Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/UV8WP9ppwXpIjSR3eEX6ASTivp8.roa
File:                     UV8WP9ppwXpIjSR3eEX6ASTivp8.roa (raw, json)
Hash identifier:          E5Ye8UQL6h4BKe1ST6xB2N5Yp0JEiG7VYX/7rch5I9E=
Subject key identifier:   51:5F:16:3F:DA:69:C1:7A:48:8D:24:77:78:45:FA:01:24:E2:BE:9F
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DABC1F2F3E497F1D217710EAE137E9C25
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/UV8WP9ppwXpIjSR3eEX6ASTivp8.roa
Signing time:             Mon 20 Apr 2026 16:38:27 +0000
ROA not before:           Mon 20 Apr 2026 16:38:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58061
IP address blocks:        185.176.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 Apr 2026 23:16:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ab:c1:f2:f3:e4:97:f1:d2:17:71:0e:ae:13:7e:9c:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 20 16:38:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=515f163fda69c17a488d24777845fa0124e2be9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:6e:cd:86:3b:68:50:56:65:f5:bc:79:a2:25:
                    3a:e1:80:7d:b5:73:d4:c3:73:71:b3:16:35:9b:c2:
                    b6:47:93:8c:63:9a:f1:00:92:9a:0e:7d:97:0d:5e:
                    d6:58:eb:36:a4:7d:88:51:39:93:92:09:92:84:ce:
                    46:dd:4c:fe:09:af:13:07:88:6e:4b:20:f3:0d:2f:
                    bf:14:ff:93:58:96:a4:0e:0b:69:08:26:0f:5d:3d:
                    d4:b0:c6:02:61:ba:e6:7b:04:dc:fb:8b:1e:51:15:
                    00:76:58:95:47:7b:18:66:32:3f:0d:c5:c5:5e:53:
                    ce:9e:18:f3:46:1f:4b:9b:76:d3:01:5f:b1:51:a3:
                    33:fe:00:e2:cb:30:c3:d2:e0:da:86:eb:e0:8c:35:
                    69:de:bc:bd:86:5f:f5:88:eb:62:9f:9f:79:40:37:
                    30:86:7b:95:12:52:47:f8:c1:e4:e6:cf:f1:af:d0:
                    41:5d:98:44:f1:96:7a:3d:0e:0d:5c:0f:1c:6e:9e:
                    0f:e7:ae:c5:55:f2:e7:e7:97:2a:37:61:d4:ed:75:
                    80:7c:99:8e:a1:31:da:ce:8b:fd:66:ee:5e:59:23:
                    51:cb:9f:e2:f8:eb:18:61:6a:d6:5f:6d:89:2c:98:
                    74:b2:2b:b2:3c:51:40:7c:e3:0f:f1:fa:79:d5:f8:
                    f3:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:5F:16:3F:DA:69:C1:7A:48:8D:24:77:78:45:FA:01:24:E2:BE:9F
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/UV8WP9ppwXpIjSR3eEX6ASTivp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:30:20:17:e9:69:4c:ab:6f:37:47:cd:47:71:74:a8:13:0e:
         ad:7d:35:6f:2d:03:75:bd:c5:d2:66:b2:08:22:c1:ba:ac:3f:
         05:6d:76:f2:6a:75:30:5e:b0:9f:e9:48:8b:6d:9f:9b:9f:73:
         a5:e1:e1:00:61:0b:20:f9:2e:c1:2f:54:0e:5d:2b:1c:0d:ad:
         dd:f6:b3:28:1d:a1:ac:61:7b:7c:21:f3:c1:a1:8e:0a:27:75:
         26:8d:00:c0:76:df:e6:78:66:f7:ec:c4:c6:a3:ad:34:ce:88:
         f5:e4:a2:08:e9:c3:ec:96:35:b5:b1:31:ae:77:bf:71:65:19:
         8d:06:db:ba:32:26:d3:3e:f4:82:bc:de:fc:dc:7a:81:0d:77:
         e3:e5:a9:a5:bf:b5:ba:2e:35:a3:52:6c:cc:67:87:f9:86:17:
         83:dd:ed:62:13:79:52:d5:d5:17:4a:56:09:18:48:fa:35:1c:
         99:96:2a:e1:50:ec:01:cb:ed:2f:d9:73:14:d2:9b:c4:14:55:
         8b:b8:23:05:60:8d:f1:10:6c:ee:09:3c:ac:53:97:f0:56:6b:
         cf:20:c9:f6:78:a8:58:30:f0:a8:31:c2:a1:b4:fe:d1:8d:e5:
         b2:a6:11:84:75:9f:8c:0b:a7:c7:17:f0:d5:79:2a:d7:13:43:
         7e:fc:bf:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2rwfLz5Jfx0hdxDq4TfpwlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDIwMTYzODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTVmMTYzZmRhNjljMTdhNDg4ZDI0Nzc3ODQ1ZmEwMTI0ZTJiZTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxG7NhjtoUFZl9bx5oiU64YB9tXPU
w3NxsxY1m8K2R5OMY5rxAJKaDn2XDV7WWOs2pH2IUTmTkgmShM5G3Uz+Ca8TB4hu
SyDzDS+/FP+TWJakDgtpCCYPXT3UsMYCYbrmewTc+4seURUAdliVR3sYZjI/DcXF
XlPOnhjzRh9Lm3bTAV+xUaMz/gDiyzDD0uDahuvgjDVp3ry9hl/1iOtin595QDcw
hnuVElJH+MHk5s/xr9BBXZhE8ZZ6PQ4NXA8cbp4P567FVfLn55cqN2HU7XWAfJmO
oTHazov9Zu5eWSNRy5/i+OsYYWrWX22JLJh0siuyPFFAfOMP8fp51fjzgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFFfFj/aacF6SI0kd3hF+gEk4r6fMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvVVY4V1A5cHB3WHBJalNSM2VFWDZBU1RpdnA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubBdMA0G
CSqGSIb3DQEBCwUAA4IBAQBIMCAX6WlMq283R81HcXSoEw6tfTVvLQN1vcXSZrII
IsG6rD8FbXbyanUwXrCf6UiLbZ+bn3Ol4eEAYQsg+S7BL1QOXSscDa3d9rMoHaGs
YXt8IfPBoY4KJ3UmjQDAdt/meGb37MTGo600zoj15KII6cPsljW1sTGud79xZRmN
Btu6MibTPvSCvN783HqBDXfj5amlv7W6LjWjUmzMZ4f5hheD3e1iE3lS1dUXSlYJ
GEj6NRyZlirhUOwBy+0v2XMU0pvEFFWLuCMFYI3xEGzuCTysU5fwVmvPIMn2eKhY
MPCoMcKhtP7RjeWyphGEdZ+MC6fHF/DVeSrXE0N+/L/w
-----END CERTIFICATE-----