Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/UZ7ePce2V0p3ZbzWXJ1ZgbnwDMQ.roa
File:                     UZ7ePce2V0p3ZbzWXJ1ZgbnwDMQ.roa (raw, json)
Hash identifier:          3DbxDok/x0GzcOvaTUOPhPb4K0GtiOZj5rAjknMwnN0=
Subject key identifier:   51:9E:DE:3D:C7:B6:57:4A:77:65:BC:D6:5C:9D:59:81:B9:F0:0C:C4
Certificate issuer:       /CN=d5f065c8bdb78ff294f7c5454971dbfabfb6c184
Certificate serial:       019D290E575416DDB40DDFB6D49A6DC008C4
Authority key identifier: D5:F0:65:C8:BD:B7:8F:F2:94:F7:C5:45:49:71:DB:FA:BF:B6:C1:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1fBlyL23j_KU98VFSXHb-r-2wYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/UZ7ePce2V0p3ZbzWXJ1ZgbnwDMQ.roa
Signing time:             Thu 26 Mar 2026 07:31:38 +0000
ROA not before:           Thu 26 Mar 2026 07:31:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21396
IP address blocks:        193.178.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/1fBlyL23j_KU98VFSXHb-r-2wYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/1fBlyL23j_KU98VFSXHb-r-2wYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1fBlyL23j_KU98VFSXHb-r-2wYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:0e:57:54:16:dd:b4:0d:df:b6:d4:9a:6d:c0:08:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5f065c8bdb78ff294f7c5454971dbfabfb6c184
        Validity
            Not Before: Mar 26 07:31:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=519ede3dc7b6574a7765bcd65c9d5981b9f00cc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:2a:df:a9:7e:95:ab:2f:d2:0a:1a:b5:b9:80:
                    8a:d2:a6:f5:ee:1c:86:f4:09:17:fb:66:ee:6b:23:
                    0e:13:30:98:21:d1:14:6d:85:9f:f2:93:f7:13:61:
                    2b:37:cf:f8:bc:c3:60:e2:73:23:50:09:66:d1:84:
                    fd:eb:a9:41:f1:18:fa:12:c3:d6:59:13:e8:1b:63:
                    35:f7:16:4f:b4:bc:92:4d:79:cf:f8:fd:a3:ca:9e:
                    dd:fd:c1:ac:22:36:dc:fe:03:c7:e3:c2:76:3a:27:
                    9b:4b:f6:32:80:72:10:61:ab:c6:dd:76:3d:f9:4e:
                    f6:26:9b:71:85:28:e3:48:46:4b:28:d0:7a:09:fa:
                    bb:35:28:b5:af:b5:78:6e:e0:c4:4c:75:08:d8:14:
                    6c:8e:09:e9:b7:98:8a:3b:48:a2:30:7a:36:85:73:
                    cc:80:98:aa:60:c0:46:40:79:88:24:6f:96:7d:d6:
                    a8:aa:78:aa:23:58:45:a5:55:69:ec:a9:aa:69:61:
                    2e:61:f2:87:43:c8:97:b3:97:e0:b2:93:d7:5d:b7:
                    66:6f:bf:e5:43:32:23:7a:e2:fd:9f:81:59:87:d0:
                    4d:bb:24:b1:45:d3:4a:f5:06:65:10:37:6d:98:f0:
                    db:ce:44:44:1e:e8:5f:1f:8a:b7:ac:4a:d7:43:17:
                    6a:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:9E:DE:3D:C7:B6:57:4A:77:65:BC:D6:5C:9D:59:81:B9:F0:0C:C4
            X509v3 Authority Key Identifier:
                keyid:D5:F0:65:C8:BD:B7:8F:F2:94:F7:C5:45:49:71:DB:FA:BF:B6:C1:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1fBlyL23j_KU98VFSXHb-r-2wYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/UZ7ePce2V0p3ZbzWXJ1ZgbnwDMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/1fBlyL23j_KU98VFSXHb-r-2wYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:59:89:73:d0:57:aa:f9:67:38:14:a1:ac:26:31:8b:7e:ff:
         39:04:2d:58:2e:19:35:38:76:69:71:18:8f:46:ef:51:3a:ed:
         a7:dc:57:1c:d1:b5:07:6d:5a:29:33:ae:19:38:0c:a1:b8:ec:
         35:c7:3d:25:89:de:69:27:8e:31:87:98:ba:c3:4c:9e:b4:ea:
         04:4b:22:7c:ed:90:fa:1b:6b:10:68:c4:2d:65:9f:af:2e:d0:
         6d:08:7e:8f:20:fe:77:f9:ff:1c:c3:a9:1d:13:db:2b:3d:bd:
         fe:07:60:17:cb:54:bd:f5:05:83:09:34:a9:37:26:a3:8d:15:
         03:12:50:a8:df:bd:a7:e2:5b:08:f0:66:ed:fb:32:80:9c:6a:
         66:11:a7:38:01:5f:89:ca:5f:c3:db:8e:5c:b5:a8:61:9a:37:
         d3:07:98:a2:ea:13:c8:92:d0:1f:c8:29:b8:ba:dc:5e:af:7d:
         79:2f:22:81:d9:c8:fe:0c:08:3b:c8:1e:e1:d1:c3:40:5a:e7:
         1e:25:5d:52:fc:bd:c4:92:3b:85:c1:6e:05:15:3f:62:bc:b7:
         67:43:9f:88:d8:67:3c:0b:52:fb:f6:e7:24:11:c9:fa:7f:64:
         2a:88:b9:a9:c9:1c:f2:2c:35:67:12:31:7c:e9:96:2a:a7:04:
         22:b3:3f:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0pDldUFt20Dd+21JptwAjEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ZjA2NWM4YmRiNzhmZjI5NGY3YzU0NTQ5NzFkYmZhYmZi
NmMxODQwHhcNMjYwMzI2MDczMTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTllZGUzZGM3YjY1NzRhNzc2NWJjZDY1YzlkNTk4MWI5ZjAwY2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCrfqX6Vqy/SChq1uYCK0qb17hyG
9AkX+2buayMOEzCYIdEUbYWf8pP3E2ErN8/4vMNg4nMjUAlm0YT966lB8Rj6EsPW
WRPoG2M19xZPtLySTXnP+P2jyp7d/cGsIjbc/gPH48J2OiebS/YygHIQYavG3XY9
+U72JptxhSjjSEZLKNB6Cfq7NSi1r7V4buDETHUI2BRsjgnpt5iKO0iiMHo2hXPM
gJiqYMBGQHmIJG+WfdaoqniqI1hFpVVp7KmqaWEuYfKHQ8iXs5fgspPXXbdmb7/l
QzIjeuL9n4FZh9BNuySxRdNK9QZlEDdtmPDbzkREHuhfH4q3rErXQxdqTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFGe3j3HtldKd2W81lydWYG58AzEMB8GA1UdIwQY
MBaAFNXwZci9t4/ylPfFRUlx2/q/tsGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWZCbHlMMjNqX0tVOThWRlNYSGItci0yd1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9mMjc3ZWEtNzI2YS00MDUyLThlNWIt
MzVhNWRjMmM3OTJjLzEvVVo3ZVBjZTJWMHAzWmJ6V1hKMVpnYm53RE1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9mMjc3ZWEtNzI2YS00MDUyLThlNWItMzVhNWRjMmM3OTJj
LzEvMWZCbHlMMjNqX0tVOThWRlNYSGItci0yd1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbI0MA0G
CSqGSIb3DQEBCwUAA4IBAQAWWYlz0Feq+Wc4FKGsJjGLfv85BC1YLhk1OHZpcRiP
Ru9ROu2n3Fcc0bUHbVopM64ZOAyhuOw1xz0lid5pJ44xh5i6w0yetOoESyJ87ZD6
G2sQaMQtZZ+vLtBtCH6PIP53+f8cw6kdE9srPb3+B2AXy1S99QWDCTSpNyajjRUD
ElCo372n4lsI8Gbt+zKAnGpmEac4AV+Jyl/D245ctahhmjfTB5ii6hPIktAfyCm4
utxer315LyKB2cj+DAg7yB7h0cNAWuceJV1S/L3EkjuFwW4FFT9ivLdnQ5+I2Gc8
C1L79uckEcn6f2QqiLmpyRzyLDVnEjF86ZYqpwQisz+o
-----END CERTIFICATE-----