Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/dc7345-75cb-4420-a3f0-65fb10a06e89/1/uGnAEKY_sEiR8o40_A7LmJmHjsA.roa
File:                     uGnAEKY_sEiR8o40_A7LmJmHjsA.roa (raw, json)
Hash identifier:          aec8lRUgj6Iow6BELBIUwY/khPOHhtqFn9xQaaAzFGY=
Subject key identifier:   B8:69:C0:10:A6:3F:B0:48:91:F2:8E:34:FC:0E:CB:98:99:87:8E:C0
Certificate issuer:       /CN=2abcc5c664a4a82305892a8c433e94ffe32dadb7
Certificate serial:       019E3B15AC72EB462F574D2C8498C4B9B00D
Authority key identifier: 2A:BC:C5:C6:64:A4:A8:23:05:89:2A:8C:43:3E:94:FF:E3:2D:AD:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KrzFxmSkqCMFiSqMQz6U_-Mtrbc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/dc7345-75cb-4420-a3f0-65fb10a06e89/1/uGnAEKY_sEiR8o40_A7LmJmHjsA.roa
Signing time:             Mon 18 May 2026 12:35:36 +0000
ROA not before:           Mon 18 May 2026 12:35:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207023
IP address blocks:        185.197.105.0/24 maxlen: 24
                          185.197.106.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/dc7345-75cb-4420-a3f0-65fb10a06e89/1/KrzFxmSkqCMFiSqMQz6U_-Mtrbc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/dc7345-75cb-4420-a3f0-65fb10a06e89/1/KrzFxmSkqCMFiSqMQz6U_-Mtrbc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KrzFxmSkqCMFiSqMQz6U_-Mtrbc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3b:15:ac:72:eb:46:2f:57:4d:2c:84:98:c4:b9:b0:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2abcc5c664a4a82305892a8c433e94ffe32dadb7
        Validity
            Not Before: May 18 12:35:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b869c010a63fb04891f28e34fc0ecb9899878ec0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:0c:58:da:77:1d:b6:f5:24:0a:7a:ce:ae:88:
                    c5:28:f5:fb:0d:31:8c:43:3d:f8:0c:90:b6:35:4c:
                    10:95:54:73:4f:b5:cc:e4:b3:99:60:05:f4:b0:73:
                    67:49:0b:11:40:e8:b4:fc:7a:8b:1f:cb:56:b4:10:
                    a3:39:1c:e1:bf:46:86:cb:8d:8e:42:6a:ea:e4:d2:
                    60:82:77:8a:ae:c6:0c:fb:52:ce:6f:7e:98:f2:51:
                    c1:78:35:ae:25:7c:b9:65:5a:9e:3b:8e:8b:71:99:
                    68:63:d0:ff:66:c0:d8:b9:4f:c5:f5:c3:98:d4:0a:
                    e1:56:4a:85:e1:ab:dd:44:da:72:20:98:af:f9:9b:
                    f9:ae:b5:22:cc:de:5e:29:2f:e6:b2:8c:43:14:34:
                    f8:26:89:18:00:fc:62:29:e4:4e:59:a5:13:ac:22:
                    1b:64:00:b5:47:a4:cb:5d:fd:67:74:07:3c:25:a8:
                    f6:e3:23:c2:9c:ff:4a:5c:59:ff:c0:76:e1:e0:32:
                    79:c6:57:fa:f0:76:1f:f7:5d:9d:04:0a:9b:4d:fe:
                    df:6b:9f:20:de:9f:43:88:73:2f:3b:ad:a1:dc:24:
                    7f:f9:86:3b:01:4b:5d:3b:be:50:23:a6:9c:0f:65:
                    5d:50:4b:23:25:97:cf:ea:50:db:98:f8:c3:5d:7b:
                    18:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:69:C0:10:A6:3F:B0:48:91:F2:8E:34:FC:0E:CB:98:99:87:8E:C0
            X509v3 Authority Key Identifier:
                keyid:2A:BC:C5:C6:64:A4:A8:23:05:89:2A:8C:43:3E:94:FF:E3:2D:AD:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KrzFxmSkqCMFiSqMQz6U_-Mtrbc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/dc7345-75cb-4420-a3f0-65fb10a06e89/1/uGnAEKY_sEiR8o40_A7LmJmHjsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/dc7345-75cb-4420-a3f0-65fb10a06e89/1/KrzFxmSkqCMFiSqMQz6U_-Mtrbc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.197.105.0-185.197.107.255

    Signature Algorithm: sha256WithRSAEncryption
         c4:09:d5:86:4e:45:9b:e0:bc:24:c2:64:85:4e:62:1c:0d:12:
         0d:03:6a:3f:8b:42:c3:5b:8e:13:59:a2:70:dc:27:8a:5f:51:
         99:4f:d7:83:20:29:d2:03:49:9d:95:e8:1d:34:8d:8e:fb:6e:
         1b:80:95:ca:ab:e2:ed:d8:01:74:3f:7b:c2:5e:94:c3:d5:1f:
         bb:09:16:41:ff:b4:d4:d6:7c:58:6e:ba:08:b1:85:15:c3:b3:
         b3:8e:fa:f2:90:cc:84:12:c4:56:e3:19:18:42:f5:8f:25:26:
         3c:b0:c0:15:2b:38:a8:40:70:d2:dd:7f:97:f0:f7:44:59:86:
         ef:25:0c:b2:c8:2a:44:e6:bb:a4:f5:4a:d7:43:36:24:58:ee:
         76:78:42:a5:3f:db:f6:bd:17:09:5f:a2:3c:d3:b5:f6:3d:9e:
         14:22:85:c3:fb:75:64:ae:68:9b:f7:ff:ec:fd:de:d0:4c:0a:
         0a:55:ab:f9:dd:b3:94:42:7e:78:f5:b0:1c:5d:38:a6:79:2c:
         64:30:75:23:be:05:2e:53:e6:1b:c5:76:38:9e:cb:98:9c:69:
         11:b3:98:f0:d1:3c:b3:36:93:df:e0:05:df:c7:58:af:3a:02:
         81:60:46:78:0c:9b:12:16:94:2f:14:53:f5:15:25:47:67:3a:
         d9:c9:88:c3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ47Faxy60YvV00shJjEubANMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYmNjNWM2NjRhNGE4MjMwNTg5MmE4YzQzM2U5NGZmZTMy
ZGFkYjcwHhcNMjYwNTE4MTIzNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODY5YzAxMGE2M2ZiMDQ4OTFmMjhlMzRmYzBlY2I5ODk5ODc4ZWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0wxY2ncdtvUkCnrOrojFKPX7DTGM
Qz34DJC2NUwQlVRzT7XM5LOZYAX0sHNnSQsRQOi0/HqLH8tWtBCjORzhv0aGy42O
Qmrq5NJggneKrsYM+1LOb36Y8lHBeDWuJXy5ZVqeO46LcZloY9D/ZsDYuU/F9cOY
1ArhVkqF4avdRNpyIJiv+Zv5rrUizN5eKS/msoxDFDT4JokYAPxiKeROWaUTrCIb
ZAC1R6TLXf1ndAc8Jaj24yPCnP9KXFn/wHbh4DJ5xlf68HYf912dBAqbTf7fa58g
3p9DiHMvO62h3CR/+YY7AUtdO75QI6acD2VdUEsjJZfP6lDbmPjDXXsYCQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLhpwBCmP7BIkfKONPwOy5iZh47AMB8GA1UdIwQY
MBaAFCq8xcZkpKgjBYkqjEM+lP/jLa23MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3J6RnhtU2txQ01GaVNxTVF6NlVfLU10cmJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy9kYzczNDUtNzVjYi00NDIwLWEzZjAt
NjVmYjEwYTA2ZTg5LzEvdUduQUVLWV9zRWlSOG80MF9BN0xtSm1IanNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy9kYzczNDUtNzVjYi00NDIwLWEzZjAtNjVmYjEwYTA2ZTg5
LzEvS3J6RnhtU2txQ01GaVNxTVF6NlVfLU10cmJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5xWkD
BAK5xWgwDQYJKoZIhvcNAQELBQADggEBAMQJ1YZORZvgvCTCZIVOYhwNEg0Daj+L
QsNbjhNZonDcJ4pfUZlP14MgKdIDSZ2V6B00jY77bhuAlcqr4u3YAXQ/e8JelMPV
H7sJFkH/tNTWfFhuugixhRXDs7OO+vKQzIQSxFbjGRhC9Y8lJjywwBUrOKhAcNLd
f5fw90RZhu8lDLLIKkTmu6T1StdDNiRY7nZ4QqU/2/a9FwlfojzTtfY9nhQihcP7
dWSuaJv3/+z93tBMCgpVq/nds5RCfnj1sBxdOKZ5LGQwdSO+BS5T5hvFdjiey5ic
aRGzmPDRPLM2k9/gBd/HWK86AoFgRngMmxIWlC8UU/UVJUdnOtnJiMM=
-----END CERTIFICATE-----