Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/UavrmNf5zsAyy-OAYyvbnVqgeF8.roa
File:                     UavrmNf5zsAyy-OAYyvbnVqgeF8.roa (raw, json)
Hash identifier:          eep4PgZYWkxnz+v2t4EZm8o+5EazapAGPiy4Slr6HnQ=
Subject key identifier:   51:AB:EB:98:D7:F9:CE:C0:32:CB:E3:80:63:2B:DB:9D:5A:A0:78:5F
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019CBEE94E895818D9B6ABE4764D8955E411
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/UavrmNf5zsAyy-OAYyvbnVqgeF8.roa
Signing time:             Thu 05 Mar 2026 16:51:26 +0000
ROA not before:           Thu 05 Mar 2026 16:51:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402047
IP address blocks:        150.107.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:be:e9:4e:89:58:18:d9:b6:ab:e4:76:4d:89:55:e4:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: Mar  5 16:51:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=51abeb98d7f9cec032cbe380632bdb9d5aa0785f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:5b:e6:83:93:dc:ae:a9:51:a1:9e:5c:06:43:
                    82:d4:ee:95:36:26:39:56:b8:89:a6:ea:70:02:4e:
                    c0:db:33:56:c4:df:b8:82:c8:06:ed:8a:7c:0f:b1:
                    14:dc:e5:3d:63:78:f5:ac:3a:83:45:58:aa:e0:76:
                    20:eb:fb:4e:97:bb:9a:91:dc:8b:63:0c:8a:54:20:
                    d5:65:b7:27:9e:a9:06:f9:08:d2:8b:f1:61:ed:77:
                    88:1e:cd:f0:85:df:8c:60:02:be:c7:86:3b:23:88:
                    87:c7:ec:0d:4f:f2:fd:15:9d:33:05:d8:ea:8a:ec:
                    92:a1:04:f3:9f:c3:c4:88:80:6a:0b:2f:25:23:af:
                    b9:15:7c:46:c4:22:bf:e8:22:1c:0c:32:1f:93:08:
                    88:92:42:af:54:36:d4:58:44:44:c8:ef:1d:b9:a9:
                    bf:15:13:ed:70:ba:ac:78:af:92:59:44:63:e5:56:
                    27:cb:63:4d:52:6d:de:9a:4f:86:b8:c9:21:94:b5:
                    d2:2e:4a:6e:26:9e:46:20:b9:fe:74:91:6b:28:84:
                    3a:b4:c2:85:0f:9c:ff:9b:9c:43:4a:4c:d6:f5:ed:
                    45:7d:09:bf:a7:c8:2e:1c:8f:12:4c:a5:e9:9d:e6:
                    1c:a9:e7:27:be:4c:a9:49:4a:7d:72:5e:46:4a:2b:
                    bb:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:AB:EB:98:D7:F9:CE:C0:32:CB:E3:80:63:2B:DB:9D:5A:A0:78:5F
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/UavrmNf5zsAyy-OAYyvbnVqgeF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.107.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:e5:a2:09:66:54:92:a1:92:0c:55:6e:6b:7a:13:e4:76:83:
         c0:5f:de:4b:bb:74:63:3f:a9:68:8d:ba:78:40:fd:dc:5b:7d:
         59:93:e8:5b:3a:d9:c0:b0:e3:3e:09:15:23:44:6f:d7:f2:10:
         87:a7:ba:dc:b0:6b:27:cd:ec:27:7e:f5:6b:a3:80:58:21:02:
         1e:5e:f6:cf:5e:9f:45:08:5d:61:68:4a:bd:a9:55:c0:16:c3:
         b2:44:57:26:88:bf:45:8c:32:06:67:d5:6c:02:a5:cd:df:3f:
         6c:b4:93:d0:b6:c6:20:4f:86:a4:3f:8a:ea:36:45:50:82:21:
         e4:21:58:83:f6:dd:91:d4:85:86:31:8d:f0:ed:df:10:f0:e5:
         62:f7:97:e6:60:4f:f9:3b:d0:aa:76:6d:b0:ee:ee:ce:4e:c0:
         a0:43:b9:f2:b3:f2:13:c7:3f:9b:64:ae:c1:18:96:e6:e1:27:
         bb:de:1b:7a:ef:38:45:ff:ab:ec:8d:dd:7b:ec:91:54:48:e3:
         09:49:a4:03:ba:5d:8e:73:80:a2:99:c2:69:7d:15:76:0b:45:
         2f:07:ac:82:6b:23:a7:33:ff:c6:47:e4:90:d7:50:58:ca:29:
         f7:19:8b:19:df:7a:6d:34:6b:05:5f:f0:6d:6f:b1:d1:c5:24:
         36:8e:29:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy+6U6JWBjZtqvkdk2JVeQRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMzA1MTY1MTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWFiZWI5OGQ3ZjljZWMwMzJjYmUzODA2MzJiZGI5ZDVhYTA3ODVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVvmg5PcrqlRoZ5cBkOC1O6VNiY5
VriJpupwAk7A2zNWxN+4gsgG7Yp8D7EU3OU9Y3j1rDqDRViq4HYg6/tOl7uakdyL
YwyKVCDVZbcnnqkG+QjSi/Fh7XeIHs3whd+MYAK+x4Y7I4iHx+wNT/L9FZ0zBdjq
iuySoQTzn8PEiIBqCy8lI6+5FXxGxCK/6CIcDDIfkwiIkkKvVDbUWEREyO8duam/
FRPtcLqseK+SWURj5VYny2NNUm3emk+GuMkhlLXSLkpuJp5GILn+dJFrKIQ6tMKF
D5z/m5xDSkzW9e1FfQm/p8guHI8STKXpneYcqecnvkypSUp9cl5GSiu70QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFGr65jX+c7AMsvjgGMr251aoHhfMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvVWF2cm1OZjV6c0F5eS1PQVl5dmJuVnFnZUY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlmsyMA0G
CSqGSIb3DQEBCwUAA4IBAQAy5aIJZlSSoZIMVW5rehPkdoPAX95Lu3RjP6lojbp4
QP3cW31Zk+hbOtnAsOM+CRUjRG/X8hCHp7rcsGsnzewnfvVro4BYIQIeXvbPXp9F
CF1haEq9qVXAFsOyRFcmiL9FjDIGZ9VsAqXN3z9stJPQtsYgT4akP4rqNkVQgiHk
IViD9t2R1IWGMY3w7d8Q8OVi95fmYE/5O9Cqdm2w7u7OTsCgQ7nys/ITxz+bZK7B
GJbm4Se73ht67zhF/6vsjd177JFUSOMJSaQDul2Oc4CimcJpfRV2C0UvB6yCayOn
M//GR+SQ11BYyin3GYsZ33ptNGsFX/Btb7HRxSQ2jilx
-----END CERTIFICATE-----