Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/uDj2Yyjz9Osyu9dJCu_3OQFz4uA.roa
File:                     uDj2Yyjz9Osyu9dJCu_3OQFz4uA.roa (raw, json)
Hash identifier:          3im4Wph6tBomBtiDPxXDGzF9rSSihCEjyLDoawI+nsw=
Subject key identifier:   B8:38:F6:63:28:F3:F4:EB:32:BB:D7:49:0A:EF:F7:39:01:73:E2:E0
Certificate issuer:       /CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
Certificate serial:       019E83800B11D868CE579A6641E99B12FAD3
Authority key identifier: BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/uDj2Yyjz9Osyu9dJCu_3OQFz4uA.roa
Signing time:             Mon 01 Jun 2026 14:04:27 +0000
ROA not before:           Mon 01 Jun 2026 14:04:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     395793
IP address blocks:        209.131.65.0/24 maxlen: 24
                          209.131.66.0/24 maxlen: 24
                          209.131.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:83:80:0b:11:d8:68:ce:57:9a:66:41:e9:9b:12:fa:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
        Validity
            Not Before: Jun  1 14:04:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b838f66328f3f4eb32bbd7490aeff7390173e2e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:6c:8e:3e:7c:ca:c0:1d:e4:52:23:b0:0b:17:
                    54:f8:9a:90:1c:68:ec:8b:9d:18:62:c4:b3:01:f2:
                    89:70:4c:95:51:16:a4:7c:91:ef:a7:20:b2:87:7b:
                    bd:11:e4:2f:67:bf:c1:c6:dd:6c:f5:33:e3:cd:19:
                    54:19:8c:85:2f:cb:cc:62:5e:53:fc:76:e4:40:59:
                    26:f4:24:2e:62:5b:be:e2:83:df:ae:21:9c:72:0e:
                    6f:69:57:ec:6e:08:43:e3:d6:e3:04:0c:71:ee:58:
                    e7:fe:5d:f9:bd:c1:03:14:67:5d:89:f2:b2:38:49:
                    4f:0d:03:8a:97:8e:f9:ea:4f:c8:65:91:57:50:a1:
                    1d:e8:4e:27:28:e8:d9:96:ce:10:f1:bb:ca:1f:0f:
                    c6:99:08:52:6b:e8:81:e7:43:f9:82:7e:06:be:6e:
                    d8:a9:32:64:72:0b:90:16:91:e0:aa:d3:cc:25:30:
                    53:52:5f:41:06:d8:0e:b4:65:5d:16:6b:68:33:12:
                    19:b5:01:db:cf:00:a0:f7:b0:f2:a1:1a:57:d9:92:
                    8c:f7:4a:1f:3a:72:a0:14:1a:fa:cc:a4:77:50:49:
                    ed:79:6f:07:76:14:35:0a:de:ae:2c:93:ad:2d:18:
                    e8:46:94:a3:0b:66:db:d2:2d:79:cd:da:2e:4a:02:
                    b8:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:38:F6:63:28:F3:F4:EB:32:BB:D7:49:0A:EF:F7:39:01:73:E2:E0
            X509v3 Authority Key Identifier:
                keyid:BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/uDj2Yyjz9Osyu9dJCu_3OQFz4uA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.131.65.0-209.131.66.255
                  209.131.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:b7:56:6f:ad:59:be:f7:39:50:a0:e1:c1:f6:6f:b5:17:b0:
         af:84:c1:7e:f8:d2:a3:bb:b0:89:67:80:ca:2d:7e:ba:fb:e1:
         33:1d:86:9e:68:78:01:5c:30:f3:6e:53:92:20:d4:7a:b9:aa:
         d0:a7:b2:30:8b:1e:a4:a4:d2:ad:a6:88:3c:6f:f2:85:e5:d8:
         51:25:c6:75:ba:0f:7c:c6:e9:40:e9:78:3a:2f:e2:1b:6a:17:
         1e:f3:8b:da:99:9f:34:84:c1:90:b7:90:9c:12:e8:c6:2b:b2:
         7b:ea:5b:b2:a7:3b:9b:68:36:5f:ed:2f:1c:a4:f5:23:ec:fd:
         6a:73:2a:9e:2b:b6:81:7e:f9:3f:63:81:71:69:db:ca:a7:2b:
         0b:49:20:ea:4d:7c:ee:ac:9a:72:62:ad:e4:af:9a:8d:11:a2:
         10:cf:41:01:62:ea:27:96:ca:c9:9b:df:61:d6:e2:af:fe:f1:
         2a:eb:de:97:47:05:d3:07:3c:7f:36:29:fc:38:a3:fc:de:be:
         bf:d9:b0:f5:03:c2:42:57:e6:14:87:5f:4b:00:0d:d7:d0:3d:
         8c:8b:db:86:15:b9:0e:ad:a6:e5:4c:11:c1:30:26:fc:ea:88:
         db:3b:6f:7b:bf:6c:ac:eb:85:c7:b7:93:28:ed:a7:1e:70:ea:
         b9:42:e7:ca
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ6DgAsR2GjOV5pmQembEvrTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNjdiZmY3YmFkMWViODM4NGI1ODVkZjdiZWYxMjA2Zjdm
MTlmN2UwHhcNMjYwNjAxMTQwNDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODM4ZjY2MzI4ZjNmNGViMzJiYmQ3NDkwYWVmZjczOTAxNzNlMmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2yOPnzKwB3kUiOwCxdU+JqQHGjs
i50YYsSzAfKJcEyVURakfJHvpyCyh3u9EeQvZ7/Bxt1s9TPjzRlUGYyFL8vMYl5T
/HbkQFkm9CQuYlu+4oPfriGccg5vaVfsbghD49bjBAxx7ljn/l35vcEDFGddifKy
OElPDQOKl4756k/IZZFXUKEd6E4nKOjZls4Q8bvKHw/GmQhSa+iB50P5gn4Gvm7Y
qTJkcguQFpHgqtPMJTBTUl9BBtgOtGVdFmtoMxIZtQHbzwCg97DyoRpX2ZKM90of
OnKgFBr6zKR3UEnteW8HdhQ1Ct6uLJOtLRjoRpSjC2bb0i15zdouSgK4mwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFLg49mMo8/TrMrvXSQrv9zkBc+LgMB8GA1UdIwQY
MBaAFLpnv/e60euDhLWF33vvEgb38Z9+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYt
ZGE0NTM4MDIyYWM3LzEvdURqMll5ano5T3N5dTlkSkN1XzNPUUZ6NHVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYtZGE0NTM4MDIyYWM3
LzEvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBADRg0ED
BADRg0IDBADRg0QwDQYJKoZIhvcNAQELBQADggEBACm3Vm+tWb73OVCg4cH2b7UX
sK+EwX740qO7sIlngMotfrr74TMdhp5oeAFcMPNuU5Ig1Hq5qtCnsjCLHqSk0q2m
iDxv8oXl2FElxnW6D3zG6UDpeDov4htqFx7zi9qZnzSEwZC3kJwS6MYrsnvqW7Kn
O5toNl/tLxyk9SPs/WpzKp4rtoF++T9jgXFp28qnKwtJIOpNfO6smnJireSvmo0R
ohDPQQFi6ieWysmb32HW4q/+8Srr3pdHBdMHPH82Kfw4o/zevr/ZsPUDwkJX5hSH
X0sADdfQPYyL24YVuQ6tpuVMEcEwJvzqiNs7b3u/bKzrhce3kyjtpx5w6rlC58o=
-----END CERTIFICATE-----