Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/a8626b-330a-4e84-8492-d97ce5d41bb3/1/Uh4Rva54OMWP9lIMiHUduMBT0F4.roa
File:                     Uh4Rva54OMWP9lIMiHUduMBT0F4.roa (raw, json)
Hash identifier:          zWB3J362I22mC7rMVfMDBzhAD2wL6BzjJJTX54CcK0o=
Subject key identifier:   52:1E:11:BD:AE:78:38:C5:8F:F6:52:0C:88:75:1D:B8:C0:53:D0:5E
Certificate issuer:       /CN=6b8f71a18dcec4347cc7b4d02bc8784e8ac27b00
Certificate serial:       019A2FF0B0A69307F484C99CC37A53D54A87
Authority key identifier: 6B:8F:71:A1:8D:CE:C4:34:7C:C7:B4:D0:2B:C8:78:4E:8A:C2:7B:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a49xoY3OxDR8x7TQK8h4TorCewA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/a8626b-330a-4e84-8492-d97ce5d41bb3/1/Uh4Rva54OMWP9lIMiHUduMBT0F4.roa
Signing time:             Wed 29 Oct 2025 12:28:14 +0000
ROA not before:           Wed 29 Oct 2025 12:28:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56526
IP address blocks:        192.166.132.0/24 maxlen: 24
                          192.166.133.0/24 maxlen: 24
                          192.166.134.0/24 maxlen: 24
                          192.166.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/a8626b-330a-4e84-8492-d97ce5d41bb3/1/a49xoY3OxDR8x7TQK8h4TorCewA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/a8626b-330a-4e84-8492-d97ce5d41bb3/1/a49xoY3OxDR8x7TQK8h4TorCewA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a49xoY3OxDR8x7TQK8h4TorCewA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 06:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2f:f0:b0:a6:93:07:f4:84:c9:9c:c3:7a:53:d5:4a:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b8f71a18dcec4347cc7b4d02bc8784e8ac27b00
        Validity
            Not Before: Oct 29 12:28:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=521e11bdae7838c58ff6520c88751db8c053d05e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:4d:0f:e6:40:21:89:1c:87:89:e2:d6:27:e4:
                    d9:d8:11:6c:2e:2c:39:2b:b9:59:bf:d4:d9:d6:b8:
                    63:05:99:d9:61:07:9b:6b:14:e8:05:1b:28:ff:10:
                    9f:38:e4:f6:e4:55:fd:98:7d:73:63:63:d5:ec:9e:
                    a9:95:e8:fb:60:46:c2:e6:68:98:01:d1:09:e3:f6:
                    1e:6c:ec:30:d1:6c:b8:e7:62:00:c7:a3:8e:4e:92:
                    83:21:82:ae:ed:4e:0c:99:07:2f:d9:06:49:da:b9:
                    c9:5c:6c:b2:5e:5f:73:3a:8c:72:22:fe:02:7c:54:
                    68:20:1d:47:e8:e8:6c:78:78:b2:b7:a7:97:61:4b:
                    d3:f5:5d:0d:75:47:19:6b:57:fd:e6:47:1a:bd:b5:
                    9d:e5:00:9e:0e:79:53:1d:39:68:2c:e9:76:8c:5c:
                    f4:13:98:04:8e:12:15:02:80:1b:2e:91:34:6e:00:
                    5c:31:af:4d:d0:9d:6b:78:d5:77:f7:cb:e3:f4:8e:
                    98:41:3b:b2:4e:07:3c:6c:ad:45:36:82:0f:17:a5:
                    5d:42:34:f9:c0:f1:69:1b:16:33:0f:51:2d:c5:8b:
                    82:55:7e:cc:18:e4:d1:ad:d9:33:91:8a:7f:72:8a:
                    11:c7:39:5e:83:2b:10:c3:36:a2:f4:e5:21:ef:2e:
                    1f:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:1E:11:BD:AE:78:38:C5:8F:F6:52:0C:88:75:1D:B8:C0:53:D0:5E
            X509v3 Authority Key Identifier:
                keyid:6B:8F:71:A1:8D:CE:C4:34:7C:C7:B4:D0:2B:C8:78:4E:8A:C2:7B:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a49xoY3OxDR8x7TQK8h4TorCewA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/a8626b-330a-4e84-8492-d97ce5d41bb3/1/Uh4Rva54OMWP9lIMiHUduMBT0F4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/a8626b-330a-4e84-8492-d97ce5d41bb3/1/a49xoY3OxDR8x7TQK8h4TorCewA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:48:2e:11:50:91:98:1b:ce:3c:6e:2a:eb:40:c7:42:15:13:
         79:38:d2:6a:27:c0:b3:0e:39:bb:15:40:0c:6c:21:4a:31:64:
         39:91:9b:1a:17:d9:b8:7f:b3:c4:dd:e6:e8:40:f6:e5:2b:b6:
         16:27:d7:71:b2:d6:f9:52:a5:28:ae:ed:9b:f5:7f:f6:d1:81:
         95:3b:69:ca:c5:39:d5:9b:59:5a:82:cc:0b:e3:a0:29:95:7b:
         b9:67:ac:06:7b:30:4c:7e:e1:0e:f1:fa:ce:65:b7:ed:a6:5a:
         19:9c:12:90:4c:a6:81:40:9e:93:48:4f:6f:ff:ac:4b:f6:b2:
         4a:e2:77:a5:7a:1a:53:15:f4:1e:e1:de:95:2f:d7:16:b7:3f:
         e1:49:d7:0d:60:f9:a6:e9:4e:55:57:77:53:03:13:87:e7:52:
         54:27:28:22:56:80:24:f3:e1:9e:71:8a:b5:ca:00:94:80:31:
         64:a2:fe:fd:bc:f5:2f:89:6e:8a:61:c3:e7:27:ae:8f:af:fb:
         18:07:45:45:31:bb:c0:53:f6:f1:c3:fb:34:18:4e:be:59:7f:
         51:f9:4b:79:26:01:3f:81:7d:e1:eb:eb:f6:82:99:fe:5b:e6:
         b5:e3:5b:28:19:87:b5:29:09:16:0a:9f:42:de:09:7b:05:b3:
         9a:b1:a3:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZov8LCmkwf0hMmcw3pT1UqHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiOGY3MWExOGRjZWM0MzQ3Y2M3YjRkMDJiYzg3ODRlOGFj
MjdiMDAwHhcNMjUxMDI5MTIyODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjFlMTFiZGFlNzgzOGM1OGZmNjUyMGM4ODc1MWRiOGMwNTNkMDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy00P5kAhiRyHieLWJ+TZ2BFsLiw5
K7lZv9TZ1rhjBZnZYQebaxToBRso/xCfOOT25FX9mH1zY2PV7J6plej7YEbC5miY
AdEJ4/YebOww0Wy452IAx6OOTpKDIYKu7U4MmQcv2QZJ2rnJXGyyXl9zOoxyIv4C
fFRoIB1H6OhseHiyt6eXYUvT9V0NdUcZa1f95kcavbWd5QCeDnlTHTloLOl2jFz0
E5gEjhIVAoAbLpE0bgBcMa9N0J1reNV398vj9I6YQTuyTgc8bK1FNoIPF6VdQjT5
wPFpGxYzD1EtxYuCVX7MGOTRrdkzkYp/cooRxzlegysQwzai9OUh7y4flQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFIeEb2ueDjFj/ZSDIh1HbjAU9BeMB8GA1UdIwQY
MBaAFGuPcaGNzsQ0fMe00CvIeE6KwnsAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTQ5eG9ZM094RFI4eDdUUUs4aDRUb3JDZXdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi9hODYyNmItMzMwYS00ZTg0LTg0OTIt
ZDk3Y2U1ZDQxYmIzLzEvVWg0UnZhNTRPTVdQOWxJTWlIVWR1TUJUMEY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi9hODYyNmItMzMwYS00ZTg0LTg0OTItZDk3Y2U1ZDQxYmIz
LzEvYTQ5eG9ZM094RFI4eDdUUUs4aDRUb3JDZXdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwKaEMA0G
CSqGSIb3DQEBCwUAA4IBAQA7SC4RUJGYG848birrQMdCFRN5ONJqJ8CzDjm7FUAM
bCFKMWQ5kZsaF9m4f7PE3eboQPblK7YWJ9dxstb5UqUoru2b9X/20YGVO2nKxTnV
m1lagswL46AplXu5Z6wGezBMfuEO8frOZbftploZnBKQTKaBQJ6TSE9v/6xL9rJK
4nelehpTFfQe4d6VL9cWtz/hSdcNYPmm6U5VV3dTAxOH51JUJygiVoAk8+GecYq1
ygCUgDFkov79vPUviW6KYcPnJ66Pr/sYB0VFMbvAU/bxw/s0GE6+WX9R+Ut5JgE/
gX3h6+v2gpn+W+a141soGYe1KQkWCp9C3gl7BbOasaNv
-----END CERTIFICATE-----