Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/ffafdb-815a-47a8-971b-b6a4684e25f0/1/UJZgLa4q8XxSNPVAzvfqpj2hFmo.roa
File:                     UJZgLa4q8XxSNPVAzvfqpj2hFmo.roa (raw, json)
Hash identifier:          HHsZAHqUxdIIWKa7mlGz2y9bB1VZgvrrNvACwY4d8qo=
Subject key identifier:   50:96:60:2D:AE:2A:F1:7C:52:34:F5:40:CE:F7:EA:A6:3D:A1:16:6A
Certificate issuer:       /CN=afd598f29dd5c56298f2eb0575de27fc3ba20951
Certificate serial:       019B9F172B232DF0F3A4B480F944629123A4
Authority key identifier: AF:D5:98:F2:9D:D5:C5:62:98:F2:EB:05:75:DE:27:FC:3B:A2:09:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r9WY8p3VxWKY8usFdd4n_DuiCVE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/ffafdb-815a-47a8-971b-b6a4684e25f0/1/UJZgLa4q8XxSNPVAzvfqpj2hFmo.roa
Signing time:             Thu 08 Jan 2026 19:30:54 +0000
ROA not before:           Thu 08 Jan 2026 19:30:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211006
IP address blocks:        95.133.248.0/24 maxlen: 24
                          95.133.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/ffafdb-815a-47a8-971b-b6a4684e25f0/1/r9WY8p3VxWKY8usFdd4n_DuiCVE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/ffafdb-815a-47a8-971b-b6a4684e25f0/1/r9WY8p3VxWKY8usFdd4n_DuiCVE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r9WY8p3VxWKY8usFdd4n_DuiCVE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:9f:17:2b:23:2d:f0:f3:a4:b4:80:f9:44:62:91:23:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afd598f29dd5c56298f2eb0575de27fc3ba20951
        Validity
            Not Before: Jan  8 19:30:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5096602dae2af17c5234f540cef7eaa63da1166a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:73:11:ca:20:e4:46:b7:1b:2c:40:43:7d:48:
                    ad:40:89:8e:66:e5:3b:33:0b:f2:9a:2a:70:5b:5a:
                    79:85:57:e2:9c:63:fe:c1:cf:d0:8c:ba:5b:a8:b7:
                    64:a5:49:d3:da:0d:83:4f:87:9d:70:9e:23:20:dd:
                    99:c8:48:c7:ec:41:b7:4a:c6:91:11:ad:a7:00:69:
                    82:ff:d7:34:e5:d1:2e:9c:de:69:11:a7:d0:38:25:
                    6c:8a:7b:52:69:57:a8:2d:75:22:66:16:1c:e1:2d:
                    51:2f:e4:ea:05:67:ec:35:47:37:32:25:8e:d0:0b:
                    27:05:e3:9c:ee:6f:08:8a:7e:2e:01:98:98:f3:36:
                    24:db:9f:e6:e6:46:2c:33:a0:b1:80:77:2e:4a:bb:
                    80:a5:ea:f4:60:dd:9b:a7:c4:22:1c:a1:93:ae:f5:
                    ec:8b:81:46:24:b4:9c:c9:a3:f3:72:fb:a5:57:c0:
                    6e:2d:38:23:33:2d:b4:b1:49:92:56:39:39:73:c3:
                    eb:2c:b2:13:0b:f6:87:f9:69:04:bb:49:e0:c1:5b:
                    53:bc:2e:47:cf:ea:cf:f8:bb:ee:12:a8:91:9c:15:
                    a0:da:b1:04:78:f3:86:87:f4:b3:0a:f3:50:ba:8b:
                    3d:6d:16:ed:ab:de:c7:0e:62:a0:ad:a2:22:f7:e9:
                    f0:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:96:60:2D:AE:2A:F1:7C:52:34:F5:40:CE:F7:EA:A6:3D:A1:16:6A
            X509v3 Authority Key Identifier:
                keyid:AF:D5:98:F2:9D:D5:C5:62:98:F2:EB:05:75:DE:27:FC:3B:A2:09:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r9WY8p3VxWKY8usFdd4n_DuiCVE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/ffafdb-815a-47a8-971b-b6a4684e25f0/1/UJZgLa4q8XxSNPVAzvfqpj2hFmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/ffafdb-815a-47a8-971b-b6a4684e25f0/1/r9WY8p3VxWKY8usFdd4n_DuiCVE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.133.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         15:5a:5a:f1:a5:b4:3f:8c:ae:3b:f0:2c:8c:bb:73:c2:bd:39:
         83:3f:58:8d:8e:59:07:cc:02:54:ee:96:3a:16:5b:81:53:83:
         1e:21:dc:66:a6:73:30:4b:82:bf:ac:5c:54:76:16:72:a7:e6:
         d8:6c:9c:a9:24:b9:1d:97:0e:27:39:a4:4e:8f:90:68:75:3c:
         80:5b:10:3b:26:7a:8c:8a:d6:65:35:a5:85:ff:b1:65:04:a2:
         d8:03:d2:a2:9f:75:67:78:70:7b:0b:ec:68:85:79:c2:38:a1:
         f0:06:28:99:d3:5e:da:25:a2:3d:97:7d:e1:4f:79:28:70:49:
         2f:93:c5:e8:74:16:c5:ed:c0:c9:c9:16:11:b9:d5:e9:9e:ca:
         79:ae:41:fa:15:b9:71:2d:46:48:23:2e:b9:06:ac:9f:fc:52:
         4b:40:36:22:a5:ff:22:60:fe:af:c5:e6:dd:13:e4:52:69:1e:
         df:2d:6c:e8:06:27:de:e0:b0:3f:6b:71:7b:80:d8:f3:30:1a:
         dd:15:09:b7:7f:84:3e:29:64:cb:8e:e3:a2:4c:19:a0:9a:19:
         1a:ac:f2:e7:07:64:b4:e3:2a:5b:e0:76:78:f7:2c:88:04:d8:
         42:a7:1e:61:5a:9f:24:f5:0b:99:8f:d8:7a:77:44:0a:a9:23:
         20:71:27:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZufFysjLfDzpLSA+URikSOkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZDU5OGYyOWRkNWM1NjI5OGYyZWIwNTc1ZGUyN2ZjM2Jh
MjA5NTEwHhcNMjYwMTA4MTkzMDU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDk2NjAyZGFlMmFmMTdjNTIzNGY1NDBjZWY3ZWFhNjNkYTExNjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHMRyiDkRrcbLEBDfUitQImOZuU7
MwvymipwW1p5hVfinGP+wc/QjLpbqLdkpUnT2g2DT4edcJ4jIN2ZyEjH7EG3SsaR
Ea2nAGmC/9c05dEunN5pEafQOCVsintSaVeoLXUiZhYc4S1RL+TqBWfsNUc3MiWO
0AsnBeOc7m8Iin4uAZiY8zYk25/m5kYsM6CxgHcuSruAper0YN2bp8QiHKGTrvXs
i4FGJLScyaPzcvulV8BuLTgjMy20sUmSVjk5c8PrLLITC/aH+WkEu0ngwVtTvC5H
z+rP+LvuEqiRnBWg2rEEePOGh/SzCvNQuos9bRbtq97HDmKgraIi9+nwiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFCWYC2uKvF8UjT1QM736qY9oRZqMB8GA1UdIwQY
MBaAFK/VmPKd1cVimPLrBXXeJ/w7oglRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjlXWThwM1Z4V0tZOHVzRmRkNG5fRHVpQ1ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9mZmFmZGItODE1YS00N2E4LTk3MWIt
YjZhNDY4NGUyNWYwLzEvVUpaZ0xhNHE4WHhTTlBWQXp2ZnFwajJoRm1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9mZmFmZGItODE1YS00N2E4LTk3MWItYjZhNDY4NGUyNWYw
LzEvcjlXWThwM1Z4V0tZOHVzRmRkNG5fRHVpQ1ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBX4X4MA0G
CSqGSIb3DQEBCwUAA4IBAQAVWlrxpbQ/jK478CyMu3PCvTmDP1iNjlkHzAJU7pY6
FluBU4MeIdxmpnMwS4K/rFxUdhZyp+bYbJypJLkdlw4nOaROj5BodTyAWxA7JnqM
itZlNaWF/7FlBKLYA9Kin3VneHB7C+xohXnCOKHwBiiZ017aJaI9l33hT3kocEkv
k8XodBbF7cDJyRYRudXpnsp5rkH6FblxLUZIIy65Bqyf/FJLQDYipf8iYP6vxebd
E+RSaR7fLWzoBife4LA/a3F7gNjzMBrdFQm3f4Q+KWTLjuOiTBmgmhkarPLnB2S0
4ypb4HZ49yyIBNhCpx5hWp8k9QuZj9h6d0QKqSMgcSfq
-----END CERTIFICATE-----