Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/uma5lpRbalF97EsdiqA4T4DgWE4.roa
File:                     uma5lpRbalF97EsdiqA4T4DgWE4.roa (raw, json)
Hash identifier:          KAkNrUANOkXjmLE43dmVtD2jYcR+mjhtBsGBvdtMvlA=
Subject key identifier:   BA:66:B9:96:94:5B:6A:51:7D:EC:4B:1D:8A:A0:38:4F:80:E0:58:4E
Certificate issuer:       /CN=31eb9b2db4a3bddf8c92fc50b9713043dd56dc38
Certificate serial:       019933D30D9362CE273A3D530027EAF262A9
Authority key identifier: 31:EB:9B:2D:B4:A3:BD:DF:8C:92:FC:50:B9:71:30:43:DD:56:DC:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MeubLbSjvd-MkvxQuXEwQ91W3Dg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/uma5lpRbalF97EsdiqA4T4DgWE4.roa
Signing time:             Wed 10 Sep 2025 13:31:33 +0000
ROA not before:           Wed 10 Sep 2025 13:31:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        202.22.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/MeubLbSjvd-MkvxQuXEwQ91W3Dg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/MeubLbSjvd-MkvxQuXEwQ91W3Dg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MeubLbSjvd-MkvxQuXEwQ91W3Dg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Sep 2025 04:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:33:d3:0d:93:62:ce:27:3a:3d:53:00:27:ea:f2:62:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31eb9b2db4a3bddf8c92fc50b9713043dd56dc38
        Validity
            Not Before: Sep 10 13:31:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba66b996945b6a517dec4b1d8aa0384f80e0584e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:20:7f:be:c7:6b:61:51:48:e8:bf:60:1e:5d:
                    88:b1:10:69:9b:3f:5a:14:07:c5:52:dc:26:46:61:
                    c5:21:ef:6f:89:db:d8:f2:d6:5d:39:60:e5:28:f7:
                    39:bb:03:e6:f5:d4:51:5a:0f:81:e2:d4:fe:c2:02:
                    a3:d1:e8:71:51:1d:05:3e:0b:f4:84:76:bf:21:c9:
                    89:ca:f7:3b:f5:ce:c9:ab:f6:83:63:54:d9:e9:ec:
                    fa:99:6a:cc:76:1e:92:f1:b3:75:28:b4:75:bf:da:
                    4d:60:34:d0:c8:bb:c6:f8:bb:c8:a2:c2:6c:14:75:
                    0c:9a:bf:7d:a8:4d:ad:a7:56:1f:4d:91:6e:aa:e6:
                    2c:2e:4b:c5:77:b5:6e:ce:17:26:af:a3:cc:cc:a5:
                    d1:9c:5c:29:a6:ae:74:40:96:e0:a7:94:72:56:8a:
                    e2:08:ab:f9:ec:47:07:70:0b:7e:02:5e:5f:dd:ce:
                    53:a9:77:f0:ac:a7:79:12:ef:ce:c2:3d:f3:cf:d0:
                    49:2c:f0:34:d7:39:ca:f5:fb:54:6f:a2:bc:0b:f5:
                    2c:27:71:04:0d:68:e6:00:af:5e:ec:f3:09:a8:e1:
                    37:1e:22:6a:1b:12:22:68:69:cd:23:37:a7:c3:2e:
                    45:1e:c2:9d:e3:57:d9:37:b1:20:59:7d:e4:e5:6b:
                    fc:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:66:B9:96:94:5B:6A:51:7D:EC:4B:1D:8A:A0:38:4F:80:E0:58:4E
            X509v3 Authority Key Identifier:
                keyid:31:EB:9B:2D:B4:A3:BD:DF:8C:92:FC:50:B9:71:30:43:DD:56:DC:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MeubLbSjvd-MkvxQuXEwQ91W3Dg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/uma5lpRbalF97EsdiqA4T4DgWE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/MeubLbSjvd-MkvxQuXEwQ91W3Dg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.22.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:8d:2d:4d:ac:5a:63:bf:df:9e:06:80:f2:1f:57:5d:1e:ce:
         85:a3:a4:a1:15:86:cf:b2:e8:79:d1:43:d3:a0:fe:76:5c:06:
         05:bd:5d:d4:48:14:00:34:56:0d:58:e0:b7:2f:07:da:f1:e6:
         8b:79:cf:01:c6:9c:43:d1:59:ce:56:16:77:53:94:20:b4:77:
         bb:fd:97:c6:70:c0:d6:98:9e:71:c3:41:f7:84:df:d4:94:ab:
         91:c7:87:76:c2:bc:97:b4:94:d9:95:49:14:53:b5:67:64:44:
         ab:f9:92:a5:b7:7c:e4:03:88:15:d9:9e:ca:c4:e9:57:d5:da:
         36:d5:c0:ee:f6:56:47:91:04:41:2b:fb:6a:f9:97:9b:4c:88:
         9e:54:d1:9b:06:5f:a2:3d:5b:29:61:2b:68:cc:d6:0e:81:0b:
         b3:de:3b:7e:dd:d6:99:6a:a2:e7:b8:af:57:a4:3a:8b:18:64:
         eb:c5:8c:7e:af:a2:71:44:40:6d:b7:88:e0:0b:a7:6d:65:31:
         f2:5b:f9:2f:4f:2d:b0:ad:67:43:e2:6a:52:b5:49:43:64:59:
         c6:58:43:a2:04:91:51:86:39:79:8c:1e:c1:e8:c6:86:53:ac:
         6c:a6:8a:d3:36:96:f2:20:83:66:5a:09:68:a6:56:2e:ec:0f:
         57:bc:d1:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkz0w2TYs4nOj1TACfq8mKpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZWI5YjJkYjRhM2JkZGY4YzkyZmM1MGI5NzEzMDQzZGQ1
NmRjMzgwHhcNMjUwOTEwMTMzMTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTY2Yjk5Njk0NWI2YTUxN2RlYzRiMWQ4YWEwMzg0ZjgwZTA1ODRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3CB/vsdrYVFI6L9gHl2IsRBpmz9a
FAfFUtwmRmHFIe9vidvY8tZdOWDlKPc5uwPm9dRRWg+B4tT+wgKj0ehxUR0FPgv0
hHa/IcmJyvc79c7Jq/aDY1TZ6ez6mWrMdh6S8bN1KLR1v9pNYDTQyLvG+LvIosJs
FHUMmr99qE2tp1YfTZFuquYsLkvFd7Vuzhcmr6PMzKXRnFwppq50QJbgp5RyVori
CKv57EcHcAt+Al5f3c5TqXfwrKd5Eu/Owj3zz9BJLPA01znK9ftUb6K8C/UsJ3EE
DWjmAK9e7PMJqOE3HiJqGxIiaGnNIzenwy5FHsKd41fZN7EgWX3k5Wv80wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLpmuZaUW2pRfexLHYqgOE+A4FhOMB8GA1UdIwQY
MBaAFDHrmy20o73fjJL8ULlxMEPdVtw4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWV1YkxiU2p2ZC1Na3Z4UXVYRXdROTFXM0RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yNDcwMDUtNTU5ZC00ZWI0LWIzZTgt
YmQyNGYwMDM1NzhmLzEvdW1hNWxwUmJhbEY5N0VzZGlxQTRUNERnV0U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yNDcwMDUtNTU5ZC00ZWI0LWIzZTgtYmQyNGYwMDM1Nzhm
LzEvTWV1YkxiU2p2ZC1Na3Z4UXVYRXdROTFXM0RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyhaqMA0G
CSqGSIb3DQEBCwUAA4IBAQAsjS1NrFpjv9+eBoDyH1ddHs6Fo6ShFYbPsuh50UPT
oP52XAYFvV3USBQANFYNWOC3Lwfa8eaLec8BxpxD0VnOVhZ3U5QgtHe7/ZfGcMDW
mJ5xw0H3hN/UlKuRx4d2wryXtJTZlUkUU7VnZESr+ZKlt3zkA4gV2Z7KxOlX1do2
1cDu9lZHkQRBK/tq+ZebTIieVNGbBl+iPVspYStozNYOgQuz3jt+3daZaqLnuK9X
pDqLGGTrxYx+r6JxREBtt4jgC6dtZTHyW/kvTy2wrWdD4mpStUlDZFnGWEOiBJFR
hjl5jB7B6MaGU6xsporTNpbyIINmWgloplYu7A9XvNFi
-----END CERTIFICATE-----