Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/4168da-e65c-47b6-bb61-36f24ad4a04f/1/UbxGuXfCPU7PaazgdUkcbZmtVZU.roa
File:                     UbxGuXfCPU7PaazgdUkcbZmtVZU.roa (raw, json)
Hash identifier:          U0sRu1JWMunI3dF2aemA2TfuPLAR6kavSK8Q8KfB14s=
Subject key identifier:   51:BC:46:B9:77:C2:3D:4E:CF:69:AC:E0:75:49:1C:6D:99:AD:55:95
Certificate issuer:       /CN=cfc7008c6f91722dc3b127527558ebdabc680ce6
Certificate serial:       019CE26FEA0AE0E2D547F70D434EF67989FC
Authority key identifier: CF:C7:00:8C:6F:91:72:2D:C3:B1:27:52:75:58:EB:DA:BC:68:0C:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z8cAjG-Rci3DsSdSdVjr2rxoDOY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/4168da-e65c-47b6-bb61-36f24ad4a04f/1/UbxGuXfCPU7PaazgdUkcbZmtVZU.roa
Signing time:             Thu 12 Mar 2026 14:25:11 +0000
ROA not before:           Thu 12 Mar 2026 14:25:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25151
IP address blocks:        46.253.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/4168da-e65c-47b6-bb61-36f24ad4a04f/1/z8cAjG-Rci3DsSdSdVjr2rxoDOY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/4168da-e65c-47b6-bb61-36f24ad4a04f/1/z8cAjG-Rci3DsSdSdVjr2rxoDOY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z8cAjG-Rci3DsSdSdVjr2rxoDOY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Mar 2026 08:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e2:6f:ea:0a:e0:e2:d5:47:f7:0d:43:4e:f6:79:89:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfc7008c6f91722dc3b127527558ebdabc680ce6
        Validity
            Not Before: Mar 12 14:25:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=51bc46b977c23d4ecf69ace075491c6d99ad5595
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:13:26:e3:bb:53:60:a1:d4:76:c5:ca:bf:6d:
                    39:0f:f1:df:bb:51:e8:bb:74:36:eb:69:02:fa:9c:
                    94:57:a0:4e:f7:e7:47:65:00:ab:9d:a3:41:4e:84:
                    2a:75:e5:2d:68:e3:ad:76:61:fe:80:9e:7b:bf:aa:
                    97:1e:aa:07:86:fd:44:20:22:95:89:7c:52:5e:5d:
                    78:64:55:ca:8a:06:c2:05:89:7c:d7:76:e6:5c:ee:
                    22:1d:b6:ed:4c:3a:66:08:fa:74:d0:3e:c4:b2:85:
                    88:da:58:eb:14:8f:87:60:ec:51:34:2f:83:6e:51:
                    06:6e:57:e0:1e:0b:1c:a8:8f:f6:be:6c:64:a2:70:
                    9a:48:2a:ba:04:6c:05:dc:f1:66:12:39:65:9f:b6:
                    ff:e8:d6:82:e6:51:c7:29:12:bb:58:e7:62:f2:33:
                    1a:8a:be:db:99:e8:be:53:4f:f8:e4:d4:75:d3:ae:
                    7d:d8:dd:f6:af:7b:ad:f5:a6:7a:08:c5:82:c9:de:
                    d6:03:b9:3b:f9:48:ff:c7:ab:2d:f3:d6:14:42:96:
                    fb:2f:23:87:66:eb:38:63:57:20:01:91:a2:0c:48:
                    d3:41:64:6b:e2:66:f1:4b:f6:e4:5a:96:fb:a9:4a:
                    1d:4b:31:65:7f:75:20:63:5d:c4:bb:02:d2:55:6d:
                    08:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:BC:46:B9:77:C2:3D:4E:CF:69:AC:E0:75:49:1C:6D:99:AD:55:95
            X509v3 Authority Key Identifier:
                keyid:CF:C7:00:8C:6F:91:72:2D:C3:B1:27:52:75:58:EB:DA:BC:68:0C:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z8cAjG-Rci3DsSdSdVjr2rxoDOY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/4168da-e65c-47b6-bb61-36f24ad4a04f/1/UbxGuXfCPU7PaazgdUkcbZmtVZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/4168da-e65c-47b6-bb61-36f24ad4a04f/1/z8cAjG-Rci3DsSdSdVjr2rxoDOY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.253.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:5e:53:69:f1:87:12:92:b0:2c:0c:cd:c3:24:50:af:1d:c3:
         0b:75:8b:7f:71:f0:f8:66:06:ec:01:f3:61:79:59:96:d3:d5:
         76:c6:2b:9e:e7:57:cd:ec:d2:80:d3:b0:51:99:59:bd:b8:70:
         76:50:e0:5e:3d:2e:55:db:89:33:4c:87:a3:f2:fe:f4:24:87:
         47:82:11:26:b7:26:8e:38:3d:c2:a4:a0:9c:a4:0a:fd:49:80:
         8f:46:ef:bc:2e:98:76:26:79:ee:99:b8:8f:e6:fb:43:3c:2c:
         ca:11:08:a7:d3:39:e8:b0:3c:41:33:19:fa:63:2f:4c:aa:2a:
         70:cf:09:71:41:b0:3b:bd:4f:1a:87:8b:24:3e:46:d2:9c:28:
         6d:96:04:16:59:43:b9:d5:21:8d:e7:60:a4:85:4e:b5:e5:c8:
         9c:c6:9a:b9:45:66:ea:d8:22:5b:b3:ff:d1:d1:79:93:86:41:
         5e:b3:e7:4f:b3:e5:d0:4a:68:74:fc:0e:4f:48:3f:ff:31:6f:
         7e:ae:47:db:b5:87:96:16:b0:8a:cb:24:99:dc:32:78:99:13:
         4b:13:fc:fc:d6:61:84:c5:52:da:49:f3:75:ea:db:f9:09:a0:
         1a:c7:f7:8d:ca:8b:26:d7:aa:e7:d6:40:e0:a5:bf:10:73:6b:
         0d:e7:15:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzib+oK4OLVR/cNQ072eYn8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmYzcwMDhjNmY5MTcyMmRjM2IxMjc1Mjc1NThlYmRhYmM2
ODBjZTYwHhcNMjYwMzEyMTQyNTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWJjNDZiOTc3YzIzZDRlY2Y2OWFjZTA3NTQ5MWM2ZDk5YWQ1NTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBMm47tTYKHUdsXKv205D/Hfu1Ho
u3Q262kC+pyUV6BO9+dHZQCrnaNBToQqdeUtaOOtdmH+gJ57v6qXHqoHhv1EICKV
iXxSXl14ZFXKigbCBYl813bmXO4iHbbtTDpmCPp00D7EsoWI2ljrFI+HYOxRNC+D
blEGblfgHgscqI/2vmxkonCaSCq6BGwF3PFmEjlln7b/6NaC5lHHKRK7WOdi8jMa
ir7bmei+U0/45NR106592N32r3ut9aZ6CMWCyd7WA7k7+Uj/x6st89YUQpb7LyOH
Zus4Y1cgAZGiDEjTQWRr4mbxS/bkWpb7qUodSzFlf3UgY13EuwLSVW0IcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFG8Rrl3wj1Oz2ms4HVJHG2ZrVWVMB8GA1UdIwQY
MBaAFM/HAIxvkXItw7EnUnVY69q8aAzmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejhjQWpHLVJjaTNEc1NkU2RWanIycnhvRE9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS80MTY4ZGEtZTY1Yy00N2I2LWJiNjEt
MzZmMjRhZDRhMDRmLzEvVWJ4R3VYZkNQVTdQYWF6Z2RVa2NiWm10VlpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS80MTY4ZGEtZTY1Yy00N2I2LWJiNjEtMzZmMjRhZDRhMDRm
LzEvejhjQWpHLVJjaTNEc1NkU2RWanIycnhvRE9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALv2JMA0G
CSqGSIb3DQEBCwUAA4IBAQB1XlNp8YcSkrAsDM3DJFCvHcMLdYt/cfD4ZgbsAfNh
eVmW09V2xiue51fN7NKA07BRmVm9uHB2UOBePS5V24kzTIej8v70JIdHghEmtyaO
OD3CpKCcpAr9SYCPRu+8Lph2JnnumbiP5vtDPCzKEQin0znosDxBMxn6Yy9Mqipw
zwlxQbA7vU8ah4skPkbSnChtlgQWWUO51SGN52CkhU615cicxpq5RWbq2CJbs//R
0XmThkFes+dPs+XQSmh0/A5PSD//MW9+rkfbtYeWFrCKyySZ3DJ4mRNLE/z81mGE
xVLaSfN16tv5CaAax/eNyosm16rn1kDgpb8Qc2sN5xWg
-----END CERTIFICATE-----