Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/1f3322-6af7-47ab-8dc5-99a11f6385ab/1/u_r2wqxVZlkum_nma3b1yoSaRQw.roa
File:                     u_r2wqxVZlkum_nma3b1yoSaRQw.roa (raw, json)
Hash identifier:          KYY56aOFF6dfT1G0trJONcrWA7gbMd0N9hHlntC611c=
Subject key identifier:   BB:FA:F6:C2:AC:55:66:59:2E:9B:F9:E6:6B:76:F5:CA:84:9A:45:0C
Certificate issuer:       /CN=0bebcee4d23379aed81aecffc7a742b35acdddb3
Certificate serial:       019D1C9FF74FE91363E43A0D9731AA1207FF
Authority key identifier: 0B:EB:CE:E4:D2:33:79:AE:D8:1A:EC:FF:C7:A7:42:B3:5A:CD:DD:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C-vO5NIzea7YGuz_x6dCs1rN3bM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/1f3322-6af7-47ab-8dc5-99a11f6385ab/1/u_r2wqxVZlkum_nma3b1yoSaRQw.roa
Signing time:             Mon 23 Mar 2026 21:35:38 +0000
ROA not before:           Mon 23 Mar 2026 21:35:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        185.50.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/1f3322-6af7-47ab-8dc5-99a11f6385ab/1/C-vO5NIzea7YGuz_x6dCs1rN3bM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/1f3322-6af7-47ab-8dc5-99a11f6385ab/1/C-vO5NIzea7YGuz_x6dCs1rN3bM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C-vO5NIzea7YGuz_x6dCs1rN3bM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1c:9f:f7:4f:e9:13:63:e4:3a:0d:97:31:aa:12:07:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bebcee4d23379aed81aecffc7a742b35acdddb3
        Validity
            Not Before: Mar 23 21:35:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bbfaf6c2ac5566592e9bf9e66b76f5ca849a450c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:7d:38:86:b5:33:2a:18:2d:b6:a5:6f:72:a3:
                    b8:c7:5a:96:f8:7c:39:52:04:d3:aa:b5:1c:b3:6b:
                    07:cf:a7:b4:de:1e:21:d7:8c:d4:87:d4:72:88:1e:
                    b0:87:3c:6b:98:c9:36:aa:49:7d:b7:98:1a:58:49:
                    a0:6c:9a:76:a0:0e:69:0a:d0:ea:4e:c4:39:54:36:
                    35:b3:3c:d7:f1:b0:86:bc:19:6b:7b:64:b3:29:fc:
                    ed:6d:53:1a:a8:1e:31:cd:52:7f:00:d5:8a:f1:f0:
                    83:da:f3:5d:af:28:4e:c4:ba:93:d7:f3:ee:9d:30:
                    25:a3:d0:db:09:9a:c5:98:67:84:3a:3e:d2:6d:6a:
                    fd:bc:82:ec:4d:27:a2:ad:c5:a8:39:31:2a:b1:94:
                    66:cf:0e:12:10:4f:c7:86:7f:71:5c:d2:65:69:28:
                    a0:b5:d0:4d:9d:ba:c0:cf:63:c7:f3:84:ec:fe:3c:
                    a8:71:60:cd:2d:ac:78:a6:99:c1:e3:15:77:c5:30:
                    be:0b:b9:94:4a:59:a5:c2:e6:72:e3:59:8e:62:38:
                    a9:26:4a:26:ff:b3:9d:54:90:c0:4c:e9:7a:fb:69:
                    4c:bb:fb:f5:0a:7e:80:9e:ab:97:5d:c3:a0:70:70:
                    ac:ab:94:73:fe:f8:16:37:6c:f0:49:46:a1:1e:0a:
                    40:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:FA:F6:C2:AC:55:66:59:2E:9B:F9:E6:6B:76:F5:CA:84:9A:45:0C
            X509v3 Authority Key Identifier:
                keyid:0B:EB:CE:E4:D2:33:79:AE:D8:1A:EC:FF:C7:A7:42:B3:5A:CD:DD:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C-vO5NIzea7YGuz_x6dCs1rN3bM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/1f3322-6af7-47ab-8dc5-99a11f6385ab/1/u_r2wqxVZlkum_nma3b1yoSaRQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/1f3322-6af7-47ab-8dc5-99a11f6385ab/1/C-vO5NIzea7YGuz_x6dCs1rN3bM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.50.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:62:a7:07:cf:fd:ae:3d:92:5f:6c:ba:74:9f:7d:15:d1:c8:
         41:6c:4b:c1:4f:b5:f1:ff:e3:22:ba:74:76:96:21:b7:55:54:
         20:c6:b3:4a:6c:a3:06:30:ab:84:9f:ff:e5:8d:9f:1a:cf:75:
         8d:6e:0d:93:cc:6c:1d:d2:cd:8a:56:03:86:56:ff:47:65:45:
         db:7b:4d:c4:fa:3e:a5:5a:e9:ec:0d:d5:8d:4f:ac:de:b9:38:
         6b:85:9f:f8:cd:cb:34:3e:18:54:14:f3:0b:50:a8:73:5f:f0:
         48:10:de:e3:1a:a1:2d:4f:55:d1:21:15:f1:55:8b:22:23:b6:
         39:34:36:7c:02:88:bd:ec:b1:12:13:5d:cd:27:87:0d:5e:48:
         2b:68:99:6b:c0:ae:61:20:23:f7:ff:5a:d3:e9:8b:ea:5c:4a:
         f8:7f:27:60:fe:b4:c8:e5:21:40:78:e2:f8:26:a8:1a:8c:62:
         9e:6d:7e:35:f2:fe:87:45:79:6e:29:c5:d0:bd:27:85:5c:a2:
         13:c7:60:28:8b:82:23:98:23:93:2e:24:c0:b2:6d:f7:e9:a2:
         64:fc:56:b1:23:f2:4d:b4:bd:23:9b:42:d0:4e:8d:09:43:f5:
         9c:89:aa:a7:64:67:18:36:25:1e:80:0a:10:a4:30:ee:51:db:
         47:41:79:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0cn/dP6RNj5DoNlzGqEgf/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZWJjZWU0ZDIzMzc5YWVkODFhZWNmZmM3YTc0MmIzNWFj
ZGRkYjMwHhcNMjYwMzIzMjEzNTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmZhZjZjMmFjNTU2NjU5MmU5YmY5ZTY2Yjc2ZjVjYTg0OWE0NTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu304hrUzKhgttqVvcqO4x1qW+Hw5
UgTTqrUcs2sHz6e03h4h14zUh9RyiB6whzxrmMk2qkl9t5gaWEmgbJp2oA5pCtDq
TsQ5VDY1szzX8bCGvBlre2SzKfztbVMaqB4xzVJ/ANWK8fCD2vNdryhOxLqT1/Pu
nTAlo9DbCZrFmGeEOj7SbWr9vILsTSeircWoOTEqsZRmzw4SEE/Hhn9xXNJlaSig
tdBNnbrAz2PH84Ts/jyocWDNLax4ppnB4xV3xTC+C7mUSlmlwuZy41mOYjipJkom
/7OdVJDATOl6+2lMu/v1Cn6AnquXXcOgcHCsq5Rz/vgWN2zwSUahHgpApwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLv69sKsVWZZLpv55mt29cqEmkUMMB8GA1UdIwQY
MBaAFAvrzuTSM3mu2Brs/8enQrNazd2zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQy12TzVOSXplYTdZR3V6X3g2ZENzMXJOM2JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8xZjMzMjItNmFmNy00N2FiLThkYzUt
OTlhMTFmNjM4NWFiLzEvdV9yMndxeFZabGt1bV9ubWEzYjF5b1NhUlF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8xZjMzMjItNmFmNy00N2FiLThkYzUtOTlhMTFmNjM4NWFi
LzEvQy12TzVOSXplYTdZR3V6X3g2ZENzMXJOM2JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTL/MA0G
CSqGSIb3DQEBCwUAA4IBAQCmYqcHz/2uPZJfbLp0n30V0chBbEvBT7Xx/+MiunR2
liG3VVQgxrNKbKMGMKuEn//ljZ8az3WNbg2TzGwd0s2KVgOGVv9HZUXbe03E+j6l
WunsDdWNT6zeuThrhZ/4zcs0PhhUFPMLUKhzX/BIEN7jGqEtT1XRIRXxVYsiI7Y5
NDZ8Aoi97LESE13NJ4cNXkgraJlrwK5hICP3/1rT6YvqXEr4fydg/rTI5SFAeOL4
JqgajGKebX418v6HRXluKcXQvSeFXKITx2Aoi4IjmCOTLiTAsm336aJk/FaxI/JN
tL0jm0LQTo0JQ/WciaqnZGcYNiUegAoQpDDuUdtHQXkK
-----END CERTIFICATE-----