Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/9d563d-c470-43b3-82bb-88cb4e7106ea/1/UVK-TwFECyBo493Ak51MrNfcaQE.roa
File:                     UVK-TwFECyBo493Ak51MrNfcaQE.roa (raw, json)
Hash identifier:          /fbHkbD7KPDuOT91DBKV1keIzbve2wMN0Nea8980swA=
Subject key identifier:   51:52:BE:4F:01:44:0B:20:68:E3:DD:C0:93:9D:4C:AC:D7:DC:69:01
Certificate issuer:       /CN=85b611a0b7d4334b7a2395e8cce7b0e3c9b838e8
Certificate serial:       019EA7F2D67EE3CE117098633B63787C3736
Authority key identifier: 85:B6:11:A0:B7:D4:33:4B:7A:23:95:E8:CC:E7:B0:E3:C9:B8:38:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hbYRoLfUM0t6I5XozOew48m4OOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/9d563d-c470-43b3-82bb-88cb4e7106ea/1/UVK-TwFECyBo493Ak51MrNfcaQE.roa
Signing time:             Mon 08 Jun 2026 15:56:10 +0000
ROA not before:           Mon 08 Jun 2026 15:56:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211717
IP address blocks:        185.51.44.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/9d563d-c470-43b3-82bb-88cb4e7106ea/1/hbYRoLfUM0t6I5XozOew48m4OOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/9d563d-c470-43b3-82bb-88cb4e7106ea/1/hbYRoLfUM0t6I5XozOew48m4OOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hbYRoLfUM0t6I5XozOew48m4OOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a7:f2:d6:7e:e3:ce:11:70:98:63:3b:63:78:7c:37:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85b611a0b7d4334b7a2395e8cce7b0e3c9b838e8
        Validity
            Not Before: Jun  8 15:56:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5152be4f01440b2068e3ddc0939d4cacd7dc6901
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:33:96:09:d3:e3:7a:5b:fb:d7:95:71:82:c3:
                    73:e1:e5:2a:97:17:18:92:ae:d6:ae:53:99:dd:ce:
                    5c:d8:e6:ff:e2:55:84:b8:75:fe:37:6b:31:13:0a:
                    95:b7:c2:4b:82:a6:1c:8d:0a:60:aa:d6:36:bd:cb:
                    81:2b:65:25:35:86:34:56:ef:65:03:bc:fe:a8:4c:
                    e4:94:dc:d5:81:52:8c:1b:4f:c7:e9:de:81:80:0f:
                    74:7f:f7:70:be:3b:6f:f5:e3:26:85:57:05:ec:88:
                    28:f5:f5:20:21:19:cf:cd:85:6b:92:9a:55:a6:95:
                    13:62:a3:a5:a2:ed:1b:f0:83:22:8c:db:ff:63:f2:
                    4c:e1:c4:7c:6e:11:a5:2b:12:f6:bf:91:9e:e3:cf:
                    67:f7:58:b4:ed:b6:50:bc:bc:db:5e:a2:42:43:e7:
                    4f:cd:f6:c8:79:ca:bd:c0:0d:5c:af:b3:11:e7:11:
                    d1:ad:3d:f9:9c:84:db:bb:08:02:d5:8f:10:f7:7f:
                    b2:0c:4b:4e:96:e1:2f:98:72:e0:2c:27:26:12:56:
                    08:cf:c4:86:90:ed:c8:e5:56:f3:13:7e:e4:29:27:
                    bc:b0:a4:08:69:ea:c8:1e:bc:a4:51:92:26:22:f4:
                    a7:60:8a:5a:18:5b:c6:aa:86:be:6c:ae:48:77:ef:
                    f6:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:52:BE:4F:01:44:0B:20:68:E3:DD:C0:93:9D:4C:AC:D7:DC:69:01
            X509v3 Authority Key Identifier:
                keyid:85:B6:11:A0:B7:D4:33:4B:7A:23:95:E8:CC:E7:B0:E3:C9:B8:38:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hbYRoLfUM0t6I5XozOew48m4OOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/9d563d-c470-43b3-82bb-88cb4e7106ea/1/UVK-TwFECyBo493Ak51MrNfcaQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/9d563d-c470-43b3-82bb-88cb4e7106ea/1/hbYRoLfUM0t6I5XozOew48m4OOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.51.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:da:79:f4:c0:6e:9d:e4:35:a4:d5:a5:26:67:28:18:4e:f1:
         5b:59:e5:39:88:8b:e4:2a:69:46:cb:92:1a:b2:f6:9f:43:00:
         5f:ac:b8:b6:55:d6:d6:bc:b7:cf:91:dc:62:6a:59:63:28:8f:
         31:2e:db:14:f8:bd:15:56:77:5d:96:98:05:0a:41:2a:83:06:
         d3:cc:e3:18:ad:e7:7b:f8:51:51:cb:59:b2:d2:88:76:2b:a1:
         d4:ee:13:11:b8:a4:1a:68:c8:f8:52:cb:5a:e2:4d:5e:8d:67:
         24:d5:94:c2:5c:00:bf:9e:0d:70:23:c2:a0:bd:86:d0:4e:5b:
         2b:1d:38:7a:63:a1:c9:40:3c:91:b6:30:59:ee:cb:c1:91:0f:
         6e:1b:63:11:4d:61:66:98:5a:02:67:85:08:b6:2a:5b:58:85:
         df:a6:2e:32:c6:f2:af:0b:00:ab:35:ad:f5:ae:ce:2d:d6:37:
         ab:2b:5c:07:9a:38:65:1b:0c:8d:5d:92:79:39:70:79:5e:03:
         b0:2e:79:45:6e:23:b6:01:af:25:4d:43:e9:f9:89:59:5f:c0:
         5d:a1:da:d3:8b:c7:eb:10:9c:3c:1e:fb:4f:3c:7b:41:2c:ec:
         50:b6:f6:ce:70:a5:48:06:bd:54:09:85:97:11:b0:4b:c3:c6:
         6f:d8:50:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6n8tZ+484RcJhjO2N4fDc2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1YjYxMWEwYjdkNDMzNGI3YTIzOTVlOGNjZTdiMGUzYzli
ODM4ZTgwHhcNMjYwNjA4MTU1NjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTUyYmU0ZjAxNDQwYjIwNjhlM2RkYzA5MzlkNGNhY2Q3ZGM2OTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzOWCdPjelv715VxgsNz4eUqlxcY
kq7WrlOZ3c5c2Ob/4lWEuHX+N2sxEwqVt8JLgqYcjQpgqtY2vcuBK2UlNYY0Vu9l
A7z+qEzklNzVgVKMG0/H6d6BgA90f/dwvjtv9eMmhVcF7Igo9fUgIRnPzYVrkppV
ppUTYqOlou0b8IMijNv/Y/JM4cR8bhGlKxL2v5Ge489n91i07bZQvLzbXqJCQ+dP
zfbIecq9wA1cr7MR5xHRrT35nITbuwgC1Y8Q93+yDEtOluEvmHLgLCcmElYIz8SG
kO3I5VbzE37kKSe8sKQIaerIHrykUZImIvSnYIpaGFvGqoa+bK5Id+/2IwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFFSvk8BRAsgaOPdwJOdTKzX3GkBMB8GA1UdIwQY
MBaAFIW2EaC31DNLeiOV6MznsOPJuDjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGJZUm9MZlVNMHQ2STVYb3pPZXc0OG00T09nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC85ZDU2M2QtYzQ3MC00M2IzLTgyYmIt
ODhjYjRlNzEwNmVhLzEvVVZLLVR3RkVDeUJvNDkzQWs1MU1yTmZjYVFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC85ZDU2M2QtYzQ3MC00M2IzLTgyYmItODhjYjRlNzEwNmVh
LzEvaGJZUm9MZlVNMHQ2STVYb3pPZXc0OG00T09nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTMsMA0G
CSqGSIb3DQEBCwUAA4IBAQAg2nn0wG6d5DWk1aUmZygYTvFbWeU5iIvkKmlGy5Ia
svafQwBfrLi2VdbWvLfPkdxialljKI8xLtsU+L0VVnddlpgFCkEqgwbTzOMYred7
+FFRy1my0oh2K6HU7hMRuKQaaMj4Usta4k1ejWck1ZTCXAC/ng1wI8KgvYbQTlsr
HTh6Y6HJQDyRtjBZ7svBkQ9uG2MRTWFmmFoCZ4UItipbWIXfpi4yxvKvCwCrNa31
rs4t1jerK1wHmjhlGwyNXZJ5OXB5XgOwLnlFbiO2Aa8lTUPp+YlZX8BdodrTi8fr
EJw8HvtPPHtBLOxQtvbOcKVIBr1UCYWXEbBLw8Zv2FBB
-----END CERTIFICATE-----