Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/549b43-396d-4b36-98d6-7c1a6447b0f7/1/UPMp3Af0dIr169kINqk_eQVjuRo.roa
File:                     UPMp3Af0dIr169kINqk_eQVjuRo.roa (raw, json)
Hash identifier:          w8xH9Ru6usUFiW6X7kxuFSu8EELCqYb7m7E2r33BxXM=
Subject key identifier:   50:F3:29:DC:07:F4:74:8A:F5:EB:D9:08:36:A9:3F:79:05:63:B9:1A
Certificate issuer:       /CN=cfacd22f287e84c23b4e8964f3b11ef125a1c818
Certificate serial:       019D01A516B9A7821D4F28AE5820D3935B5F
Authority key identifier: CF:AC:D2:2F:28:7E:84:C2:3B:4E:89:64:F3:B1:1E:F1:25:A1:C8:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z6zSLyh-hMI7Tolk87Ee8SWhyBg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/549b43-396d-4b36-98d6-7c1a6447b0f7/1/UPMp3Af0dIr169kINqk_eQVjuRo.roa
Signing time:             Wed 18 Mar 2026 15:51:29 +0000
ROA not before:           Wed 18 Mar 2026 15:51:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202857
IP address blocks:        193.169.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/549b43-396d-4b36-98d6-7c1a6447b0f7/1/z6zSLyh-hMI7Tolk87Ee8SWhyBg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/549b43-396d-4b36-98d6-7c1a6447b0f7/1/z6zSLyh-hMI7Tolk87Ee8SWhyBg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z6zSLyh-hMI7Tolk87Ee8SWhyBg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:01:a5:16:b9:a7:82:1d:4f:28:ae:58:20:d3:93:5b:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfacd22f287e84c23b4e8964f3b11ef125a1c818
        Validity
            Not Before: Mar 18 15:51:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=50f329dc07f4748af5ebd90836a93f790563b91a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:62:f8:69:7b:a8:0a:70:42:a2:08:c7:38:50:
                    09:1e:aa:2b:3a:30:94:fe:bd:40:27:7c:68:38:a9:
                    43:f0:d4:71:3f:54:a2:c1:4c:f0:bf:3a:d5:f3:ce:
                    8c:44:c2:31:ed:bb:e7:cf:d9:9e:e7:b4:e4:c5:aa:
                    d2:d9:19:aa:17:35:bf:3f:db:58:77:79:b0:e4:eb:
                    42:a0:9f:f3:00:50:42:2f:01:52:78:64:c5:c7:9c:
                    2a:a6:86:c7:15:d6:04:f3:d0:d2:d1:9d:ba:88:a8:
                    0a:d1:e8:76:30:83:6c:1b:47:57:c4:3c:52:0b:55:
                    d3:35:95:e5:1d:57:48:c0:a6:b5:f1:8f:b4:f6:4f:
                    73:5f:6e:91:1f:4e:e8:2b:9c:8e:f0:90:40:9d:06:
                    01:03:80:86:12:3a:66:d6:de:fe:d1:77:12:9f:36:
                    8c:83:ed:22:b8:c9:ad:c1:7a:b9:1f:13:81:6e:bb:
                    51:5e:85:9e:29:ce:50:81:4e:04:75:83:4f:67:0c:
                    43:45:4b:7d:8f:d4:28:42:2e:6b:77:52:f5:21:3c:
                    02:30:28:f0:ea:34:4d:85:80:48:dd:1c:36:f2:85:
                    14:d6:9c:ab:ea:02:4d:2d:1c:09:f7:51:26:b8:3a:
                    9c:72:7c:46:65:62:a0:e7:32:56:96:b7:cf:72:4f:
                    ae:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:F3:29:DC:07:F4:74:8A:F5:EB:D9:08:36:A9:3F:79:05:63:B9:1A
            X509v3 Authority Key Identifier:
                keyid:CF:AC:D2:2F:28:7E:84:C2:3B:4E:89:64:F3:B1:1E:F1:25:A1:C8:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z6zSLyh-hMI7Tolk87Ee8SWhyBg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/549b43-396d-4b36-98d6-7c1a6447b0f7/1/UPMp3Af0dIr169kINqk_eQVjuRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/549b43-396d-4b36-98d6-7c1a6447b0f7/1/z6zSLyh-hMI7Tolk87Ee8SWhyBg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.169.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:58:e7:18:ce:a0:02:fc:4f:3c:ab:10:f3:e4:db:be:f4:03:
         3e:53:1e:41:f4:4b:0d:c4:5a:c1:95:f7:8c:7b:4c:6d:2c:00:
         77:a8:17:75:3d:eb:2d:9c:5d:73:6d:79:85:3e:70:6d:e1:e5:
         68:3a:e7:29:ce:85:1a:0c:3e:80:ef:0f:ba:4e:2f:fc:01:a5:
         2e:08:e3:37:7f:fb:43:d1:28:a9:80:43:df:11:80:50:81:93:
         38:b6:57:a4:a4:39:27:2f:81:b6:89:c0:26:b1:16:fe:bb:bf:
         f9:73:7c:dd:97:de:83:9b:d2:61:03:84:4e:b6:b9:ef:69:40:
         c4:81:ce:4c:39:34:23:97:7b:28:50:88:93:14:2a:6a:39:de:
         4c:44:ea:c0:bd:76:ed:59:c9:f9:2d:4c:13:e7:8d:3f:03:52:
         d9:7b:85:d3:8a:83:35:91:41:45:ee:3d:c0:62:89:ff:8c:64:
         07:ea:f9:0c:75:88:6a:df:7d:48:49:79:ea:5a:4a:50:8f:e2:
         f6:40:cc:de:4a:17:e3:a0:eb:17:49:81:fc:17:45:f3:5d:60:
         66:e2:da:28:77:13:9b:62:f7:d8:8d:03:76:3d:3c:dd:d9:0a:
         98:37:b3:c1:19:b1:64:60:21:f8:d2:8b:db:a1:e4:d6:b5:17:
         61:3c:fc:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0BpRa5p4IdTyiuWCDTk1tfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmYWNkMjJmMjg3ZTg0YzIzYjRlODk2NGYzYjExZWYxMjVh
MWM4MTgwHhcNMjYwMzE4MTU1MTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGYzMjlkYzA3ZjQ3NDhhZjVlYmQ5MDgzNmE5M2Y3OTA1NjNiOTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWL4aXuoCnBCogjHOFAJHqorOjCU
/r1AJ3xoOKlD8NRxP1SiwUzwvzrV886MRMIx7bvnz9me57TkxarS2RmqFzW/P9tY
d3mw5OtCoJ/zAFBCLwFSeGTFx5wqpobHFdYE89DS0Z26iKgK0eh2MINsG0dXxDxS
C1XTNZXlHVdIwKa18Y+09k9zX26RH07oK5yO8JBAnQYBA4CGEjpm1t7+0XcSnzaM
g+0iuMmtwXq5HxOBbrtRXoWeKc5QgU4EdYNPZwxDRUt9j9QoQi5rd1L1ITwCMCjw
6jRNhYBI3Rw28oUU1pyr6gJNLRwJ91EmuDqccnxGZWKg5zJWlrfPck+u/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFDzKdwH9HSK9evZCDapP3kFY7kaMB8GA1UdIwQY
MBaAFM+s0i8ofoTCO06JZPOxHvElocgYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejZ6U0x5aC1oTUk3VG9sazg3RWU4U1doeUJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi81NDliNDMtMzk2ZC00YjM2LTk4ZDYt
N2MxYTY0NDdiMGY3LzEvVVBNcDNBZjBkSXIxNjlrSU5xa19lUVZqdVJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi81NDliNDMtMzk2ZC00YjM2LTk4ZDYtN2MxYTY0NDdiMGY3
LzEvejZ6U0x5aC1oTUk3VG9sazg3RWU4U1doeUJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwanUMA0G
CSqGSIb3DQEBCwUAA4IBAQAlWOcYzqAC/E88qxDz5Nu+9AM+Ux5B9EsNxFrBlfeM
e0xtLAB3qBd1PestnF1zbXmFPnBt4eVoOucpzoUaDD6A7w+6Ti/8AaUuCOM3f/tD
0SipgEPfEYBQgZM4tlekpDknL4G2icAmsRb+u7/5c3zdl96Dm9JhA4ROtrnvaUDE
gc5MOTQjl3soUIiTFCpqOd5MROrAvXbtWcn5LUwT540/A1LZe4XTioM1kUFF7j3A
Yon/jGQH6vkMdYhq331ISXnqWkpQj+L2QMzeShfjoOsXSYH8F0XzXWBm4toodxOb
YvfYjQN2PTzd2QqYN7PBGbFkYCH40ovboeTWtRdhPPyQ
-----END CERTIFICATE-----