Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/UV_paFQyhYSMTP8kdNrlJnLSer8.roa
File:                     UV_paFQyhYSMTP8kdNrlJnLSer8.roa (raw, json)
Hash identifier:          jOwkQKvrE5kVJL+kLMorwj8Lao+mio9H7RNhjn29+Ns=
Subject key identifier:   51:5F:E9:68:54:32:85:84:8C:4C:FF:24:74:DA:E5:26:72:D2:7A:BF
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       0199F0C83EF6802254AE2D23B2FADA46C9B9
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/UV_paFQyhYSMTP8kdNrlJnLSer8.roa
Signing time:             Fri 17 Oct 2025 06:07:59 +0000
ROA not before:           Fri 17 Oct 2025 06:07:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210110
IP address blocks:        185.190.81.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f0:c8:3e:f6:80:22:54:ae:2d:23:b2:fa:da:46:c9:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Oct 17 06:07:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=515fe968543285848c4cff2474dae52672d27abf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:8c:fc:1e:43:76:3e:9a:6e:2f:3f:09:b5:86:
                    b5:89:d0:2d:ce:39:6f:bd:45:c5:2d:d3:fb:f8:00:
                    d2:d6:52:a5:dd:c9:56:40:27:59:9d:90:fc:d6:c2:
                    1b:f7:73:9d:f2:24:86:02:f5:e4:e9:00:8d:d4:9e:
                    03:a8:28:37:8d:96:c9:6f:ee:e9:c3:67:4e:34:b8:
                    34:c6:ae:ee:18:67:ec:9c:58:c4:6e:54:3a:00:08:
                    6d:9f:cc:7d:de:5d:4a:e1:56:52:ba:24:2f:ea:e4:
                    6f:e5:10:5f:c4:a3:b4:1f:76:20:cf:1b:f3:8e:8f:
                    bc:25:8c:b2:29:6d:bf:a0:47:9d:bf:ff:3b:48:84:
                    f2:63:42:f8:63:80:f6:1e:6d:76:bd:f2:85:ba:c4:
                    6e:8f:f9:32:2c:1b:53:36:05:53:40:04:ee:da:b8:
                    3c:92:ba:54:b2:02:64:19:75:16:b4:b8:a5:43:b1:
                    9d:30:40:0d:f0:8e:08:ca:a8:42:fe:9b:06:78:72:
                    57:e0:ad:98:b8:f0:c5:64:42:a2:77:10:c0:8a:aa:
                    9b:0b:50:5f:bc:b3:c8:72:de:d6:5b:ac:90:02:9e:
                    7f:43:b7:50:f9:6e:3f:55:88:79:d1:72:e2:d4:c1:
                    f0:25:57:b0:1e:7e:be:20:39:0f:c5:77:93:6a:e5:
                    72:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:5F:E9:68:54:32:85:84:8C:4C:FF:24:74:DA:E5:26:72:D2:7A:BF
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/UV_paFQyhYSMTP8kdNrlJnLSer8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:c7:22:5a:a7:bd:32:c3:69:4a:8f:48:2c:2a:f2:fe:10:59:
         4e:1c:63:fa:41:bd:94:9a:86:fb:30:3d:f6:03:7a:2e:e1:6c:
         9f:a6:8e:be:d9:cd:d0:d1:55:0c:a6:26:5a:52:d1:1a:13:f2:
         20:02:6b:ac:bf:8f:8f:99:2a:b9:98:33:7a:49:ed:d7:17:87:
         85:dc:7b:f6:df:96:25:7c:1d:69:aa:8e:0a:6d:b0:b9:99:96:
         6e:0c:8d:32:c9:a8:38:62:69:44:a6:ae:c5:ab:a1:d4:7d:8a:
         ce:97:54:99:01:44:14:cb:14:35:57:fe:89:4f:12:80:1e:99:
         f5:58:25:1e:ce:70:e4:9b:d8:92:a6:48:ce:7b:43:6d:97:97:
         f0:a0:01:4b:3d:db:15:26:c5:b6:84:00:10:60:6d:58:90:fe:
         2f:ab:78:46:ec:dd:86:1e:43:b7:31:a0:ee:2d:71:ec:b0:99:
         f1:7f:15:a3:6c:0a:e5:92:b5:81:6a:1b:2e:d9:92:d2:6a:a2:
         e2:fb:6e:d6:09:a7:03:6a:21:9b:be:ce:72:02:e3:11:d2:8e:
         bc:ba:d1:c8:2c:c8:70:0f:a1:ca:15:01:8b:4d:56:0c:95:42:
         1b:71:8f:c0:ce:30:8b:f3:52:51:87:7e:b2:cb:30:47:dc:5e:
         1b:a3:16:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnwyD72gCJUri0jsvraRsm5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjUxMDE3MDYwNzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTVmZTk2ODU0MzI4NTg0OGM0Y2ZmMjQ3NGRhZTUyNjcyZDI3YWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6oz8HkN2PppuLz8JtYa1idAtzjlv
vUXFLdP7+ADS1lKl3clWQCdZnZD81sIb93Od8iSGAvXk6QCN1J4DqCg3jZbJb+7p
w2dONLg0xq7uGGfsnFjEblQ6AAhtn8x93l1K4VZSuiQv6uRv5RBfxKO0H3Ygzxvz
jo+8JYyyKW2/oEedv/87SITyY0L4Y4D2Hm12vfKFusRuj/kyLBtTNgVTQATu2rg8
krpUsgJkGXUWtLilQ7GdMEAN8I4IyqhC/psGeHJX4K2YuPDFZEKidxDAiqqbC1Bf
vLPIct7WW6yQAp5/Q7dQ+W4/VYh50XLi1MHwJVewHn6+IDkPxXeTauVyBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFFf6WhUMoWEjEz/JHTa5SZy0nq/MB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvVVZfcGFGUXloWVNNVFA4a2ROcmxKbkxTZXI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub5RMA0G
CSqGSIb3DQEBCwUAA4IBAQAjxyJap70yw2lKj0gsKvL+EFlOHGP6Qb2Umob7MD32
A3ou4Wyfpo6+2c3Q0VUMpiZaUtEaE/IgAmusv4+PmSq5mDN6Se3XF4eF3Hv235Yl
fB1pqo4KbbC5mZZuDI0yyag4YmlEpq7Fq6HUfYrOl1SZAUQUyxQ1V/6JTxKAHpn1
WCUeznDkm9iSpkjOe0Ntl5fwoAFLPdsVJsW2hAAQYG1YkP4vq3hG7N2GHkO3MaDu
LXHssJnxfxWjbArlkrWBahsu2ZLSaqLi+27WCacDaiGbvs5yAuMR0o68utHILMhw
D6HKFQGLTVYMlUIbcY/AzjCL81JRh36yyzBH3F4boxY/
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:22:53 2025 by rpki-client