Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/UvPg35Yq3xMNtEBqghSE5VE5mj8.roa
File:                     UvPg35Yq3xMNtEBqghSE5VE5mj8.roa (raw, json)
Hash identifier:          9QZpYhxGtro9euVy7VMeIu9Apq5BDEIjw+5OY/rh3BA=
Subject key identifier:   52:F3:E0:DF:96:2A:DF:13:0D:B4:40:6A:82:14:84:E5:51:39:9A:3F
Certificate issuer:       /CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
Certificate serial:       019D172627A3854568986DF71CF3810F32CC
Authority key identifier: 5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/UvPg35Yq3xMNtEBqghSE5VE5mj8.roa
Signing time:             Sun 22 Mar 2026 20:04:29 +0000
ROA not before:           Sun 22 Mar 2026 20:04:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209876
IP address blocks:        87.232.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:17:26:27:a3:85:45:68:98:6d:f7:1c:f3:81:0f:32:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
        Validity
            Not Before: Mar 22 20:04:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=52f3e0df962adf130db4406a821484e551399a3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:59:5a:13:a1:03:29:8a:e9:d1:d1:4a:9b:76:
                    19:9b:5f:b1:1b:7c:04:c7:90:f4:d7:90:c0:5d:4e:
                    0e:94:c8:5c:7f:ca:2d:45:70:f7:f1:8d:39:a7:49:
                    8c:d4:9b:a9:40:e9:8c:71:1e:20:0a:a0:76:c1:c0:
                    c1:55:b2:15:a2:fe:51:5e:58:dc:c5:81:22:a0:2c:
                    61:2f:4e:25:0d:e5:b2:83:2d:b6:a9:49:df:e2:65:
                    37:28:9d:68:41:47:e4:1b:f8:27:05:92:a5:df:f1:
                    28:72:f9:7f:6e:3a:3a:44:0b:d8:9e:75:d0:b4:9a:
                    53:f3:79:b8:9a:f6:cf:ac:13:73:ea:7f:7a:ba:38:
                    1c:b4:34:a9:d0:40:3e:c6:c5:69:01:cc:df:23:5b:
                    7c:d2:7b:0e:2b:f1:43:d9:6a:b1:50:9a:d3:02:81:
                    e8:91:de:c2:43:17:69:0c:86:00:17:f4:36:ae:29:
                    3d:e9:a4:cd:8f:19:94:15:27:fd:f3:32:0a:5b:07:
                    2c:be:06:ba:9d:29:8c:a4:4d:3f:01:f2:56:0a:b1:
                    27:af:7f:9b:5a:18:7d:a0:12:1b:ec:fb:76:45:4b:
                    17:1b:57:83:b3:49:ed:d9:6e:15:d4:60:9d:30:43:
                    52:49:cf:99:bb:18:1b:df:92:5d:d3:50:fe:66:ed:
                    fb:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:F3:E0:DF:96:2A:DF:13:0D:B4:40:6A:82:14:84:E5:51:39:9A:3F
            X509v3 Authority Key Identifier:
                keyid:5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/UvPg35Yq3xMNtEBqghSE5VE5mj8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:ed:10:b8:de:7e:07:8b:20:f2:04:7c:e3:fa:33:be:57:db:
         63:f4:e0:e8:71:6a:60:e9:5b:cb:6f:2d:11:01:f6:2b:5d:11:
         02:8d:76:a5:b7:b8:ed:6c:5e:92:e1:d9:f3:92:ad:9f:86:6b:
         d0:57:dd:35:4c:29:6f:33:8c:43:8c:c8:b6:f9:41:29:e7:51:
         8e:fd:54:ef:5a:2a:52:b6:4d:37:f3:68:8a:b5:1c:2a:ac:0a:
         ba:ac:71:bd:c9:a2:91:f4:dd:36:39:2b:17:31:96:3f:b7:22:
         28:85:46:54:a4:63:79:59:6d:b3:2d:d9:d4:00:94:48:75:c3:
         5e:54:53:22:bf:6e:17:7e:68:9b:dc:57:bc:a1:1b:0f:fe:4f:
         43:90:86:fd:30:48:f1:ad:96:6a:7c:b5:a8:1c:25:d6:21:8f:
         80:df:9e:c0:e1:a5:99:26:50:b0:4d:fb:20:b1:05:76:27:5f:
         44:9b:d9:ff:40:6d:d6:68:a6:a6:23:06:57:05:b7:36:e1:e9:
         13:8b:67:39:d0:de:e6:bb:d9:31:77:1a:a2:1d:8c:12:c4:a0:
         23:95:3f:de:a0:e0:dd:84:53:8e:6d:93:5d:b1:60:7c:a6:cc:
         d3:08:90:2f:50:c2:03:63:e7:a1:27:12:f3:31:a0:ab:d5:c3:
         1e:5b:cc:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0XJiejhUVomG33HPOBDzLMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmZTUzYzBiZmMzYzhmYjU2YjgxMTkxMzE3MTQ0NDQzZTBl
MjlkMjUwHhcNMjYwMzIyMjAwNDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmYzZTBkZjk2MmFkZjEzMGRiNDQwNmE4MjE0ODRlNTUxMzk5YTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVlaE6EDKYrp0dFKm3YZm1+xG3wE
x5D015DAXU4OlMhcf8otRXD38Y05p0mM1JupQOmMcR4gCqB2wcDBVbIVov5RXljc
xYEioCxhL04lDeWygy22qUnf4mU3KJ1oQUfkG/gnBZKl3/Eocvl/bjo6RAvYnnXQ
tJpT83m4mvbPrBNz6n96ujgctDSp0EA+xsVpAczfI1t80nsOK/FD2WqxUJrTAoHo
kd7CQxdpDIYAF/Q2rik96aTNjxmUFSf98zIKWwcsvga6nSmMpE0/AfJWCrEnr3+b
Whh9oBIb7Pt2RUsXG1eDs0nt2W4V1GCdMENSSc+Zuxgb35Jd01D+Zu37SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFLz4N+WKt8TDbRAaoIUhOVROZo/MB8GA1UdIwQY
MBaAFF/lPAv8PI+1a4EZExcUREPg4p0lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDct
NWNmNTZlZTQzNWIzLzEvVXZQZzM1WXEzeE1OdEVCcWdoU0U1VkU1bWo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDctNWNmNTZlZTQzNWIz
LzEvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+hTMA0G
CSqGSIb3DQEBCwUAA4IBAQBP7RC43n4HiyDyBHzj+jO+V9tj9ODocWpg6VvLby0R
AfYrXRECjXalt7jtbF6S4dnzkq2fhmvQV901TClvM4xDjMi2+UEp51GO/VTvWipS
tk0382iKtRwqrAq6rHG9yaKR9N02OSsXMZY/tyIohUZUpGN5WW2zLdnUAJRIdcNe
VFMiv24Xfmib3Fe8oRsP/k9DkIb9MEjxrZZqfLWoHCXWIY+A357A4aWZJlCwTfsg
sQV2J19Em9n/QG3WaKamIwZXBbc24ekTi2c50N7mu9kxdxqiHYwSxKAjlT/eoODd
hFOObZNdsWB8pszTCJAvUMIDY+ehJxLzMaCr1cMeW8z2
-----END CERTIFICATE-----