Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/uRODisuztv5i0Tn15qCplZ0YgtU.roa
File:                     uRODisuztv5i0Tn15qCplZ0YgtU.roa (raw, json)
Hash identifier:          WvdV5FD6E3y1p5k4zIMmSQDZsYKtZU5ivsC23nFoO3I=
Subject key identifier:   B9:13:83:8A:CB:B3:B6:FE:62:D1:39:F5:E6:A0:A9:95:9D:18:82:D5
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       019EA5C54787290192349A5BB95F30B27238
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/uRODisuztv5i0Tn15qCplZ0YgtU.roa
Signing time:             Mon 08 Jun 2026 05:47:10 +0000
ROA not before:           Mon 08 Jun 2026 05:47:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58061
IP address blocks:        81.29.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Jun 2026 05:57:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a5:c5:47:87:29:01:92:34:9a:5b:b9:5f:30:b2:72:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Jun  8 05:47:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b913838acbb3b6fe62d139f5e6a0a9959d1882d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:75:2d:c4:49:6f:31:bb:64:d2:2d:77:37:b6:
                    87:f9:fc:43:77:56:28:fa:85:98:bb:d5:0a:09:d3:
                    4a:6b:9e:a9:80:76:f6:a6:e8:b7:58:fb:f6:d0:d9:
                    36:82:99:14:42:c6:34:4c:01:29:ad:01:ea:fc:85:
                    b5:5d:70:69:2e:53:01:98:9d:57:4d:a1:8a:41:c5:
                    2d:7b:fc:8e:ee:84:b4:b7:25:6c:1f:20:89:df:03:
                    c7:b7:9b:8c:92:e7:97:ed:28:8d:81:d5:72:7e:72:
                    8b:05:db:9a:b4:d8:58:7b:4e:6b:e9:ed:f6:d3:fb:
                    f1:ce:4c:35:ad:b1:34:fc:36:e1:b4:04:4e:97:a7:
                    04:d9:83:c0:98:ab:bb:a6:07:e7:cc:9b:ec:93:dc:
                    bc:76:76:f9:53:03:86:77:c3:a5:c9:9e:88:28:45:
                    d5:a8:b7:db:c4:0f:0a:df:44:34:a3:ab:6d:0c:39:
                    3b:5e:96:d1:ce:ae:6f:16:4c:0f:bc:fa:ea:d3:aa:
                    c2:20:1e:ed:a1:04:5d:e7:ec:85:83:88:bf:d1:ac:
                    fd:ea:d9:c6:4b:31:e9:98:99:5f:d6:30:15:ec:36:
                    9e:cb:bc:87:37:f5:64:f5:a0:70:c7:31:6f:cc:af:
                    6e:3e:0d:80:47:6d:bc:9e:0a:75:0b:8c:23:5d:1d:
                    e2:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:13:83:8A:CB:B3:B6:FE:62:D1:39:F5:E6:A0:A9:95:9D:18:82:D5
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/uRODisuztv5i0Tn15qCplZ0YgtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.29.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:7f:12:27:2f:56:7b:9f:e5:2f:b0:97:52:f1:3b:f8:66:8f:
         58:df:a5:7b:ba:2d:10:1e:63:d1:a8:90:50:24:2e:56:ee:ff:
         26:c4:66:11:fe:fa:a8:7b:06:2a:a5:f1:00:f1:ae:f2:ee:c6:
         a5:f1:67:97:b6:ab:ac:9c:8d:90:89:99:07:da:61:e7:82:f6:
         c3:2d:71:5b:ee:78:d7:ac:34:57:a0:96:81:b7:46:bc:9c:6a:
         e0:0b:b5:d6:6d:a5:6a:5b:49:3e:52:8f:f6:d0:9f:48:05:5e:
         81:e4:41:08:9c:3d:7e:81:b3:d6:1b:0d:5d:c2:76:6c:84:6e:
         2b:52:45:0c:38:3c:91:67:96:6d:68:7d:cd:d3:fa:e8:89:ca:
         3f:7f:62:8b:3a:3f:f8:a7:31:82:c9:20:8d:e3:bb:2a:46:21:
         4f:e6:59:32:01:9f:a1:35:40:55:03:ec:8c:62:97:43:cd:01:
         51:4e:28:3d:87:18:35:09:1a:ea:7c:3e:16:1c:47:e6:1d:aa:
         9d:b2:3c:e0:45:79:31:09:ea:5a:37:45:3e:8d:5e:3e:33:af:
         b7:8a:cd:75:17:22:ee:71:58:55:3a:d7:10:f0:81:af:31:0a:
         47:57:f8:df:ce:8d:f6:e1:8a:b7:e3:c0:d8:c3:0b:f7:a0:2c:
         47:f5:38:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6lxUeHKQGSNJpbuV8wsnI4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjYwNjA4MDU0NzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTEzODM4YWNiYjNiNmZlNjJkMTM5ZjVlNmEwYTk5NTlkMTg4MmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzXUtxElvMbtk0i13N7aH+fxDd1Yo
+oWYu9UKCdNKa56pgHb2pui3WPv20Nk2gpkUQsY0TAEprQHq/IW1XXBpLlMBmJ1X
TaGKQcUte/yO7oS0tyVsHyCJ3wPHt5uMkueX7SiNgdVyfnKLBduatNhYe05r6e32
0/vxzkw1rbE0/DbhtAROl6cE2YPAmKu7pgfnzJvsk9y8dnb5UwOGd8OlyZ6IKEXV
qLfbxA8K30Q0o6ttDDk7XpbRzq5vFkwPvPrq06rCIB7toQRd5+yFg4i/0az96tnG
SzHpmJlf1jAV7Daey7yHN/Vk9aBwxzFvzK9uPg2AR228ngp1C4wjXR3i8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLkTg4rLs7b+YtE59eagqZWdGILVMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvdVJPRGlzdXp0djVpMFRuMTVxQ3BsWjBZZ3RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR2fMA0G
CSqGSIb3DQEBCwUAA4IBAQApfxInL1Z7n+UvsJdS8Tv4Zo9Y36V7ui0QHmPRqJBQ
JC5W7v8mxGYR/vqoewYqpfEA8a7y7sal8WeXtqusnI2QiZkH2mHngvbDLXFb7njX
rDRXoJaBt0a8nGrgC7XWbaVqW0k+Uo/20J9IBV6B5EEInD1+gbPWGw1dwnZshG4r
UkUMODyRZ5ZtaH3N0/roico/f2KLOj/4pzGCySCN47sqRiFP5lkyAZ+hNUBVA+yM
YpdDzQFRTig9hxg1CRrqfD4WHEfmHaqdsjzgRXkxCepaN0U+jV4+M6+3is11FyLu
cVhVOtcQ8IGvMQpHV/jfzo324Yq348DYwwv3oCxH9Tgi
-----END CERTIFICATE-----