Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/uPJ41x9gXFZvH0XjhDwDfoSRvuA.roa
File:                     uPJ41x9gXFZvH0XjhDwDfoSRvuA.roa (raw, json)
Hash identifier:          CSgM/lBkv2e8MJoFPexRop5Baj/+XW/edrOd+DlHhJA=
Subject key identifier:   B8:F2:78:D7:1F:60:5C:56:6F:1F:45:E3:84:3C:03:7E:84:91:BE:E0
Certificate issuer:       /CN=6f0b15193816fd15dcfd047db4eeca672912bb60
Certificate serial:       019CFB7BA224CE9B09791AFFEB993A4E97C2
Authority key identifier: 6F:0B:15:19:38:16:FD:15:DC:FD:04:7D:B4:EE:CA:67:29:12:BB:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/uPJ41x9gXFZvH0XjhDwDfoSRvuA.roa
Signing time:             Tue 17 Mar 2026 11:08:29 +0000
ROA not before:           Tue 17 Mar 2026 11:08:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208185
IP address blocks:        185.167.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Mar 2026 23:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fb:7b:a2:24:ce:9b:09:79:1a:ff:eb:99:3a:4e:97:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f0b15193816fd15dcfd047db4eeca672912bb60
        Validity
            Not Before: Mar 17 11:08:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b8f278d71f605c566f1f45e3843c037e8491bee0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:0e:7d:6d:14:59:92:a7:36:f7:5d:36:05:dd:
                    8b:ed:bf:22:17:6c:e4:5f:18:ea:9e:e8:1d:b7:12:
                    c2:ed:39:68:ad:07:1b:b3:d5:66:30:27:7d:d6:1b:
                    a6:89:38:89:c1:56:7a:7c:3c:aa:da:28:d8:4f:fa:
                    13:a3:a6:7f:86:a7:ee:7f:9c:f6:ff:f6:7b:78:db:
                    98:65:7b:a4:54:e3:b6:ff:25:92:b6:cd:5b:af:11:
                    87:18:95:90:c2:e3:64:63:0e:da:c6:e4:c8:a9:c9:
                    53:83:62:ae:18:91:f2:4c:82:7f:be:2e:dd:d8:cc:
                    d5:da:6b:86:6f:5e:9a:16:fa:c6:43:02:69:f7:55:
                    6a:bd:e6:a8:0b:5c:47:ea:30:29:9c:56:c7:3b:91:
                    2c:35:65:86:82:ab:6b:73:0b:77:d2:b4:39:7d:d7:
                    d3:cc:a5:5b:e7:be:95:58:c3:49:c7:65:61:e6:f4:
                    05:d6:60:25:12:ae:5f:dd:3f:e4:ff:b8:91:29:7c:
                    f1:6a:2e:2b:b5:f7:ab:60:d2:b6:4e:b8:e8:c3:ec:
                    6d:d7:9c:8c:71:f2:9e:37:d7:af:e0:d5:10:d7:63:
                    ed:6e:96:ee:00:7f:66:2c:70:84:0c:6f:ab:43:d5:
                    49:02:1a:73:42:cd:64:6f:29:fc:a4:66:66:77:1d:
                    5e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:F2:78:D7:1F:60:5C:56:6F:1F:45:E3:84:3C:03:7E:84:91:BE:E0
            X509v3 Authority Key Identifier:
                keyid:6F:0B:15:19:38:16:FD:15:DC:FD:04:7D:B4:EE:CA:67:29:12:BB:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/uPJ41x9gXFZvH0XjhDwDfoSRvuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:fb:22:a6:48:5d:77:1a:25:18:5d:b5:0d:10:23:1a:20:89:
         c6:e3:c9:a3:d0:d0:01:2c:51:74:1f:e1:b7:ff:07:e8:04:d3:
         10:93:e5:68:b8:bf:5a:3e:3c:e4:36:df:58:cf:e8:5b:40:b0:
         18:27:54:a8:7c:64:10:1f:fa:f7:63:b6:32:3f:4d:0e:6a:91:
         06:e4:4c:fe:d4:0e:fb:7c:97:8e:ad:88:b3:a9:c9:16:93:11:
         e9:cd:32:08:7e:d8:24:6a:56:97:f8:c5:73:9b:8b:67:c9:41:
         78:78:e7:b1:ab:47:de:84:5f:8c:e6:fd:89:3b:a9:86:0f:72:
         62:52:e3:15:98:27:1c:23:47:35:42:5d:94:3d:5e:3d:a0:fc:
         f7:52:33:da:90:d2:5c:a4:58:fa:7e:3f:e1:18:ab:42:0a:bc:
         e8:a1:18:2f:27:d4:1a:eb:ed:b6:bf:1d:39:43:e7:47:e9:2a:
         97:0b:f1:12:f4:af:39:4d:b7:9f:bb:d6:0d:51:38:a2:c0:ec:
         5c:54:c1:0f:a1:9a:dd:a6:84:8f:3d:0f:3f:66:a5:e8:1d:42:
         d4:47:4a:dc:af:75:ec:50:c5:09:c2:29:b3:33:54:da:13:8b:
         ad:30:89:02:09:f8:42:31:e0:88:50:d9:66:84:e3:89:69:76:
         b8:60:fb:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz7e6IkzpsJeRr/65k6TpfCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMGIxNTE5MzgxNmZkMTVkY2ZkMDQ3ZGI0ZWVjYTY3Mjkx
MmJiNjAwHhcNMjYwMzE3MTEwODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGYyNzhkNzFmNjA1YzU2NmYxZjQ1ZTM4NDNjMDM3ZTg0OTFiZWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQ59bRRZkqc29102Bd2L7b8iF2zk
XxjqnugdtxLC7TlorQcbs9VmMCd91humiTiJwVZ6fDyq2ijYT/oTo6Z/hqfuf5z2
//Z7eNuYZXukVOO2/yWSts1brxGHGJWQwuNkYw7axuTIqclTg2KuGJHyTIJ/vi7d
2MzV2muGb16aFvrGQwJp91VqveaoC1xH6jApnFbHO5EsNWWGgqtrcwt30rQ5fdfT
zKVb576VWMNJx2Vh5vQF1mAlEq5f3T/k/7iRKXzxai4rtferYNK2Trjow+xt15yM
cfKeN9ev4NUQ12PtbpbuAH9mLHCEDG+rQ9VJAhpzQs1kbyn8pGZmdx1evQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLjyeNcfYFxWbx9F44Q8A36Ekb7gMB8GA1UdIwQY
MBaAFG8LFRk4Fv0V3P0EfbTuymcpErtgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYndzVkdUZ1dfUlhjX1FSOXRPN0taeWtTdTJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS85NTg4NDEtZjZiMC00MjQ5LTgwNDYt
OWNmODQzZjA1NjcwLzEvdVBKNDF4OWdYRlp2SDBYamhEd0Rmb1NSdnVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS85NTg4NDEtZjZiMC00MjQ5LTgwNDYtOWNmODQzZjA1Njcw
LzEvYndzVkdUZ1dfUlhjX1FSOXRPN0taeWtTdTJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuafpMA0G
CSqGSIb3DQEBCwUAA4IBAQAN+yKmSF13GiUYXbUNECMaIInG48mj0NABLFF0H+G3
/wfoBNMQk+VouL9aPjzkNt9Yz+hbQLAYJ1SofGQQH/r3Y7YyP00OapEG5Ez+1A77
fJeOrYizqckWkxHpzTIIftgkalaX+MVzm4tnyUF4eOexq0fehF+M5v2JO6mGD3Ji
UuMVmCccI0c1Ql2UPV49oPz3UjPakNJcpFj6fj/hGKtCCrzooRgvJ9Qa6+22vx05
Q+dH6SqXC/ES9K85Tbefu9YNUTiiwOxcVMEPoZrdpoSPPQ8/ZqXoHULUR0rcr3Xs
UMUJwimzM1TaE4utMIkCCfhCMeCIUNlmhOOJaXa4YPu5
-----END CERTIFICATE-----