Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/uLID9O7nU2pNtz7HGdAH46WS7JM.roa
File:                     uLID9O7nU2pNtz7HGdAH46WS7JM.roa (raw, json)
Hash identifier:          oYgEaY31SpEl7BoKtZCP9Lzuu9kwt/rbH0ExUKFH0PU=
Subject key identifier:   B8:B2:03:F4:EE:E7:53:6A:4D:B7:3E:C7:19:D0:07:E3:A5:92:EC:93
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       019919233EEBA8DE8A5D920C233D3478C504
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/uLID9O7nU2pNtz7HGdAH46WS7JM.roa
Signing time:             Fri 05 Sep 2025 09:09:24 +0000
ROA not before:           Fri 05 Sep 2025 09:09:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203534
IP address blocks:        185.131.184.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 06:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:19:23:3e:eb:a8:de:8a:5d:92:0c:23:3d:34:78:c5:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Sep  5 09:09:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b8b203f4eee7536a4db73ec719d007e3a592ec93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:0f:fe:e4:a1:cd:ce:16:94:87:c6:13:91:35:
                    df:f9:15:b1:9e:e0:6f:b3:0f:0f:1f:b7:6d:0f:1d:
                    ae:8f:66:e2:ed:90:92:18:11:f5:99:2b:b6:6b:d3:
                    d1:b8:cb:2b:28:31:1d:06:75:87:d8:9f:70:1d:19:
                    b8:08:bc:1a:12:75:cd:ed:50:94:da:86:02:52:81:
                    85:5f:b1:80:2d:ed:58:49:22:6f:9c:1a:1c:5f:2d:
                    91:07:23:85:92:93:be:89:1e:95:b4:f8:74:b0:f6:
                    aa:7e:9b:73:f4:5f:fe:e2:ff:f0:c7:e0:30:58:a6:
                    fc:2f:b2:af:79:9f:eb:ea:52:2c:55:a1:ab:04:9f:
                    4f:cc:e7:3e:d5:ee:23:9a:36:36:15:90:0c:8f:9d:
                    6d:0e:31:f0:d3:73:13:20:c6:96:66:6a:0a:90:a7:
                    ac:9e:ab:49:ba:05:54:92:95:5b:d2:95:16:52:7f:
                    ae:ef:75:6a:13:f8:d9:94:6e:bd:d5:8c:e7:f4:02:
                    1e:e9:7d:8d:bd:b0:25:7e:af:91:1e:c8:1c:7d:37:
                    a6:8c:ba:4c:3a:5a:65:c4:a2:6e:0d:8d:50:24:db:
                    51:ff:df:8d:d2:7b:fe:d7:7e:5b:67:cd:29:e8:36:
                    94:20:4e:2b:f0:67:82:55:b9:d7:17:be:0d:2e:9a:
                    6a:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:B2:03:F4:EE:E7:53:6A:4D:B7:3E:C7:19:D0:07:E3:A5:92:EC:93
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/uLID9O7nU2pNtz7HGdAH46WS7JM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         36:34:14:c4:03:2e:9d:a1:a8:bf:75:e1:21:1e:ad:36:cb:19:
         31:78:14:5c:fe:f3:22:3f:c3:e2:85:83:fe:8a:1d:5d:27:47:
         3f:cc:2f:40:46:54:b7:cf:57:d8:1a:2f:87:94:8d:05:8c:9f:
         5b:05:85:cc:12:45:d2:37:36:87:51:ef:b7:b6:95:9d:59:2b:
         b2:4b:22:99:d7:13:97:ba:e1:80:5a:02:d5:6a:9e:a0:98:55:
         61:a8:f3:e0:a0:d4:ce:b3:44:94:83:6d:bc:5f:28:fe:1f:e0:
         48:17:40:57:30:6b:ac:63:e3:46:a6:89:93:db:68:ca:85:4e:
         35:78:08:51:af:cc:00:8e:d8:b4:1d:c8:1e:10:e6:33:93:6d:
         88:66:b3:81:a2:9c:dd:93:6c:47:2e:2c:5b:19:31:db:fe:98:
         f4:cd:e6:ad:e8:9e:f7:94:2a:09:fe:8f:7e:6c:b9:e8:89:4a:
         86:23:65:26:92:14:01:ba:d4:20:2b:a5:fa:04:f6:47:b2:fe:
         6c:d8:8d:d9:2e:c5:ee:d5:96:58:dc:30:d8:c6:cf:aa:b8:e9:
         a6:3e:01:fd:3f:a4:2c:e3:f2:d7:32:df:f6:83:bb:51:b4:db:
         53:11:1c:e5:48:eb:78:dd:f8:55:b4:b7:4f:41:f7:a0:55:3b:
         f8:8d:3d:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkZIz7rqN6KXZIMIz00eMUEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwOTA1MDkwOTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGIyMDNmNGVlZTc1MzZhNGRiNzNlYzcxOWQwMDdlM2E1OTJlYzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvw/+5KHNzhaUh8YTkTXf+RWxnuBv
sw8PH7dtDx2uj2bi7ZCSGBH1mSu2a9PRuMsrKDEdBnWH2J9wHRm4CLwaEnXN7VCU
2oYCUoGFX7GALe1YSSJvnBocXy2RByOFkpO+iR6VtPh0sPaqfptz9F/+4v/wx+Aw
WKb8L7KveZ/r6lIsVaGrBJ9PzOc+1e4jmjY2FZAMj51tDjHw03MTIMaWZmoKkKes
nqtJugVUkpVb0pUWUn+u73VqE/jZlG691Yzn9AIe6X2NvbAlfq+RHsgcfTemjLpM
OlplxKJuDY1QJNtR/9+N0nv+135bZ80p6DaUIE4r8GeCVbnXF74NLppqjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLiyA/Tu51NqTbc+xxnQB+OlkuyTMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvdUxJRDlPN25VMnBOdHo3SEdkQUg0NldTN0pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYO4MA0G
CSqGSIb3DQEBCwUAA4IBAQA2NBTEAy6doai/deEhHq02yxkxeBRc/vMiP8PihYP+
ih1dJ0c/zC9ARlS3z1fYGi+HlI0FjJ9bBYXMEkXSNzaHUe+3tpWdWSuySyKZ1xOX
uuGAWgLVap6gmFVhqPPgoNTOs0SUg228Xyj+H+BIF0BXMGusY+NGpomT22jKhU41
eAhRr8wAjti0HcgeEOYzk22IZrOBopzdk2xHLixbGTHb/pj0zeat6J73lCoJ/o9+
bLnoiUqGI2UmkhQButQgK6X6BPZHsv5s2I3ZLsXu1ZZY3DDYxs+quOmmPgH9P6Qs
4/LXMt/2g7tRtNtTERzlSOt43fhVtLdPQfegVTv4jT1j
-----END CERTIFICATE-----