Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/3033c6-cce8-450d-a0c9-8418a96f6795/1/UMrtA1CGXOz9XaTkZnypaeWfgfc.roa
File:                     UMrtA1CGXOz9XaTkZnypaeWfgfc.roa (raw, json)
Hash identifier:          fVCMIXsbAOrWuXeDoUAcmRm+Ggqxi1Y+KIZIzOxGefE=
Subject key identifier:   50:CA:ED:03:50:86:5C:EC:FD:5D:A4:E4:66:7C:A9:69:E5:9F:81:F7
Certificate issuer:       /CN=1ea0a9eb47d824b51f154442481a257168394551
Certificate serial:       019ECCDE2F5E4291E401985B6F4894C0742C
Authority key identifier: 1E:A0:A9:EB:47:D8:24:B5:1F:15:44:42:48:1A:25:71:68:39:45:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HqCp60fYJLUfFURCSBolcWg5RVE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/3033c6-cce8-450d-a0c9-8418a96f6795/1/UMrtA1CGXOz9XaTkZnypaeWfgfc.roa
Signing time:             Mon 15 Jun 2026 19:59:33 +0000
ROA not before:           Mon 15 Jun 2026 19:59:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210743
IP address blocks:        217.113.194.0/24 maxlen: 24
                          217.113.196.0/24 maxlen: 24
                          217.113.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/3033c6-cce8-450d-a0c9-8418a96f6795/1/HqCp60fYJLUfFURCSBolcWg5RVE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/3033c6-cce8-450d-a0c9-8418a96f6795/1/HqCp60fYJLUfFURCSBolcWg5RVE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HqCp60fYJLUfFURCSBolcWg5RVE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 14:31:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cc:de:2f:5e:42:91:e4:01:98:5b:6f:48:94:c0:74:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ea0a9eb47d824b51f154442481a257168394551
        Validity
            Not Before: Jun 15 19:59:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=50caed0350865cecfd5da4e4667ca969e59f81f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:40:f0:d7:4e:4c:1d:21:2f:86:40:06:3b:70:
                    c8:a1:18:9d:22:ee:30:61:03:09:da:dc:cf:93:00:
                    cc:c9:37:b3:2a:0d:10:58:10:14:25:8e:b3:d5:7f:
                    f0:4c:5d:5a:1b:28:33:62:08:0c:61:23:aa:37:ec:
                    89:e2:49:e4:52:e4:8b:68:42:e1:58:9f:43:0a:cc:
                    cf:96:7a:42:f6:d6:cb:a6:16:4f:90:fa:24:5b:78:
                    23:72:8d:67:8e:a2:8c:dc:3a:3e:d1:d0:de:6f:5a:
                    0f:f8:e2:36:1c:c2:ed:52:6f:74:ac:4e:d4:52:60:
                    e5:a2:7d:f3:33:71:81:5a:11:58:37:0d:6a:7d:ea:
                    f8:70:0a:cd:d9:81:47:2e:f2:54:2c:32:3d:b8:ac:
                    63:c8:59:85:d9:7f:da:49:3d:c0:38:86:6a:10:17:
                    8b:59:59:40:24:eb:05:27:af:ac:54:b1:0a:ee:c6:
                    67:55:f6:c8:63:8d:dd:16:21:5a:6e:67:cc:f6:d2:
                    13:40:e8:a5:56:14:63:3b:1c:55:8b:f1:56:7f:93:
                    82:37:f7:56:16:9c:a9:fd:1c:44:ec:51:69:ed:30:
                    a4:05:ba:ea:25:04:74:b7:c6:67:d7:14:4b:c3:10:
                    07:93:fc:86:b4:eb:82:bf:27:8b:b2:94:9e:a6:68:
                    25:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:CA:ED:03:50:86:5C:EC:FD:5D:A4:E4:66:7C:A9:69:E5:9F:81:F7
            X509v3 Authority Key Identifier:
                keyid:1E:A0:A9:EB:47:D8:24:B5:1F:15:44:42:48:1A:25:71:68:39:45:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HqCp60fYJLUfFURCSBolcWg5RVE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/3033c6-cce8-450d-a0c9-8418a96f6795/1/UMrtA1CGXOz9XaTkZnypaeWfgfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/3033c6-cce8-450d-a0c9-8418a96f6795/1/HqCp60fYJLUfFURCSBolcWg5RVE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.113.194.0/24
                  217.113.196.0/24
                  217.113.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:3a:bb:2d:62:b2:01:07:f3:e8:70:04:5a:01:18:d1:43:0e:
         6a:19:7c:cc:08:6f:28:74:a6:2e:37:d8:41:c6:8b:79:a9:67:
         b0:ee:8b:1c:4c:96:d2:08:c3:57:a8:9f:09:69:92:9b:dc:8b:
         ee:1a:35:31:3c:c7:fe:cb:1b:c5:3c:99:72:a0:4c:90:61:00:
         fd:d4:e7:4a:ff:55:61:53:85:01:55:3b:cd:44:43:23:1e:e9:
         f7:bc:35:7c:b0:c7:4b:1e:72:af:2b:00:dc:3b:d9:3b:5f:3d:
         03:3b:84:79:fa:b0:41:04:f0:d7:d8:a9:34:b8:06:e9:97:18:
         74:be:9f:68:53:d0:32:5a:af:d1:bb:ba:3f:73:90:77:9b:c6:
         c0:21:0b:2e:71:36:ad:10:04:6a:ea:89:1b:58:a0:3b:21:2f:
         bc:0a:bb:46:e5:35:7c:de:61:4d:70:4a:ac:89:50:99:e6:c2:
         46:e9:24:a1:df:57:39:61:27:9d:fa:77:0d:79:75:75:af:0f:
         c8:fa:c4:65:26:e3:8f:f4:fb:56:16:fc:ec:34:cf:67:33:8e:
         ed:07:5d:15:b1:52:17:9e:e8:1d:7e:d6:bd:7a:bf:f7:ad:f5:
         31:b4:b9:01:50:78:6e:2b:47:a3:a0:c4:38:be:9a:8e:36:89:
         3d:14:df:95
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ7M3i9eQpHkAZhbb0iUwHQsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlYTBhOWViNDdkODI0YjUxZjE1NDQ0MjQ4MWEyNTcxNjgz
OTQ1NTEwHhcNMjYwNjE1MTk1OTMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGNhZWQwMzUwODY1Y2VjZmQ1ZGE0ZTQ2NjdjYTk2OWU1OWY4MWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEDw105MHSEvhkAGO3DIoRidIu4w
YQMJ2tzPkwDMyTezKg0QWBAUJY6z1X/wTF1aGygzYggMYSOqN+yJ4knkUuSLaELh
WJ9DCszPlnpC9tbLphZPkPokW3gjco1njqKM3Do+0dDeb1oP+OI2HMLtUm90rE7U
UmDlon3zM3GBWhFYNw1qfer4cArN2YFHLvJULDI9uKxjyFmF2X/aST3AOIZqEBeL
WVlAJOsFJ6+sVLEK7sZnVfbIY43dFiFabmfM9tITQOilVhRjOxxVi/FWf5OCN/dW
Fpyp/RxE7FFp7TCkBbrqJQR0t8Zn1xRLwxAHk/yGtOuCvyeLspSepmglVwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFDK7QNQhlzs/V2k5GZ8qWnln4H3MB8GA1UdIwQY
MBaAFB6gqetH2CS1HxVEQkgaJXFoOUVRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHFDcDYwZllKTFVmRlVSQ1NCb2xjV2c1UlZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8zMDMzYzYtY2NlOC00NTBkLWEwYzkt
ODQxOGE5NmY2Nzk1LzEvVU1ydEExQ0dYT3o5WGFUa1pueXBhZVdmZ2ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi8zMDMzYzYtY2NlOC00NTBkLWEwYzktODQxOGE5NmY2Nzk1
LzEvSHFDcDYwZllKTFVmRlVSQ1NCb2xjV2c1UlZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA2XHCAwQA
2XHEAwQA2XHHMA0GCSqGSIb3DQEBCwUAA4IBAQCiOrstYrIBB/PocARaARjRQw5q
GXzMCG8odKYuN9hBxot5qWew7oscTJbSCMNXqJ8JaZKb3IvuGjUxPMf+yxvFPJly
oEyQYQD91OdK/1VhU4UBVTvNREMjHun3vDV8sMdLHnKvKwDcO9k7Xz0DO4R5+rBB
BPDX2Kk0uAbplxh0vp9oU9AyWq/Ru7o/c5B3m8bAIQsucTatEARq6okbWKA7IS+8
CrtG5TV83mFNcEqsiVCZ5sJG6SSh31c5YSed+ncNeXV1rw/I+sRlJuOP9PtWFvzs
NM9nM47tB10VsVIXnugdfta9er/3rfUxtLkBUHhuK0ejoMQ4vpqONok9FN+V
-----END CERTIFICATE-----
Generated at Wed Jul 1 00:30:21 2026 by rpki-client