Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/e647ab-6de5-4f60-824a-ba1578fdcaf9/1/ULZ1IXriNbVt1RF82-qhaW1hFMs.roa
File:                     ULZ1IXriNbVt1RF82-qhaW1hFMs.roa (raw, json)
Hash identifier:          ApQ7wcFJx+88WL2MSx6t/CPLNYoC52lkQ/wgD971pZ4=
Subject key identifier:   50:B6:75:21:7A:E2:35:B5:6D:D5:11:7C:DB:EA:A1:69:6D:61:14:CB
Certificate issuer:       /CN=18773ec5953eb8da8bc4dedbdac529d1ce9b67aa
Certificate serial:       019C9F7F50C6B1343E7B353310128B5CEAAB
Authority key identifier: 18:77:3E:C5:95:3E:B8:DA:8B:C4:DE:DB:DA:C5:29:D1:CE:9B:67:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GHc-xZU-uNqLxN7b2sUp0c6bZ6o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/e647ab-6de5-4f60-824a-ba1578fdcaf9/1/ULZ1IXriNbVt1RF82-qhaW1hFMs.roa
Signing time:             Fri 27 Feb 2026 14:27:26 +0000
ROA not before:           Fri 27 Feb 2026 14:27:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34104
IP address blocks:        213.226.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/e647ab-6de5-4f60-824a-ba1578fdcaf9/1/GHc-xZU-uNqLxN7b2sUp0c6bZ6o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/e647ab-6de5-4f60-824a-ba1578fdcaf9/1/GHc-xZU-uNqLxN7b2sUp0c6bZ6o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GHc-xZU-uNqLxN7b2sUp0c6bZ6o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 11:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9f:7f:50:c6:b1:34:3e:7b:35:33:10:12:8b:5c:ea:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18773ec5953eb8da8bc4dedbdac529d1ce9b67aa
        Validity
            Not Before: Feb 27 14:27:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=50b675217ae235b56dd5117cdbeaa1696d6114cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:5d:12:48:0d:2f:1f:eb:f3:9a:bd:33:2d:70:
                    94:14:8c:af:c1:db:8f:7d:ca:43:1d:d7:b5:4a:a9:
                    e7:a5:d1:0f:bc:3c:b7:19:60:df:11:13:8d:1d:96:
                    64:19:e5:ed:19:1c:d9:fe:f9:59:c0:06:6a:71:50:
                    57:02:d2:be:2c:8f:53:f2:9c:ce:ab:5d:e6:34:08:
                    25:71:3c:87:e6:ef:c0:32:95:cb:2a:bd:46:92:28:
                    8b:88:44:e2:97:03:39:52:f0:de:8f:d3:3d:8c:7d:
                    dd:e2:5b:3e:f1:ca:9b:19:a2:86:78:8e:66:f4:d9:
                    0c:b4:e9:3e:68:45:f6:73:e3:db:20:c7:4b:86:e5:
                    01:8d:7c:ad:98:18:07:65:c8:0a:63:b2:96:f6:46:
                    ae:72:97:19:d6:e8:f6:47:fe:34:e6:04:45:9d:a2:
                    73:a8:2d:53:02:d5:e4:ba:85:96:70:51:eb:75:14:
                    a5:0a:38:88:7d:e7:aa:e5:11:49:e7:43:1c:da:07:
                    d5:9e:61:96:c7:9d:f6:81:73:84:2f:fb:17:5d:81:
                    0c:ad:22:0f:4e:13:22:5e:25:52:bc:3d:ad:c3:18:
                    b2:be:56:a6:c6:9e:0d:9e:74:ca:a1:e7:4b:7d:34:
                    34:79:c7:13:80:91:a9:42:f4:dc:da:6b:81:56:3c:
                    c8:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:B6:75:21:7A:E2:35:B5:6D:D5:11:7C:DB:EA:A1:69:6D:61:14:CB
            X509v3 Authority Key Identifier:
                keyid:18:77:3E:C5:95:3E:B8:DA:8B:C4:DE:DB:DA:C5:29:D1:CE:9B:67:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GHc-xZU-uNqLxN7b2sUp0c6bZ6o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e647ab-6de5-4f60-824a-ba1578fdcaf9/1/ULZ1IXriNbVt1RF82-qhaW1hFMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e647ab-6de5-4f60-824a-ba1578fdcaf9/1/GHc-xZU-uNqLxN7b2sUp0c6bZ6o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.226.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:2a:c0:25:08:69:b6:f4:24:14:a7:b9:d0:5f:d2:38:7f:de:
         aa:00:55:8b:23:e3:d8:ff:90:5a:9a:4e:a1:3a:0b:99:b5:74:
         8d:e3:60:68:f1:0f:51:50:05:cd:e2:9b:29:6a:ab:17:40:09:
         b4:6d:2d:15:16:f4:aa:a8:75:b6:dc:58:aa:2f:02:04:da:cd:
         85:64:f0:8a:85:7c:7a:ef:80:1f:a0:dd:2a:f2:d1:83:91:5d:
         df:fa:b9:67:da:8a:20:e5:16:11:f8:31:1e:d2:6e:fd:53:a6:
         b0:28:8d:16:20:d1:92:45:6b:e4:4c:9b:a1:e3:47:bc:44:2f:
         2d:bb:fd:fc:99:28:bf:0d:21:aa:72:8f:a4:4c:68:6d:16:3e:
         f0:76:fa:df:93:57:95:c6:39:11:09:25:07:f7:e5:2a:4c:ea:
         ac:21:07:95:74:1e:42:86:51:07:30:10:b7:1d:6a:cf:d7:1a:
         44:19:fa:40:32:05:0e:f2:19:75:0d:9a:20:41:08:83:83:e9:
         ad:07:9a:2b:c5:cc:c1:78:b7:73:a7:49:33:d6:9d:f6:68:6d:
         c2:0e:0a:88:16:7e:ed:48:48:89:75:85:42:dd:0f:17:7f:00:
         04:f1:dd:f1:85:06:29:6d:a8:91:f8:e3:a2:9f:90:95:16:03:
         57:fc:ea:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyff1DGsTQ+ezUzEBKLXOqrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4NzczZWM1OTUzZWI4ZGE4YmM0ZGVkYmRhYzUyOWQxY2U5
YjY3YWEwHhcNMjYwMjI3MTQyNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGI2NzUyMTdhZTIzNWI1NmRkNTExN2NkYmVhYTE2OTZkNjExNGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy10SSA0vH+vzmr0zLXCUFIyvwduP
fcpDHde1SqnnpdEPvDy3GWDfERONHZZkGeXtGRzZ/vlZwAZqcVBXAtK+LI9T8pzO
q13mNAglcTyH5u/AMpXLKr1GkiiLiETilwM5UvDej9M9jH3d4ls+8cqbGaKGeI5m
9NkMtOk+aEX2c+PbIMdLhuUBjXytmBgHZcgKY7KW9kaucpcZ1uj2R/405gRFnaJz
qC1TAtXkuoWWcFHrdRSlCjiIfeeq5RFJ50Mc2gfVnmGWx532gXOEL/sXXYEMrSIP
ThMiXiVSvD2twxiyvlamxp4NnnTKoedLfTQ0eccTgJGpQvTc2muBVjzITQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFC2dSF64jW1bdURfNvqoWltYRTLMB8GA1UdIwQY
MBaAFBh3PsWVPrjai8Te29rFKdHOm2eqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0hjLXhaVS11TnFMeE43YjJzVXAwYzZiWjZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9lNjQ3YWItNmRlNS00ZjYwLTgyNGEt
YmExNTc4ZmRjYWY5LzEvVUxaMUlYcmlOYlZ0MVJGODItcWhhVzFoRk1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9lNjQ3YWItNmRlNS00ZjYwLTgyNGEtYmExNTc4ZmRjYWY5
LzEvR0hjLXhaVS11TnFMeE43YjJzVXAwYzZiWjZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1eJ1MA0G
CSqGSIb3DQEBCwUAA4IBAQDCKsAlCGm29CQUp7nQX9I4f96qAFWLI+PY/5Bamk6h
OguZtXSN42Bo8Q9RUAXN4pspaqsXQAm0bS0VFvSqqHW23FiqLwIE2s2FZPCKhXx6
74AfoN0q8tGDkV3f+rln2oog5RYR+DEe0m79U6awKI0WINGSRWvkTJuh40e8RC8t
u/38mSi/DSGqco+kTGhtFj7wdvrfk1eVxjkRCSUH9+UqTOqsIQeVdB5ChlEHMBC3
HWrP1xpEGfpAMgUO8hl1DZogQQiDg+mtB5orxczBeLdzp0kz1p32aG3CDgqIFn7t
SEiJdYVC3Q8XfwAE8d3xhQYpbaiR+OOin5CVFgNX/Orb
-----END CERTIFICATE-----