Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/uvQxWScPx8m3fOABuvxk5C9EAS8.roa
File:                     uvQxWScPx8m3fOABuvxk5C9EAS8.roa (raw, json)
Hash identifier:          lGGSRLSoaY1J0Yu0lmJKdwLIc5UpAHMNZ+kBI8gouRY=
Subject key identifier:   BA:F4:31:59:27:0F:C7:C9:B7:7C:E0:01:BA:FC:64:E4:2F:44:01:2F
Certificate issuer:       /CN=1f1e2eaaef0701595ac2754d0121217e7b91d739
Certificate serial:       019EDADF9C769144B05EEC45EBE300E5D4CD
Authority key identifier: 1F:1E:2E:AA:EF:07:01:59:5A:C2:75:4D:01:21:21:7E:7B:91:D7:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/uvQxWScPx8m3fOABuvxk5C9EAS8.roa
Signing time:             Thu 18 Jun 2026 13:15:48 +0000
ROA not before:           Thu 18 Jun 2026 13:15:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        89.18.56.0/22 maxlen: 24
                          89.18.60.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 01:01:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:da:df:9c:76:91:44:b0:5e:ec:45:eb:e3:00:e5:d4:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f1e2eaaef0701595ac2754d0121217e7b91d739
        Validity
            Not Before: Jun 18 13:15:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=baf43159270fc7c9b77ce001bafc64e42f44012f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:8d:01:cb:d9:a9:2d:c9:0a:c3:6d:9c:7b:fc:
                    66:40:16:b3:90:0a:74:bb:ee:e3:af:c2:80:f8:a4:
                    14:81:be:01:2f:0c:54:ce:98:e3:79:54:66:7c:d1:
                    b6:61:9e:81:5a:83:63:e6:7c:59:d1:29:8d:61:ca:
                    13:e1:92:9f:1e:3e:d6:f3:ff:66:62:bb:b1:df:27:
                    8d:f0:a8:f5:82:de:a6:10:ac:2f:2b:c2:36:e1:32:
                    8a:ea:eb:4c:4c:9d:b0:7c:25:91:e2:86:90:1b:82:
                    4d:d7:d2:db:4c:7e:bb:55:ef:3e:e5:91:4a:6c:ab:
                    77:6b:da:28:da:ce:e2:02:03:8a:15:77:ae:94:b9:
                    ed:7e:c9:9b:f4:cd:d3:5d:23:89:25:6a:32:d8:64:
                    7c:d4:47:ce:ce:33:5d:d7:61:fb:f8:30:ce:63:7d:
                    16:8a:f4:17:ef:17:19:40:97:60:91:b7:54:c2:cc:
                    c3:44:10:d5:a7:65:4e:77:95:a3:14:2d:cd:44:6d:
                    31:31:90:03:a1:9d:37:0a:69:cd:5e:2e:34:25:57:
                    02:ab:a8:14:6d:a0:8d:06:fd:58:d9:a9:45:1d:80:
                    14:ed:d6:a5:6f:99:7a:2e:79:f7:fd:da:58:72:4f:
                    18:94:10:da:fa:09:20:c0:25:a5:ee:e8:c6:3a:8d:
                    9b:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:F4:31:59:27:0F:C7:C9:B7:7C:E0:01:BA:FC:64:E4:2F:44:01:2F
            X509v3 Authority Key Identifier:
                keyid:1F:1E:2E:AA:EF:07:01:59:5A:C2:75:4D:01:21:21:7E:7B:91:D7:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/uvQxWScPx8m3fOABuvxk5C9EAS8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.18.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         80:8d:bb:84:c9:8a:19:1c:43:61:e1:9a:9e:77:c1:df:02:d9:
         eb:a9:79:86:6d:2c:6d:c6:2f:26:2e:15:48:41:19:7a:8f:b5:
         4a:de:98:c8:1a:a5:c4:64:45:0f:20:0f:b3:bf:3e:5e:fb:4c:
         c8:af:5d:f9:54:9e:96:3f:f0:20:74:aa:4b:b0:c5:77:01:43:
         44:a4:5a:a2:29:3b:a7:57:e6:06:7b:81:b7:8f:c8:37:1d:aa:
         2c:cf:91:38:6a:63:8b:f3:9e:b1:4f:d0:d9:6b:e3:b7:7d:f8:
         ab:3f:ab:bc:49:89:fa:23:d3:ca:4c:fd:11:fc:70:70:e5:84:
         0f:42:65:ea:5f:6c:19:5b:e6:e8:6a:05:55:8c:d0:90:d5:e6:
         fb:b4:5f:11:42:c5:a3:1b:ae:2f:73:5b:98:f6:59:b0:42:8c:
         d9:27:94:89:b7:44:3b:c7:0b:ab:a0:7d:1e:2d:59:64:fc:85:
         19:01:e6:1f:70:6c:f7:82:3e:13:65:c1:78:9c:af:73:f0:4f:
         7a:e0:74:ef:c7:93:30:b9:4e:b1:6a:69:27:1b:4e:34:45:51:
         91:21:60:11:ab:af:eb:00:d2:5c:e3:f1:27:d8:a3:58:a1:f8:
         ad:f5:e1:9a:f3:de:51:a6:d5:f8:04:61:08:70:41:dc:cd:c6:
         88:83:9b:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7a35x2kUSwXuxF6+MA5dTNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMWUyZWFhZWYwNzAxNTk1YWMyNzU0ZDAxMjEyMTdlN2I5
MWQ3MzkwHhcNMjYwNjE4MTMxNTQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWY0MzE1OTI3MGZjN2M5Yjc3Y2UwMDFiYWZjNjRlNDJmNDQwMTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvY0By9mpLckKw22ce/xmQBazkAp0
u+7jr8KA+KQUgb4BLwxUzpjjeVRmfNG2YZ6BWoNj5nxZ0SmNYcoT4ZKfHj7W8/9m
Yrux3yeN8Kj1gt6mEKwvK8I24TKK6utMTJ2wfCWR4oaQG4JN19LbTH67Ve8+5ZFK
bKt3a9oo2s7iAgOKFXeulLntfsmb9M3TXSOJJWoy2GR81EfOzjNd12H7+DDOY30W
ivQX7xcZQJdgkbdUwszDRBDVp2VOd5WjFC3NRG0xMZADoZ03CmnNXi40JVcCq6gU
baCNBv1Y2alFHYAU7dalb5l6Lnn3/dpYck8YlBDa+gkgwCWl7ujGOo2biwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLr0MVknD8fJt3zgAbr8ZOQvRAEvMB8GA1UdIwQY
MBaAFB8eLqrvBwFZWsJ1TQEhIX57kdc5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHg0dXF1OEhBVmxhd25WTkFTRWhmbnVSMXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS80ZDZmZmQtMWZhYy00OTdmLTgxMGMt
MmIzNGI4NDMzYmI1LzEvdXZReFdTY1B4OG0zZk9BQnV2eGs1QzlFQVM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS80ZDZmZmQtMWZhYy00OTdmLTgxMGMtMmIzNGI4NDMzYmI1
LzEvSHg0dXF1OEhBVmxhd25WTkFTRWhmbnVSMXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDWRI4MA0G
CSqGSIb3DQEBCwUAA4IBAQCAjbuEyYoZHENh4Zqed8HfAtnrqXmGbSxtxi8mLhVI
QRl6j7VK3pjIGqXEZEUPIA+zvz5e+0zIr135VJ6WP/AgdKpLsMV3AUNEpFqiKTun
V+YGe4G3j8g3Haosz5E4amOL856xT9DZa+O3ffirP6u8SYn6I9PKTP0R/HBw5YQP
QmXqX2wZW+boagVVjNCQ1eb7tF8RQsWjG64vc1uY9lmwQozZJ5SJt0Q7xwuroH0e
LVlk/IUZAeYfcGz3gj4TZcF4nK9z8E964HTvx5MwuU6xamknG040RVGRIWARq6/r
ANJc4/En2KNYofit9eGa895RptX4BGEIcEHczcaIg5sP
-----END CERTIFICATE-----