Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/UMfGsYiVVaPqQLK16T2A06u0BEE.roa
File:                     UMfGsYiVVaPqQLK16T2A06u0BEE.roa (raw, json)
Hash identifier:          07Lh23XMbUQQ60HsH+UK1VVt2KldYGYcfq4bp2sWOts=
Subject key identifier:   50:C7:C6:B1:88:95:55:A3:EA:40:B2:B5:E9:3D:80:D3:AB:B4:04:41
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019CE6839CF0218789FB5E7EC7828F53ACDE
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/UMfGsYiVVaPqQLK16T2A06u0BEE.roa
Signing time:             Fri 13 Mar 2026 09:25:10 +0000
ROA not before:           Fri 13 Mar 2026 09:25:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207043
IP address blocks:        85.239.144.0/24 maxlen: 24
                          85.239.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 14:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e6:83:9c:f0:21:87:89:fb:5e:7e:c7:82:8f:53:ac:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Mar 13 09:25:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=50c7c6b1889555a3ea40b2b5e93d80d3abb40441
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c5:f5:d9:e8:a8:5c:c4:c6:44:3c:03:47:a9:
                    fb:be:8e:58:6e:7f:94:3f:af:84:45:a3:dc:5b:04:
                    31:bb:e0:b5:bd:a4:42:63:ce:51:3a:bc:6d:38:57:
                    73:1f:58:37:9f:d5:86:a2:c0:01:e1:75:a8:81:21:
                    d4:47:96:e4:35:95:48:62:ec:21:e0:0a:06:08:dd:
                    d3:7d:fd:83:ba:c8:0b:e7:25:f9:68:bc:f6:6e:cb:
                    e2:18:c6:b0:87:46:a0:cb:b6:59:cc:02:fc:6b:09:
                    be:71:02:02:a4:05:a6:f3:4b:85:23:61:9f:85:d8:
                    ff:66:40:a1:c9:9f:66:2a:64:3e:5a:f5:6a:3c:24:
                    c5:c0:78:14:f0:d7:85:9c:bf:40:dc:76:e8:72:15:
                    50:65:b6:c5:08:79:90:31:a1:82:ea:2f:c2:bf:27:
                    06:db:ff:2e:29:eb:67:c4:13:ac:ed:dc:ac:e0:f8:
                    da:84:e1:f8:43:61:fd:b5:a0:fd:33:b7:4f:3d:10:
                    17:82:ee:a0:63:00:e6:8b:94:a8:ad:d7:b9:b5:71:
                    a5:44:e5:b5:e2:1d:95:cb:ae:b3:5d:fd:ef:7f:2d:
                    c5:af:0b:59:ac:94:da:30:eb:38:7e:e7:19:e3:6f:
                    a8:b7:84:72:a1:32:96:cd:57:85:dd:18:51:d2:06:
                    f5:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:C7:C6:B1:88:95:55:A3:EA:40:B2:B5:E9:3D:80:D3:AB:B4:04:41
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/UMfGsYiVVaPqQLK16T2A06u0BEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.144.0/24
                  85.239.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:b0:83:5f:ee:c9:6a:3e:33:fc:ce:f3:13:eb:8f:3c:f8:47:
         25:e8:d2:fd:43:f1:eb:df:73:ea:04:3f:29:b9:23:4c:d7:0a:
         dd:7b:96:fc:7c:6e:da:30:b1:f2:6d:3f:8c:bc:e0:db:ba:5d:
         18:14:83:d5:1b:6c:7a:84:e3:b5:96:5e:95:44:83:32:fd:47:
         c0:79:54:a5:65:c9:a2:f7:b4:41:8b:bc:71:86:05:0b:84:d1:
         ec:fb:46:82:c0:59:c8:ae:bc:24:47:25:95:54:92:68:1a:99:
         8c:f6:24:4e:04:f8:e7:3a:45:21:5b:84:fc:bf:ea:e6:f1:e1:
         9e:79:c3:47:fa:6f:19:e3:7d:cc:e2:28:d5:d9:e3:c7:31:fe:
         12:e8:9d:8f:f0:16:63:7c:ce:bc:f6:8f:b8:29:cd:2c:cf:3f:
         c0:b9:a1:6e:13:a2:01:93:12:c8:d2:94:6c:f2:a9:c4:5b:44:
         59:00:2b:24:f6:79:95:9b:33:05:ee:b4:f6:7f:d4:ee:ab:d3:
         97:75:87:15:7d:18:87:79:65:f8:d2:c6:a2:e6:44:b1:d5:a8:
         64:a1:b7:1d:dd:e2:0c:be:25:88:1d:7f:b3:fe:0a:70:1b:a7:
         7e:a4:b5:26:61:11:8a:e7:a9:6b:5d:78:70:4e:39:5e:b2:8c:
         b0:79:56:79
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzmg5zwIYeJ+15+x4KPU6zeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjYwMzEzMDkyNTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGM3YzZiMTg4OTU1NWEzZWE0MGIyYjVlOTNkODBkM2FiYjQwNDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8X12eioXMTGRDwDR6n7vo5Ybn+U
P6+ERaPcWwQxu+C1vaRCY85ROrxtOFdzH1g3n9WGosAB4XWogSHUR5bkNZVIYuwh
4AoGCN3Tff2DusgL5yX5aLz2bsviGMawh0agy7ZZzAL8awm+cQICpAWm80uFI2Gf
hdj/ZkChyZ9mKmQ+WvVqPCTFwHgU8NeFnL9A3HbochVQZbbFCHmQMaGC6i/CvycG
2/8uKetnxBOs7dys4PjahOH4Q2H9taD9M7dPPRAXgu6gYwDmi5Sorde5tXGlROW1
4h2Vy66zXf3vfy3FrwtZrJTaMOs4fucZ42+ot4RyoTKWzVeF3RhR0gb1awIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFDHxrGIlVWj6kCytek9gNOrtARBMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvVU1mR3NZaVZWYVBxUUxLMTZUMkEwNnUwQkVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVe+QAwQA
Ve+VMA0GCSqGSIb3DQEBCwUAA4IBAQAbsINf7slqPjP8zvMT6488+Ecl6NL9Q/Hr
33PqBD8puSNM1wrde5b8fG7aMLHybT+MvODbul0YFIPVG2x6hOO1ll6VRIMy/UfA
eVSlZcmi97RBi7xxhgULhNHs+0aCwFnIrrwkRyWVVJJoGpmM9iROBPjnOkUhW4T8
v+rm8eGeecNH+m8Z433M4ijV2ePHMf4S6J2P8BZjfM689o+4Kc0szz/AuaFuE6IB
kxLI0pRs8qnEW0RZACsk9nmVmzMF7rT2f9Tuq9OXdYcVfRiHeWX40sai5kSx1ahk
obcd3eIMviWIHX+z/gpwG6d+pLUmYRGK56lrXXhwTjlesoyweVZ5
-----END CERTIFICATE-----