Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/UWG2KqGolGnK4I4CWWuiFt5PDYw.roa
File:                     UWG2KqGolGnK4I4CWWuiFt5PDYw.roa (raw, json)
Hash identifier:          OACJDAF/MdpkZSccb8Z3I1QsBKhYM1uRJEceUvU+s4M=
Subject key identifier:   51:61:B6:2A:A1:A8:94:69:CA:E0:8E:02:59:6B:A2:16:DE:4F:0D:8C
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019DAF58586B77EB6E352531CD78098AD797
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/UWG2KqGolGnK4I4CWWuiFt5PDYw.roa
Signing time:             Tue 21 Apr 2026 09:21:35 +0000
ROA not before:           Tue 21 Apr 2026 09:21:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42960
IP address blocks:        216.23.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 14:21:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:af:58:58:6b:77:eb:6e:35:25:31:cd:78:09:8a:d7:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Apr 21 09:21:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5161b62aa1a89469cae08e02596ba216de4f0d8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:de:1c:c6:2e:a7:e4:dd:26:58:2c:24:51:85:
                    af:4e:31:95:f4:f6:b4:ff:47:87:c0:9b:cb:46:9e:
                    e0:c1:c9:3a:68:7a:5c:9f:22:a6:d4:8d:bb:25:e7:
                    a9:08:7f:77:3f:2f:65:b9:8a:2f:14:07:6e:b2:8b:
                    42:61:3f:94:88:50:83:9b:dd:6e:9f:56:03:07:0b:
                    05:8a:0d:22:37:e5:51:9d:5a:02:5e:05:67:c7:3d:
                    e7:73:09:e4:b2:5e:10:53:fb:d1:df:4f:61:c5:ac:
                    36:3f:43:8d:c1:ce:a8:54:3b:8b:6d:55:c5:c2:c9:
                    aa:c7:25:7a:a6:dc:d2:f2:f1:82:96:1b:72:a9:41:
                    15:9c:c0:1d:d7:41:cd:24:53:4f:f8:83:e7:67:f4:
                    ad:ce:e8:80:41:9f:06:8d:a6:f2:d6:a0:80:64:14:
                    26:fc:17:0b:57:d0:bb:00:cd:1e:1b:e5:89:3a:d7:
                    4a:f9:9e:1f:10:11:7b:23:76:49:d9:2e:e8:cb:7a:
                    70:d5:0f:ed:de:4f:d8:70:de:af:f9:21:dc:85:5d:
                    38:6c:62:96:85:11:f1:fb:77:12:45:03:ac:ba:e0:
                    da:d6:78:05:2e:95:b0:d6:f7:d0:c3:bc:20:8b:5f:
                    4a:e9:70:79:b1:64:f5:09:b7:7a:25:36:b7:77:8a:
                    f2:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:61:B6:2A:A1:A8:94:69:CA:E0:8E:02:59:6B:A2:16:DE:4F:0D:8C
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/UWG2KqGolGnK4I4CWWuiFt5PDYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.23.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         41:d7:28:a5:c3:b0:81:26:53:c7:91:f6:e8:5a:de:3b:b6:13:
         bf:cc:c3:d0:c8:41:80:e9:6b:02:a8:87:3e:c9:e6:58:3b:ee:
         28:b0:ea:0e:ad:f0:aa:c5:da:18:e1:31:61:53:49:77:38:87:
         41:9d:5b:b8:1e:65:4c:0e:39:ae:5a:f8:ee:2f:5f:98:72:43:
         22:92:0d:d5:b8:5d:32:4a:29:d6:38:2c:4d:44:e9:4e:24:92:
         10:37:b7:38:90:97:34:4e:bf:4e:27:aa:f8:b7:df:af:41:08:
         e0:c1:4a:73:d5:ba:ce:2d:aa:69:b5:d0:f4:ab:9f:fe:0e:3f:
         7a:0a:a5:a8:00:34:10:e5:21:90:a8:4d:1e:4d:f8:ee:e9:f7:
         bc:4c:22:8a:53:98:4e:db:c5:b4:90:17:d4:09:e5:b5:34:1b:
         e1:95:56:cd:82:e7:bb:a0:ff:e3:06:4f:92:dc:78:ab:7e:81:
         3c:19:30:0b:b6:10:e7:85:72:b0:ba:81:0f:45:63:41:dc:07:
         e2:8a:d5:7c:31:b6:39:69:e3:c2:5a:e8:8f:48:ea:f7:5c:3f:
         a1:30:10:17:e3:9a:52:cf:85:5e:bd:13:94:2f:36:c8:ae:3f:
         96:1e:4f:b6:79:c0:ad:c2:cb:89:2f:ab:cf:7b:d8:df:f3:21:
         89:81:81:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2vWFhrd+tuNSUxzXgJiteXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwNDIxMDkyMTM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTYxYjYyYWExYTg5NDY5Y2FlMDhlMDI1OTZiYTIxNmRlNGYwZDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuN4cxi6n5N0mWCwkUYWvTjGV9Pa0
/0eHwJvLRp7gwck6aHpcnyKm1I27JeepCH93Py9luYovFAdusotCYT+UiFCDm91u
n1YDBwsFig0iN+VRnVoCXgVnxz3ncwnksl4QU/vR309hxaw2P0ONwc6oVDuLbVXF
wsmqxyV6ptzS8vGClhtyqUEVnMAd10HNJFNP+IPnZ/StzuiAQZ8Gjaby1qCAZBQm
/BcLV9C7AM0eG+WJOtdK+Z4fEBF7I3ZJ2S7oy3pw1Q/t3k/YcN6v+SHchV04bGKW
hRHx+3cSRQOsuuDa1ngFLpWw1vfQw7wgi19K6XB5sWT1Cbd6JTa3d4ry4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFFhtiqhqJRpyuCOAllrohbeTw2MMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvVVdHMktxR29sR25LNEk0Q1dXdWlGdDVQRFl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2Bd0MA0G
CSqGSIb3DQEBCwUAA4IBAQBB1yilw7CBJlPHkfboWt47thO/zMPQyEGA6WsCqIc+
yeZYO+4osOoOrfCqxdoY4TFhU0l3OIdBnVu4HmVMDjmuWvjuL1+YckMikg3VuF0y
SinWOCxNROlOJJIQN7c4kJc0Tr9OJ6r4t9+vQQjgwUpz1brOLapptdD0q5/+Dj96
CqWoADQQ5SGQqE0eTfju6fe8TCKKU5hO28W0kBfUCeW1NBvhlVbNgue7oP/jBk+S
3HirfoE8GTALthDnhXKwuoEPRWNB3AfiitV8MbY5aePCWuiPSOr3XD+hMBAX45pS
z4VevROULzbIrj+WHk+2ecCtwsuJL6vPe9jf8yGJgYEs
-----END CERTIFICATE-----