Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/bfb542-4f67-46c5-9710-694252f029f1/1/UolwYZuHnM6TWMgpaeNx_kCaEpQ.roa
File:                     UolwYZuHnM6TWMgpaeNx_kCaEpQ.roa (raw, json)
Hash identifier:          XPYl+yBBVtJ5hxLEhg4Pv8NSksuRu+MOUr6kP5Zq3mE=
Subject key identifier:   52:89:70:61:9B:87:9C:CE:93:58:C8:29:69:E3:71:FE:40:9A:12:94
Certificate issuer:       /CN=f88b443e992c665658942e6890d298d68cde6425
Certificate serial:       019CE8CCED41939B0334792C32AE2C0FFF8C
Authority key identifier: F8:8B:44:3E:99:2C:66:56:58:94:2E:68:90:D2:98:D6:8C:DE:64:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-ItEPpksZlZYlC5okNKY1ozeZCU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/bfb542-4f67-46c5-9710-694252f029f1/1/UolwYZuHnM6TWMgpaeNx_kCaEpQ.roa
Signing time:             Fri 13 Mar 2026 20:04:30 +0000
ROA not before:           Fri 13 Mar 2026 20:04:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        2a12:fdc0::/48 maxlen: 48
                          2a12:fdc0:1::/48 maxlen: 48
                          2a12:fdc0:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/bfb542-4f67-46c5-9710-694252f029f1/1/1-ItEPpksZlZYlC5okNKY1ozeZCU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/bfb542-4f67-46c5-9710-694252f029f1/1/1-ItEPpksZlZYlC5okNKY1ozeZCU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-ItEPpksZlZYlC5okNKY1ozeZCU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Mar 2026 00:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e8:cc:ed:41:93:9b:03:34:79:2c:32:ae:2c:0f:ff:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f88b443e992c665658942e6890d298d68cde6425
        Validity
            Not Before: Mar 13 20:04:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=528970619b879cce9358c82969e371fe409a1294
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:96:c6:1c:26:01:6d:c1:48:f6:8e:74:4a:3b:
                    06:35:35:00:db:19:af:42:52:26:05:0a:39:64:95:
                    27:f2:bb:0f:ad:bf:7d:88:5c:02:fc:d4:15:b2:b5:
                    0b:16:c4:b4:32:56:4b:05:8e:a4:02:a6:a1:d7:b7:
                    dd:39:77:52:24:b4:ba:e1:3d:c1:d1:26:01:64:83:
                    8c:b6:b5:28:03:c7:95:16:f3:26:aa:44:cf:f7:86:
                    29:bb:c0:2d:58:bd:05:ca:b2:f5:b7:cb:4c:c6:71:
                    84:d1:76:0a:a5:00:70:67:b2:d2:8a:7b:91:25:40:
                    df:db:70:33:0b:21:b9:95:80:76:f3:77:17:d5:99:
                    22:4c:19:43:d7:9a:e8:52:26:d7:a4:33:fa:ca:ce:
                    75:62:c8:40:5d:f0:a6:ea:50:a7:a1:27:c0:3c:48:
                    14:ae:10:64:0f:60:21:ad:4d:9a:e8:b9:ae:94:3c:
                    9e:ee:97:a0:46:42:c5:68:21:29:a7:03:0d:4f:02:
                    3a:56:a2:d5:ae:73:8d:c0:d4:4b:57:2d:c8:0d:a8:
                    4d:e7:20:d1:1e:71:f3:24:4b:82:fa:9f:81:39:20:
                    40:af:ee:50:56:0c:d6:1f:65:a4:2f:a2:ba:c7:b7:
                    63:91:97:fe:2b:ff:06:73:6d:55:5f:5f:f1:04:f7:
                    6b:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:89:70:61:9B:87:9C:CE:93:58:C8:29:69:E3:71:FE:40:9A:12:94
            X509v3 Authority Key Identifier:
                keyid:F8:8B:44:3E:99:2C:66:56:58:94:2E:68:90:D2:98:D6:8C:DE:64:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-ItEPpksZlZYlC5okNKY1ozeZCU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/bfb542-4f67-46c5-9710-694252f029f1/1/UolwYZuHnM6TWMgpaeNx_kCaEpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/bfb542-4f67-46c5-9710-694252f029f1/1/1-ItEPpksZlZYlC5okNKY1ozeZCU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:fdc0::-2a12:fdc0:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         3b:cc:cf:1d:c5:be:7f:4f:23:6b:22:a6:0e:a8:47:ca:79:92:
         b1:30:35:1a:c1:93:e2:29:f3:95:a1:9b:94:25:12:82:3c:28:
         e4:0a:3c:93:21:06:ee:c7:db:bf:a1:e5:cb:ee:57:f4:e9:b5:
         5f:54:31:fb:b3:72:cc:b1:19:96:c1:05:d9:a1:49:b6:4f:f0:
         96:d1:a8:30:77:0b:2d:58:49:65:6c:68:2a:3d:01:67:4b:a4:
         75:01:28:1c:8e:e4:48:88:0b:9a:9f:f7:93:50:b4:05:ab:8e:
         b9:89:d4:e9:bd:65:0f:78:d2:52:93:4b:2e:9f:27:db:64:a2:
         45:1a:1c:a6:c0:c7:5f:87:a8:a9:17:f6:65:ff:7a:db:b1:27:
         db:11:e9:52:05:1e:a0:7f:e8:ad:fc:3d:0a:41:9a:0f:1e:05:
         42:b5:32:b6:a3:5e:b0:77:e8:fd:60:8c:1c:13:2b:f7:25:d2:
         94:d7:c5:15:ae:eb:e6:92:0b:c6:c3:e7:d3:bc:e4:23:a6:e1:
         cf:ca:d7:57:95:00:b4:6e:56:c9:42:86:91:94:70:e5:ab:77:
         b3:62:65:74:ae:f0:96:d3:4a:dd:3d:6c:77:9e:90:e2:25:d9:
         d6:19:d9:85:86:98:16:af:2c:bc:5e:d1:4e:42:62:48:3d:0a:
         4e:b5:00:fb
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZzozO1Bk5sDNHksMq4sD/+MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4OGI0NDNlOTkyYzY2NTY1ODk0MmU2ODkwZDI5OGQ2OGNk
ZTY0MjUwHhcNMjYwMzEzMjAwNDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mjg5NzA2MTliODc5Y2NlOTM1OGM4Mjk2OWUzNzFmZTQwOWExMjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJbGHCYBbcFI9o50SjsGNTUA2xmv
QlImBQo5ZJUn8rsPrb99iFwC/NQVsrULFsS0MlZLBY6kAqah17fdOXdSJLS64T3B
0SYBZIOMtrUoA8eVFvMmqkTP94Ypu8AtWL0FyrL1t8tMxnGE0XYKpQBwZ7LSinuR
JUDf23AzCyG5lYB283cX1ZkiTBlD15roUibXpDP6ys51YshAXfCm6lCnoSfAPEgU
rhBkD2AhrU2a6LmulDye7pegRkLFaCEppwMNTwI6VqLVrnONwNRLVy3IDahN5yDR
HnHzJEuC+p+BOSBAr+5QVgzWH2WkL6K6x7djkZf+K/8Gc21VX1/xBPdrowIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFFKJcGGbh5zOk1jIKWnjcf5AmhKUMB8GA1UdIwQY
MBaAFPiLRD6ZLGZWWJQuaJDSmNaM3mQlMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1JdEVQcGtzWmxaWWxDNW9rTktZMW96ZVpDVS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWIvYmZiNTQyLTRmNjctNDZjNS05NzEw
LTY5NDI1MmYwMjlmMS8xL1VvbHdZWnVIbk02VFdNZ3BhZU54X2tDYUVwUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWIvYmZiNTQyLTRmNjctNDZjNS05NzEwLTY5NDI1MmYwMjlm
MS8xLzEtSXRFUHBrc1psWllsQzVva05LWTFvemVaQ1UuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgACMBIwEAMFBioS
/cADBwAqEv3AAAIwDQYJKoZIhvcNAQELBQADggEBADvMzx3Fvn9PI2sipg6oR8p5
krEwNRrBk+Ip85Whm5QlEoI8KOQKPJMhBu7H27+h5cvuV/TptV9UMfuzcsyxGZbB
BdmhSbZP8JbRqDB3Cy1YSWVsaCo9AWdLpHUBKByO5EiIC5qf95NQtAWrjrmJ1Om9
ZQ940lKTSy6fJ9tkokUaHKbAx1+HqKkX9mX/etuxJ9sR6VIFHqB/6K38PQpBmg8e
BUK1MrajXrB36P1gjBwTK/cl0pTXxRWu6+aSC8bD59O85COm4c/K11eVALRuVslC
hpGUcOWrd7NiZXSu8JbTSt09bHeekOIl2dYZ2YWGmBavLLxe0U5CYkg9Ck61APs=
-----END CERTIFICATE-----