Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/UAg-lvUrA3pIOde0diAUpR2UidM.roa
File:                     UAg-lvUrA3pIOde0diAUpR2UidM.roa (raw, json)
Hash identifier:          1kpFDgrIlgt14TuAZasJeZ5bfTPc/oBkNiktiRjkFbs=
Subject key identifier:   50:08:3E:96:F5:2B:03:7A:48:39:D7:B4:76:20:14:A5:1D:94:89:D3
Certificate issuer:       /CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
Certificate serial:       019CE24FF97E9BFD780C99BEE8B2645D51DB
Authority key identifier: 1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/UAg-lvUrA3pIOde0diAUpR2UidM.roa
Signing time:             Thu 12 Mar 2026 13:50:17 +0000
ROA not before:           Thu 12 Mar 2026 13:50:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200203
IP address blocks:        2a01:ecc1::/32 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 13:50:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e2:4f:f9:7e:9b:fd:78:0c:99:be:e8:b2:64:5d:51:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
        Validity
            Not Before: Mar 12 13:50:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=50083e96f52b037a4839d7b4762014a51d9489d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:81:1d:b6:f4:04:35:ce:55:ae:3c:21:3a:d1:
                    bb:ef:bc:54:af:d3:b4:1f:01:35:a3:89:7a:42:82:
                    b2:2d:49:45:50:f0:d0:75:5b:f5:7b:45:22:c6:09:
                    d5:10:b6:54:de:53:4c:d7:1d:c6:3e:fc:59:f3:71:
                    71:92:b3:84:02:a6:5b:84:47:8e:99:8a:2f:40:4a:
                    38:70:5e:e2:2d:4a:18:a6:1a:80:45:48:dc:53:66:
                    25:1b:24:fa:9c:fd:c3:35:b7:8e:14:de:b5:f0:34:
                    e5:c8:3c:09:6d:bc:2b:2d:cf:10:7a:43:b8:fe:3f:
                    19:11:d5:46:81:80:e1:69:ef:28:5e:b0:bd:4c:af:
                    1c:c6:ce:9f:2d:bd:76:ef:dd:be:dc:30:cd:1e:d7:
                    01:47:11:00:f3:76:20:e7:18:48:f9:54:60:a4:7a:
                    58:9b:72:55:2f:fb:2f:50:74:d0:5a:9e:e6:a3:a8:
                    0d:82:71:ec:5d:e6:ef:e4:17:e1:e7:81:9f:6b:fb:
                    e0:ca:24:83:8b:9d:5a:11:26:af:57:c6:8c:42:16:
                    f8:4c:68:54:55:23:5b:b2:e5:e4:ac:19:cd:1d:9a:
                    6b:16:4a:e6:e4:a6:34:89:58:e6:9d:6f:d6:8c:bb:
                    be:7e:9a:cd:e9:5f:7d:72:1b:02:db:24:eb:4d:86:
                    3e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:08:3E:96:F5:2B:03:7A:48:39:D7:B4:76:20:14:A5:1D:94:89:D3
            X509v3 Authority Key Identifier:
                keyid:1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/UAg-lvUrA3pIOde0diAUpR2UidM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ecc1::/32

    Signature Algorithm: sha256WithRSAEncryption
         22:e0:ab:eb:79:51:8b:72:06:96:d0:d7:74:de:c6:93:ce:8b:
         d5:52:2f:20:e4:67:e5:6d:d1:4f:07:e5:47:4d:79:e5:e5:88:
         f5:27:b3:4f:bd:12:c9:b1:80:16:9f:8d:0b:37:4c:a0:dc:fe:
         1b:97:2f:83:aa:17:f6:7e:f8:8b:c0:2e:97:4a:cd:52:0c:0f:
         78:64:9f:9c:3f:b8:6a:9f:85:c9:48:69:a1:a2:95:37:da:be:
         e0:3c:63:33:f7:b8:73:96:8a:f0:b8:6c:c6:40:b6:9d:8c:9d:
         c0:78:ee:bb:77:a5:bd:6e:98:35:1d:5b:e4:81:53:ff:96:06:
         8f:79:c5:0c:37:0f:ee:3b:28:8f:b2:34:73:4c:82:cc:18:a6:
         27:90:6c:fb:5c:d4:70:6f:c3:4e:a9:cc:78:9a:39:2d:f5:e3:
         cf:3e:71:1e:fd:89:78:f8:f7:03:d5:16:e9:d5:df:61:da:38:
         a2:26:b9:53:28:91:09:b8:af:fe:19:f2:4a:72:0a:4d:33:15:
         a6:e5:d6:56:23:22:11:07:c6:18:59:51:11:a9:23:99:96:cb:
         bf:e6:5b:ea:49:ab:67:e3:4e:f7:2f:fa:78:6b:b2:70:17:cc:
         13:e4:a2:40:34:9f:b9:ad:05:96:81:16:86:5f:67:44:7e:ed:
         12:55:02:58
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZziT/l+m/14DJm+6LJkXVHbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNDNhMjQ4NDU2OWQyMGUzZjUzYzE3YmU3YjlmYjI5YzM0
ZWU1YmUwHhcNMjYwMzEyMTM1MDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDA4M2U5NmY1MmIwMzdhNDgzOWQ3YjQ3NjIwMTRhNTFkOTQ4OWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvIEdtvQENc5VrjwhOtG777xUr9O0
HwE1o4l6QoKyLUlFUPDQdVv1e0UixgnVELZU3lNM1x3GPvxZ83FxkrOEAqZbhEeO
mYovQEo4cF7iLUoYphqARUjcU2YlGyT6nP3DNbeOFN618DTlyDwJbbwrLc8QekO4
/j8ZEdVGgYDhae8oXrC9TK8cxs6fLb12792+3DDNHtcBRxEA83Yg5xhI+VRgpHpY
m3JVL/svUHTQWp7mo6gNgnHsXebv5Bfh54Gfa/vgyiSDi51aESavV8aMQhb4TGhU
VSNbsuXkrBnNHZprFkrm5KY0iVjmnW/WjLu+fprN6V99chsC2yTrTYY+YwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFAIPpb1KwN6SDnXtHYgFKUdlInTMB8GA1UdIwQY
MBaAFB1DokhFadIOP1PBe+e5+ynDTuW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjkt
NjM0NTE1NDg5NzlkLzEvVUFnLWx2VXJBM3BJT2RlMGRpQVVwUjJVaWRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjktNjM0NTE1NDg5Nzlk
LzEvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgHswTAN
BgkqhkiG9w0BAQsFAAOCAQEAIuCr63lRi3IGltDXdN7Gk86L1VIvIORn5W3RTwfl
R0155eWI9SezT70SybGAFp+NCzdMoNz+G5cvg6oX9n74i8Aul0rNUgwPeGSfnD+4
ap+FyUhpoaKVN9q+4DxjM/e4c5aK8LhsxkC2nYydwHjuu3elvW6YNR1b5IFT/5YG
j3nFDDcP7jsoj7I0c0yCzBimJ5Bs+1zUcG/DTqnMeJo5LfXjzz5xHv2JePj3A9UW
6dXfYdo4oia5UyiRCbiv/hnySnIKTTMVpuXWViMiEQfGGFlREakjmZbLv+Zb6kmr
Z+NO9y/6eGuycBfME+SiQDSfua0FloEWhl9nRH7tElUCWA==
-----END CERTIFICATE-----