Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/U8UDaIZw2YP3SKUjestM7JviVY0.roa
File:                     U8UDaIZw2YP3SKUjestM7JviVY0.roa (raw, json)
Hash identifier:          hh9ldeIceCOBRCM43UWJ3GOgUvEv0y6UmXqiOu49iqM=
Subject key identifier:   53:C5:03:68:86:70:D9:83:F7:48:A5:23:7A:CB:4C:EC:9B:E2:55:8D
Certificate issuer:       /CN=a5b0c05731efa4bbe5c2a30ae5189f7785d2d499
Certificate serial:       019EA12DBED7DC03CE14F4718ABE18A935B2
Authority key identifier: A5:B0:C0:57:31:EF:A4:BB:E5:C2:A3:0A:E5:18:9F:77:85:D2:D4:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/U8UDaIZw2YP3SKUjestM7JviVY0.roa
Signing time:             Sun 07 Jun 2026 08:23:09 +0000
ROA not before:           Sun 07 Jun 2026 08:23:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41171
IP address blocks:        192.94.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Jun 2026 12:28:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a1:2d:be:d7:dc:03:ce:14:f4:71:8a:be:18:a9:35:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5b0c05731efa4bbe5c2a30ae5189f7785d2d499
        Validity
            Not Before: Jun  7 08:23:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=53c503688670d983f748a5237acb4cec9be2558d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:9c:88:db:c7:91:bb:c5:3e:b0:f0:ee:0f:69:
                    65:26:62:6a:40:8e:56:c4:d1:d8:14:3b:6c:d5:eb:
                    7e:24:11:57:ad:18:73:6d:f6:45:0d:eb:e6:86:4b:
                    f8:39:37:3f:e2:ff:cb:db:1b:70:42:ad:f2:21:8d:
                    d8:4d:d1:6c:c8:e5:d4:e3:9a:f0:5e:98:27:99:5f:
                    d8:3e:ab:37:fd:c3:41:cd:f0:aa:ba:70:2b:14:02:
                    41:ad:3f:a9:9e:bd:dd:d1:c0:e1:88:bc:f7:de:eb:
                    10:3f:44:76:a3:3e:f5:3a:45:64:98:b4:06:9f:f4:
                    fd:44:fb:06:ac:89:77:50:3f:4a:50:2a:52:0b:a0:
                    e3:eb:b1:0f:24:e0:98:ca:2d:d5:00:74:0c:dd:84:
                    50:10:16:ad:6e:a6:10:75:68:4e:8f:17:81:e3:95:
                    8e:8c:33:86:da:9f:92:66:55:a2:86:0c:14:65:cf:
                    6b:d6:ba:5d:83:a9:4c:d8:29:90:8f:a6:72:d2:17:
                    b3:b9:a9:9a:20:05:b3:f9:ea:24:ae:ad:d8:40:4f:
                    f7:e9:d8:65:35:c7:92:d9:1a:ed:75:0f:00:84:71:
                    44:35:62:f3:6b:0e:73:9f:ba:4e:a2:c9:6f:43:b4:
                    8a:4b:88:cf:33:a4:12:a9:56:08:9e:95:81:72:2f:
                    23:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:C5:03:68:86:70:D9:83:F7:48:A5:23:7A:CB:4C:EC:9B:E2:55:8D
            X509v3 Authority Key Identifier:
                keyid:A5:B0:C0:57:31:EF:A4:BB:E5:C2:A3:0A:E5:18:9F:77:85:D2:D4:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/U8UDaIZw2YP3SKUjestM7JviVY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.94.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:33:a2:50:8b:1d:f1:fa:4b:09:38:3a:fd:28:a8:9d:a9:e5:
         1e:83:86:92:03:84:6b:5c:38:53:be:93:12:b9:e2:a7:73:59:
         c5:ea:6e:7a:69:21:75:d8:2b:af:72:d1:22:d2:2c:03:72:27:
         24:61:a4:38:ab:ac:bb:db:dc:3c:9c:ed:19:3c:b7:b8:53:7a:
         8b:bf:ce:a1:49:a3:82:b2:e0:f3:58:7e:6d:e4:d5:51:5d:18:
         c7:eb:9b:a3:c7:26:41:26:b5:97:e2:8e:dc:8f:89:db:2e:aa:
         fb:95:79:15:1d:9d:8a:73:49:b8:14:7a:64:a8:55:e5:7e:8b:
         cc:2b:f5:dd:d5:70:55:72:77:6f:ea:fc:d0:5b:cc:21:74:8d:
         af:9d:fd:f7:15:ab:9c:17:fa:13:41:67:95:d4:00:91:d0:21:
         5e:0b:fd:2d:6f:6b:c3:20:e5:4b:d1:f8:ee:ee:81:22:9a:05:
         e5:a5:a3:5d:e3:03:a1:64:0a:be:5b:4e:b5:69:32:1e:70:19:
         a9:08:67:1f:8d:68:8e:42:59:af:23:55:7f:78:86:c3:56:8c:
         2c:e0:a8:0d:b1:76:c3:2d:87:dc:40:f5:c0:99:ca:20:bf:63:
         3e:b9:25:17:e7:16:d9:6d:fb:08:ff:c5:4a:8d:7b:d0:40:7f:
         79:3a:d2:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6hLb7X3APOFPRxir4YqTWyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YjBjMDU3MzFlZmE0YmJlNWMyYTMwYWU1MTg5Zjc3ODVk
MmQ0OTkwHhcNMjYwNjA3MDgyMzA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2M1MDM2ODg2NzBkOTgzZjc0OGE1MjM3YWNiNGNlYzliZTI1NThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopyI28eRu8U+sPDuD2llJmJqQI5W
xNHYFDts1et+JBFXrRhzbfZFDevmhkv4OTc/4v/L2xtwQq3yIY3YTdFsyOXU45rw
XpgnmV/YPqs3/cNBzfCqunArFAJBrT+pnr3d0cDhiLz33usQP0R2oz71OkVkmLQG
n/T9RPsGrIl3UD9KUCpSC6Dj67EPJOCYyi3VAHQM3YRQEBatbqYQdWhOjxeB45WO
jDOG2p+SZlWihgwUZc9r1rpdg6lM2CmQj6Zy0hezuamaIAWz+eokrq3YQE/36dhl
NceS2RrtdQ8AhHFENWLzaw5zn7pOoslvQ7SKS4jPM6QSqVYInpWBci8jqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPFA2iGcNmD90ilI3rLTOyb4lWNMB8GA1UdIwQY
MBaAFKWwwFcx76S75cKjCuUYn3eF0tSZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGJEQVZ6SHZwTHZsd3FNSzVSaWZkNFhTMUprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8yNTE0OWMtMDkzMi00NjgzLThhYjgt
ZDE1ZmViZGY1ZWNmLzEvVThVRGFJWncyWVAzU0tVamVzdE03SnZpVlkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8yNTE0OWMtMDkzMi00NjgzLThhYjgtZDE1ZmViZGY1ZWNm
LzEvcGJEQVZ6SHZwTHZsd3FNSzVSaWZkNFhTMUprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwF46MA0G
CSqGSIb3DQEBCwUAA4IBAQCxM6JQix3x+ksJODr9KKidqeUeg4aSA4RrXDhTvpMS
ueKnc1nF6m56aSF12CuvctEi0iwDcickYaQ4q6y729w8nO0ZPLe4U3qLv86hSaOC
suDzWH5t5NVRXRjH65ujxyZBJrWX4o7cj4nbLqr7lXkVHZ2Kc0m4FHpkqFXlfovM
K/Xd1XBVcndv6vzQW8whdI2vnf33FaucF/oTQWeV1ACR0CFeC/0tb2vDIOVL0fju
7oEimgXlpaNd4wOhZAq+W061aTIecBmpCGcfjWiOQlmvI1V/eIbDVows4KgNsXbD
LYfcQPXAmcogv2M+uSUX5xbZbfsI/8VKjXvQQH95OtKu
-----END CERTIFICATE-----