Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/55d10d-b448-4b47-ba58-147adc90ca0f/1/UipotQ-uJFFtPyyGfsmm8VGPq_Y.roa
File:                     UipotQ-uJFFtPyyGfsmm8VGPq_Y.roa (raw, json)
Hash identifier:          1ArIsx9oTls8tQ2A71LvIPypaXRgZmQimvwpiodxUUE=
Subject key identifier:   52:2A:68:B5:0F:AE:24:51:6D:3F:2C:86:7E:C9:A6:F1:51:8F:AB:F6
Certificate issuer:       /CN=949ff40831ca66f996c76ea466af49476fecd1ff
Certificate serial:       019D202E0066954F91264F4CC7999993ED87
Authority key identifier: 94:9F:F4:08:31:CA:66:F9:96:C7:6E:A4:66:AF:49:47:6F:EC:D1:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lJ_0CDHKZvmWx26kZq9JR2_s0f8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/55d10d-b448-4b47-ba58-147adc90ca0f/1/UipotQ-uJFFtPyyGfsmm8VGPq_Y.roa
Signing time:             Tue 24 Mar 2026 14:09:38 +0000
ROA not before:           Tue 24 Mar 2026 14:09:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35236
IP address blocks:        37.221.117.0/24 maxlen: 24
                          2a09:501::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/55d10d-b448-4b47-ba58-147adc90ca0f/1/lJ_0CDHKZvmWx26kZq9JR2_s0f8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/55d10d-b448-4b47-ba58-147adc90ca0f/1/lJ_0CDHKZvmWx26kZq9JR2_s0f8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lJ_0CDHKZvmWx26kZq9JR2_s0f8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 11:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:20:2e:00:66:95:4f:91:26:4f:4c:c7:99:99:93:ed:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=949ff40831ca66f996c76ea466af49476fecd1ff
        Validity
            Not Before: Mar 24 14:09:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=522a68b50fae24516d3f2c867ec9a6f1518fabf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:91:31:7d:c5:95:aa:18:4f:d8:a9:3f:a3:1f:
                    4a:17:5d:dc:14:36:d6:0c:de:e7:cb:93:e1:b6:ee:
                    da:7f:05:57:5b:f6:6e:f5:3a:7e:25:c3:fd:42:6c:
                    60:e5:2b:e9:f3:00:fc:53:98:56:62:b7:05:e6:99:
                    1c:bf:1b:17:14:c7:a7:ae:dd:28:bc:a1:11:b3:40:
                    30:24:25:8e:ce:95:07:83:9b:4f:d0:8c:f1:f8:8c:
                    36:68:97:a6:7f:29:77:a8:e6:2a:d0:15:7f:b9:a6:
                    eb:03:dd:c6:67:4c:b2:56:9e:96:27:d3:55:e0:c1:
                    c2:26:1f:d5:f0:c9:37:c8:a2:e0:d2:cb:39:b6:f3:
                    f8:05:e7:a9:4b:1c:c1:c5:18:6c:40:7b:1a:6d:9c:
                    ed:2a:a5:66:ec:60:2e:59:3d:89:82:aa:05:8b:45:
                    6c:da:d3:48:66:45:ae:39:61:e3:e2:3b:21:3d:f0:
                    8d:7b:af:03:eb:d2:d2:e1:64:50:18:4a:a0:f8:7c:
                    a0:0d:c7:fd:39:c7:3c:3f:a2:fe:0a:0b:11:8c:ab:
                    d0:77:45:88:98:76:62:96:d3:dd:d4:b4:25:8e:5f:
                    97:27:f9:a4:47:ab:68:6c:68:e3:dc:c5:42:04:f8:
                    39:40:96:7d:c3:d7:6e:0a:d6:bf:e5:72:25:b5:79:
                    2c:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:2A:68:B5:0F:AE:24:51:6D:3F:2C:86:7E:C9:A6:F1:51:8F:AB:F6
            X509v3 Authority Key Identifier:
                keyid:94:9F:F4:08:31:CA:66:F9:96:C7:6E:A4:66:AF:49:47:6F:EC:D1:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lJ_0CDHKZvmWx26kZq9JR2_s0f8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/55d10d-b448-4b47-ba58-147adc90ca0f/1/UipotQ-uJFFtPyyGfsmm8VGPq_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/55d10d-b448-4b47-ba58-147adc90ca0f/1/lJ_0CDHKZvmWx26kZq9JR2_s0f8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.117.0/24
                IPv6:
                  2a09:501::/32

    Signature Algorithm: sha256WithRSAEncryption
         09:5d:18:c0:49:38:8f:69:cd:80:07:aa:97:99:ac:60:9a:1d:
         19:bc:40:e5:27:d4:85:4b:f9:f2:88:a1:2c:86:f4:07:ad:c1:
         e1:58:3d:98:a9:25:f8:b2:87:4e:fc:f5:46:fc:3c:13:ac:c5:
         f8:68:c5:5c:15:11:68:07:c2:a3:1e:6f:1c:17:59:6b:5d:37:
         f4:02:a6:d2:68:03:b9:d8:d5:bf:c3:e7:ce:ce:1c:6e:87:df:
         9a:d1:a3:b5:df:7f:c2:fc:87:4d:d9:15:b1:40:62:6e:65:37:
         b4:ce:8c:dd:c8:95:55:72:21:b0:91:83:ff:84:a7:6a:20:0c:
         ee:67:08:6f:e3:40:01:01:4f:5c:a1:e9:04:d9:30:47:fe:79:
         2f:8f:d5:ff:80:35:74:58:22:77:12:4f:03:2f:a5:e9:6e:3f:
         d3:71:20:88:8b:07:b9:7b:53:17:3e:ae:56:01:77:88:21:b5:
         02:ab:33:74:28:ad:33:a9:7e:70:f2:1f:41:8d:7d:31:55:08:
         68:48:79:6f:ba:66:68:00:8f:eb:3f:fd:05:c1:4c:54:1e:86:
         8f:36:a0:69:79:64:f0:44:b7:74:f4:f4:69:06:4a:29:c1:49:
         2b:ed:62:a6:bf:a3:82:f9:32:2f:1f:0e:a5:08:da:22:51:9a:
         c7:16:e9:7e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ0gLgBmlU+RJk9Mx5mZk+2HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0OWZmNDA4MzFjYTY2Zjk5NmM3NmVhNDY2YWY0OTQ3NmZl
Y2QxZmYwHhcNMjYwMzI0MTQwOTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjJhNjhiNTBmYWUyNDUxNmQzZjJjODY3ZWM5YTZmMTUxOGZhYmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZExfcWVqhhP2Kk/ox9KF13cFDbW
DN7ny5Phtu7afwVXW/Zu9Tp+JcP9Qmxg5Svp8wD8U5hWYrcF5pkcvxsXFMenrt0o
vKERs0AwJCWOzpUHg5tP0Izx+Iw2aJemfyl3qOYq0BV/uabrA93GZ0yyVp6WJ9NV
4MHCJh/V8Mk3yKLg0ss5tvP4BeepSxzBxRhsQHsabZztKqVm7GAuWT2JgqoFi0Vs
2tNIZkWuOWHj4jshPfCNe68D69LS4WRQGEqg+HygDcf9Occ8P6L+CgsRjKvQd0WI
mHZiltPd1LQljl+XJ/mkR6tobGjj3MVCBPg5QJZ9w9duCta/5XIltXksHwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFIqaLUPriRRbT8shn7JpvFRj6v2MB8GA1UdIwQY
MBaAFJSf9Agxymb5lsdupGavSUdv7NH/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEpfMENESEtadm1XeDI2a1pxOUpSMl9zMGY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81NWQxMGQtYjQ0OC00YjQ3LWJhNTgt
MTQ3YWRjOTBjYTBmLzEvVWlwb3RRLXVKRkZ0UHl5R2ZzbW04VkdQcV9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81NWQxMGQtYjQ0OC00YjQ3LWJhNTgtMTQ3YWRjOTBjYTBm
LzEvbEpfMENESEtadm1XeDI2a1pxOUpSMl9zMGY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAJd11MA0E
AgACMAcDBQAqCQUBMA0GCSqGSIb3DQEBCwUAA4IBAQAJXRjASTiPac2AB6qXmaxg
mh0ZvEDlJ9SFS/nyiKEshvQHrcHhWD2YqSX4sodO/PVG/DwTrMX4aMVcFRFoB8Kj
Hm8cF1lrXTf0AqbSaAO52NW/w+fOzhxuh9+a0aO133/C/IdN2RWxQGJuZTe0zozd
yJVVciGwkYP/hKdqIAzuZwhv40ABAU9coekE2TBH/nkvj9X/gDV0WCJ3Ek8DL6Xp
bj/TcSCIiwe5e1MXPq5WAXeIIbUCqzN0KK0zqX5w8h9BjX0xVQhoSHlvumZoAI/r
P/0FwUxUHoaPNqBpeWTwRLd09PRpBkopwUkr7WKmv6OC+TIvHw6lCNoiUZrHFul+
-----END CERTIFICATE-----