Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/f0ad4d-d1c2-4f15-a199-e34255f5006a/1/Uny2MgmTOohOF4BGAwFHFYH0KJs.roa
File:                     Uny2MgmTOohOF4BGAwFHFYH0KJs.roa (raw, json)
Hash identifier:          Hdl7jGTsKmTRUmRObQs3XRCDB7iUF6evKCo5QMlo1+g=
Subject key identifier:   52:7C:B6:32:09:93:3A:88:4E:17:80:46:03:01:47:15:81:F4:28:9B
Certificate issuer:       /CN=2ed9b0ee387c9afd15c7b7784005e86cc97e8818
Certificate serial:       019E6462DC2C717E808382884FF71193E65C
Authority key identifier: 2E:D9:B0:EE:38:7C:9A:FD:15:C7:B7:78:40:05:E8:6C:C9:7E:88:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ltmw7jh8mv0Vx7d4QAXobMl-iBg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/f0ad4d-d1c2-4f15-a199-e34255f5006a/1/Uny2MgmTOohOF4BGAwFHFYH0KJs.roa
Signing time:             Tue 26 May 2026 13:04:20 +0000
ROA not before:           Tue 26 May 2026 13:04:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203273
IP address blocks:        2a01:e5c0:9000::/36 maxlen: 36
                          2a01:e5c0:f000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/f0ad4d-d1c2-4f15-a199-e34255f5006a/1/Ltmw7jh8mv0Vx7d4QAXobMl-iBg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/f0ad4d-d1c2-4f15-a199-e34255f5006a/1/Ltmw7jh8mv0Vx7d4QAXobMl-iBg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ltmw7jh8mv0Vx7d4QAXobMl-iBg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 31 May 2026 16:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:64:62:dc:2c:71:7e:80:83:82:88:4f:f7:11:93:e6:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ed9b0ee387c9afd15c7b7784005e86cc97e8818
        Validity
            Not Before: May 26 13:04:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=527cb63209933a884e1780460301471581f4289b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:de:1c:19:d0:32:f9:e4:99:39:6c:b0:b4:3b:
                    32:2b:9e:5a:57:34:ee:19:6f:0e:c6:e4:6d:42:d0:
                    f9:09:4c:ab:09:2a:6b:da:da:db:e5:86:21:f0:ad:
                    4b:31:2a:7f:e9:9f:87:82:b0:2f:b3:ec:57:bb:29:
                    9a:08:b3:2f:65:d2:64:b7:cf:5d:75:d7:30:34:78:
                    82:7c:84:62:0a:3e:74:db:13:6a:12:75:56:a9:70:
                    50:e2:9e:df:bc:2c:6b:14:87:81:78:ff:dd:a6:18:
                    78:07:1f:34:da:3b:3d:4f:11:eb:3e:93:5e:3c:09:
                    65:a3:d3:50:8a:13:63:eb:26:0e:0c:cf:bf:82:4d:
                    8c:1e:36:d8:2b:40:1d:f3:4d:0d:26:18:b6:04:71:
                    a5:92:fe:c7:2f:44:1b:a0:63:8f:d0:29:8a:c2:da:
                    d0:ae:24:d7:e7:a0:44:ad:3e:3e:54:80:be:7f:d7:
                    db:02:67:11:98:5f:71:b1:0e:eb:69:c8:df:c7:27:
                    92:ad:56:0e:be:70:b5:54:a6:8a:51:a6:aa:fc:9b:
                    a8:ba:6e:fb:44:0d:d1:bf:ef:fa:14:83:6d:47:71:
                    3f:c3:dc:53:c0:75:a1:3f:ee:b8:19:9a:c5:67:1b:
                    68:97:1f:5b:7c:54:75:48:8c:71:38:0e:5e:49:05:
                    cf:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:7C:B6:32:09:93:3A:88:4E:17:80:46:03:01:47:15:81:F4:28:9B
            X509v3 Authority Key Identifier:
                keyid:2E:D9:B0:EE:38:7C:9A:FD:15:C7:B7:78:40:05:E8:6C:C9:7E:88:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ltmw7jh8mv0Vx7d4QAXobMl-iBg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/f0ad4d-d1c2-4f15-a199-e34255f5006a/1/Uny2MgmTOohOF4BGAwFHFYH0KJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/f0ad4d-d1c2-4f15-a199-e34255f5006a/1/Ltmw7jh8mv0Vx7d4QAXobMl-iBg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e5c0:9000::/36
                  2a01:e5c0:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         25:58:e1:8c:bb:f7:03:e2:94:cb:d1:ed:87:bc:9f:8b:71:2b:
         76:74:80:02:1a:dd:1b:ae:04:fd:f4:79:e4:7f:69:11:b6:58:
         67:d1:ba:7f:88:68:40:99:27:f3:ed:25:26:fa:cf:77:29:aa:
         69:0d:63:b1:38:25:bc:9e:d2:bc:fb:c6:45:85:ac:f2:d8:54:
         07:41:50:2b:f6:58:8a:bb:74:ab:7c:92:cf:36:87:50:f9:73:
         60:65:3e:d7:2f:6e:cc:b0:ed:43:b3:09:55:d5:b2:46:5a:7b:
         1b:c9:5b:30:2b:07:d9:3d:21:67:1c:b7:fc:64:b2:89:12:15:
         02:b5:e9:47:e4:03:f0:ed:81:98:3c:30:01:ee:3f:e8:dc:e4:
         cb:db:74:9a:83:51:58:e1:dd:b8:a9:e1:7d:93:00:78:fe:21:
         7d:62:6d:57:7b:a0:04:53:fa:87:5f:ae:a7:f6:b1:48:b5:b3:
         34:a4:fd:d5:f3:d5:0b:97:02:db:07:c8:8a:bc:fd:85:3a:cf:
         a0:6e:ae:32:52:96:40:d9:f3:ab:63:c7:f7:5f:ff:30:c4:b4:
         46:90:38:83:17:d2:54:93:38:8f:2f:bf:08:8c:ec:17:26:5c:
         f9:76:97:b3:08:00:97:7e:ad:cd:c8:99:0d:14:69:b9:7f:73:
         a1:e2:92:a3
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZ5kYtwscX6Ag4KIT/cRk+ZcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZDliMGVlMzg3YzlhZmQxNWM3Yjc3ODQwMDVlODZjYzk3
ZTg4MTgwHhcNMjYwNTI2MTMwNDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjdjYjYzMjA5OTMzYTg4NGUxNzgwNDYwMzAxNDcxNTgxZjQyODliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwN4cGdAy+eSZOWywtDsyK55aVzTu
GW8OxuRtQtD5CUyrCSpr2trb5YYh8K1LMSp/6Z+HgrAvs+xXuymaCLMvZdJkt89d
ddcwNHiCfIRiCj502xNqEnVWqXBQ4p7fvCxrFIeBeP/dphh4Bx802js9TxHrPpNe
PAllo9NQihNj6yYODM+/gk2MHjbYK0Ad800NJhi2BHGlkv7HL0QboGOP0CmKwtrQ
riTX56BErT4+VIC+f9fbAmcRmF9xsQ7racjfxyeSrVYOvnC1VKaKUaaq/Juoum77
RA3Rv+/6FINtR3E/w9xTwHWhP+64GZrFZxtolx9bfFR1SIxxOA5eSQXPUwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFFJ8tjIJkzqITheARgMBRxWB9CibMB8GA1UdIwQY
MBaAFC7ZsO44fJr9Fce3eEAF6GzJfogYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHRtdzdqaDhtdjBWeDdkNFFBWG9iTWwtaUJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9mMGFkNGQtZDFjMi00ZjE1LWExOTkt
ZTM0MjU1ZjUwMDZhLzEvVW55Mk1nbVRPb2hPRjRCR0F3RkhGWUgwS0pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9mMGFkNGQtZDFjMi00ZjE1LWExOTktZTM0MjU1ZjUwMDZh
LzEvTHRtdzdqaDhtdjBWeDdkNFFBWG9iTWwtaUJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYEKgHlwJAD
BgQqAeXA8DANBgkqhkiG9w0BAQsFAAOCAQEAJVjhjLv3A+KUy9Hth7yfi3ErdnSA
AhrdG64E/fR55H9pEbZYZ9G6f4hoQJkn8+0lJvrPdymqaQ1jsTglvJ7SvPvGRYWs
8thUB0FQK/ZYirt0q3ySzzaHUPlzYGU+1y9uzLDtQ7MJVdWyRlp7G8lbMCsH2T0h
Zxy3/GSyiRIVArXpR+QD8O2BmDwwAe4/6Nzky9t0moNRWOHduKnhfZMAeP4hfWJt
V3ugBFP6h1+up/axSLWzNKT91fPVC5cC2wfIirz9hTrPoG6uMlKWQNnzq2PH91//
MMS0RpA4gxfSVJM4jy+/CIzsFyZc+XaXswgAl36tzciZDRRpuX9zoeKSow==
-----END CERTIFICATE-----