Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/9b928f-cc52-4121-b492-e6f9e4168bd2/1/UljK_JUQC-ApOoQ4pETQI3VRof4.roa
File:                     UljK_JUQC-ApOoQ4pETQI3VRof4.roa (raw, json)
Hash identifier:          9Sh2w5nvzyVvg3ugFiToGC0XPk8b1XugbQ07Osz40+A=
Subject key identifier:   52:58:CA:FC:95:10:0B:E0:29:3A:84:38:A4:44:D0:23:75:51:A1:FE
Certificate issuer:       /CN=ed1cf1dc514e7f38a2387d82bdbbef2fb46c1305
Certificate serial:       019A0BCD1CE63B0850D2FA3A80B40E9A0A77
Authority key identifier: ED:1C:F1:DC:51:4E:7F:38:A2:38:7D:82:BD:BB:EF:2F:B4:6C:13:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7Rzx3FFOfziiOH2CvbvvL7RsEwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/9b928f-cc52-4121-b492-e6f9e4168bd2/1/UljK_JUQC-ApOoQ4pETQI3VRof4.roa
Signing time:             Wed 22 Oct 2025 12:03:02 +0000
ROA not before:           Wed 22 Oct 2025 12:03:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211600
IP address blocks:        46.243.74.0/23 maxlen: 23
                          91.195.150.0/24 maxlen: 24
                          91.195.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/9b928f-cc52-4121-b492-e6f9e4168bd2/1/7Rzx3FFOfziiOH2CvbvvL7RsEwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/9b928f-cc52-4121-b492-e6f9e4168bd2/1/7Rzx3FFOfziiOH2CvbvvL7RsEwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7Rzx3FFOfziiOH2CvbvvL7RsEwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Oct 2025 19:59:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0b:cd:1c:e6:3b:08:50:d2:fa:3a:80:b4:0e:9a:0a:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed1cf1dc514e7f38a2387d82bdbbef2fb46c1305
        Validity
            Not Before: Oct 22 12:03:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5258cafc95100be0293a8438a444d0237551a1fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:c8:ef:8c:f4:da:c1:70:4b:df:f3:2e:85:cd:
                    33:b0:a1:a7:7c:93:f1:84:e0:ec:a8:2d:e6:5f:3e:
                    c8:ff:67:e8:ba:21:a0:04:6c:8f:fb:ab:78:5d:bb:
                    3a:3d:3c:de:eb:8d:46:d9:29:b1:3b:24:62:21:03:
                    d2:d6:5d:fd:85:a4:30:3f:19:d7:ff:76:e0:ff:28:
                    09:1b:b2:37:e9:1b:28:cd:4c:58:18:4f:a3:be:72:
                    4c:41:d9:4f:7b:36:4e:f4:61:ff:59:52:af:08:df:
                    af:fc:fc:df:96:49:f6:26:75:35:c2:cf:94:9f:a7:
                    27:ad:f8:e6:c4:10:52:8c:69:2c:0f:47:9b:4c:4b:
                    6d:c8:03:4d:53:78:08:7b:35:de:02:8b:64:ec:70:
                    85:62:9b:26:aa:f6:2e:1f:c9:fa:79:20:1f:4c:b7:
                    64:97:65:3b:d5:9c:7a:4d:00:b4:8e:f6:54:9d:38:
                    a4:57:55:0f:33:ae:25:9e:2f:50:27:f9:d0:a6:cf:
                    a2:7a:fd:9b:56:42:c9:57:1e:db:dc:1c:2b:b1:b5:
                    f4:e6:40:ae:6d:b6:ea:4d:7f:3f:6a:73:47:5e:e3:
                    57:94:ce:02:db:3c:32:ec:5b:0e:00:9e:10:d6:5b:
                    2b:f3:f9:48:30:f0:e2:b1:45:77:3a:0e:d8:79:66:
                    9f:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:58:CA:FC:95:10:0B:E0:29:3A:84:38:A4:44:D0:23:75:51:A1:FE
            X509v3 Authority Key Identifier:
                keyid:ED:1C:F1:DC:51:4E:7F:38:A2:38:7D:82:BD:BB:EF:2F:B4:6C:13:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7Rzx3FFOfziiOH2CvbvvL7RsEwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/9b928f-cc52-4121-b492-e6f9e4168bd2/1/UljK_JUQC-ApOoQ4pETQI3VRof4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/9b928f-cc52-4121-b492-e6f9e4168bd2/1/7Rzx3FFOfziiOH2CvbvvL7RsEwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.243.74.0/23
                  91.195.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         71:99:97:09:7d:ad:39:77:8c:7c:25:df:7e:ab:e9:07:3d:8f:
         6e:fc:87:19:04:f3:c6:cd:4e:71:44:7d:52:d3:3a:22:f3:e9:
         60:34:d7:f9:69:28:7e:81:c6:66:33:da:96:ad:dc:6a:a5:64:
         7b:91:b6:60:19:37:2b:2c:eb:00:ea:d8:20:ad:17:4a:73:ec:
         1b:65:18:b3:9e:ec:ef:5b:1d:b8:d0:56:22:9b:c5:b9:52:e0:
         e8:ec:dd:6c:46:da:55:9a:18:dd:46:00:41:37:fd:84:52:42:
         7d:03:0c:b6:d3:91:7b:ba:5c:74:03:d3:cd:63:ef:10:87:e1:
         df:c5:e8:c5:ce:2b:ca:f9:8f:be:7e:20:03:d1:19:69:15:64:
         b2:d8:b5:6b:15:e9:d3:5b:54:6b:f0:7a:0d:34:8b:f9:66:40:
         0b:fb:fd:41:89:c4:23:ee:73:c4:35:ff:8a:c7:51:40:7c:0a:
         bd:77:65:18:9b:7c:ac:a5:dc:c7:c7:c6:20:f3:43:f3:16:92:
         ac:55:52:83:c9:55:14:e8:2d:ac:21:db:82:26:76:a9:78:a1:
         cb:fd:30:9a:7d:46:38:56:8b:a5:69:89:31:3b:40:9a:a4:b3:
         84:9a:de:b9:a3:4a:17:de:05:21:48:8f:48:5a:8c:13:61:df:
         e4:fb:85:b4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZoLzRzmOwhQ0vo6gLQOmgp3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkMWNmMWRjNTE0ZTdmMzhhMjM4N2Q4MmJkYmJlZjJmYjQ2
YzEzMDUwHhcNMjUxMDIyMTIwMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjU4Y2FmYzk1MTAwYmUwMjkzYTg0MzhhNDQ0ZDAyMzc1NTFhMWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8jvjPTawXBL3/Muhc0zsKGnfJPx
hODsqC3mXz7I/2fouiGgBGyP+6t4Xbs6PTze641G2SmxOyRiIQPS1l39haQwPxnX
/3bg/ygJG7I36RsozUxYGE+jvnJMQdlPezZO9GH/WVKvCN+v/Pzflkn2JnU1ws+U
n6cnrfjmxBBSjGksD0ebTEttyANNU3gIezXeAotk7HCFYpsmqvYuH8n6eSAfTLdk
l2U71Zx6TQC0jvZUnTikV1UPM64lni9QJ/nQps+iev2bVkLJVx7b3BwrsbX05kCu
bbbqTX8/anNHXuNXlM4C2zwy7FsOAJ4Q1lsr8/lIMPDisUV3Og7YeWafbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFJYyvyVEAvgKTqEOKRE0CN1UaH+MB8GA1UdIwQY
MBaAFO0c8dxRTn84ojh9gr277y+0bBMFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1J6eDNGRk9memlpT0gyQ3ZidnZMN1JzRXdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS85YjkyOGYtY2M1Mi00MTIxLWI0OTIt
ZTZmOWU0MTY4YmQyLzEvVWxqS19KVVFDLUFwT29RNHBFVFFJM1ZSb2Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS85YjkyOGYtY2M1Mi00MTIxLWI0OTItZTZmOWU0MTY4YmQy
LzEvN1J6eDNGRk9memlpT0gyQ3ZidnZMN1JzRXdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLvNKAwQB
W8OWMA0GCSqGSIb3DQEBCwUAA4IBAQBxmZcJfa05d4x8Jd9+q+kHPY9u/IcZBPPG
zU5xRH1S0zoi8+lgNNf5aSh+gcZmM9qWrdxqpWR7kbZgGTcrLOsA6tggrRdKc+wb
ZRiznuzvWx240FYim8W5UuDo7N1sRtpVmhjdRgBBN/2EUkJ9Awy205F7ulx0A9PN
Y+8Qh+HfxejFzivK+Y++fiAD0RlpFWSy2LVrFenTW1Rr8HoNNIv5ZkAL+/1BicQj
7nPENf+Kx1FAfAq9d2UYm3yspdzHx8Yg80PzFpKsVVKDyVUU6C2sIduCJnapeKHL
/TCafUY4VoulaYkxO0CapLOEmt65o0oX3gUhSI9IWowTYd/k+4W0
-----END CERTIFICATE-----