Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/29dc37-be82-4207-a5e2-ce9c96211858/1/UhyVMuKBGIM4xUEKDlseGtkBRyA.roa
File:                     UhyVMuKBGIM4xUEKDlseGtkBRyA.roa (raw, json)
Hash identifier:          8gHkUh/L9anFCoLuUeIE20SENtUSNu9Tps9dolr4la0=
Subject key identifier:   52:1C:95:32:E2:81:18:83:38:C5:41:0A:0E:5B:1E:1A:D9:01:47:20
Certificate issuer:       /CN=caedbbae709d3ca64688257bbba36f96a0999df2
Certificate serial:       019B78350F3CA9A520254C7485AB5DF000EE
Authority key identifier: CA:ED:BB:AE:70:9D:3C:A6:46:88:25:7B:BB:A3:6F:96:A0:99:9D:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yu27rnCdPKZGiCV7u6NvlqCZnfI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/29dc37-be82-4207-a5e2-ce9c96211858/1/UhyVMuKBGIM4xUEKDlseGtkBRyA.roa
Signing time:             Thu 01 Jan 2026 06:18:21 +0000
ROA not before:           Thu 01 Jan 2026 06:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202545
IP address blocks:        2001:678:1190::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/29dc37-be82-4207-a5e2-ce9c96211858/1/yu27rnCdPKZGiCV7u6NvlqCZnfI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/29dc37-be82-4207-a5e2-ce9c96211858/1/yu27rnCdPKZGiCV7u6NvlqCZnfI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yu27rnCdPKZGiCV7u6NvlqCZnfI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:0f:3c:a9:a5:20:25:4c:74:85:ab:5d:f0:00:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=caedbbae709d3ca64688257bbba36f96a0999df2
        Validity
            Not Before: Jan  1 06:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=521c9532e281188338c5410a0e5b1e1ad9014720
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:5e:d5:9e:9d:8c:02:a3:d2:eb:8f:ca:c4:ca:
                    70:44:d2:87:98:d1:f7:e6:ff:20:2d:cb:5e:71:17:
                    94:99:c7:7b:ff:e0:26:a3:35:e0:f3:da:f0:de:e5:
                    57:b5:e5:fc:6e:4d:4a:0c:a3:56:8c:87:2a:b3:71:
                    6b:ac:b7:59:0e:de:7f:95:14:52:46:b0:a9:8b:03:
                    95:65:48:7f:0d:8d:53:09:30:0e:de:d8:40:20:a1:
                    1f:f8:bd:c2:1a:ba:5e:7c:69:5c:29:5e:f6:7b:09:
                    47:80:f6:16:71:e0:a5:2e:ce:b7:00:ab:d3:f5:b0:
                    e3:ae:c8:a4:ec:8a:96:79:69:e3:36:81:84:41:8a:
                    d5:82:60:da:67:50:0a:bf:06:99:4f:59:10:a8:de:
                    83:67:ae:81:a9:f9:e4:75:a3:5d:ad:48:51:b2:3e:
                    3e:38:b8:68:1b:ae:26:9a:c2:4e:d5:d7:1d:df:e9:
                    69:b5:ed:59:08:42:53:2b:ab:5d:6b:29:71:3d:9d:
                    ca:09:92:40:5a:e5:1f:a9:e6:a3:19:20:4e:32:51:
                    d9:be:4a:59:72:b0:dc:a7:34:8a:70:b5:f7:32:96:
                    ac:37:5b:6b:98:af:3c:bb:5f:cf:ea:d5:7f:31:77:
                    71:bf:79:98:de:ad:38:dd:be:32:8c:da:71:cb:71:
                    38:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:1C:95:32:E2:81:18:83:38:C5:41:0A:0E:5B:1E:1A:D9:01:47:20
            X509v3 Authority Key Identifier:
                keyid:CA:ED:BB:AE:70:9D:3C:A6:46:88:25:7B:BB:A3:6F:96:A0:99:9D:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yu27rnCdPKZGiCV7u6NvlqCZnfI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/29dc37-be82-4207-a5e2-ce9c96211858/1/UhyVMuKBGIM4xUEKDlseGtkBRyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/29dc37-be82-4207-a5e2-ce9c96211858/1/yu27rnCdPKZGiCV7u6NvlqCZnfI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1190::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:74:9a:10:cb:0e:82:73:cd:47:e3:01:3a:03:b9:d9:80:7c:
         af:03:47:48:30:e8:78:47:30:8f:cd:d9:34:96:f0:b9:a2:5c:
         fb:57:94:39:4d:92:52:a1:5f:8e:80:ca:bc:fd:d2:5f:41:a2:
         a1:f5:d0:83:57:ee:2d:78:3f:6e:df:bb:1c:4e:68:7e:1e:1b:
         28:bb:f0:0f:64:8c:c2:a4:b6:c0:0f:42:e5:07:56:7f:8f:5c:
         6a:a6:c6:98:b4:f5:b7:61:56:50:4b:e5:7a:05:39:fe:e0:b4:
         6d:bc:ca:43:86:b2:2d:e3:20:2d:c3:91:af:58:74:e4:bb:7d:
         ad:82:04:f4:60:32:7a:89:75:c1:79:68:8e:80:f7:4d:1f:b2:
         93:c9:e3:29:44:8a:41:a8:9c:81:2b:09:ad:72:2f:1f:e3:c3:
         8d:ab:e5:b8:23:40:5c:28:23:c6:7b:46:ee:79:dd:a8:49:aa:
         6c:91:3b:6f:25:32:2c:f6:89:56:47:4a:2d:5e:ca:e6:b3:a8:
         66:81:bb:9b:fe:68:ba:16:dc:af:c1:39:fe:cf:35:67:c3:5c:
         f0:e6:76:dd:4a:f8:44:fb:1b:64:b0:78:78:9e:ce:fd:ad:18:
         82:96:4d:e2:77:2a:d1:f0:4d:8d:54:12:ce:9c:16:19:b9:9b:
         6a:65:3d:07
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt4NQ88qaUgJUx0hatd8ADuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhZWRiYmFlNzA5ZDNjYTY0Njg4MjU3YmJiYTM2Zjk2YTA5
OTlkZjIwHhcNMjYwMTAxMDYxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjFjOTUzMmUyODExODgzMzhjNTQxMGEwZTViMWUxYWQ5MDE0NzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwl7Vnp2MAqPS64/KxMpwRNKHmNH3
5v8gLctecReUmcd7/+AmozXg89rw3uVXteX8bk1KDKNWjIcqs3FrrLdZDt5/lRRS
RrCpiwOVZUh/DY1TCTAO3thAIKEf+L3CGrpefGlcKV72ewlHgPYWceClLs63AKvT
9bDjrsik7IqWeWnjNoGEQYrVgmDaZ1AKvwaZT1kQqN6DZ66BqfnkdaNdrUhRsj4+
OLhoG64mmsJO1dcd3+lpte1ZCEJTK6tdaylxPZ3KCZJAWuUfqeajGSBOMlHZvkpZ
crDcpzSKcLX3MpasN1trmK88u1/P6tV/MXdxv3mY3q043b4yjNpxy3E4MQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFIclTLigRiDOMVBCg5bHhrZAUcgMB8GA1UdIwQY
MBaAFMrtu65wnTymRogle7ujb5agmZ3yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXUyN3JuQ2RQS1pHaUNWN3U2TnZscUNabmZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC8yOWRjMzctYmU4Mi00MjA3LWE1ZTIt
Y2U5Yzk2MjExODU4LzEvVWh5Vk11S0JHSU00eFVFS0Rsc2VHdGtCUnlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC8yOWRjMzctYmU4Mi00MjA3LWE1ZTItY2U5Yzk2MjExODU4
LzEveXUyN3JuQ2RQS1pHaUNWN3U2TnZscUNabmZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBGQ
MA0GCSqGSIb3DQEBCwUAA4IBAQA6dJoQyw6Cc81H4wE6A7nZgHyvA0dIMOh4RzCP
zdk0lvC5olz7V5Q5TZJSoV+OgMq8/dJfQaKh9dCDV+4teD9u37scTmh+Hhsou/AP
ZIzCpLbAD0LlB1Z/j1xqpsaYtPW3YVZQS+V6BTn+4LRtvMpDhrIt4yAtw5GvWHTk
u32tggT0YDJ6iXXBeWiOgPdNH7KTyeMpRIpBqJyBKwmtci8f48ONq+W4I0BcKCPG
e0bued2oSapskTtvJTIs9olWR0otXsrms6hmgbub/mi6FtyvwTn+zzVnw1zw5nbd
SvhE+xtksHh4ns79rRiClk3idyrR8E2NVBLOnBYZuZtqZT0H
-----END CERTIFICATE-----