Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/6b39bf-3640-4d2e-b22f-61cd618658c6/1/UgJvQvKty6Zh2ac8QLWpSTJ3e9Q.roa
File:                     UgJvQvKty6Zh2ac8QLWpSTJ3e9Q.roa (raw, json)
Hash identifier:          e7Y0YkdCjz1xJOGFlqqNmoUkXvlhwJtg0uSF5GJoHhM=
Subject key identifier:   52:02:6F:42:F2:AD:CB:A6:61:D9:A7:3C:40:B5:A9:49:32:77:7B:D4
Certificate issuer:       /CN=0e110c97d5f2b1fb4d358288c0ea62af5f20c41a
Certificate serial:       019B76EAF5DEBAD68E4C64566CF4638714D9
Authority key identifier: 0E:11:0C:97:D5:F2:B1:FB:4D:35:82:88:C0:EA:62:AF:5F:20:C4:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DhEMl9XysftNNYKIwOpir18gxBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/6b39bf-3640-4d2e-b22f-61cd618658c6/1/UgJvQvKty6Zh2ac8QLWpSTJ3e9Q.roa
Signing time:             Thu 01 Jan 2026 00:17:48 +0000
ROA not before:           Thu 01 Jan 2026 00:17:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58227
IP address blocks:        91.212.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/6b39bf-3640-4d2e-b22f-61cd618658c6/1/DhEMl9XysftNNYKIwOpir18gxBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/6b39bf-3640-4d2e-b22f-61cd618658c6/1/DhEMl9XysftNNYKIwOpir18gxBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DhEMl9XysftNNYKIwOpir18gxBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:f5:de:ba:d6:8e:4c:64:56:6c:f4:63:87:14:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e110c97d5f2b1fb4d358288c0ea62af5f20c41a
        Validity
            Not Before: Jan  1 00:17:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=52026f42f2adcba661d9a73c40b5a94932777bd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:4f:fc:92:d8:4f:16:8e:31:5c:63:51:ea:b6:
                    7b:c5:ed:95:49:b2:0a:9d:44:a6:0f:e8:cb:81:36:
                    82:0e:86:8f:02:b1:51:60:56:0a:11:d3:cb:fb:a6:
                    38:c6:0d:f7:c7:dc:02:00:d2:83:c7:51:68:f6:28:
                    1b:bf:fd:be:bc:14:7e:a1:24:cf:2d:d4:d5:9e:72:
                    13:c0:38:55:c0:8a:0d:72:ac:98:e7:a0:31:78:8a:
                    0f:f8:f7:1d:e2:2b:60:cd:11:23:cf:26:80:26:2f:
                    03:7d:86:62:04:d2:b6:da:dc:b8:e4:a5:7e:02:2c:
                    ce:25:5d:9f:ee:6c:a7:7e:c2:f2:23:f7:ac:71:6a:
                    a1:de:bf:ea:24:8e:fd:65:be:d6:3d:dd:cc:3c:74:
                    e2:42:91:73:48:26:83:ec:6b:51:25:f9:35:7e:fe:
                    89:7c:5f:c3:4d:96:93:75:6f:10:af:50:8b:94:4f:
                    31:57:98:c3:3d:8b:1f:aa:c5:0a:c1:63:ba:06:33:
                    4d:87:42:07:f1:ae:e5:95:73:b3:9a:1e:03:c4:8d:
                    3a:bc:eb:e1:f3:dd:ef:c7:72:21:16:84:26:6a:92:
                    84:4b:15:9f:0f:e5:0a:bc:09:1d:31:44:60:cc:5f:
                    06:98:2b:9e:7b:79:b8:7e:38:b0:a1:27:a3:4b:c8:
                    4a:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:02:6F:42:F2:AD:CB:A6:61:D9:A7:3C:40:B5:A9:49:32:77:7B:D4
            X509v3 Authority Key Identifier:
                keyid:0E:11:0C:97:D5:F2:B1:FB:4D:35:82:88:C0:EA:62:AF:5F:20:C4:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DhEMl9XysftNNYKIwOpir18gxBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/6b39bf-3640-4d2e-b22f-61cd618658c6/1/UgJvQvKty6Zh2ac8QLWpSTJ3e9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/6b39bf-3640-4d2e-b22f-61cd618658c6/1/DhEMl9XysftNNYKIwOpir18gxBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:f1:bc:01:c4:f3:71:a1:ba:e5:dd:38:07:15:03:4a:62:eb:
         56:4c:94:19:a6:54:2b:68:32:6e:81:a3:3c:05:bc:38:92:b8:
         93:02:fa:cd:5f:87:f7:4e:0d:f0:83:a4:bf:17:98:a0:0c:40:
         e8:a6:e9:45:51:c3:26:b6:16:01:00:33:5b:1e:d3:f6:16:a0:
         d8:3e:cf:85:92:07:71:e7:10:2d:6c:dd:fb:ea:24:9c:29:69:
         a1:0d:25:71:5a:2f:3a:3e:a5:5d:dc:50:40:0d:4d:db:66:f0:
         83:d6:cf:5e:bf:a0:f4:cf:b3:51:9f:8b:74:5a:b4:f1:d0:f0:
         ed:c4:e8:12:c9:22:10:5d:33:45:95:be:80:03:91:34:a3:73:
         48:73:d2:d9:eb:91:0d:54:6b:b9:b7:81:b9:48:47:ec:ac:b7:
         b1:dc:92:44:43:3c:01:3b:62:0f:70:86:35:02:f8:7a:c0:52:
         a0:e6:79:f0:35:3f:a1:a5:19:ea:47:a1:22:7f:ad:92:15:55:
         16:90:14:bf:ba:84:57:dc:07:1f:37:e4:e7:9d:61:97:1c:9b:
         18:e2:c5:5c:60:40:43:02:1c:df:ab:eb:e9:4a:ae:67:81:c8:
         60:a8:bf:49:89:69:da:55:31:b2:cc:c8:f4:27:d7:33:e8:e0:
         4f:f5:36:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26vXeutaOTGRWbPRjhxTZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMTEwYzk3ZDVmMmIxZmI0ZDM1ODI4OGMwZWE2MmFmNWYy
MGM0MWEwHhcNMjYwMTAxMDAxNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjAyNmY0MmYyYWRjYmE2NjFkOWE3M2M0MGI1YTk0OTMyNzc3YmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsU/8kthPFo4xXGNR6rZ7xe2VSbIK
nUSmD+jLgTaCDoaPArFRYFYKEdPL+6Y4xg33x9wCANKDx1Fo9igbv/2+vBR+oSTP
LdTVnnITwDhVwIoNcqyY56AxeIoP+Pcd4itgzREjzyaAJi8DfYZiBNK22ty45KV+
AizOJV2f7mynfsLyI/escWqh3r/qJI79Zb7WPd3MPHTiQpFzSCaD7GtRJfk1fv6J
fF/DTZaTdW8Qr1CLlE8xV5jDPYsfqsUKwWO6BjNNh0IH8a7llXOzmh4DxI06vOvh
893vx3IhFoQmapKESxWfD+UKvAkdMURgzF8GmCuee3m4fjiwoSejS8hKBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFICb0LyrcumYdmnPEC1qUkyd3vUMB8GA1UdIwQY
MBaAFA4RDJfV8rH7TTWCiMDqYq9fIMQaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGhFTWw5WHlzZnROTllLSXdPcGlyMThneEJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My82YjM5YmYtMzY0MC00ZDJlLWIyMmYt
NjFjZDYxODY1OGM2LzEvVWdKdlF2S3R5NlpoMmFjOFFMV3BTVEozZTlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My82YjM5YmYtMzY0MC00ZDJlLWIyMmYtNjFjZDYxODY1OGM2
LzEvRGhFTWw5WHlzZnROTllLSXdPcGlyMThneEJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9ThMA0G
CSqGSIb3DQEBCwUAA4IBAQC28bwBxPNxobrl3TgHFQNKYutWTJQZplQraDJugaM8
Bbw4kriTAvrNX4f3Tg3wg6S/F5igDEDopulFUcMmthYBADNbHtP2FqDYPs+Fkgdx
5xAtbN376iScKWmhDSVxWi86PqVd3FBADU3bZvCD1s9ev6D0z7NRn4t0WrTx0PDt
xOgSySIQXTNFlb6AA5E0o3NIc9LZ65ENVGu5t4G5SEfsrLex3JJEQzwBO2IPcIY1
Avh6wFKg5nnwNT+hpRnqR6Eif62SFVUWkBS/uoRX3AcfN+TnnWGXHJsY4sVcYEBD
Ahzfq+vpSq5ngchgqL9JiWnaVTGyzMj0J9cz6OBP9TYH
-----END CERTIFICATE-----