Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/uGB_ddbsCRqL2wO9hMJwAlNvwAI.roa
File:                     uGB_ddbsCRqL2wO9hMJwAlNvwAI.roa (raw, json)
Hash identifier:          1wWq7LVbIEZ7DAKcA/KqRWvgGLZjGjUCgZMuCnyoDjU=
Subject key identifier:   B8:60:7F:75:D6:EC:09:1A:8B:DB:03:BD:84:C2:70:02:53:6F:C0:02
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019E83C021B5846ABF21BE795702426A2F05
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/uGB_ddbsCRqL2wO9hMJwAlNvwAI.roa
Signing time:             Mon 01 Jun 2026 15:14:27 +0000
ROA not before:           Mon 01 Jun 2026 15:14:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214790
IP address blocks:        5.188.200.0/24 maxlen: 24
                          5.189.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 04:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:83:c0:21:b5:84:6a:bf:21:be:79:57:02:42:6a:2f:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jun  1 15:14:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b8607f75d6ec091a8bdb03bd84c27002536fc002
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:50:b3:1f:cf:5d:68:ae:7e:fd:94:f0:be:ee:
                    38:89:4b:44:50:e1:ed:9f:9d:e0:5d:2e:ce:ad:22:
                    2f:9a:2f:5e:d3:41:b8:5e:fa:0f:ee:35:e3:7a:1a:
                    a3:c6:ba:17:19:f4:da:7e:2d:12:3d:df:d9:f8:72:
                    37:db:53:4b:b5:ae:80:a1:ee:de:6e:72:05:e6:e7:
                    9f:01:4a:1d:9e:b1:9d:cb:21:89:97:34:8c:0b:27:
                    7f:e1:6e:dd:8f:e4:5a:cc:71:a9:16:92:ba:2a:25:
                    db:20:c6:fa:b4:d7:7c:10:cb:4c:3a:34:f1:5c:8a:
                    83:59:e7:8d:23:1a:7b:70:f5:7d:b0:8b:97:33:75:
                    22:73:55:ba:55:27:e9:9c:23:be:14:ee:f4:c4:20:
                    c2:17:01:46:73:05:00:cd:f1:9f:e5:e4:4f:50:9b:
                    65:98:07:3b:60:9d:4e:45:ee:69:1b:31:6a:25:0f:
                    b6:49:17:af:3b:49:67:5e:fe:8e:9d:58:6c:dd:00:
                    7d:41:4d:22:7c:39:b9:fe:18:ca:6b:a5:c6:b6:95:
                    ba:a4:e7:dc:f6:07:a9:7b:95:fb:c3:95:9f:23:c3:
                    18:fa:05:20:82:5f:c6:73:b6:c8:f1:6e:99:06:b3:
                    a3:56:82:6e:69:2e:04:69:d5:c8:08:2b:7f:ee:68:
                    47:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:60:7F:75:D6:EC:09:1A:8B:DB:03:BD:84:C2:70:02:53:6F:C0:02
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/uGB_ddbsCRqL2wO9hMJwAlNvwAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.188.200.0/24
                  5.189.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:61:98:d1:ca:9b:b3:1e:f1:fd:6c:44:f5:72:00:38:fe:ad:
         7b:5d:28:3f:29:f6:85:ea:d7:48:b5:0b:d8:1b:c4:2d:17:83:
         35:f0:0d:4d:d9:3f:4d:37:8a:84:2b:3f:20:15:a7:c2:64:86:
         6b:0f:c8:1f:a9:9f:03:fc:9b:f6:b9:1e:e8:63:12:0a:75:19:
         58:77:90:c5:6d:82:7a:03:ae:33:53:a9:a5:a1:88:17:a7:f2:
         05:31:38:f5:3e:9a:de:a7:f7:fd:b5:0e:4c:74:45:7f:13:62:
         ef:94:85:65:24:56:d3:ca:2f:28:07:f4:56:b2:47:96:da:41:
         c8:23:98:b2:23:74:4c:87:22:f4:d6:ee:78:dd:d4:f4:4d:ce:
         b5:3b:63:5b:cd:cd:5f:7a:01:e9:37:b7:17:b7:30:12:63:a9:
         37:73:7e:91:91:dd:87:e8:dd:cb:8a:94:51:aa:48:9f:7a:bd:
         89:09:12:6a:bf:26:59:d6:48:81:aa:5c:27:1f:bf:96:2a:d5:
         53:80:e4:89:a6:65:d0:37:43:cd:59:70:b0:cf:59:eb:25:9e:
         61:e1:c9:d2:db:29:e2:0a:43:52:84:38:30:1c:c7:cf:44:8e:
         a3:ec:33:69:11:72:7c:90:67:42:8f:35:8a:4f:ae:e8:f4:13:
         4c:ab:73:c6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6DwCG1hGq/Ib55VwJCai8FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjYwNjAxMTUxNDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODYwN2Y3NWQ2ZWMwOTFhOGJkYjAzYmQ4NGMyNzAwMjUzNmZjMDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxlCzH89daK5+/ZTwvu44iUtEUOHt
n53gXS7OrSIvmi9e00G4XvoP7jXjehqjxroXGfTafi0SPd/Z+HI321NLta6Aoe7e
bnIF5uefAUodnrGdyyGJlzSMCyd/4W7dj+RazHGpFpK6KiXbIMb6tNd8EMtMOjTx
XIqDWeeNIxp7cPV9sIuXM3Uic1W6VSfpnCO+FO70xCDCFwFGcwUAzfGf5eRPUJtl
mAc7YJ1ORe5pGzFqJQ+2SRevO0lnXv6OnVhs3QB9QU0ifDm5/hjKa6XGtpW6pOfc
9gepe5X7w5WfI8MY+gUggl/Gc7bI8W6ZBrOjVoJuaS4EadXICCt/7mhHJwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLhgf3XW7Akai9sDvYTCcAJTb8ACMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvdUdCX2RkYnNDUnFMMndPOWhNSndBbE52d0FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABbzIAwQA
Bb3+MA0GCSqGSIb3DQEBCwUAA4IBAQAVYZjRypuzHvH9bET1cgA4/q17XSg/KfaF
6tdItQvYG8QtF4M18A1N2T9NN4qEKz8gFafCZIZrD8gfqZ8D/Jv2uR7oYxIKdRlY
d5DFbYJ6A64zU6mloYgXp/IFMTj1Pprep/f9tQ5MdEV/E2LvlIVlJFbTyi8oB/RW
skeW2kHII5iyI3RMhyL01u543dT0Tc61O2Nbzc1fegHpN7cXtzASY6k3c36Rkd2H
6N3LipRRqkifer2JCRJqvyZZ1kiBqlwnH7+WKtVTgOSJpmXQN0PNWXCwz1nrJZ5h
4cnS2yniCkNShDgwHMfPRI6j7DNpEXJ8kGdCjzWKT67o9BNMq3PG
-----END CERTIFICATE-----