Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/c4d05f-10d5-4f8f-9a37-e5229ad5214e/1/UD_HyZZU2C19IaFsZaCL4In6Jj0.roa
File:                     UD_HyZZU2C19IaFsZaCL4In6Jj0.roa (raw, json)
Hash identifier:          rylHESPK2fj3KtkgDq6dsWyTS65oKT4JjrBMW31aQeo=
Subject key identifier:   50:3F:C7:C9:96:54:D8:2D:7D:21:A1:6C:65:A0:8B:E0:89:FA:26:3D
Certificate issuer:       /CN=d8679f95ca9b656b7ca221be6eb24f95e328b010
Certificate serial:       019CB4A03FC511F88E3B6CA8F8DBAF540AD3
Authority key identifier: D8:67:9F:95:CA:9B:65:6B:7C:A2:21:BE:6E:B2:4F:95:E3:28:B0:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2GeflcqbZWt8oiG-brJPleMosBA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/c4d05f-10d5-4f8f-9a37-e5229ad5214e/1/UD_HyZZU2C19IaFsZaCL4In6Jj0.roa
Signing time:             Tue 03 Mar 2026 16:55:26 +0000
ROA not before:           Tue 03 Mar 2026 16:55:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213702
IP address blocks:        194.238.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/c4d05f-10d5-4f8f-9a37-e5229ad5214e/1/2GeflcqbZWt8oiG-brJPleMosBA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/c4d05f-10d5-4f8f-9a37-e5229ad5214e/1/2GeflcqbZWt8oiG-brJPleMosBA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2GeflcqbZWt8oiG-brJPleMosBA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Mar 2026 00:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b4:a0:3f:c5:11:f8:8e:3b:6c:a8:f8:db:af:54:0a:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8679f95ca9b656b7ca221be6eb24f95e328b010
        Validity
            Not Before: Mar  3 16:55:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=503fc7c99654d82d7d21a16c65a08be089fa263d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:5f:8a:9c:e9:b5:13:bb:11:d2:64:5b:f6:e7:
                    66:8e:a2:f4:26:8b:fc:83:7c:86:40:82:8b:d4:9e:
                    36:6a:d3:11:54:41:36:69:98:6c:01:99:54:22:33:
                    5a:0e:a8:20:0a:62:17:06:6c:ef:c2:3f:9a:fa:fb:
                    eb:a2:84:81:d9:0e:93:35:96:4b:73:3a:1d:31:d0:
                    b9:5a:93:ab:04:38:57:9e:35:46:65:0e:90:c5:7c:
                    1f:ab:5f:65:cf:6d:e3:53:19:3c:6a:59:e2:6e:9e:
                    ac:dc:04:fb:8a:d9:92:98:8c:02:c4:e2:ad:3c:2c:
                    8f:10:4f:de:b7:b5:87:5d:87:3e:76:c8:a1:ee:eb:
                    4c:c5:c0:48:21:5f:51:dc:ef:cc:b8:32:bb:28:80:
                    5e:e7:7e:44:29:aa:42:55:22:11:09:06:5f:eb:24:
                    cd:c3:57:bb:09:dc:16:fc:3f:49:14:ee:85:35:fa:
                    ce:53:3e:99:c0:2f:cc:9b:0c:8f:a7:01:1b:d9:ba:
                    58:23:b4:d4:28:98:94:11:db:dc:ac:90:3e:06:9d:
                    21:8d:32:f2:af:7b:94:a4:d8:ad:a0:a9:ab:b2:7d:
                    8e:fe:62:54:76:ab:46:fa:8e:a1:37:db:a6:2e:e0:
                    5e:69:38:54:77:68:e3:ca:d2:10:75:11:9c:a7:61:
                    2f:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:3F:C7:C9:96:54:D8:2D:7D:21:A1:6C:65:A0:8B:E0:89:FA:26:3D
            X509v3 Authority Key Identifier:
                keyid:D8:67:9F:95:CA:9B:65:6B:7C:A2:21:BE:6E:B2:4F:95:E3:28:B0:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2GeflcqbZWt8oiG-brJPleMosBA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/c4d05f-10d5-4f8f-9a37-e5229ad5214e/1/UD_HyZZU2C19IaFsZaCL4In6Jj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/c4d05f-10d5-4f8f-9a37-e5229ad5214e/1/2GeflcqbZWt8oiG-brJPleMosBA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.238.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:73:e6:1f:93:bc:cd:f0:df:18:e4:da:d0:e9:0c:ad:a3:81:
         9b:b4:11:c3:1d:b4:17:8d:c4:1f:1d:db:6e:5b:bf:cb:96:34:
         23:65:42:72:ed:07:26:54:0d:3a:e5:95:c4:42:4f:04:81:4a:
         c9:cc:d1:b6:b3:34:3d:b0:ed:a1:9d:cc:f3:a4:61:39:b1:c2:
         7e:02:67:e4:bf:e8:8d:bd:44:a5:86:cc:e5:3b:dc:9d:51:03:
         51:99:b6:d6:5e:16:1f:fa:bf:c1:50:25:3c:98:6b:c9:da:5a:
         47:23:90:82:ad:06:72:2c:0c:4a:eb:94:3f:fc:5b:a6:96:c4:
         fd:45:17:32:fa:96:a6:6c:bb:19:bd:ed:fa:a0:95:fc:e5:53:
         a6:bd:d9:52:fb:02:14:d9:7f:ce:c0:c6:60:9b:f2:87:c7:5e:
         6f:54:74:37:d4:ec:06:71:c3:e2:12:2a:6f:3d:e4:41:94:3e:
         21:b4:65:e1:f8:5b:d2:25:b6:45:5e:5a:ae:8f:24:f6:26:91:
         b3:b0:25:be:07:8f:92:fb:f5:0d:d8:72:b4:9e:1e:e5:d7:aa:
         d8:3d:bf:19:5f:3a:3e:3a:d6:1e:dc:ec:f3:b5:27:27:6a:4c:
         94:05:d9:ae:bd:44:f7:82:db:c1:bb:15:ee:e6:58:4a:6f:3a:
         84:c7:5f:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy0oD/FEfiOO2yo+NuvVArTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4Njc5Zjk1Y2E5YjY1NmI3Y2EyMjFiZTZlYjI0Zjk1ZTMy
OGIwMTAwHhcNMjYwMzAzMTY1NTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDNmYzdjOTk2NTRkODJkN2QyMWExNmM2NWEwOGJlMDg5ZmEyNjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzl+KnOm1E7sR0mRb9udmjqL0Jov8
g3yGQIKL1J42atMRVEE2aZhsAZlUIjNaDqggCmIXBmzvwj+a+vvrooSB2Q6TNZZL
czodMdC5WpOrBDhXnjVGZQ6QxXwfq19lz23jUxk8alnibp6s3AT7itmSmIwCxOKt
PCyPEE/et7WHXYc+dsih7utMxcBIIV9R3O/MuDK7KIBe535EKapCVSIRCQZf6yTN
w1e7CdwW/D9JFO6FNfrOUz6ZwC/MmwyPpwEb2bpYI7TUKJiUEdvcrJA+Bp0hjTLy
r3uUpNitoKmrsn2O/mJUdqtG+o6hN9umLuBeaThUd2jjytIQdRGcp2EvEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFA/x8mWVNgtfSGhbGWgi+CJ+iY9MB8GA1UdIwQY
MBaAFNhnn5XKm2VrfKIhvm6yT5XjKLAQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkdlZmxjcWJaV3Q4b2lHLWJySlBsZU1vc0JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9jNGQwNWYtMTBkNS00ZjhmLTlhMzct
ZTUyMjlhZDUyMTRlLzEvVURfSHlaWlUyQzE5SWFGc1phQ0w0SW42SmowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9jNGQwNWYtMTBkNS00ZjhmLTlhMzctZTUyMjlhZDUyMTRl
LzEvMkdlZmxjcWJaV3Q4b2lHLWJySlBsZU1vc0JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwu45MA0G
CSqGSIb3DQEBCwUAA4IBAQBkc+Yfk7zN8N8Y5NrQ6Qyto4GbtBHDHbQXjcQfHdtu
W7/LljQjZUJy7QcmVA065ZXEQk8EgUrJzNG2szQ9sO2hnczzpGE5scJ+Amfkv+iN
vUSlhszlO9ydUQNRmbbWXhYf+r/BUCU8mGvJ2lpHI5CCrQZyLAxK65Q//FumlsT9
RRcy+pambLsZve36oJX85VOmvdlS+wIU2X/OwMZgm/KHx15vVHQ31OwGccPiEipv
PeRBlD4htGXh+FvSJbZFXlqujyT2JpGzsCW+B4+S+/UN2HK0nh7l16rYPb8ZXzo+
OtYe3OzztScnakyUBdmuvUT3gtvBuxXu5lhKbzqEx18B
-----END CERTIFICATE-----