Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/U8heiNj-1DXPnLIJw67QF28AxV4.roa
File:                     U8heiNj-1DXPnLIJw67QF28AxV4.roa (raw, json)
Hash identifier:          5br3lEsUqAMI9+vMDkaT1x3v1/JBeCswqWMLa9dVmwI=
Subject key identifier:   53:C8:5E:88:D8:FE:D4:35:CF:9C:B2:09:C3:AE:D0:17:6F:00:C5:5E
Certificate issuer:       /CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
Certificate serial:       019DCF1583579E86373DE307E1886DBC0901
Authority key identifier: A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/U8heiNj-1DXPnLIJw67QF28AxV4.roa
Signing time:             Mon 27 Apr 2026 13:16:26 +0000
ROA not before:           Mon 27 Apr 2026 13:16:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402133
IP address blocks:        188.215.236.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:cf:15:83:57:9e:86:37:3d:e3:07:e1:88:6d:bc:09:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
        Validity
            Not Before: Apr 27 13:16:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=53c85e88d8fed435cf9cb209c3aed0176f00c55e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:86:96:72:0f:d3:fa:c2:c4:37:68:57:72:6b:
                    67:b5:69:b5:1a:a0:df:29:2e:80:8b:ce:c4:ff:1a:
                    16:9f:ae:dd:4b:73:6f:a6:c0:f9:2e:ba:e9:9b:83:
                    05:b0:2d:db:4c:6c:03:9a:33:bf:00:20:eb:3d:9e:
                    1a:2d:ba:6a:c4:d1:d8:46:4c:c6:1b:60:05:7b:42:
                    2a:72:96:7c:f8:f9:62:5b:b0:18:8a:bb:dc:ac:d5:
                    d8:4e:4e:05:e8:fb:e4:84:91:e4:df:6d:d0:63:2f:
                    e9:4b:38:d4:ee:ff:a6:3c:82:10:aa:d6:38:1a:11:
                    93:5e:9e:30:74:d7:2e:49:1d:89:fc:86:8b:95:34:
                    40:7a:8b:51:08:37:a9:56:2c:a7:c1:c5:0e:06:ea:
                    14:5a:b8:94:31:a6:ff:72:26:9a:83:53:30:2b:ad:
                    31:2a:f7:32:89:d7:d9:1f:8d:6c:ad:af:04:97:19:
                    41:42:2c:c4:7a:99:df:ac:ec:fc:4a:cf:71:bf:ab:
                    48:5a:fd:6a:59:7c:aa:55:95:f8:5a:43:20:d3:35:
                    f9:53:b8:2a:79:e1:8e:f0:fe:cd:40:b0:3e:d0:e5:
                    41:89:28:f5:78:1b:bc:3c:81:20:97:2e:99:5f:cb:
                    5e:da:d6:1e:6c:7b:99:dc:11:0a:43:ca:f6:74:28:
                    02:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:C8:5E:88:D8:FE:D4:35:CF:9C:B2:09:C3:AE:D0:17:6F:00:C5:5E
            X509v3 Authority Key Identifier:
                keyid:A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/U8heiNj-1DXPnLIJw67QF28AxV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.215.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a6:a1:10:c2:c1:2e:3a:b7:17:67:5c:b1:e9:29:3e:4e:af:f5:
         93:64:6f:f9:ea:dc:96:de:da:60:20:57:2d:3e:e2:e1:89:99:
         65:7a:34:8e:84:b0:c2:ce:60:be:09:f1:9f:d6:c3:10:f6:b1:
         6b:41:85:86:f2:30:b9:28:1b:05:e6:a4:ef:30:86:96:4c:7c:
         e9:7e:9d:52:e1:c5:7b:79:6d:6a:fb:d8:df:77:93:38:e5:61:
         e6:fa:69:34:bb:4a:ea:05:e5:b5:6f:d8:d2:2c:4c:a2:0c:c6:
         18:53:a2:aa:78:d6:68:41:1f:1f:e2:6c:44:b5:bb:91:49:a0:
         be:5e:97:bd:90:1e:cb:ec:c3:02:df:7a:ae:90:71:47:c8:eb:
         4a:80:59:f2:68:b8:3d:5c:f2:d5:48:22:26:2f:39:c8:df:95:
         b2:c9:40:24:44:85:35:8c:76:eb:15:67:2e:96:77:0f:07:04:
         05:bc:78:38:ab:e8:7b:ba:84:88:9a:b5:9c:d9:22:48:67:21:
         4d:1e:00:77:53:8a:e5:13:19:e5:a2:3d:06:da:1d:ac:3f:75:
         5e:d4:05:64:31:b3:46:cb:45:c8:85:c7:fe:4f:ad:54:ac:fe:
         1c:d5:2c:60:ae:4b:65:50:c6:b2:97:27:7a:69:fc:ba:bc:de:
         6e:21:8f:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3PFYNXnoY3PeMH4YhtvAkBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMDg4ZTA2ZDU1M2NmZjI5M2QyNzdmNGQ3NmMzYTcxMGJk
OGIyZjcwHhcNMjYwNDI3MTMxNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2M4NWU4OGQ4ZmVkNDM1Y2Y5Y2IyMDljM2FlZDAxNzZmMDBjNTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvIaWcg/T+sLEN2hXcmtntWm1GqDf
KS6Ai87E/xoWn67dS3NvpsD5Lrrpm4MFsC3bTGwDmjO/ACDrPZ4aLbpqxNHYRkzG
G2AFe0IqcpZ8+PliW7AYirvcrNXYTk4F6PvkhJHk323QYy/pSzjU7v+mPIIQqtY4
GhGTXp4wdNcuSR2J/IaLlTRAeotRCDepViynwcUOBuoUWriUMab/ciaag1MwK60x
KvcyidfZH41sra8ElxlBQizEepnfrOz8Ss9xv6tIWv1qWXyqVZX4WkMg0zX5U7gq
eeGO8P7NQLA+0OVBiSj1eBu8PIEgly6ZX8te2tYebHuZ3BEKQ8r2dCgCnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPIXojY/tQ1z5yyCcOu0BdvAMVeMB8GA1UdIwQY
MBaAFKIIjgbVU8/yk9J39NdsOnEL2LL3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTct
YmJlYTI5MThlMTAyLzEvVThoZWlOai0xRFhQbkxJSnc2N1FGMjhBeFY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTctYmJlYTI5MThlMTAy
LzEvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvNfsMA0G
CSqGSIb3DQEBCwUAA4IBAQCmoRDCwS46txdnXLHpKT5Or/WTZG/56tyW3tpgIFct
PuLhiZllejSOhLDCzmC+CfGf1sMQ9rFrQYWG8jC5KBsF5qTvMIaWTHzpfp1S4cV7
eW1q+9jfd5M45WHm+mk0u0rqBeW1b9jSLEyiDMYYU6KqeNZoQR8f4mxEtbuRSaC+
Xpe9kB7L7MMC33qukHFHyOtKgFnyaLg9XPLVSCImLznI35WyyUAkRIU1jHbrFWcu
lncPBwQFvHg4q+h7uoSImrWc2SJIZyFNHgB3U4rlExnloj0G2h2sP3Ve1AVkMbNG
y0XIhcf+T61UrP4c1SxgrktlUMaylyd6afy6vN5uIY8V
-----END CERTIFICATE-----