Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/6d40da-f682-4c10-b796-e395be8935f0/1/UO5esvuscm_Muh0KmfgSRLz3jvA.roa
File:                     UO5esvuscm_Muh0KmfgSRLz3jvA.roa (raw, json)
Hash identifier:          Eg2xdzCBLccjbkg/73TIkrnL2S4mi3j1eD98e/h7Rpc=
Subject key identifier:   50:EE:5E:B2:FB:AC:72:6F:CC:BA:1D:0A:99:F8:12:44:BC:F7:8E:F0
Certificate issuer:       /CN=d948afc4af48dd2b28e854996457b4e2a8434d61
Certificate serial:       019D065BFE8A2D4B6F81604521320E4EE48E
Authority key identifier: D9:48:AF:C4:AF:48:DD:2B:28:E8:54:99:64:57:B4:E2:A8:43:4D:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2UivxK9I3Sso6FSZZFe04qhDTWE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/6d40da-f682-4c10-b796-e395be8935f0/1/UO5esvuscm_Muh0KmfgSRLz3jvA.roa
Signing time:             Thu 19 Mar 2026 13:49:45 +0000
ROA not before:           Thu 19 Mar 2026 13:49:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215874
IP address blocks:        193.3.236.0/24 maxlen: 24
                          193.3.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/6d40da-f682-4c10-b796-e395be8935f0/1/2UivxK9I3Sso6FSZZFe04qhDTWE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/6d40da-f682-4c10-b796-e395be8935f0/1/2UivxK9I3Sso6FSZZFe04qhDTWE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2UivxK9I3Sso6FSZZFe04qhDTWE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 16:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:06:5b:fe:8a:2d:4b:6f:81:60:45:21:32:0e:4e:e4:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d948afc4af48dd2b28e854996457b4e2a8434d61
        Validity
            Not Before: Mar 19 13:49:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=50ee5eb2fbac726fccba1d0a99f81244bcf78ef0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:f3:ae:45:4a:0c:e6:8b:d9:e3:69:cb:4a:db:
                    4a:d2:b4:26:d0:5c:bf:0a:41:95:a6:fc:05:ad:d9:
                    56:72:fd:fd:ce:04:c5:a2:bf:42:61:c5:1d:96:b9:
                    f8:f3:48:3a:98:9e:60:51:26:03:58:12:76:ec:8e:
                    ed:7f:84:95:2f:6e:1d:6b:6b:84:b5:d1:77:04:a6:
                    81:61:dd:23:45:7e:02:2f:3a:ec:85:d6:fe:57:bc:
                    09:7f:95:c3:f3:a2:ec:31:7f:52:30:69:7a:9e:46:
                    3c:64:23:58:48:b6:c0:69:54:19:76:10:88:e8:f0:
                    95:9c:c9:57:29:9f:a3:b7:84:ca:23:8a:0c:bb:3c:
                    c6:61:a4:14:48:cc:50:29:b1:5a:25:e5:ed:56:41:
                    47:53:63:19:c5:be:2a:58:67:f8:50:da:45:4c:b0:
                    a5:33:6f:ae:38:97:70:db:ea:28:48:78:35:a2:3a:
                    95:3a:f1:38:f6:5b:72:d0:8a:6a:ac:61:3b:a5:b3:
                    28:bd:83:88:1d:0f:0e:fd:aa:ad:98:37:be:82:73:
                    bc:cb:73:ca:a1:19:f3:9f:97:b0:3d:12:f0:1d:07:
                    54:f4:f0:e5:4a:0c:92:63:a1:f6:71:5c:21:37:25:
                    54:82:76:e3:85:59:4d:82:a8:36:e1:61:85:aa:cd:
                    40:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:EE:5E:B2:FB:AC:72:6F:CC:BA:1D:0A:99:F8:12:44:BC:F7:8E:F0
            X509v3 Authority Key Identifier:
                keyid:D9:48:AF:C4:AF:48:DD:2B:28:E8:54:99:64:57:B4:E2:A8:43:4D:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2UivxK9I3Sso6FSZZFe04qhDTWE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/6d40da-f682-4c10-b796-e395be8935f0/1/UO5esvuscm_Muh0KmfgSRLz3jvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/6d40da-f682-4c10-b796-e395be8935f0/1/2UivxK9I3Sso6FSZZFe04qhDTWE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:d9:03:23:34:2a:23:ea:56:6b:f3:43:6f:69:a1:8e:3c:bb:
         d4:26:42:74:e8:66:8e:2e:37:29:98:01:25:ad:0f:23:c4:52:
         bf:fa:ba:dc:fb:b8:01:2a:4d:90:1d:75:d9:d4:ef:08:19:d5:
         42:25:2f:cb:5d:8a:76:17:37:03:9e:47:a1:71:82:ac:0a:4a:
         d5:27:cd:4d:39:12:b1:93:5f:1e:79:f4:fa:ca:15:4e:9d:53:
         6b:f1:ea:27:66:54:ee:cc:aa:68:af:a7:fa:12:30:7f:a3:fc:
         12:8d:cc:51:30:ad:3f:bc:4b:15:a9:03:fb:d6:86:0f:00:a4:
         da:f6:7e:ad:11:b9:9d:27:51:25:30:b0:b1:b2:7e:f7:9a:10:
         77:f8:a0:f6:1a:9c:a8:13:0a:ce:f6:ad:59:86:c9:83:45:3f:
         2b:06:04:81:30:d2:f2:9c:25:66:ce:94:bd:4f:dd:87:76:22:
         eb:83:77:7a:16:f7:0d:cb:47:8a:05:4c:fc:ab:0d:cb:f3:63:
         03:5d:a4:52:5e:5f:81:15:08:07:a8:d1:3a:84:53:a4:e8:55:
         ad:48:d7:ab:f8:33:a9:78:e5:fe:fa:47:96:fc:fe:47:78:ce:
         2b:f8:87:33:a1:d5:2c:35:5f:f0:d5:26:6d:de:24:35:a9:c9:
         62:e8:4f:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0GW/6KLUtvgWBFITIOTuSOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5NDhhZmM0YWY0OGRkMmIyOGU4NTQ5OTY0NTdiNGUyYTg0
MzRkNjEwHhcNMjYwMzE5MTM0OTQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGVlNWViMmZiYWM3MjZmY2NiYTFkMGE5OWY4MTI0NGJjZjc4ZWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhfOuRUoM5ovZ42nLSttK0rQm0Fy/
CkGVpvwFrdlWcv39zgTFor9CYcUdlrn480g6mJ5gUSYDWBJ27I7tf4SVL24da2uE
tdF3BKaBYd0jRX4CLzrshdb+V7wJf5XD86LsMX9SMGl6nkY8ZCNYSLbAaVQZdhCI
6PCVnMlXKZ+jt4TKI4oMuzzGYaQUSMxQKbFaJeXtVkFHU2MZxb4qWGf4UNpFTLCl
M2+uOJdw2+ooSHg1ojqVOvE49lty0IpqrGE7pbMovYOIHQ8O/aqtmDe+gnO8y3PK
oRnzn5ewPRLwHQdU9PDlSgySY6H2cVwhNyVUgnbjhVlNgqg24WGFqs1ACwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFDuXrL7rHJvzLodCpn4EkS8947wMB8GA1UdIwQY
MBaAFNlIr8SvSN0rKOhUmWRXtOKoQ01hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlVpdnhLOUkzU3NvNkZTWlpGZTA0cWhEVFdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS82ZDQwZGEtZjY4Mi00YzEwLWI3OTYt
ZTM5NWJlODkzNWYwLzEvVU81ZXN2dXNjbV9NdWgwS21mZ1NSTHozanZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS82ZDQwZGEtZjY4Mi00YzEwLWI3OTYtZTM5NWJlODkzNWYw
LzEvMlVpdnhLOUkzU3NvNkZTWlpGZTA0cWhEVFdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwQPsMA0G
CSqGSIb3DQEBCwUAA4IBAQCS2QMjNCoj6lZr80NvaaGOPLvUJkJ06GaOLjcpmAEl
rQ8jxFK/+rrc+7gBKk2QHXXZ1O8IGdVCJS/LXYp2FzcDnkehcYKsCkrVJ81NORKx
k18eefT6yhVOnVNr8eonZlTuzKpor6f6EjB/o/wSjcxRMK0/vEsVqQP71oYPAKTa
9n6tEbmdJ1ElMLCxsn73mhB3+KD2GpyoEwrO9q1ZhsmDRT8rBgSBMNLynCVmzpS9
T92HdiLrg3d6FvcNy0eKBUz8qw3L82MDXaRSXl+BFQgHqNE6hFOk6FWtSNer+DOp
eOX++keW/P5HeM4r+IczodUsNV/w1SZt3iQ1qcli6E/R
-----END CERTIFICATE-----