Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/19731f-a646-45b7-9b8a-8dc6edc71a00/1/ufhzE0W5SH0Js0oKYXP2RX7vpvA.roa
File:                     ufhzE0W5SH0Js0oKYXP2RX7vpvA.roa (raw, json)
Hash identifier:          L+5eFfEh2iKkPrG9ir0RuhaK5ClvADkNCI+XRwX6vSo=
Subject key identifier:   B9:F8:73:13:45:B9:48:7D:09:B3:4A:0A:61:73:F6:45:7E:EF:A6:F0
Certificate issuer:       /CN=3c1b65abb8ca3e90e97657a1a931e46469deb9a0
Certificate serial:       019CFB8EDBE46021CE2C431F464F0DA4D3DE
Authority key identifier: 3C:1B:65:AB:B8:CA:3E:90:E9:76:57:A1:A9:31:E4:64:69:DE:B9:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PBtlq7jKPpDpdlehqTHkZGneuaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/19731f-a646-45b7-9b8a-8dc6edc71a00/1/ufhzE0W5SH0Js0oKYXP2RX7vpvA.roa
Signing time:             Tue 17 Mar 2026 11:29:29 +0000
ROA not before:           Tue 17 Mar 2026 11:29:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213838
IP address blocks:        91.221.41.0/24 maxlen: 24
                          2a14:7f40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/19731f-a646-45b7-9b8a-8dc6edc71a00/1/PBtlq7jKPpDpdlehqTHkZGneuaA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/19731f-a646-45b7-9b8a-8dc6edc71a00/1/PBtlq7jKPpDpdlehqTHkZGneuaA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PBtlq7jKPpDpdlehqTHkZGneuaA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fb:8e:db:e4:60:21:ce:2c:43:1f:46:4f:0d:a4:d3:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c1b65abb8ca3e90e97657a1a931e46469deb9a0
        Validity
            Not Before: Mar 17 11:29:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b9f8731345b9487d09b34a0a6173f6457eefa6f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:c4:a9:35:b0:1e:ce:7b:9a:1c:c3:f0:5e:e2:
                    f0:6d:3c:81:82:6e:7a:91:87:38:29:e4:ad:41:b1:
                    5d:d6:ff:98:71:3c:e3:ed:4e:9f:71:a9:2c:73:c3:
                    28:8f:41:3b:cc:a8:a9:54:af:fe:27:cb:33:03:80:
                    39:56:84:35:b0:ad:b6:14:47:64:af:c4:8a:00:33:
                    3e:6b:b9:4b:18:16:49:54:2f:a5:f7:b2:ab:9a:8d:
                    03:ad:f0:2c:2c:20:1a:d6:fc:8d:ed:9d:04:97:51:
                    bb:90:3e:bc:b7:ff:8c:78:38:96:bd:e0:d4:78:36:
                    85:79:ef:9a:13:4d:22:7f:4c:ea:6c:86:3a:a5:d5:
                    67:0c:da:ed:9d:a1:25:45:18:46:f5:8c:d0:66:42:
                    22:5f:15:62:de:cf:b8:f9:fd:88:55:bb:cd:82:21:
                    7e:b7:41:c0:4f:dc:82:e6:66:39:b3:7b:37:f2:7b:
                    a2:00:98:8d:ba:94:83:b6:49:70:42:d7:d4:e9:e5:
                    60:fd:c9:38:48:31:2b:63:07:73:df:f3:12:e1:db:
                    dd:8a:25:d9:b5:ab:04:f0:7f:12:fa:c1:24:d9:2f:
                    2a:06:52:3a:f7:d6:6d:88:12:34:d6:bd:58:96:cf:
                    64:1c:44:86:94:db:4e:f7:ec:d0:37:25:37:5d:d2:
                    01:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:F8:73:13:45:B9:48:7D:09:B3:4A:0A:61:73:F6:45:7E:EF:A6:F0
            X509v3 Authority Key Identifier:
                keyid:3C:1B:65:AB:B8:CA:3E:90:E9:76:57:A1:A9:31:E4:64:69:DE:B9:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PBtlq7jKPpDpdlehqTHkZGneuaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/19731f-a646-45b7-9b8a-8dc6edc71a00/1/ufhzE0W5SH0Js0oKYXP2RX7vpvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/19731f-a646-45b7-9b8a-8dc6edc71a00/1/PBtlq7jKPpDpdlehqTHkZGneuaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.41.0/24
                IPv6:
                  2a14:7f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         24:1f:a8:ba:a0:8e:d1:9d:06:aa:d1:76:77:43:1a:a7:1b:b8:
         ee:6e:4c:ec:50:98:44:9e:1a:cf:25:e8:3d:82:f2:a9:dc:8d:
         1b:3d:3c:9d:35:03:e6:3b:80:f3:4c:62:6d:aa:eb:66:70:e2:
         d9:18:44:ad:e1:6c:fc:5a:37:da:d7:a1:3b:3b:77:cb:4c:b1:
         ec:09:74:74:54:08:8a:11:5d:cd:ca:e3:43:74:0e:76:0b:f3:
         52:22:dc:9f:b7:28:e5:7f:ab:84:dd:b9:1a:7a:da:83:09:42:
         0b:b2:27:d5:07:c0:d1:3e:64:96:88:2a:29:60:7b:33:77:2e:
         40:90:db:80:b5:4a:cf:7c:e1:32:74:22:ff:45:c2:31:a9:e6:
         1c:ce:b1:51:cb:99:f8:f6:77:50:8c:19:b5:6e:eb:4a:5c:b1:
         f7:88:bc:30:9d:68:40:4e:83:4a:39:08:b9:8d:b7:19:79:82:
         ac:38:7a:e7:a7:53:ee:0a:1f:26:e6:3a:37:5b:26:66:9c:ac:
         39:3a:15:6e:2c:43:42:d0:a4:37:c1:87:01:19:f5:49:6e:4a:
         ce:b1:cd:34:07:11:ef:0a:44:f7:3f:34:17:54:f1:ed:4d:d0:
         1e:8e:2e:cb:2c:87:b2:64:c8:2c:5b:3f:e0:17:fb:f4:e7:0a:
         a4:c4:9a:aa
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZz7jtvkYCHOLEMfRk8NpNPeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjMWI2NWFiYjhjYTNlOTBlOTc2NTdhMWE5MzFlNDY0Njlk
ZWI5YTAwHhcNMjYwMzE3MTEyOTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWY4NzMxMzQ1Yjk0ODdkMDliMzRhMGE2MTczZjY0NTdlZWZhNmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsSpNbAeznuaHMPwXuLwbTyBgm56
kYc4KeStQbFd1v+YcTzj7U6fcaksc8Moj0E7zKipVK/+J8szA4A5VoQ1sK22FEdk
r8SKADM+a7lLGBZJVC+l97Krmo0DrfAsLCAa1vyN7Z0El1G7kD68t/+MeDiWveDU
eDaFee+aE00if0zqbIY6pdVnDNrtnaElRRhG9YzQZkIiXxVi3s+4+f2IVbvNgiF+
t0HAT9yC5mY5s3s38nuiAJiNupSDtklwQtfU6eVg/ck4SDErYwdz3/MS4dvdiiXZ
tasE8H8S+sEk2S8qBlI699ZtiBI01r1Yls9kHESGlNtO9+zQNyU3XdIBDQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLn4cxNFuUh9CbNKCmFz9kV+76bwMB8GA1UdIwQY
MBaAFDwbZau4yj6Q6XZXoakx5GRp3rmgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEJ0bHE3aktQcERwZGxlaHFUSGtaR25ldWFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi8xOTczMWYtYTY0Ni00NWI3LTliOGEt
OGRjNmVkYzcxYTAwLzEvdWZoekUwVzVTSDBKczBvS1lYUDJSWDd2cHZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi8xOTczMWYtYTY0Ni00NWI3LTliOGEtOGRjNmVkYzcxYTAw
LzEvUEJ0bHE3aktQcERwZGxlaHFUSGtaR25ldWFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW90pMA0E
AgACMAcDBQMqFH9AMA0GCSqGSIb3DQEBCwUAA4IBAQAkH6i6oI7RnQaq0XZ3Qxqn
G7jubkzsUJhEnhrPJeg9gvKp3I0bPTydNQPmO4DzTGJtqutmcOLZGESt4Wz8Wjfa
16E7O3fLTLHsCXR0VAiKEV3NyuNDdA52C/NSItyftyjlf6uE3bkaetqDCUILsifV
B8DRPmSWiCopYHszdy5AkNuAtUrPfOEydCL/RcIxqeYczrFRy5n49ndQjBm1butK
XLH3iLwwnWhAToNKOQi5jbcZeYKsOHrnp1PuCh8m5jo3WyZmnKw5OhVuLENC0KQ3
wYcBGfVJbkrOsc00BxHvCkT3PzQXVPHtTdAeji7LLIeyZMgsWz/gF/v05wqkxJqq
-----END CERTIFICATE-----