Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/77fa2a-13fc-4da6-aebb-7456f430c3f1/1/mf0gWWT9tDUujC29k27IpTbJ344.roa
File:                     mf0gWWT9tDUujC29k27IpTbJ344.roa (raw, json)
Hash identifier:          CIBQigWs2TocsqchNE4I1RZtMQ3hnsC16oL8fK2cCdk=
Subject key identifier:   99:FD:20:59:64:FD:B4:35:2E:8C:2D:BD:93:6E:C8:A5:36:C9:DF:8E
Certificate issuer:       /CN=50f5fe99bc2232887116fdac82d4082adbc6acb7
Certificate serial:       019E12315F37CAC3814148B26E0ACA6D09DB
Authority key identifier: 50:F5:FE:99:BC:22:32:88:71:16:FD:AC:82:D4:08:2A:DB:C6:AC:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UPX-mbwiMohxFv2sgtQIKtvGrLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/77fa2a-13fc-4da6-aebb-7456f430c3f1/1/mf0gWWT9tDUujC29k27IpTbJ344.roa
Signing time:             Sun 10 May 2026 14:01:26 +0000
ROA not before:           Sun 10 May 2026 14:01:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     269800
IP address blocks:        176.121.252.0/24 maxlen: 24
                          176.121.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/77fa2a-13fc-4da6-aebb-7456f430c3f1/1/UPX-mbwiMohxFv2sgtQIKtvGrLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/77fa2a-13fc-4da6-aebb-7456f430c3f1/1/UPX-mbwiMohxFv2sgtQIKtvGrLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UPX-mbwiMohxFv2sgtQIKtvGrLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:12:31:5f:37:ca:c3:81:41:48:b2:6e:0a:ca:6d:09:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50f5fe99bc2232887116fdac82d4082adbc6acb7
        Validity
            Not Before: May 10 14:01:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=99fd205964fdb4352e8c2dbd936ec8a536c9df8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:48:c9:ae:02:ff:d8:80:32:17:70:69:54:e5:
                    6c:2b:a0:f5:e6:33:13:0d:38:48:92:2c:e7:9b:b6:
                    20:78:1c:d2:3a:25:de:98:29:03:e0:65:c0:80:49:
                    5c:a2:05:a1:02:7c:2c:ec:1f:c0:c2:c0:46:98:5b:
                    a8:6f:98:35:59:ff:e4:0e:a9:ed:1d:1d:10:12:03:
                    5c:e7:8b:d8:c8:41:fd:c6:23:d3:74:72:ed:61:db:
                    9a:6c:6b:46:eb:06:0b:08:b8:fe:81:59:7a:c8:99:
                    09:ab:05:47:bb:c1:ea:60:d0:d8:b5:63:56:f6:d8:
                    d8:7f:36:20:54:a6:e4:19:d2:1d:83:5b:ad:db:61:
                    c0:38:3a:a2:7b:f1:b0:36:6d:b5:ac:9e:f9:e5:16:
                    6b:e7:61:1a:13:db:74:dc:f6:b3:cb:20:19:60:36:
                    d1:2b:5c:0e:dd:01:bb:f3:6f:98:63:c0:ea:23:7d:
                    7c:bc:d7:ae:5e:77:92:d3:b7:7a:2b:df:a6:a1:80:
                    ba:8f:cf:85:ba:3b:9c:bb:57:d5:5c:57:e7:eb:b7:
                    45:b6:51:1c:61:db:55:7f:b4:88:6a:ce:cc:c8:0a:
                    1f:b3:34:f7:d5:4c:19:86:4e:65:b3:a3:d3:c0:61:
                    9d:28:42:15:50:80:0d:cd:6a:0a:6b:e2:24:d2:4d:
                    d1:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:FD:20:59:64:FD:B4:35:2E:8C:2D:BD:93:6E:C8:A5:36:C9:DF:8E
            X509v3 Authority Key Identifier:
                keyid:50:F5:FE:99:BC:22:32:88:71:16:FD:AC:82:D4:08:2A:DB:C6:AC:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UPX-mbwiMohxFv2sgtQIKtvGrLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/77fa2a-13fc-4da6-aebb-7456f430c3f1/1/mf0gWWT9tDUujC29k27IpTbJ344.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/77fa2a-13fc-4da6-aebb-7456f430c3f1/1/UPX-mbwiMohxFv2sgtQIKtvGrLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.121.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:7b:cd:2f:e6:62:81:2a:9d:ce:7c:2f:62:4f:52:6f:38:df:
         d9:cb:2d:14:52:c6:91:f4:e9:dc:30:d8:17:35:90:bb:17:a1:
         9a:0f:c5:8c:a6:56:76:23:d5:33:92:8d:14:51:66:c2:ce:74:
         89:95:3f:6e:e9:a0:f1:df:5e:15:36:76:d1:9f:81:df:d9:0c:
         0c:70:18:95:f1:9a:80:60:1e:e3:ad:d4:68:b2:fe:18:d6:2e:
         2b:2d:8f:fb:04:00:f4:21:f5:1c:4b:e0:99:06:5e:1d:7d:17:
         c9:00:92:3a:22:63:04:c9:a2:23:31:fa:58:de:e1:78:14:1f:
         a9:12:fe:5f:06:04:60:13:bd:e7:da:1b:dd:91:dd:ef:f0:5a:
         1b:79:06:66:f3:4c:13:3d:9c:93:87:ad:1d:05:c2:84:56:62:
         8b:b9:8a:02:3d:b9:c0:68:3c:53:5a:aa:6d:01:fa:7f:de:84:
         03:de:74:bf:e2:02:4a:8f:2e:e3:58:d9:57:d9:ce:5d:82:e9:
         8e:ee:d4:ee:2a:d1:1b:c2:51:db:bd:06:0e:1c:63:cd:3a:15:
         ad:d5:d8:d5:e3:ea:47:d0:e9:6c:f6:1b:84:f6:93:57:29:6e:
         e0:50:ef:09:e5:c4:ae:0f:1f:98:d1:0b:4c:ee:fd:8a:ab:59:
         7c:70:33:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4SMV83ysOBQUiybgrKbQnbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwZjVmZTk5YmMyMjMyODg3MTE2ZmRhYzgyZDQwODJhZGJj
NmFjYjcwHhcNMjYwNTEwMTQwMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWZkMjA1OTY0ZmRiNDM1MmU4YzJkYmQ5MzZlYzhhNTM2YzlkZjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukjJrgL/2IAyF3BpVOVsK6D15jMT
DThIkiznm7YgeBzSOiXemCkD4GXAgElcogWhAnws7B/AwsBGmFuob5g1Wf/kDqnt
HR0QEgNc54vYyEH9xiPTdHLtYduabGtG6wYLCLj+gVl6yJkJqwVHu8HqYNDYtWNW
9tjYfzYgVKbkGdIdg1ut22HAODqie/GwNm21rJ755RZr52EaE9t03PazyyAZYDbR
K1wO3QG782+YY8DqI318vNeuXneS07d6K9+moYC6j8+Fujucu1fVXFfn67dFtlEc
YdtVf7SIas7MyAofszT31UwZhk5ls6PTwGGdKEIVUIANzWoKa+Ik0k3RsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJn9IFlk/bQ1LowtvZNuyKU2yd+OMB8GA1UdIwQY
MBaAFFD1/pm8IjKIcRb9rILUCCrbxqy3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVBYLW1id2lNb2h4RnYyc2d0UUlLdHZHckxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC83N2ZhMmEtMTNmYy00ZGE2LWFlYmIt
NzQ1NmY0MzBjM2YxLzEvbWYwZ1dXVDl0RFV1akMyOWsyN0lwVGJKMzQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC83N2ZhMmEtMTNmYy00ZGE2LWFlYmItNzQ1NmY0MzBjM2Yx
LzEvVVBYLW1id2lNb2h4RnYyc2d0UUlLdHZHckxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsHn8MA0G
CSqGSIb3DQEBCwUAA4IBAQCNe80v5mKBKp3OfC9iT1JvON/Zyy0UUsaR9OncMNgX
NZC7F6GaD8WMplZ2I9Uzko0UUWbCznSJlT9u6aDx314VNnbRn4Hf2QwMcBiV8ZqA
YB7jrdRosv4Y1i4rLY/7BAD0IfUcS+CZBl4dfRfJAJI6ImMEyaIjMfpY3uF4FB+p
Ev5fBgRgE73n2hvdkd3v8FobeQZm80wTPZyTh60dBcKEVmKLuYoCPbnAaDxTWqpt
Afp/3oQD3nS/4gJKjy7jWNlX2c5dgumO7tTuKtEbwlHbvQYOHGPNOhWt1djV4+pH
0Ols9huE9pNXKW7gUO8J5cSuDx+Y0QtM7v2Kq1l8cDM3
-----END CERTIFICATE-----