Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/UKgyZpDszHQVZOaR9O2XC4sUudk.roa
File:                     UKgyZpDszHQVZOaR9O2XC4sUudk.roa (raw, json)
Hash identifier:          f8QKKD0F5vbz+3QQOUYIjG3+9rA4qCtDYMXQzRtLsWk=
Subject key identifier:   50:A8:32:66:90:EC:CC:74:15:64:E6:91:F4:ED:97:0B:8B:14:B9:D9
Certificate issuer:       /CN=f30e445195b64d799b822e99947792e0cab32b6d
Certificate serial:       019F124C4699505F09DDE5B49FA28850484F
Authority key identifier: F3:0E:44:51:95:B6:4D:79:9B:82:2E:99:94:77:92:E0:CA:B3:2B:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/UKgyZpDszHQVZOaR9O2XC4sUudk.roa
Signing time:             Mon 29 Jun 2026 07:33:36 +0000
ROA not before:           Mon 29 Jun 2026 07:33:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209961
IP address blocks:        189.13.146.0/24 maxlen: 24
                          189.13.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 14:31:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:12:4c:46:99:50:5f:09:dd:e5:b4:9f:a2:88:50:48:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f30e445195b64d799b822e99947792e0cab32b6d
        Validity
            Not Before: Jun 29 07:33:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=50a8326690eccc741564e691f4ed970b8b14b9d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:0d:06:48:34:c2:43:2f:f2:cd:7c:31:e1:9a:
                    bb:f7:e2:3c:06:5a:15:ab:87:f1:08:aa:ac:e5:55:
                    ee:0d:6d:3b:97:31:3b:18:fd:f0:6c:8d:af:e9:60:
                    b6:13:6f:4c:51:09:6c:b8:88:3e:09:23:2d:85:20:
                    63:f7:06:64:be:c0:93:06:b9:7f:ba:bf:c5:43:70:
                    d0:07:8c:18:bc:b8:dd:f8:ad:af:5b:17:bd:31:7a:
                    e3:ef:c1:d3:cc:ea:59:e7:e2:cd:eb:5e:54:25:0c:
                    52:66:d5:42:af:0e:d7:b2:e8:08:b6:1f:09:a1:fd:
                    91:e2:aa:52:13:e2:9d:f2:32:ba:88:4b:7d:3d:37:
                    f5:4e:5c:b8:ad:e6:8f:93:e7:46:dc:5a:3e:7d:f1:
                    34:93:c3:9f:fd:1a:ec:fe:23:00:dd:3c:a2:52:82:
                    a9:c5:3d:74:7d:6d:9b:aa:b9:ad:9e:fb:ae:d3:42:
                    cb:cf:14:22:30:68:e9:49:62:ec:87:6d:3e:4c:73:
                    61:4b:26:ae:df:95:df:71:2a:db:7e:33:a6:29:21:
                    77:25:ef:14:4c:10:7d:48:ec:54:bf:b8:c2:62:94:
                    43:03:e7:93:c6:36:6b:2e:dd:ae:aa:7d:21:73:5a:
                    41:91:b4:0f:1d:ef:24:cc:c9:bc:49:50:5c:3d:20:
                    0f:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:A8:32:66:90:EC:CC:74:15:64:E6:91:F4:ED:97:0B:8B:14:B9:D9
            X509v3 Authority Key Identifier:
                keyid:F3:0E:44:51:95:B6:4D:79:9B:82:2E:99:94:77:92:E0:CA:B3:2B:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/UKgyZpDszHQVZOaR9O2XC4sUudk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  189.13.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:af:52:5e:5d:74:4a:aa:45:56:fc:73:54:2a:b0:ca:ca:cc:
         f7:3e:9a:8f:bc:10:0c:02:aa:c6:7a:45:46:fa:50:31:8e:75:
         47:4e:12:e6:9f:59:60:c1:34:6d:86:84:29:2b:e0:ab:b9:85:
         55:b6:d9:b5:c4:b2:7a:46:ab:4b:ca:f3:6b:74:e4:52:cc:42:
         01:90:46:7e:2a:c0:45:09:e3:4e:d1:2f:42:fa:35:5d:9a:9c:
         f4:31:35:d5:90:f7:ad:00:e4:ac:8e:bd:4c:d8:dc:f8:90:ce:
         ed:15:01:32:32:66:aa:35:b9:b6:57:0b:ac:74:ae:8c:fa:df:
         0a:bc:c3:72:a6:6b:47:7b:ea:d2:34:f1:80:21:af:e4:58:c6:
         34:1b:5a:2c:0c:60:54:83:03:6d:70:e1:00:d3:78:be:1a:1a:
         e3:1a:4c:4d:8f:15:16:f5:bc:e5:8b:11:a8:f2:98:64:a1:f5:
         67:c5:be:04:d7:7d:97:1d:36:8f:c1:a8:05:a2:d5:71:2f:1a:
         32:4a:e7:99:fa:ec:17:f1:31:6a:0c:45:d8:76:fc:1f:21:54:
         3f:e3:1f:a8:cf:cc:82:0b:86:74:cc:59:46:db:e0:89:2e:f2:
         93:19:5c:dc:8a:fb:45:c4:25:dc:43:b4:7d:60:7c:d6:bd:9b:
         d1:ff:a1:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8STEaZUF8J3eW0n6KIUEhPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMGU0NDUxOTViNjRkNzk5YjgyMmU5OTk0Nzc5MmUwY2Fi
MzJiNmQwHhcNMjYwNjI5MDczMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGE4MzI2NjkwZWNjYzc0MTU2NGU2OTFmNGVkOTcwYjhiMTRiOWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkw0GSDTCQy/yzXwx4Zq79+I8BloV
q4fxCKqs5VXuDW07lzE7GP3wbI2v6WC2E29MUQlsuIg+CSMthSBj9wZkvsCTBrl/
ur/FQ3DQB4wYvLjd+K2vWxe9MXrj78HTzOpZ5+LN615UJQxSZtVCrw7XsugIth8J
of2R4qpSE+Kd8jK6iEt9PTf1Tly4reaPk+dG3Fo+ffE0k8Of/Rrs/iMA3TyiUoKp
xT10fW2bqrmtnvuu00LLzxQiMGjpSWLsh20+THNhSyau35XfcSrbfjOmKSF3Je8U
TBB9SOxUv7jCYpRDA+eTxjZrLt2uqn0hc1pBkbQPHe8kzMm8SVBcPSAPnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFCoMmaQ7Mx0FWTmkfTtlwuLFLnZMB8GA1UdIwQY
MBaAFPMORFGVtk15m4IumZR3kuDKsyttMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHc1RVVaVzJUWG1iZ2k2WmxIZVM0TXF6SzIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9iNTJjNWQtOTViYS00ZGQzLWJiYTgt
YjdjYTFmNDcyOGQwLzEvVUtneVpwRHN6SFFWWk9hUjlPMlhDNHNVdWRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9iNTJjNWQtOTViYS00ZGQzLWJiYTgtYjdjYTFmNDcyOGQw
LzEvOHc1RVVaVzJUWG1iZ2k2WmxIZVM0TXF6SzIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBvQ2SMA0G
CSqGSIb3DQEBCwUAA4IBAQBGr1JeXXRKqkVW/HNUKrDKysz3PpqPvBAMAqrGekVG
+lAxjnVHThLmn1lgwTRthoQpK+CruYVVttm1xLJ6RqtLyvNrdORSzEIBkEZ+KsBF
CeNO0S9C+jVdmpz0MTXVkPetAOSsjr1M2Nz4kM7tFQEyMmaqNbm2VwusdK6M+t8K
vMNypmtHe+rSNPGAIa/kWMY0G1osDGBUgwNtcOEA03i+GhrjGkxNjxUW9bzlixGo
8phkofVnxb4E132XHTaPwagFotVxLxoySueZ+uwX8TFqDEXYdvwfIVQ/4x+oz8yC
C4Z0zFlG2+CJLvKTGVzcivtFxCXcQ7R9YHzWvZvR/6F2
-----END CERTIFICATE-----