Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/UFEcacEeNtbtwoCZ0nsNFqwZXpI.roa
File:                     UFEcacEeNtbtwoCZ0nsNFqwZXpI.roa (raw, json)
Hash identifier:          2iAF+KKuoS+VDPrsOk1eervY6E3WDgBeeoWYmW5Nrps=
Subject key identifier:   50:51:1C:69:C1:1E:36:D6:ED:C2:80:99:D2:7B:0D:16:AC:19:5E:92
Certificate issuer:       /CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Certificate serial:       019DD93E15F831F296E29DF41C255D068D77
Authority key identifier: A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/UFEcacEeNtbtwoCZ0nsNFqwZXpI.roa
Signing time:             Wed 29 Apr 2026 12:36:57 +0000
ROA not before:           Wed 29 Apr 2026 12:36:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42117
IP address blocks:        77.233.96.0/19 maxlen: 19
                          95.175.160.0/19 maxlen: 19
                          159.20.8.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d9:3e:15:f8:31:f2:96:e2:9d:f4:1c:25:5d:06:8d:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
        Validity
            Not Before: Apr 29 12:36:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=50511c69c11e36d6edc28099d27b0d16ac195e92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:08:fc:22:dd:ec:c8:dc:dd:4a:84:ce:c8:a1:
                    5d:8f:05:5e:05:51:cc:a4:e1:a9:30:91:b3:97:c0:
                    94:2a:a4:d2:90:cc:33:cb:4b:bd:86:82:b1:cb:82:
                    96:4f:d6:40:76:93:5d:86:bb:b6:26:1e:c8:1f:91:
                    7f:d3:3b:4e:d9:f3:d7:79:df:89:30:c9:f2:3c:98:
                    6d:96:3d:8a:61:38:f0:bb:60:e2:9d:11:1e:be:f4:
                    02:d1:5c:00:6d:b3:96:0c:e2:ba:2d:b5:19:44:ae:
                    86:e0:61:f1:66:7e:0a:4a:58:15:72:bc:81:94:02:
                    9c:0c:cb:7b:a0:39:6b:50:b1:11:01:36:51:42:db:
                    5c:40:82:ff:cf:12:8d:f0:d7:9a:13:a8:db:54:77:
                    29:9d:5e:02:f2:64:d9:c2:52:fe:ec:b2:ce:27:0b:
                    8a:0c:5c:b6:c2:f9:b7:6d:db:14:c7:aa:21:6a:30:
                    08:08:e6:97:5f:f0:a0:f7:b3:70:32:3f:9d:d2:7b:
                    5e:f5:1a:81:de:48:57:7f:fb:c0:f5:56:a8:69:7d:
                    36:3a:d0:af:a4:bd:ed:e1:8f:80:56:5e:b8:b9:b3:
                    07:72:99:03:5e:fe:25:1a:70:89:00:cf:a5:36:a2:
                    eb:56:ba:e0:10:e2:37:dd:0d:e2:1f:47:b1:97:12:
                    58:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:51:1C:69:C1:1E:36:D6:ED:C2:80:99:D2:7B:0D:16:AC:19:5E:92
            X509v3 Authority Key Identifier:
                keyid:A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/UFEcacEeNtbtwoCZ0nsNFqwZXpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.233.96.0/19
                  95.175.160.0/19
                  159.20.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         34:40:a4:0c:08:6d:d8:47:40:d4:07:78:b3:23:5a:be:5b:df:
         8b:7c:bf:31:02:28:d9:f4:9c:3a:b1:39:f9:62:69:e6:5a:3c:
         f7:cd:37:69:c7:4b:25:fe:73:15:e5:a6:f7:14:60:8a:36:13:
         35:e2:29:33:b8:7d:cd:99:24:4b:39:74:dc:08:c2:35:3c:48:
         0b:f5:12:2c:45:e2:58:0d:3c:d9:cc:fc:c5:48:b2:0c:52:00:
         9b:94:50:e1:80:a0:35:df:f3:e0:ba:5b:25:23:01:bc:00:1b:
         33:94:b4:2d:1d:34:35:83:90:71:a2:1a:d8:ff:65:60:07:05:
         69:fe:30:95:cd:21:b2:23:fd:22:b3:f1:b1:e7:65:d6:32:5b:
         6d:c6:64:6b:2d:bb:87:27:9c:aa:72:aa:d4:c2:7a:d5:b6:99:
         1d:1b:13:2c:48:fe:3f:80:3c:d5:17:83:dd:b6:41:bf:d3:d5:
         77:a0:89:0f:5f:14:21:24:6f:43:2a:62:89:5e:87:e3:7c:9d:
         e3:29:a4:e2:9e:bc:2e:45:d0:f9:73:0c:60:fb:f1:94:52:86:
         8f:ee:19:fe:98:35:59:da:cf:42:b4:27:54:ee:96:0f:e1:9d:
         d2:c7:f0:24:90:c3:3a:79:1e:a2:5e:db:6e:29:cd:f4:a2:b3:
         87:84:bf:37
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ3ZPhX4MfKW4p30HCVdBo13MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZWY1ZmJiZmNhN2E5M2NmZWU5NjVlZWI2YmRlZTZmYjQz
YzQwM2UwHhcNMjYwNDI5MTIzNjU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDUxMWM2OWMxMWUzNmQ2ZWRjMjgwOTlkMjdiMGQxNmFjMTk1ZTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQj8It3syNzdSoTOyKFdjwVeBVHM
pOGpMJGzl8CUKqTSkMwzy0u9hoKxy4KWT9ZAdpNdhru2Jh7IH5F/0ztO2fPXed+J
MMnyPJhtlj2KYTjwu2DinREevvQC0VwAbbOWDOK6LbUZRK6G4GHxZn4KSlgVcryB
lAKcDMt7oDlrULERATZRQttcQIL/zxKN8NeaE6jbVHcpnV4C8mTZwlL+7LLOJwuK
DFy2wvm3bdsUx6ohajAICOaXX/Cg97NwMj+d0nte9RqB3khXf/vA9VaoaX02OtCv
pL3t4Y+AVl64ubMHcpkDXv4lGnCJAM+lNqLrVrrgEOI33Q3iH0exlxJYmwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFBRHGnBHjbW7cKAmdJ7DRasGV6SMB8GA1UdIwQY
MBaAFKDvX7v8p6k8/ull7ra97m+0PEA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2Mt
MDI5MmIwMjAxNTBhLzEvVUZFY2FjRWVOdGJ0d29DWjBuc05GcXdaWHBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2MtMDI5MmIwMjAxNTBh
LzEvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQFTelgAwQF
X6+gAwQDnxQIMA0GCSqGSIb3DQEBCwUAA4IBAQA0QKQMCG3YR0DUB3izI1q+W9+L
fL8xAijZ9Jw6sTn5YmnmWjz3zTdpx0sl/nMV5ab3FGCKNhM14ikzuH3NmSRLOXTc
CMI1PEgL9RIsReJYDTzZzPzFSLIMUgCblFDhgKA13/PgulslIwG8ABszlLQtHTQ1
g5BxohrY/2VgBwVp/jCVzSGyI/0is/Gx52XWMlttxmRrLbuHJ5yqcqrUwnrVtpkd
GxMsSP4/gDzVF4PdtkG/09V3oIkPXxQhJG9DKmKJXofjfJ3jKaTinrwuRdD5cwxg
+/GUUoaP7hn+mDVZ2s9CtCdU7pYP4Z3Sx/AkkMM6eR6iXttuKc30orOHhL83
-----END CERTIFICATE-----