Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/7f1a8c-48e4-4d97-b042-1d4246d7f155/1/UL1TM9Ku_1pFMPJup9TtTTluHCY.roa
File:                     UL1TM9Ku_1pFMPJup9TtTTluHCY.roa (raw, json)
Hash identifier:          r5zkiq+Hlx8k6L5HudvPP84rfmCiM2+7yiyNp6m+sMk=
Subject key identifier:   50:BD:53:33:D2:AE:FF:5A:45:30:F2:6E:A7:D4:ED:4D:39:6E:1C:26
Certificate issuer:       /CN=e822d845e153992a78e8f44523264d2614b17b9d
Certificate serial:       019D3E27A0ACB810736CBBC8ABB3689A66DF
Authority key identifier: E8:22:D8:45:E1:53:99:2A:78:E8:F4:45:23:26:4D:26:14:B1:7B:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6CLYReFTmSp46PRFIyZNJhSxe50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/7f1a8c-48e4-4d97-b042-1d4246d7f155/1/UL1TM9Ku_1pFMPJup9TtTTluHCY.roa
Signing time:             Mon 30 Mar 2026 09:51:17 +0000
ROA not before:           Mon 30 Mar 2026 09:51:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204308
IP address blocks:        185.101.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/7f1a8c-48e4-4d97-b042-1d4246d7f155/1/6CLYReFTmSp46PRFIyZNJhSxe50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/7f1a8c-48e4-4d97-b042-1d4246d7f155/1/6CLYReFTmSp46PRFIyZNJhSxe50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6CLYReFTmSp46PRFIyZNJhSxe50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3e:27:a0:ac:b8:10:73:6c:bb:c8:ab:b3:68:9a:66:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e822d845e153992a78e8f44523264d2614b17b9d
        Validity
            Not Before: Mar 30 09:51:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=50bd5333d2aeff5a4530f26ea7d4ed4d396e1c26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:6c:cb:b5:98:91:5b:4d:77:79:03:6b:65:eb:
                    72:1a:df:d6:69:0f:c8:3b:b7:3f:4d:ec:9c:01:d1:
                    ab:d2:4e:24:cf:ff:4b:d9:a3:54:97:41:52:d4:74:
                    10:5a:00:c9:9a:9f:d3:85:82:c0:e2:1e:77:9a:8a:
                    39:31:bd:ac:68:a7:90:a4:d3:7e:4f:d0:84:83:35:
                    47:69:7f:71:83:08:19:db:5d:3a:5d:19:c5:80:d8:
                    fa:25:7f:67:f6:a1:75:f0:ba:9d:b4:ae:b5:f4:e8:
                    50:b2:2e:e9:a7:6b:fe:e2:2a:49:ea:ed:09:45:ab:
                    30:28:4f:55:17:54:bd:8c:3e:fc:72:e2:25:54:38:
                    bf:65:19:7d:79:92:8b:3d:f8:c6:23:52:60:20:22:
                    98:5a:e4:c2:95:24:a9:e6:be:12:22:d3:a4:e8:eb:
                    72:37:7d:d7:79:3a:1d:c3:da:4b:59:d7:ef:55:29:
                    fc:86:23:ee:e0:e3:4f:ff:e8:c2:9a:38:b7:df:4b:
                    e2:86:87:e8:a2:5d:e5:f6:fa:4d:96:d1:bb:74:b6:
                    af:cc:c6:9d:44:8c:91:32:a8:67:b0:68:c6:2f:21:
                    64:e6:db:de:be:72:98:ff:cc:1b:0e:af:73:f8:8c:
                    65:bd:a0:77:cc:43:a8:b6:96:00:a7:b3:61:69:91:
                    5b:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:BD:53:33:D2:AE:FF:5A:45:30:F2:6E:A7:D4:ED:4D:39:6E:1C:26
            X509v3 Authority Key Identifier:
                keyid:E8:22:D8:45:E1:53:99:2A:78:E8:F4:45:23:26:4D:26:14:B1:7B:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6CLYReFTmSp46PRFIyZNJhSxe50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/7f1a8c-48e4-4d97-b042-1d4246d7f155/1/UL1TM9Ku_1pFMPJup9TtTTluHCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/7f1a8c-48e4-4d97-b042-1d4246d7f155/1/6CLYReFTmSp46PRFIyZNJhSxe50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:49:1f:9d:1b:6e:47:9e:19:4e:d7:01:24:2d:8b:ae:68:c1:
         5c:66:cc:23:b5:d4:28:a6:19:29:ca:2d:da:2e:d4:71:37:25:
         c0:d5:d2:dd:eb:5e:b6:f9:18:c9:83:79:1d:2c:33:1c:e1:f5:
         81:17:b1:4e:22:10:a8:b6:d7:ca:08:d5:4d:a4:6a:94:a9:db:
         94:9b:92:4f:7a:4d:d6:32:ac:c1:43:3b:19:8c:ae:93:e7:eb:
         15:ca:6c:2e:f9:e7:7c:f9:c8:2a:a5:34:3e:f6:41:35:47:1e:
         e7:a2:16:e4:fe:e9:e1:72:a5:ad:a8:f8:4e:d1:40:d4:ee:23:
         05:00:5f:d6:ea:3b:0a:f6:a8:a9:0e:bd:c7:ac:ec:8b:94:b1:
         48:af:1c:5d:22:b8:4c:87:9d:f0:d7:04:30:16:23:1f:e0:3f:
         12:1a:dd:54:63:d9:ce:3f:c7:03:a0:89:bb:87:d3:9f:e0:33:
         b0:a7:58:b8:e4:b4:db:b5:1f:9b:d9:67:fe:30:a0:b3:b9:b7:
         c6:66:8b:f5:ec:2e:d3:eb:f4:0c:1b:c3:72:88:7b:b2:22:e7:
         de:f8:a2:39:f4:28:7d:62:3e:fe:dc:5e:d7:d1:53:c1:1d:b7:
         31:69:7a:62:dd:30:de:71:31:2f:c7:fb:7f:e7:80:de:f1:bd:
         fe:54:0e:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0+J6CsuBBzbLvIq7NommbfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MjJkODQ1ZTE1Mzk5MmE3OGU4ZjQ0NTIzMjY0ZDI2MTRi
MTdiOWQwHhcNMjYwMzMwMDk1MTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGJkNTMzM2QyYWVmZjVhNDUzMGYyNmVhN2Q0ZWQ0ZDM5NmUxYzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWzLtZiRW013eQNrZetyGt/WaQ/I
O7c/TeycAdGr0k4kz/9L2aNUl0FS1HQQWgDJmp/ThYLA4h53moo5Mb2saKeQpNN+
T9CEgzVHaX9xgwgZ2106XRnFgNj6JX9n9qF18LqdtK619OhQsi7pp2v+4ipJ6u0J
RaswKE9VF1S9jD78cuIlVDi/ZRl9eZKLPfjGI1JgICKYWuTClSSp5r4SItOk6Oty
N33XeTodw9pLWdfvVSn8hiPu4ONP/+jCmji330vihofool3l9vpNltG7dLavzMad
RIyRMqhnsGjGLyFk5tvevnKY/8wbDq9z+IxlvaB3zEOotpYAp7NhaZFb1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFC9UzPSrv9aRTDybqfU7U05bhwmMB8GA1UdIwQY
MBaAFOgi2EXhU5kqeOj0RSMmTSYUsXudMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkNMWVJlRlRtU3A0NlBSRkl5Wk5KaFN4ZTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC83ZjFhOGMtNDhlNC00ZDk3LWIwNDIt
MWQ0MjQ2ZDdmMTU1LzEvVUwxVE05S3VfMXBGTVBKdXA5VHRUVGx1SENZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC83ZjFhOGMtNDhlNC00ZDk3LWIwNDItMWQ0MjQ2ZDdmMTU1
LzEvNkNMWVJlRlRtU3A0NlBSRkl5Wk5KaFN4ZTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWU2MA0G
CSqGSIb3DQEBCwUAA4IBAQBtSR+dG25HnhlO1wEkLYuuaMFcZswjtdQophkpyi3a
LtRxNyXA1dLd6162+RjJg3kdLDMc4fWBF7FOIhCottfKCNVNpGqUqduUm5JPek3W
MqzBQzsZjK6T5+sVymwu+ed8+cgqpTQ+9kE1Rx7nohbk/unhcqWtqPhO0UDU7iMF
AF/W6jsK9qipDr3HrOyLlLFIrxxdIrhMh53w1wQwFiMf4D8SGt1UY9nOP8cDoIm7
h9Of4DOwp1i45LTbtR+b2Wf+MKCzubfGZov17C7T6/QMG8NyiHuyIufe+KI59Ch9
Yj7+3F7X0VPBHbcxaXpi3TDecTEvx/t/54De8b3+VA6N
-----END CERTIFICATE-----