Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/UKaRBf7raXAB65UumI4EA2EWZqM.roa
File:                     UKaRBf7raXAB65UumI4EA2EWZqM.roa (raw, json)
Hash identifier:          1Uq1ZdFBb9LIO9QqzDwwuSeOXeS0ihELz/teT1S+g+g=
Subject key identifier:   50:A6:91:05:FE:EB:69:70:01:EB:95:2E:98:8E:04:03:61:16:66:A3
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       0196A051C2EA2A9078F5F9D29734FFD528D8
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/UKaRBf7raXAB65UumI4EA2EWZqM.roa
Signing time:             Mon 05 May 2025 12:00:34 +0000
ROA not before:           Mon 05 May 2025 12:00:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12716
IP address blocks:        213.157.133.0/24 maxlen: 24
                          213.157.134.0/24 maxlen: 24
                          213.157.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a0:51:c2:ea:2a:90:78:f5:f9:d2:97:34:ff:d5:28:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: May  5 12:00:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50a69105feeb697001eb952e988e0403611666a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:1a:3f:45:d0:7b:d7:54:80:07:d2:ef:af:c6:
                    8b:77:a9:6e:87:02:a5:69:85:e7:96:2d:e9:54:41:
                    17:4c:c7:5b:99:3d:c8:9a:42:ab:10:27:3f:34:ba:
                    77:37:24:69:23:3c:53:86:0e:65:33:61:db:05:e8:
                    f2:4e:74:66:4d:aa:49:af:aa:65:ec:a9:fe:86:c2:
                    59:75:45:61:f1:0e:fa:b9:45:a2:ce:01:b7:01:64:
                    8f:33:5f:c2:69:9d:71:22:45:b5:99:cb:fb:ba:95:
                    28:84:0f:33:a1:aa:20:80:db:2c:40:9f:c5:10:25:
                    00:54:22:07:de:06:d1:06:5a:64:71:c5:e8:38:1f:
                    10:b9:d0:93:ea:aa:c1:fd:8f:5c:5d:7f:33:1d:1c:
                    10:e4:50:5c:79:50:0a:04:d9:09:af:b1:b9:85:7b:
                    98:da:10:31:c7:b5:36:ce:41:4e:73:21:08:d1:2f:
                    28:c6:6d:10:79:c3:db:ed:52:8c:df:af:1b:98:e8:
                    11:2e:5c:fd:8d:28:cc:ca:bc:d4:12:fd:9f:e8:9a:
                    35:98:91:dc:35:05:04:51:1c:c0:0c:a1:d8:e4:0d:
                    c3:12:f4:8a:6e:c3:35:4d:2c:c7:33:cc:cf:24:16:
                    0e:f6:42:8a:45:5c:0f:b3:a4:5c:55:ba:68:84:4d:
                    0e:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:A6:91:05:FE:EB:69:70:01:EB:95:2E:98:8E:04:03:61:16:66:A3
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/UKaRBf7raXAB65UumI4EA2EWZqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.157.133.0-213.157.135.255

    Signature Algorithm: sha256WithRSAEncryption
         75:67:14:f0:6e:8a:91:ef:9b:db:5e:6a:0e:ed:8e:e6:f9:b7:
         3d:11:e4:6f:c2:8e:cb:70:ab:27:cd:63:e0:02:7e:90:15:71:
         ab:ea:eb:bd:80:1e:e5:12:3d:b0:81:64:f7:d8:b1:a4:d5:de:
         e9:8d:18:15:f8:14:f3:3e:f4:1e:60:ef:7d:37:e9:7f:3b:c8:
         45:56:74:fc:94:d5:91:4b:9e:72:81:5a:4e:d8:56:53:4a:d0:
         06:a5:e4:22:30:59:6d:15:1e:81:0f:7a:27:9b:75:4c:1a:a7:
         b1:9f:28:7d:81:7d:7a:2e:c9:44:f8:fe:e8:a4:44:b7:9c:c0:
         a0:5e:42:1f:ea:d2:3c:63:b7:38:da:fc:c4:48:7f:fd:b0:47:
         bb:5c:a3:1a:73:22:15:62:82:37:ad:21:1f:dc:b2:98:4f:e1:
         88:00:50:1e:0e:b7:17:eb:4e:0d:04:47:0f:b2:72:fb:1a:30:
         2b:2a:e9:56:cf:b1:c2:e7:4e:4c:48:61:cc:0a:d6:4b:8c:9f:
         95:28:21:53:97:92:a9:8d:ab:3e:1a:aa:c2:06:53:77:63:46:
         a6:36:fe:31:34:dc:ff:bc:e5:34:dd:f1:0b:b9:25:92:90:bd:
         00:75:d0:dc:8b:5a:3e:e6:f6:61:19:d2:dc:af:01:e0:33:ed:
         f0:c7:91:8f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZagUcLqKpB49fnSlzT/1SjYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjUwNTA1MTIwMDM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGE2OTEwNWZlZWI2OTcwMDFlYjk1MmU5ODhlMDQwMzYxMTY2NmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBo/RdB711SAB9Lvr8aLd6luhwKl
aYXnli3pVEEXTMdbmT3ImkKrECc/NLp3NyRpIzxThg5lM2HbBejyTnRmTapJr6pl
7Kn+hsJZdUVh8Q76uUWizgG3AWSPM1/CaZ1xIkW1mcv7upUohA8zoaoggNssQJ/F
ECUAVCIH3gbRBlpkccXoOB8QudCT6qrB/Y9cXX8zHRwQ5FBceVAKBNkJr7G5hXuY
2hAxx7U2zkFOcyEI0S8oxm0QecPb7VKM368bmOgRLlz9jSjMyrzUEv2f6Jo1mJHc
NQUEURzADKHY5A3DEvSKbsM1TSzHM8zPJBYO9kKKRVwPs6RcVbpohE0OcQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFCmkQX+62lwAeuVLpiOBANhFmajMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvVUthUkJmN3JhWEFCNjVVdW1JNEVBMkVXWnFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADVnYUD
BAPVnYAwDQYJKoZIhvcNAQELBQADggEBAHVnFPBuipHvm9teag7tjub5tz0R5G/C
jstwqyfNY+ACfpAVcavq672AHuUSPbCBZPfYsaTV3umNGBX4FPM+9B5g73036X87
yEVWdPyU1ZFLnnKBWk7YVlNK0Aal5CIwWW0VHoEPeiebdUwap7GfKH2BfXouyUT4
/uikRLecwKBeQh/q0jxjtzja/MRIf/2wR7tcoxpzIhVigjetIR/csphP4YgAUB4O
txfrTg0ERw+ycvsaMCsq6VbPscLnTkxIYcwK1kuMn5UoIVOXkqmNqz4aqsIGU3dj
RqY2/jE03P+85TTd8Qu5JZKQvQB10NyLWj7m9mEZ0tyvAeAz7fDHkY8=
-----END CERTIFICATE-----