Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/umvzC6P0ferGBzEmmLjSCxw9ed0.roa
File:                     umvzC6P0ferGBzEmmLjSCxw9ed0.roa (raw, json)
Hash identifier:          hBuufO3N/9hH/e9W21jtE4R0A3FrtlN4rpXIbIVZZ80=
Subject key identifier:   BA:6B:F3:0B:A3:F4:7D:EA:C6:07:31:26:98:B8:D2:0B:1C:3D:79:DD
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       019CDC0F878AB625E96106D9DBA94F136F27
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/umvzC6P0ferGBzEmmLjSCxw9ed0.roa
Signing time:             Wed 11 Mar 2026 08:42:11 +0000
ROA not before:           Wed 11 Mar 2026 08:42:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200219
IP address blocks:        185.139.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:dc:0f:87:8a:b6:25:e9:61:06:d9:db:a9:4f:13:6f:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Mar 11 08:42:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ba6bf30ba3f47deac607312698b8d20b1c3d79dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:4a:62:f7:b1:56:11:25:0c:dc:e0:1b:dd:1a:
                    f1:b6:e0:19:36:e1:d1:78:74:41:b7:fc:e3:d0:ef:
                    50:f3:06:76:02:59:dc:2f:33:51:f2:a7:53:0e:80:
                    36:87:c4:13:23:40:d2:b4:2a:4f:fb:41:6e:17:06:
                    a6:e5:16:ed:37:f4:21:2f:e5:06:a0:8e:27:44:68:
                    0b:8a:6a:ea:21:a4:cf:74:a4:83:84:25:ec:e6:c7:
                    ec:bf:f1:2f:c6:5a:2e:7d:52:bb:fc:ea:1a:d6:ab:
                    ee:97:b2:28:ee:d2:e4:22:1d:c0:a4:07:81:bd:3e:
                    ea:5a:c8:9a:6f:d2:23:ed:1a:4d:5e:39:d6:ec:5d:
                    7f:bc:31:ec:55:84:23:cb:7f:4a:65:8f:10:08:3a:
                    e2:cb:8f:4d:24:e5:f9:fe:a0:10:8b:9f:82:d5:d9:
                    a2:26:7c:f8:63:aa:12:47:84:38:53:f5:1a:c4:8a:
                    1e:78:83:40:15:3e:d5:38:77:38:ef:27:27:fd:12:
                    0e:db:d1:05:db:64:25:22:0f:c6:b3:5e:14:f2:b5:
                    75:a4:49:f0:ec:35:f5:e8:5e:f1:e7:82:37:d5:dc:
                    df:9e:77:e4:24:c1:ad:91:53:23:9c:45:e2:1a:43:
                    d8:d0:e0:e0:db:d9:1b:6f:6d:ca:5a:a5:40:09:61:
                    ed:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:6B:F3:0B:A3:F4:7D:EA:C6:07:31:26:98:B8:D2:0B:1C:3D:79:DD
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/umvzC6P0ferGBzEmmLjSCxw9ed0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.139.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:1c:e1:ad:58:6e:39:6b:15:43:1b:24:2d:24:72:57:37:67:
         3a:97:fd:6c:da:58:81:80:dd:44:9e:04:e1:6c:70:46:a4:50:
         3e:41:34:4d:49:82:00:43:b2:15:61:22:c3:09:9b:b4:13:7c:
         a8:ee:1c:6c:b9:d1:c3:69:47:88:d2:58:b2:ee:fa:9d:a4:aa:
         de:53:02:65:50:84:74:8a:cf:0b:53:7a:9b:2f:98:46:a2:db:
         b1:e3:8c:55:0a:fe:32:ee:5b:72:01:f9:9d:f8:55:bb:a4:c9:
         2e:4e:db:4c:da:f6:06:d3:bb:dd:0b:b2:fa:97:e0:37:41:a0:
         5d:92:72:a1:58:06:d9:46:52:8b:ef:b2:5d:3c:a9:3e:1a:d0:
         f7:34:25:64:bd:ef:ff:de:2f:bc:31:d7:aa:b7:1d:30:22:16:
         0a:cf:45:b3:d9:74:7b:13:da:4c:e4:6f:ae:6a:7a:18:e0:5c:
         07:3d:c1:8f:33:88:a6:ab:06:2a:8d:ef:63:ab:ec:b9:e6:4c:
         f2:80:13:70:f7:6c:96:c5:10:fc:c2:f2:56:3a:10:e6:50:1b:
         87:de:14:72:71:37:3d:e2:a2:14:77:8f:6c:8b:89:92:4d:8e:
         f7:5a:1e:b3:eb:0b:a1:23:c8:02:d8:d1:da:47:e5:93:9d:64:
         05:87:68:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzcD4eKtiXpYQbZ26lPE28nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjYwMzExMDg0MjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTZiZjMwYmEzZjQ3ZGVhYzYwNzMxMjY5OGI4ZDIwYjFjM2Q3OWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUpi97FWESUM3OAb3RrxtuAZNuHR
eHRBt/zj0O9Q8wZ2AlncLzNR8qdTDoA2h8QTI0DStCpP+0FuFwam5RbtN/QhL+UG
oI4nRGgLimrqIaTPdKSDhCXs5sfsv/EvxloufVK7/Ooa1qvul7Io7tLkIh3ApAeB
vT7qWsiab9Ij7RpNXjnW7F1/vDHsVYQjy39KZY8QCDriy49NJOX5/qAQi5+C1dmi
Jnz4Y6oSR4Q4U/UaxIoeeINAFT7VOHc47ycn/RIO29EF22QlIg/Gs14U8rV1pEnw
7DX16F7x54I31dzfnnfkJMGtkVMjnEXiGkPY0ODg29kbb23KWqVACWHtLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLpr8wuj9H3qxgcxJpi40gscPXndMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvdW12ekM2UDBmZXJHQnpFbW1MalNDeHc5ZWQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYvWMA0G
CSqGSIb3DQEBCwUAA4IBAQAOHOGtWG45axVDGyQtJHJXN2c6l/1s2liBgN1EngTh
bHBGpFA+QTRNSYIAQ7IVYSLDCZu0E3yo7hxsudHDaUeI0liy7vqdpKreUwJlUIR0
is8LU3qbL5hGotux44xVCv4y7ltyAfmd+FW7pMkuTttM2vYG07vdC7L6l+A3QaBd
knKhWAbZRlKL77JdPKk+GtD3NCVkve//3i+8Mdeqtx0wIhYKz0Wz2XR7E9pM5G+u
anoY4FwHPcGPM4imqwYqje9jq+y55kzygBNw92yWxRD8wvJWOhDmUBuH3hRycTc9
4qIUd49si4mSTY73Wh6z6wuhI8gC2NHaR+WTnWQFh2hP
-----END CERTIFICATE-----