Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/UN8luFCv80D_HegX80Rq_1yKwcE.roa
File:                     UN8luFCv80D_HegX80Rq_1yKwcE.roa (raw, json)
Hash identifier:          TDiFAEDBmlofvjYNrJv/M7/10Dwv1YxGQkuX5cWs9sA=
Subject key identifier:   50:DF:25:B8:50:AF:F3:40:FF:1D:E8:17:F3:44:6A:FF:5C:8A:C1:C1
Certificate issuer:       /CN=2e0a9333f93cca544fdabe2ea7a6738a54af759e
Certificate serial:       019E55E822CAEB309D567171B32AB4D69C52
Authority key identifier: 2E:0A:93:33:F9:3C:CA:54:4F:DA:BE:2E:A7:A6:73:8A:54:AF:75:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LgqTM_k8ylRP2r4up6ZzilSvdZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/UN8luFCv80D_HegX80Rq_1yKwcE.roa
Signing time:             Sat 23 May 2026 17:35:37 +0000
ROA not before:           Sat 23 May 2026 17:35:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215625
IP address blocks:        46.235.12.0/24 maxlen: 24
                          46.235.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/LgqTM_k8ylRP2r4up6ZzilSvdZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/LgqTM_k8ylRP2r4up6ZzilSvdZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LgqTM_k8ylRP2r4up6ZzilSvdZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 05:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:55:e8:22:ca:eb:30:9d:56:71:71:b3:2a:b4:d6:9c:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e0a9333f93cca544fdabe2ea7a6738a54af759e
        Validity
            Not Before: May 23 17:35:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=50df25b850aff340ff1de817f3446aff5c8ac1c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c6:da:32:58:af:39:4f:ba:a2:a9:ee:77:2a:
                    fb:a3:18:a8:97:94:a6:1d:ee:ce:40:54:6f:fa:d5:
                    9c:4c:28:d1:b7:e5:ac:ad:2b:6a:81:88:05:9b:f7:
                    8a:b3:9d:8c:2e:eb:3e:4f:ef:f2:3b:7a:31:fe:d0:
                    fa:b5:3b:14:31:05:83:3a:af:8f:b3:08:fb:ba:a2:
                    3c:38:dc:a9:5e:e2:05:7a:3b:98:19:d8:40:fd:8d:
                    cc:f7:1f:1c:12:3c:db:a6:ed:96:32:67:9c:81:ec:
                    0f:7f:d1:b4:bc:ac:2d:67:39:a2:e2:e3:ae:eb:4c:
                    60:0c:14:d6:85:6e:ee:c7:b9:e5:72:be:65:10:1d:
                    6c:5a:78:f9:c3:f3:05:a6:bf:a4:f7:6d:65:e1:1a:
                    34:f3:0d:f9:f6:11:62:83:48:dd:fa:2c:47:5e:4b:
                    8d:f3:d8:a8:cf:51:e5:d2:ef:c0:fb:62:0f:f4:95:
                    3e:8d:57:b5:ed:e0:cb:43:66:47:74:5c:b3:b8:f0:
                    3a:24:31:b5:56:60:dd:d3:6b:27:38:75:1c:4c:d1:
                    95:e3:26:34:e5:6b:b2:2e:16:de:bc:f7:6b:94:a7:
                    ec:c6:d0:b8:f3:c2:ee:75:42:0d:db:6d:bf:de:0a:
                    56:e6:4c:fa:44:2a:59:61:46:4b:43:73:1b:b7:00:
                    d8:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:DF:25:B8:50:AF:F3:40:FF:1D:E8:17:F3:44:6A:FF:5C:8A:C1:C1
            X509v3 Authority Key Identifier:
                keyid:2E:0A:93:33:F9:3C:CA:54:4F:DA:BE:2E:A7:A6:73:8A:54:AF:75:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LgqTM_k8ylRP2r4up6ZzilSvdZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/UN8luFCv80D_HegX80Rq_1yKwcE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/LgqTM_k8ylRP2r4up6ZzilSvdZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.235.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:7a:10:e3:3b:78:3b:c0:40:df:09:cc:a9:47:91:5b:f6:77:
         f3:12:20:90:c2:96:b7:eb:5b:a6:d7:7b:c6:cd:c2:49:9f:ec:
         8a:e7:5b:23:95:50:c1:50:9f:59:39:09:1d:19:78:ce:96:bc:
         4f:63:07:cd:e3:7b:25:bd:da:1f:eb:34:84:f3:a9:eb:a9:f2:
         cc:37:2c:1b:91:ce:1c:fd:e4:8e:f7:47:12:03:b0:08:56:d8:
         0f:7d:3d:59:7d:11:0c:e4:ca:1b:0d:4b:3c:3a:8c:bd:c4:f6:
         f7:c4:5e:58:eb:e2:28:4f:f1:38:42:eb:e3:53:06:2a:fc:61:
         d3:ee:d6:7b:36:b9:a4:ae:5f:69:53:d0:51:a7:f4:d4:ff:2b:
         dc:83:fe:f0:43:c1:0a:a8:18:47:b7:13:17:f6:20:e1:67:60:
         4d:7f:d5:ef:55:7b:9e:87:2f:7e:25:8e:94:82:92:10:2e:e4:
         ec:b0:60:2c:1e:7d:3b:8b:cb:3b:2b:27:64:a2:85:01:1b:8c:
         da:ea:c4:e2:32:d3:82:18:ee:e0:20:8e:04:a1:97:0e:3f:7c:
         0e:ff:24:8d:3e:0b:0b:4a:76:6f:2d:40:6b:ca:57:20:3c:1f:
         35:8b:06:97:27:e1:eb:11:2d:33:c7:3a:89:d0:8b:50:6a:46:
         69:fd:ad:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5V6CLK6zCdVnFxsyq01pxSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMGE5MzMzZjkzY2NhNTQ0ZmRhYmUyZWE3YTY3MzhhNTRh
Zjc1OWUwHhcNMjYwNTIzMTczNTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGRmMjViODUwYWZmMzQwZmYxZGU4MTdmMzQ0NmFmZjVjOGFjMWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcbaMlivOU+6oqnudyr7oxiol5Sm
He7OQFRv+tWcTCjRt+WsrStqgYgFm/eKs52MLus+T+/yO3ox/tD6tTsUMQWDOq+P
swj7uqI8ONypXuIFejuYGdhA/Y3M9x8cEjzbpu2WMmecgewPf9G0vKwtZzmi4uOu
60xgDBTWhW7ux7nlcr5lEB1sWnj5w/MFpr+k921l4Ro08w359hFig0jd+ixHXkuN
89ioz1Hl0u/A+2IP9JU+jVe17eDLQ2ZHdFyzuPA6JDG1VmDd02snOHUcTNGV4yY0
5WuyLhbevPdrlKfsxtC488LudUIN222/3gpW5kz6RCpZYUZLQ3MbtwDYyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFDfJbhQr/NA/x3oF/NEav9cisHBMB8GA1UdIwQY
MBaAFC4KkzP5PMpUT9q+Lqemc4pUr3WeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGdxVE1fazh5bFJQMnI0dXA2WnppbFN2ZFo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9hNGQwOWYtMjlkZi00NGVhLWE3YjEt
MGEwYWFlYWVlNGYxLzEvVU44bHVGQ3Y4MERfSGVnWDgwUnFfMXlLd2NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9hNGQwOWYtMjlkZi00NGVhLWE3YjEtMGEwYWFlYWVlNGYx
LzEvTGdxVE1fazh5bFJQMnI0dXA2WnppbFN2ZFo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLusMMA0G
CSqGSIb3DQEBCwUAA4IBAQCNehDjO3g7wEDfCcypR5Fb9nfzEiCQwpa361um13vG
zcJJn+yK51sjlVDBUJ9ZOQkdGXjOlrxPYwfN43slvdof6zSE86nrqfLMNywbkc4c
/eSO90cSA7AIVtgPfT1ZfREM5MobDUs8Ooy9xPb3xF5Y6+IoT/E4QuvjUwYq/GHT
7tZ7Nrmkrl9pU9BRp/TU/yvcg/7wQ8EKqBhHtxMX9iDhZ2BNf9XvVXuehy9+JY6U
gpIQLuTssGAsHn07i8s7KydkooUBG4za6sTiMtOCGO7gII4EoZcOP3wO/ySNPgsL
SnZvLUBrylcgPB81iwaXJ+HrES0zxzqJ0ItQakZp/a0d
-----END CERTIFICATE-----