Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/ee4732-c3ba-4088-a5fa-eb653d3622bb/1/uvBnSEDJOZtpJ8-9ltvsweOU25c.roa
File:                     uvBnSEDJOZtpJ8-9ltvsweOU25c.roa (raw, json)
Hash identifier:          2+1fknRQCOLLbsPXAtonbLFlD1W2x7Jyk80s3qNwpCY=
Subject key identifier:   BA:F0:67:48:40:C9:39:9B:69:27:CF:BD:96:DB:EC:C1:E3:94:DB:97
Certificate issuer:       /CN=30a34f9d1dbd20aa87fb0f62bd2b6c5e30c614a2
Certificate serial:       01990BA17B74F75877C128D007E52E948B31
Authority key identifier: 30:A3:4F:9D:1D:BD:20:AA:87:FB:0F:62:BD:2B:6C:5E:30:C6:14:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MKNPnR29IKqH-w9ivStsXjDGFKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/ee4732-c3ba-4088-a5fa-eb653d3622bb/1/uvBnSEDJOZtpJ8-9ltvsweOU25c.roa
Signing time:             Tue 02 Sep 2025 18:12:36 +0000
ROA not before:           Tue 02 Sep 2025 18:12:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1680
IP address blocks:        193.110.180.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/ee4732-c3ba-4088-a5fa-eb653d3622bb/1/MKNPnR29IKqH-w9ivStsXjDGFKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/ee4732-c3ba-4088-a5fa-eb653d3622bb/1/MKNPnR29IKqH-w9ivStsXjDGFKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MKNPnR29IKqH-w9ivStsXjDGFKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 06:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0b:a1:7b:74:f7:58:77:c1:28:d0:07:e5:2e:94:8b:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30a34f9d1dbd20aa87fb0f62bd2b6c5e30c614a2
        Validity
            Not Before: Sep  2 18:12:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=baf0674840c9399b6927cfbd96dbecc1e394db97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f2:10:a4:21:f2:6b:78:53:f8:59:65:1e:7f:
                    e8:47:2c:70:56:aa:68:ed:ac:ef:fe:a4:e5:3a:83:
                    c8:63:1b:44:0c:c1:52:b0:89:9d:c5:8a:16:81:de:
                    54:3c:89:d1:11:af:ca:03:69:96:9e:79:20:aa:6b:
                    6a:5a:91:80:64:c4:ea:a7:24:85:ce:7c:7e:29:f1:
                    ea:ff:fb:7e:2f:29:8d:6a:4a:17:11:7b:52:4d:ef:
                    87:80:b6:41:71:1f:ba:ff:18:09:03:08:f8:f1:e2:
                    14:c4:1a:6d:9d:2e:89:8b:23:64:34:4e:ac:58:67:
                    d8:6d:23:06:98:e4:12:46:71:e7:9a:c3:f5:c2:d1:
                    df:82:55:f5:25:2b:c8:a0:e6:09:60:8d:5b:bb:09:
                    d3:44:3f:77:8a:9b:b8:6d:9e:53:28:fd:c4:f7:f2:
                    09:61:60:5b:e6:c2:5c:01:4f:4d:78:50:ca:93:20:
                    a3:a1:5c:43:86:55:5b:d0:81:50:f9:cd:4b:6d:3d:
                    5f:bd:f9:1d:db:92:b9:2d:ea:99:2f:52:be:9d:c2:
                    f2:bd:f6:55:50:61:24:77:b0:b3:84:4f:49:52:58:
                    4e:8c:e2:85:d4:8e:6d:d6:75:af:0c:c6:20:04:7b:
                    46:bf:aa:ee:1d:45:ba:c4:51:b4:54:a9:b8:d7:50:
                    f8:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:F0:67:48:40:C9:39:9B:69:27:CF:BD:96:DB:EC:C1:E3:94:DB:97
            X509v3 Authority Key Identifier:
                keyid:30:A3:4F:9D:1D:BD:20:AA:87:FB:0F:62:BD:2B:6C:5E:30:C6:14:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MKNPnR29IKqH-w9ivStsXjDGFKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/ee4732-c3ba-4088-a5fa-eb653d3622bb/1/uvBnSEDJOZtpJ8-9ltvsweOU25c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/ee4732-c3ba-4088-a5fa-eb653d3622bb/1/MKNPnR29IKqH-w9ivStsXjDGFKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:53:51:58:ef:76:01:76:0a:cf:38:d6:4a:33:0e:61:31:c5:
         71:62:c1:2e:a0:b0:56:53:1c:2b:4d:40:a3:2f:47:01:be:c5:
         6b:12:05:24:77:5a:8e:94:be:d7:de:96:91:97:b2:58:d0:46:
         9a:e0:53:49:43:d6:46:14:8a:3a:2b:25:9c:5a:19:0d:f2:f8:
         3e:47:18:cd:87:6f:c1:29:31:17:03:aa:60:3e:5a:a4:b9:5c:
         ac:81:67:c0:d3:05:7f:8a:8a:fa:a6:8b:36:3c:02:a3:a4:b0:
         66:8d:40:60:2d:da:5b:70:e6:fb:84:e5:a0:f5:50:87:47:59:
         2d:02:bf:c3:31:bf:96:c2:c4:f7:9c:de:6e:09:5d:65:83:d6:
         e2:e2:3f:87:1e:8e:07:f3:98:ff:23:8d:28:16:9a:80:59:35:
         2a:86:be:e0:d7:78:79:a6:d3:64:dc:aa:8c:44:87:fc:df:c9:
         9b:f3:8c:00:bb:4f:cb:18:f8:79:16:a6:d9:fc:74:cd:11:6a:
         2e:80:90:e2:f0:63:b5:1c:7a:0c:23:80:23:3c:2e:be:b8:34:
         6d:ae:eb:3a:67:98:5a:86:51:69:fa:8a:e5:c5:d2:b6:b2:50:
         5f:e2:0b:1e:68:65:c9:0f:7a:84:f1:ea:57:8f:d2:0e:c2:3f:
         c0:08:bc:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkLoXt091h3wSjQB+UulIsxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYTM0ZjlkMWRiZDIwYWE4N2ZiMGY2MmJkMmI2YzVlMzBj
NjE0YTIwHhcNMjUwOTAyMTgxMjM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWYwNjc0ODQwYzkzOTliNjkyN2NmYmQ5NmRiZWNjMWUzOTRkYjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfIQpCHya3hT+FllHn/oRyxwVqpo
7azv/qTlOoPIYxtEDMFSsImdxYoWgd5UPInREa/KA2mWnnkgqmtqWpGAZMTqpySF
znx+KfHq//t+LymNakoXEXtSTe+HgLZBcR+6/xgJAwj48eIUxBptnS6JiyNkNE6s
WGfYbSMGmOQSRnHnmsP1wtHfglX1JSvIoOYJYI1buwnTRD93ipu4bZ5TKP3E9/IJ
YWBb5sJcAU9NeFDKkyCjoVxDhlVb0IFQ+c1LbT1fvfkd25K5LeqZL1K+ncLyvfZV
UGEkd7CzhE9JUlhOjOKF1I5t1nWvDMYgBHtGv6ruHUW6xFG0VKm411D4aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLrwZ0hAyTmbaSfPvZbb7MHjlNuXMB8GA1UdIwQY
MBaAFDCjT50dvSCqh/sPYr0rbF4wxhSiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUtOUG5SMjlJS3FILXc5aXZTdHNYakRHRktJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9lZTQ3MzItYzNiYS00MDg4LWE1ZmEt
ZWI2NTNkMzYyMmJiLzEvdXZCblNFREpPWnRwSjgtOWx0dnN3ZU9VMjVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9lZTQ3MzItYzNiYS00MDg4LWE1ZmEtZWI2NTNkMzYyMmJi
LzEvTUtOUG5SMjlJS3FILXc5aXZTdHNYakRHRktJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwW60MA0G
CSqGSIb3DQEBCwUAA4IBAQAKU1FY73YBdgrPONZKMw5hMcVxYsEuoLBWUxwrTUCj
L0cBvsVrEgUkd1qOlL7X3paRl7JY0Eaa4FNJQ9ZGFIo6KyWcWhkN8vg+RxjNh2/B
KTEXA6pgPlqkuVysgWfA0wV/ior6pos2PAKjpLBmjUBgLdpbcOb7hOWg9VCHR1kt
Ar/DMb+WwsT3nN5uCV1lg9bi4j+HHo4H85j/I40oFpqAWTUqhr7g13h5ptNk3KqM
RIf838mb84wAu0/LGPh5FqbZ/HTNEWougJDi8GO1HHoMI4AjPC6+uDRtrus6Z5ha
hlFp+orlxdK2slBf4gseaGXJD3qE8epXj9IOwj/ACLy9
-----END CERTIFICATE-----