Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/UBoOaUWiyYDPUFEE7F2-PpRYs3M.roa
File:                     UBoOaUWiyYDPUFEE7F2-PpRYs3M.roa (raw, json)
Hash identifier:          8Q115+5QzHg5C/NGEUHfoChR4qwS23vSsMYfZvyMM6g=
Subject key identifier:   50:1A:0E:69:45:A2:C9:80:CF:50:51:04:EC:5D:BE:3E:94:58:B3:73
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019A02988CAF0843C7DE2592B1993A46A2D7
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/UBoOaUWiyYDPUFEE7F2-PpRYs3M.roa
Signing time:             Mon 20 Oct 2025 17:09:03 +0000
ROA not before:           Mon 20 Oct 2025 17:09:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50131
IP address blocks:        77.239.116.0/22 maxlen: 24
                          144.31.180.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Oct 2025 14:12:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:02:98:8c:af:08:43:c7:de:25:92:b1:99:3a:46:a2:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Oct 20 17:09:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=501a0e6945a2c980cf505104ec5dbe3e9458b373
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:2f:b0:90:ae:bc:1a:77:46:b4:f3:91:20:f4:
                    3a:36:d9:e5:a4:bb:92:49:ab:38:58:82:6d:f6:e2:
                    95:3a:dd:31:72:3c:b8:22:37:48:55:b0:04:bf:73:
                    cd:7f:88:fc:0f:b8:36:6b:50:f2:90:8f:09:f8:fb:
                    fb:57:bb:90:8d:bf:25:fe:8f:78:6d:fa:db:0a:04:
                    3d:bb:b2:5d:6d:92:37:2c:64:80:07:b4:1a:eb:ab:
                    1b:86:2b:64:da:7a:65:cd:a1:47:53:91:f2:c0:7a:
                    98:2a:00:d5:96:f2:39:69:4d:c0:7f:53:e1:d6:2d:
                    fc:26:e1:ff:e0:98:b3:7c:6f:bc:76:3f:4e:12:14:
                    96:26:58:78:c0:0b:fd:87:25:33:38:b0:aa:15:53:
                    0a:23:2a:f3:68:f8:54:b3:85:78:ce:fb:da:c9:48:
                    76:ee:7f:24:e7:5c:49:c9:1c:59:f3:4d:22:86:c0:
                    a7:6b:14:28:01:4a:63:bc:6d:97:83:96:6e:7d:7e:
                    d6:5e:38:f8:95:cc:c8:71:61:da:96:23:78:16:f3:
                    d2:85:58:0e:84:2a:5d:a7:e1:00:11:d3:b3:83:17:
                    65:f3:71:93:59:e8:5b:a8:3b:79:8f:f5:3b:eb:5a:
                    41:42:d6:d4:3e:92:c3:f4:6d:ca:3c:5e:ca:f5:a1:
                    1b:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:1A:0E:69:45:A2:C9:80:CF:50:51:04:EC:5D:BE:3E:94:58:B3:73
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/UBoOaUWiyYDPUFEE7F2-PpRYs3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.239.116.0/22
                  144.31.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:7b:51:e8:65:30:30:11:7b:e4:ca:6d:c8:cc:cd:8e:00:25:
         0b:62:2c:74:20:e0:7c:4a:57:c2:55:44:b3:db:74:91:81:fe:
         d5:2f:24:30:6b:2c:03:dc:c4:00:91:d6:93:e0:2b:73:3f:f1:
         bd:99:ec:2d:c8:66:34:25:65:c4:03:1d:68:3e:ee:d2:5d:87:
         92:93:ad:73:26:21:3f:a9:6b:ae:c3:09:aa:27:f6:7f:7b:d2:
         e4:a3:86:d1:4b:e6:15:21:5b:85:46:e3:79:1a:f7:fe:d8:b1:
         34:41:93:f7:f8:99:09:03:92:d6:80:d2:82:7f:36:d9:d0:5f:
         1a:36:91:fb:c9:94:7a:65:cb:8e:e9:d6:6a:3b:71:1c:8e:fd:
         0d:78:0a:3d:ca:54:f2:fa:03:18:da:aa:23:d8:1d:dc:9c:11:
         26:8a:9c:f6:98:20:3d:36:7b:37:0f:ff:6e:e8:a1:c9:fb:04:
         2c:c9:40:cd:56:05:e2:97:67:bb:a4:95:2d:2a:6e:5e:e1:74:
         d8:e6:18:3e:1e:9d:21:88:1a:20:19:57:3d:7c:24:2f:94:06:
         94:9b:c6:9b:27:74:89:30:97:9c:06:5b:d5:71:28:c5:52:9c:
         61:d3:68:af:0b:45:aa:4c:2e:1d:0b:3b:da:fe:a6:bb:2d:9a:
         da:52:f7:fc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZoCmIyvCEPH3iWSsZk6RqLXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUxMDIwMTcwOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDFhMGU2OTQ1YTJjOTgwY2Y1MDUxMDRlYzVkYmUzZTk0NThiMzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAni+wkK68GndGtPORIPQ6NtnlpLuS
Sas4WIJt9uKVOt0xcjy4IjdIVbAEv3PNf4j8D7g2a1DykI8J+Pv7V7uQjb8l/o94
bfrbCgQ9u7JdbZI3LGSAB7Qa66sbhitk2nplzaFHU5HywHqYKgDVlvI5aU3Af1Ph
1i38JuH/4JizfG+8dj9OEhSWJlh4wAv9hyUzOLCqFVMKIyrzaPhUs4V4zvvayUh2
7n8k51xJyRxZ800ihsCnaxQoAUpjvG2Xg5ZufX7WXjj4lczIcWHaliN4FvPShVgO
hCpdp+EAEdOzgxdl83GTWehbqDt5j/U761pBQtbUPpLD9G3KPF7K9aEbcwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFAaDmlFosmAz1BRBOxdvj6UWLNzMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvVUJvT2FVV2l5WURQVUZFRTdGMi1QcFJZczNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCTe90AwQC
kB+0MA0GCSqGSIb3DQEBCwUAA4IBAQAFe1HoZTAwEXvkym3IzM2OACULYix0IOB8
SlfCVUSz23SRgf7VLyQwaywD3MQAkdaT4CtzP/G9mewtyGY0JWXEAx1oPu7SXYeS
k61zJiE/qWuuwwmqJ/Z/e9Lko4bRS+YVIVuFRuN5Gvf+2LE0QZP3+JkJA5LWgNKC
fzbZ0F8aNpH7yZR6ZcuO6dZqO3Ecjv0NeAo9ylTy+gMY2qoj2B3cnBEmipz2mCA9
Nns3D/9u6KHJ+wQsyUDNVgXil2e7pJUtKm5e4XTY5hg+Hp0hiBogGVc9fCQvlAaU
m8abJ3SJMJecBlvVcSjFUpxh02ivC0WqTC4dCzva/qa7LZraUvf8
-----END CERTIFICATE-----