Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/d3ab28-7f47-41f3-b231-78844e101133/1/eUcCe3j-6gC5ZMWiIQvI8X1Qdj0.roa
File:                     eUcCe3j-6gC5ZMWiIQvI8X1Qdj0.roa (raw, json)
Hash identifier:          Bg7I63KBUVK3mes1NGcs2kjKVt9Lb2dV0zwtKFKQ+co=
Subject key identifier:   79:47:02:7B:78:FE:EA:00:B9:64:C5:A2:21:0B:C8:F1:7D:50:76:3D
Certificate issuer:       /CN=51f4b0b0469eb0d071994cd8238f34bef00c6fbe
Certificate serial:       019CDD088C9698F65B59ED117BE39BBC79BE
Authority key identifier: 51:F4:B0:B0:46:9E:B0:D0:71:99:4C:D8:23:8F:34:BE:F0:0C:6F:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UfSwsEaesNBxmUzYI480vvAMb74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/d3ab28-7f47-41f3-b231-78844e101133/1/eUcCe3j-6gC5ZMWiIQvI8X1Qdj0.roa
Signing time:             Wed 11 Mar 2026 13:14:10 +0000
ROA not before:           Wed 11 Mar 2026 13:14:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201262
IP address blocks:        185.52.192.0/22 maxlen: 24
                          2a01:9aa0:200::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/d3ab28-7f47-41f3-b231-78844e101133/1/UfSwsEaesNBxmUzYI480vvAMb74.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/d3ab28-7f47-41f3-b231-78844e101133/1/UfSwsEaesNBxmUzYI480vvAMb74.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UfSwsEaesNBxmUzYI480vvAMb74.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:dd:08:8c:96:98:f6:5b:59:ed:11:7b:e3:9b:bc:79:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51f4b0b0469eb0d071994cd8238f34bef00c6fbe
        Validity
            Not Before: Mar 11 13:14:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7947027b78feea00b964c5a2210bc8f17d50763d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:64:b4:80:3f:40:6b:23:9c:6d:67:8a:40:6e:
                    66:d9:0f:d1:c6:1e:ab:bf:94:87:35:70:a6:4b:29:
                    45:09:c0:cf:fe:5f:06:4c:73:95:d0:f0:0e:af:68:
                    6d:98:62:23:99:62:60:32:88:2f:eb:d2:14:16:7f:
                    dd:42:28:89:41:4b:4f:31:5b:4d:49:9b:75:84:5a:
                    1a:09:e3:9e:68:a7:fd:b7:3a:b1:c2:37:1e:ae:94:
                    38:24:9a:9a:75:2c:91:14:f1:ad:0b:25:07:e0:67:
                    51:4a:4b:16:c1:6e:d7:37:de:df:93:da:27:82:01:
                    06:b3:40:4c:cc:4c:1e:c0:28:8e:52:d7:e9:fa:e9:
                    6c:ed:13:2f:4f:9b:26:b7:da:7a:a0:34:93:de:9d:
                    b4:e7:89:53:ea:8e:b2:dc:6d:bb:3a:26:26:fa:e9:
                    ab:2a:a7:e8:df:08:b9:ac:a9:7a:f0:cc:c2:b1:43:
                    ba:a7:b2:e0:4a:4e:0c:86:2c:f2:b4:e7:4e:f8:bc:
                    99:80:4d:43:70:9f:e2:d8:69:63:44:0c:71:0e:a7:
                    69:ca:27:b5:c9:fe:ac:ae:c8:4a:54:16:ed:ad:51:
                    53:80:74:59:49:59:65:ee:6a:67:51:d0:79:22:a9:
                    bb:b2:26:37:69:d8:b2:e1:df:a1:85:21:d2:07:0e:
                    15:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:47:02:7B:78:FE:EA:00:B9:64:C5:A2:21:0B:C8:F1:7D:50:76:3D
            X509v3 Authority Key Identifier:
                keyid:51:F4:B0:B0:46:9E:B0:D0:71:99:4C:D8:23:8F:34:BE:F0:0C:6F:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UfSwsEaesNBxmUzYI480vvAMb74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/d3ab28-7f47-41f3-b231-78844e101133/1/eUcCe3j-6gC5ZMWiIQvI8X1Qdj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/d3ab28-7f47-41f3-b231-78844e101133/1/UfSwsEaesNBxmUzYI480vvAMb74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.52.192.0/22
                IPv6:
                  2a01:9aa0:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         29:2e:a1:dd:1c:3f:b7:75:49:e4:64:6b:74:83:81:b4:3f:8c:
         d0:b0:9c:c1:92:7f:06:74:a7:9f:8c:15:37:a7:33:b4:81:37:
         15:f6:38:38:ca:6f:57:4d:06:c5:ba:23:72:94:47:8e:0d:9d:
         af:80:90:54:c9:1d:93:2a:33:24:17:20:19:2d:d1:6d:ec:c5:
         ae:4f:29:2b:71:bf:ef:76:79:10:7e:bb:6b:16:2f:45:ec:b8:
         6b:9a:4d:89:0b:86:0e:65:1f:86:f4:be:4b:f7:04:01:e4:dd:
         93:fa:2d:2c:78:5f:e2:55:26:ba:db:6e:48:71:b1:9d:bf:ab:
         fb:dd:cc:57:74:f8:3c:92:fa:fa:9f:fb:dc:1b:a9:5d:14:f7:
         f8:32:63:90:fc:8a:c7:8d:b1:6c:fa:8d:e4:95:b2:6f:ed:66:
         4d:48:1d:47:6a:80:5b:3c:45:31:ee:c2:a4:0f:4d:97:ee:c1:
         68:86:75:c3:7a:e9:0d:48:8e:19:11:d2:bd:a9:94:d2:c7:2a:
         0f:28:e3:af:74:f0:54:eb:63:2b:22:75:44:18:65:87:2b:97:
         c1:33:e5:e1:57:81:ab:6c:41:10:82:02:8d:d2:85:7b:19:d9:
         fa:01:04:8c:a4:a5:57:da:33:a1:d5:31:3d:9d:5b:d3:d1:f3:
         d3:78:52:a8
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZzdCIyWmPZbWe0Re+ObvHm+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxZjRiMGIwNDY5ZWIwZDA3MTk5NGNkODIzOGYzNGJlZjAw
YzZmYmUwHhcNMjYwMzExMTMxNDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTQ3MDI3Yjc4ZmVlYTAwYjk2NGM1YTIyMTBiYzhmMTdkNTA3NjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2S0gD9AayOcbWeKQG5m2Q/Rxh6r
v5SHNXCmSylFCcDP/l8GTHOV0PAOr2htmGIjmWJgMogv69IUFn/dQiiJQUtPMVtN
SZt1hFoaCeOeaKf9tzqxwjcerpQ4JJqadSyRFPGtCyUH4GdRSksWwW7XN97fk9on
ggEGs0BMzEwewCiOUtfp+uls7RMvT5smt9p6oDST3p2054lT6o6y3G27OiYm+umr
Kqfo3wi5rKl68MzCsUO6p7LgSk4MhizytOdO+LyZgE1DcJ/i2GljRAxxDqdpyie1
yf6srshKVBbtrVFTgHRZSVll7mpnUdB5Iqm7siY3adiy4d+hhSHSBw4V4wIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFHlHAnt4/uoAuWTFoiELyPF9UHY9MB8GA1UdIwQY
MBaAFFH0sLBGnrDQcZlM2COPNL7wDG++MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWZTd3NFYWVzTkJ4bVV6WUk0ODB2dkFNYjc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9kM2FiMjgtN2Y0Ny00MWYzLWIyMzEt
Nzg4NDRlMTAxMTMzLzEvZVVjQ2Uzai02Z0M1Wk1XaUlRdkk4WDFRZGowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9kM2FiMjgtN2Y0Ny00MWYzLWIyMzEtNzg4NDRlMTAxMTMz
LzEvVWZTd3NFYWVzTkJ4bVV6WUk0ODB2dkFNYjc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQCuTTAMA4E
AgACMAgDBgAqAZqgAjANBgkqhkiG9w0BAQsFAAOCAQEAKS6h3Rw/t3VJ5GRrdIOB
tD+M0LCcwZJ/BnSnn4wVN6cztIE3FfY4OMpvV00GxbojcpRHjg2dr4CQVMkdkyoz
JBcgGS3RbezFrk8pK3G/73Z5EH67axYvRey4a5pNiQuGDmUfhvS+S/cEAeTdk/ot
LHhf4lUmuttuSHGxnb+r+93MV3T4PJL6+p/73BupXRT3+DJjkPyKx42xbPqN5JWy
b+1mTUgdR2qAWzxFMe7CpA9Nl+7BaIZ1w3rpDUiOGRHSvamU0scqDyjjr3TwVOtj
KyJ1RBhlhyuXwTPl4VeBq2xBEIICjdKFexnZ+gEEjKSlV9ozodUxPZ1b09Hz03hS
qA==
-----END CERTIFICATE-----