:dc:6e:45:1f:
                    0a:ed:fc:db:b7:15:cd:0f:a4:22:05:63:ac:72:93:
                    31:cd:b9:d9:d4:7b:7c:53:6f:34:fc:06:9e:77:4b:
                    0c:3b:de:ed:e4:63:b1:26:fa:d9:82:aa:69:91:68:
                    6e:a9:77:74:dd:02:55:bd:70:10:23:91:3d:1c:a1:
                    42:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:2E:95:81:EA:6E:AC:50:23:AA:28:E8:5D:F6:48:F9:42:96:1E:F8
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/ui6VgepurFAjqijoXfZI-UKWHvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  124.198.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:ed:23:1b:57:33:c0:ae:05:99:a6:ea:b5:2c:dd:49:1e:26:
         b4:bc:92:e2:0f:0e:57:01:54:f7:4a:b8:db:f3:5c:33:41:6f:
         f7:0c:a3:c5:0b:70:23:99:5e:4f:e9:c6:b3:c7:9a:30:6e:0a:
         e8:29:fd:07:3e:b5:10:dc:6d:66:83:ce:a4:42:c5:fc:f3:10:
         2d:ef:7d:e1:af:5c:0d:19:ad:9b:a4:e9:5f:e8:fd:e8:c7:6b:
         40:02:85:ac:ae:92:ee:6c:fd:f8:23:ba:81:ea:22:3e:3d:d7:
         1b:91:38:c0:d5:6c:3e:8f:eb:85:99:76:56:3c:08:99:f2:9e:
         fa:42:e9:cb:20:e4:7a:67:0a:f8:3a:b4:5d:e8:db:4e:a8:cb:
         04:dc:96:91:b2:60:4d:26:00:de:1f:1f:d1:35:4e:98:18:1e:
         18:bb:a2:2f:59:67:c8:d5:1c:09:18:b3:49:d8:42:90:f9:d0:
         34:42:b6:8c:ef:63:04:7d:23:d6:bf:1d:46:9a:e6:1f:2a:1e:
         4c:c4:ba:b9:e5:b7:6d:53:5b:ff:1c:99:12:67:6a:b6:c1:22:
         ed:30:10:31:8a:c0:4c:6c:a5:bb:3a:0d:97:fc:12:6b:72:33:
         d1:e0:b8:08:9c:bc:83:18:57:ee:c3:0a:07:17:e9:86:5e:89:
         95:ba:a3:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc8IEmBJRuXAHmDMoPdajoYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwNjA0MTgwNzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTJlOTU4MWVhNmVhYzUwMjNhYTI4ZTg1ZGY2NDhmOTQyOTYxZWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5TyA3vDmsGRrylZZAtT/QcEbEAuL
q7segB4H1nYNmOWXhiOZivDP4xd7VHhzrAJ+0b5M/Iq2s5mXmTVTyV5od6F9/NND
UYAAdH6bkIn0fJ0HYPlOcakVbMC7SuL0WA6e81vwO6dYsiKjM6Y5Pi+OE3r94BM+
pUJOMrwr7ZpMiO9k0C1pnBbE+vkzey3q0lLUV9oVMDNC46Dr/IRrGOUbm+sgAGoP
hYcZ3oCPzabMhLOFTBi3mi3hFkWJxuABt9xuRR8K7fzbtxXND6QiBWOscpMxzbnZ
1Ht8U280/Aaed0sMO97t5GOxJvrZgqppkWhuqXd03QJVvXAQI5E9HKFCQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLoulYHqbqxQI6oo6F32SPlClh74MB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvdWk2VmdlcHVyRkFqcWlqb1hmWkktVUtXSHZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAfMaFMA0G
CSqGSIb3DQEBCwUAA4IBAQBg7SMbVzPArgWZpuq1LN1JHia0vJLiDw5XAVT3Srjb
81wzQW/3DKPFC3AjmV5P6cazx5owbgroKf0HPrUQ3G1mg86kQsX88xAt733hr1wN
Ga2bpOlf6P3ox2tAAoWsrpLubP34I7qB6iI+PdcbkTjA1Ww+j+uFmXZWPAiZ8p76
QunLIOR6Zwr4OrRd6NtOqMsE3JaRsmBNJgDeHx/RNU6YGB4Yu6IvWWfI1RwJGLNJ
2EKQ+dA0QraM72MEfSPWvx1GmuYfKh5MxLq55bdtU1v/HJkSZ2q2wSLtMBAxisBM
bKW7Og2X/BJrcjPR4LgInLyDGFfuwwoHF+mGXomVuqO7
-----END CERTIFICATE-----