Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/ec3106-e7bf-4299-ae12-dbd91b111844/1/ucYb6qB_KaTWYUSU6LAo8719FDs.roa
File:                     ucYb6qB_KaTWYUSU6LAo8719FDs.roa (raw, json)
Hash identifier:          +ASle/PB3Ogg8HVIw0p9waPXwti0vvLog6UAfw5L79w=
Subject key identifier:   B9:C6:1B:EA:A0:7F:29:A4:D6:61:44:94:E8:B0:28:F3:BD:7D:14:3B
Certificate issuer:       /CN=d76d71d8845d2fe296a46d79176f590d8db4f16a
Certificate serial:       019CB2C08333A2B5222E535118F7E1840DC3
Authority key identifier: D7:6D:71:D8:84:5D:2F:E2:96:A4:6D:79:17:6F:59:0D:8D:B4:F1:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/121x2IRdL-KWpG15F29ZDY208Wo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/ec3106-e7bf-4299-ae12-dbd91b111844/1/ucYb6qB_KaTWYUSU6LAo8719FDs.roa
Signing time:             Tue 03 Mar 2026 08:11:26 +0000
ROA not before:           Tue 03 Mar 2026 08:11:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34143
IP address blocks:        81.95.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/ec3106-e7bf-4299-ae12-dbd91b111844/1/121x2IRdL-KWpG15F29ZDY208Wo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/ec3106-e7bf-4299-ae12-dbd91b111844/1/121x2IRdL-KWpG15F29ZDY208Wo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/121x2IRdL-KWpG15F29ZDY208Wo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b2:c0:83:33:a2:b5:22:2e:53:51:18:f7:e1:84:0d:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76d71d8845d2fe296a46d79176f590d8db4f16a
        Validity
            Not Before: Mar  3 08:11:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b9c61beaa07f29a4d6614494e8b028f3bd7d143b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:23:08:fb:dc:ab:4d:a2:7f:c7:da:ba:e2:c0:
                    31:19:fa:b7:49:a6:8c:e7:cd:d1:49:ed:a0:f1:70:
                    0d:a1:7e:61:9e:5e:f6:1a:e9:da:74:53:d1:7a:80:
                    37:ff:62:48:42:7d:f3:42:fb:d7:20:bd:a7:6b:2a:
                    eb:cd:75:f7:46:da:cb:35:c6:d4:1d:b4:92:3c:20:
                    5a:13:03:a1:2c:12:1e:4c:c5:8c:a4:e9:49:8d:55:
                    23:aa:e5:20:5a:8d:40:35:39:55:4f:bb:af:35:19:
                    f5:f5:05:c0:14:ef:23:f3:58:ac:0d:d5:af:aa:73:
                    95:35:7f:79:cd:ed:4b:0a:18:6a:f2:bc:4d:5c:9c:
                    3d:2f:1d:24:9c:95:0b:29:af:7f:c7:b3:98:9e:1a:
                    fe:47:c1:1c:9a:24:7c:3e:68:8a:63:9c:a4:25:c1:
                    04:d9:14:6e:f7:d6:c8:ac:b5:d6:67:5e:34:66:e7:
                    c9:41:85:f5:82:7c:e9:f1:64:2a:73:13:08:9c:7b:
                    44:b4:ea:d1:94:ce:87:31:0f:67:71:ba:06:79:b3:
                    29:95:84:83:54:43:7f:3c:4c:56:3a:2b:43:a3:4a:
                    65:1f:37:df:61:ef:5a:3a:2d:58:91:71:0b:25:fd:
                    07:e0:79:0f:9e:ca:b3:47:b6:7a:52:cd:55:f4:f5:
                    75:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:C6:1B:EA:A0:7F:29:A4:D6:61:44:94:E8:B0:28:F3:BD:7D:14:3B
            X509v3 Authority Key Identifier:
                keyid:D7:6D:71:D8:84:5D:2F:E2:96:A4:6D:79:17:6F:59:0D:8D:B4:F1:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/121x2IRdL-KWpG15F29ZDY208Wo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/ec3106-e7bf-4299-ae12-dbd91b111844/1/ucYb6qB_KaTWYUSU6LAo8719FDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/ec3106-e7bf-4299-ae12-dbd91b111844/1/121x2IRdL-KWpG15F29ZDY208Wo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.95.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:e6:42:49:5d:9a:17:ee:bf:2e:50:c6:d4:53:01:85:34:ca:
         8c:a0:60:7f:95:4d:a4:a7:d6:86:b6:39:a5:5f:5f:c2:df:8c:
         e7:4a:9e:91:92:32:fb:fe:72:05:f0:65:af:1a:50:0b:83:90:
         04:37:d3:08:6a:32:79:55:6e:a8:95:0b:ba:3b:5b:6a:8d:82:
         e6:10:73:66:27:2c:de:d8:c6:cb:67:b9:04:48:ff:e6:8b:43:
         3c:e1:1d:63:1c:d2:e2:1c:e5:42:3b:a3:b2:51:3d:e7:ef:b4:
         d6:6f:4a:e1:75:90:36:a7:8b:c5:f8:eb:25:33:a0:f2:ab:02:
         e3:80:11:c6:72:42:ee:a8:7b:27:ec:de:2b:87:78:1a:ca:26:
         05:d7:5b:02:f4:6a:73:39:74:68:b0:b7:79:f5:85:dd:af:14:
         8d:2f:d0:05:10:fa:62:3d:1b:f8:dc:e1:45:45:42:ea:ed:b5:
         17:65:b2:db:94:6c:ba:0b:97:e0:91:f2:4e:79:ed:71:2b:f2:
         4c:27:bb:d7:e9:76:28:cb:cc:e4:21:ae:30:71:87:7b:c5:77:
         22:d2:d5:b5:60:71:62:54:a2:74:17:8b:a7:8d:99:2f:f0:e7:
         cf:ce:04:88:5f:43:d9:f3:95:75:d5:15:a8:ae:8b:5b:5e:53:
         b6:fb:ef:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyywIMzorUiLlNRGPfhhA3DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmQ3MWQ4ODQ1ZDJmZTI5NmE0NmQ3OTE3NmY1OTBkOGRi
NGYxNmEwHhcNMjYwMzAzMDgxMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWM2MWJlYWEwN2YyOWE0ZDY2MTQ0OTRlOGIwMjhmM2JkN2QxNDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryMI+9yrTaJ/x9q64sAxGfq3SaaM
583RSe2g8XANoX5hnl72GunadFPReoA3/2JIQn3zQvvXIL2nayrrzXX3RtrLNcbU
HbSSPCBaEwOhLBIeTMWMpOlJjVUjquUgWo1ANTlVT7uvNRn19QXAFO8j81isDdWv
qnOVNX95ze1LChhq8rxNXJw9Lx0knJULKa9/x7OYnhr+R8EcmiR8PmiKY5ykJcEE
2RRu99bIrLXWZ140ZufJQYX1gnzp8WQqcxMInHtEtOrRlM6HMQ9ncboGebMplYSD
VEN/PExWOitDo0plHzffYe9aOi1YkXELJf0H4HkPnsqzR7Z6Us1V9PV1IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLnGG+qgfymk1mFElOiwKPO9fRQ7MB8GA1UdIwQY
MBaAFNdtcdiEXS/ilqRteRdvWQ2NtPFqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTIxeDJJUmRMLUtXcEcxNUYyOVpEWTIwOFdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9lYzMxMDYtZTdiZi00Mjk5LWFlMTIt
ZGJkOTFiMTExODQ0LzEvdWNZYjZxQl9LYVRXWVVTVTZMQW84NzE5RkRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9lYzMxMDYtZTdiZi00Mjk5LWFlMTItZGJkOTFiMTExODQ0
LzEvMTIxeDJJUmRMLUtXcEcxNUYyOVpEWTIwOFdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUV+6MA0G
CSqGSIb3DQEBCwUAA4IBAQCD5kJJXZoX7r8uUMbUUwGFNMqMoGB/lU2kp9aGtjml
X1/C34znSp6RkjL7/nIF8GWvGlALg5AEN9MIajJ5VW6olQu6O1tqjYLmEHNmJyze
2MbLZ7kESP/mi0M84R1jHNLiHOVCO6OyUT3n77TWb0rhdZA2p4vF+OslM6DyqwLj
gBHGckLuqHsn7N4rh3gayiYF11sC9GpzOXRosLd59YXdrxSNL9AFEPpiPRv43OFF
RULq7bUXZbLblGy6C5fgkfJOee1xK/JMJ7vX6XYoy8zkIa4wcYd7xXci0tW1YHFi
VKJ0F4unjZkv8OfPzgSIX0PZ85V11RWorotbXlO2++++
-----END CERTIFICATE-----