Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/uebo1gkQy3TJrxcYnooCM5UwiT4.roa
File:                     uebo1gkQy3TJrxcYnooCM5UwiT4.roa (raw, json)
Hash identifier:          tBPkJEBEGKRtwJjfxLDkUMuGPnpYzXiWPDF+o4lo0XQ=
Subject key identifier:   B9:E6:E8:D6:09:10:CB:74:C9:AF:17:18:9E:8A:02:33:95:30:89:3E
Certificate issuer:       /CN=2fb8280c6cb7db3e073950d535d6d8c705d90b87
Certificate serial:       019E7FA3459BF0861436F6B691C6650A2294
Authority key identifier: 2F:B8:28:0C:6C:B7:DB:3E:07:39:50:D5:35:D6:D8:C7:05:D9:0B:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L7goDGy32z4HOVDVNdbYxwXZC4c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/uebo1gkQy3TJrxcYnooCM5UwiT4.roa
Signing time:             Sun 31 May 2026 20:04:26 +0000
ROA not before:           Sun 31 May 2026 20:04:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198154
IP address blocks:        193.24.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/L7goDGy32z4HOVDVNdbYxwXZC4c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/L7goDGy32z4HOVDVNdbYxwXZC4c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L7goDGy32z4HOVDVNdbYxwXZC4c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 11:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:7f:a3:45:9b:f0:86:14:36:f6:b6:91:c6:65:0a:22:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fb8280c6cb7db3e073950d535d6d8c705d90b87
        Validity
            Not Before: May 31 20:04:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b9e6e8d60910cb74c9af17189e8a02339530893e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:cf:3f:7c:86:c8:5c:c7:f3:5d:6a:63:5e:fa:
                    a1:6c:90:9d:ca:a2:d3:d0:89:4d:69:b7:60:ae:7e:
                    41:62:b8:ff:37:b2:a4:a4:6c:e3:53:08:b0:7c:2c:
                    10:be:ab:3a:57:15:bc:14:e8:eb:51:aa:e9:70:3f:
                    28:96:63:a8:fe:44:96:b3:cc:35:c3:95:c9:23:d4:
                    94:87:c9:c3:51:8c:73:e7:be:9d:22:34:8f:f3:a4:
                    d7:3e:78:18:bc:85:ca:0d:e2:a2:58:5f:cf:d8:8a:
                    d0:64:53:83:08:e2:65:ab:2d:1a:b2:36:dc:8d:52:
                    1e:5e:8d:cb:57:f5:15:4f:94:ad:7b:cb:c1:40:5f:
                    d0:1a:ee:80:ac:20:cc:6c:fd:5d:f3:d6:d6:36:79:
                    2e:47:05:0a:96:71:6c:2f:35:87:59:8f:e8:65:c6:
                    5f:41:e0:04:e3:15:42:09:7d:f1:d0:3e:6e:68:8c:
                    75:03:08:d1:98:e6:73:aa:5b:2b:39:bf:52:a0:de:
                    b1:5d:3a:41:fa:2d:2a:66:43:db:c1:58:b8:fa:f2:
                    f5:2a:01:86:d4:6d:4a:0a:34:c6:58:47:84:e0:fc:
                    6e:5b:33:f0:ab:0c:38:29:6c:be:eb:63:f5:5e:7b:
                    11:71:7e:26:90:e1:80:40:13:a4:0e:e4:3c:cf:8c:
                    fc:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:E6:E8:D6:09:10:CB:74:C9:AF:17:18:9E:8A:02:33:95:30:89:3E
            X509v3 Authority Key Identifier:
                keyid:2F:B8:28:0C:6C:B7:DB:3E:07:39:50:D5:35:D6:D8:C7:05:D9:0B:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L7goDGy32z4HOVDVNdbYxwXZC4c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/uebo1gkQy3TJrxcYnooCM5UwiT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/L7goDGy32z4HOVDVNdbYxwXZC4c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:49:62:b3:4f:0a:06:50:da:4b:5a:92:e1:1a:df:47:c6:7f:
         5d:32:ef:6a:25:ef:78:fd:93:1d:6f:7b:2a:f4:3e:f8:e4:c4:
         78:2b:6e:61:c1:fa:39:c0:7a:10:24:f4:e4:77:e4:3e:79:a0:
         e9:12:77:83:5f:1a:20:8c:8d:47:e9:54:9f:54:8f:29:e5:d9:
         2c:3c:e8:4a:d7:66:cd:69:4e:48:bd:b1:96:f2:2c:8d:f8:38:
         d0:4e:f4:61:53:e8:96:bd:c7:24:8f:fc:c9:33:3e:e4:14:50:
         bc:3f:04:f1:cc:53:cb:93:2f:19:76:3c:fa:25:ef:e5:18:6a:
         56:51:eb:96:42:28:7a:d1:1f:31:c9:d7:93:0f:7a:e1:4e:01:
         e7:f1:55:3f:20:29:2f:39:dd:29:0f:5b:c2:ba:39:b1:56:3b:
         7f:80:35:2d:48:24:87:8b:d7:89:25:2a:db:33:7c:22:c7:e0:
         cb:85:25:dd:42:b6:c7:7c:e1:6b:0f:93:44:1a:e7:e3:5d:16:
         54:01:48:ea:b6:94:6d:e0:0e:e9:2c:02:16:2b:c5:49:5b:89:
         9a:b5:85:a5:1d:56:10:93:7f:84:b2:a3:f6:1f:3b:3a:7a:d1:
         4f:4f:fc:a2:73:32:9d:73:f4:22:06:b5:30:6d:40:b8:e4:f9:
         8d:92:15:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5/o0Wb8IYUNva2kcZlCiKUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYjgyODBjNmNiN2RiM2UwNzM5NTBkNTM1ZDZkOGM3MDVk
OTBiODcwHhcNMjYwNTMxMjAwNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWU2ZThkNjA5MTBjYjc0YzlhZjE3MTg5ZThhMDIzMzk1MzA4OTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs88/fIbIXMfzXWpjXvqhbJCdyqLT
0IlNabdgrn5BYrj/N7KkpGzjUwiwfCwQvqs6VxW8FOjrUarpcD8olmOo/kSWs8w1
w5XJI9SUh8nDUYxz576dIjSP86TXPngYvIXKDeKiWF/P2IrQZFODCOJlqy0asjbc
jVIeXo3LV/UVT5Ste8vBQF/QGu6ArCDMbP1d89bWNnkuRwUKlnFsLzWHWY/oZcZf
QeAE4xVCCX3x0D5uaIx1AwjRmOZzqlsrOb9SoN6xXTpB+i0qZkPbwVi4+vL1KgGG
1G1KCjTGWEeE4PxuWzPwqww4KWy+62P1XnsRcX4mkOGAQBOkDuQ8z4z8PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLnm6NYJEMt0ya8XGJ6KAjOVMIk+MB8GA1UdIwQY
MBaAFC+4KAxst9s+BzlQ1TXW2McF2QuHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDdnb0RHeTMyejRIT1ZEVk5kYll4d1haQzRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9hYTc2NGQtZjVhYy00YWNmLWIyYmQt
OWZkYjVjNTVhZTUwLzEvdWVibzFna1F5M1RKcnhjWW5vb0NNNVV3aVQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9hYTc2NGQtZjVhYy00YWNmLWIyYmQtOWZkYjVjNTVhZTUw
LzEvTDdnb0RHeTMyejRIT1ZEVk5kYll4d1haQzRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRh5MA0G
CSqGSIb3DQEBCwUAA4IBAQCJSWKzTwoGUNpLWpLhGt9Hxn9dMu9qJe94/ZMdb3sq
9D745MR4K25hwfo5wHoQJPTkd+Q+eaDpEneDXxogjI1H6VSfVI8p5dksPOhK12bN
aU5IvbGW8iyN+DjQTvRhU+iWvcckj/zJMz7kFFC8PwTxzFPLky8Zdjz6Je/lGGpW
UeuWQih60R8xydeTD3rhTgHn8VU/ICkvOd0pD1vCujmxVjt/gDUtSCSHi9eJJSrb
M3wix+DLhSXdQrbHfOFrD5NEGufjXRZUAUjqtpRt4A7pLAIWK8VJW4matYWlHVYQ
k3+EsqP2Hzs6etFPT/yiczKdc/QiBrUwbUC45PmNkhWD
-----END CERTIFICATE-----