Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/UCUZJiJOcm8mZ6bA66ksAVd7y1U.roa
File:                     UCUZJiJOcm8mZ6bA66ksAVd7y1U.roa (raw, json)
Hash identifier:          bl/8vPqPFPbYoAW9dOVE2wNzkbB2QWDhfnRPDr+9aK0=
Subject key identifier:   50:25:19:26:22:4E:72:6F:26:67:A6:C0:EB:A9:2C:01:57:7B:CB:55
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019DB915327260C904FC717389B47116E599
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/UCUZJiJOcm8mZ6bA66ksAVd7y1U.roa
Signing time:             Thu 23 Apr 2026 06:44:27 +0000
ROA not before:           Thu 23 Apr 2026 06:44:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30058
IP address blocks:        109.121.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b9:15:32:72:60:c9:04:fc:71:73:89:b4:71:16:e5:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Apr 23 06:44:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=50251926224e726f2667a6c0eba92c01577bcb55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:40:f5:74:91:22:99:b2:e5:f0:18:3e:27:f0:
                    89:1a:7a:5c:06:82:24:2c:dd:07:f8:4f:62:99:cf:
                    1e:0b:c8:23:38:4f:49:33:d4:f8:f9:78:40:8a:d1:
                    f3:02:d2:87:2d:68:30:cb:ec:bc:f7:cf:e2:0f:73:
                    ce:79:c8:7a:74:54:6a:34:cb:00:0e:08:6a:f9:9e:
                    2b:2d:c2:ea:72:79:55:b9:22:42:51:e1:8f:ac:1c:
                    cd:55:b7:05:20:51:15:23:4d:f9:7c:d8:71:0c:a8:
                    54:6e:da:dc:62:f3:13:f4:11:e9:21:11:4b:af:7b:
                    04:7f:74:26:a5:87:b8:ed:c7:15:c2:d3:e8:fe:de:
                    c0:79:e5:c3:d8:7c:8f:d0:eb:d0:9f:41:89:d1:72:
                    8c:f4:18:ec:e7:31:7b:42:60:78:d2:d2:28:9f:13:
                    e3:89:a2:e4:72:96:14:d1:55:11:79:b5:51:51:c9:
                    5d:a3:23:84:98:9f:08:45:18:f9:d4:53:cb:d4:2f:
                    07:3a:e9:58:90:e9:e1:a2:b0:90:15:bf:1e:e1:54:
                    8b:a8:8e:e8:f9:28:02:97:98:12:68:0f:e8:d0:68:
                    44:14:07:9c:76:3a:95:b3:e8:5e:a8:c6:14:2f:89:
                    ad:84:30:cd:e2:05:b9:ac:0f:85:41:61:67:b0:89:
                    6b:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:25:19:26:22:4E:72:6F:26:67:A6:C0:EB:A9:2C:01:57:7B:CB:55
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/UCUZJiJOcm8mZ6bA66ksAVd7y1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:dd:8b:a5:88:ba:62:0c:4a:10:b7:e3:2e:f8:3e:d6:3a:f6:
         a6:f3:4c:5b:5a:8f:14:55:e0:a4:3d:3f:d8:8a:df:c5:84:f2:
         a8:15:5b:7d:f5:f5:5a:17:24:7c:1a:e2:78:af:b0:6e:d6:bd:
         2b:c0:45:a3:24:b4:07:3d:0c:3e:ac:65:32:50:51:9d:b6:4e:
         91:ca:b7:1c:22:47:d3:a1:27:1f:42:68:e2:31:5c:d3:75:4e:
         3c:3a:76:39:b7:af:97:9c:f0:b5:63:ed:4a:3c:3f:20:e0:e7:
         24:a9:00:ca:1d:17:9d:48:dd:d1:48:65:ec:60:cf:a5:5e:45:
         e9:54:4f:09:ac:cc:0e:dc:46:f8:e5:a8:79:0a:8b:2d:ed:5f:
         be:bd:86:c1:95:dd:16:e0:5b:b6:e9:a3:ff:51:45:30:cc:60:
         30:6f:7b:45:88:02:b8:cf:54:5f:6a:ab:9d:81:2b:d5:01:d2:
         9f:6f:fb:ba:9e:3b:1c:38:ac:e8:6e:74:c5:27:ea:0b:f6:39:
         2e:da:53:55:f8:61:59:83:ca:e2:33:be:2b:53:f1:b2:96:19:
         6c:17:0c:e9:62:f9:2d:37:e1:c6:f0:b7:bd:de:bf:63:1a:86:
         34:43:fb:c2:c2:00:05:84:3f:7c:78:11:8d:b6:a6:65:7b:5c:
         4a:c0:26:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ25FTJyYMkE/HFzibRxFuWZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNDIzMDY0NDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDI1MTkyNjIyNGU3MjZmMjY2N2E2YzBlYmE5MmMwMTU3N2JjYjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA10D1dJEimbLl8Bg+J/CJGnpcBoIk
LN0H+E9imc8eC8gjOE9JM9T4+XhAitHzAtKHLWgwy+y898/iD3POech6dFRqNMsA
Dghq+Z4rLcLqcnlVuSJCUeGPrBzNVbcFIFEVI035fNhxDKhUbtrcYvMT9BHpIRFL
r3sEf3QmpYe47ccVwtPo/t7AeeXD2HyP0OvQn0GJ0XKM9Bjs5zF7QmB40tIonxPj
iaLkcpYU0VURebVRUcldoyOEmJ8IRRj51FPL1C8HOulYkOnhorCQFb8e4VSLqI7o
+SgCl5gSaA/o0GhEFAecdjqVs+heqMYUL4mthDDN4gW5rA+FQWFnsIlrUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFAlGSYiTnJvJmemwOupLAFXe8tVMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvVUNVWkppSk9jbThtWjZiQTY2a3NBVmQ3eTFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXktMA0G
CSqGSIb3DQEBCwUAA4IBAQBi3YuliLpiDEoQt+Mu+D7WOvam80xbWo8UVeCkPT/Y
it/FhPKoFVt99fVaFyR8GuJ4r7Bu1r0rwEWjJLQHPQw+rGUyUFGdtk6RyrccIkfT
oScfQmjiMVzTdU48OnY5t6+XnPC1Y+1KPD8g4OckqQDKHRedSN3RSGXsYM+lXkXp
VE8JrMwO3Eb45ah5Cost7V++vYbBld0W4Fu26aP/UUUwzGAwb3tFiAK4z1Rfaqud
gSvVAdKfb/u6njscOKzobnTFJ+oL9jku2lNV+GFZg8riM74rU/GylhlsFwzpYvkt
N+HG8Le93r9jGoY0Q/vCwgAFhD98eBGNtqZle1xKwCZu
-----END CERTIFICATE-----