Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/aa6192-0427-41c4-97ad-6ee745156844/1/UmYNZqum_4Kzkh8HDuLm7ufNeuA.roa
File:                     UmYNZqum_4Kzkh8HDuLm7ufNeuA.roa (raw, json)
Hash identifier:          bxqxiGhnIQdSZRzDN0jWAaCALi/Ef7zdBHHxbobaTq0=
Subject key identifier:   52:66:0D:66:AB:A6:FF:82:B3:92:1F:07:0E:E2:E6:EE:E7:CD:7A:E0
Certificate issuer:       /CN=fde577faa235717ae13438e1d52ea4b4e3da5498
Certificate serial:       019DE45C5337196FB3B724DC6BE44ABD8176
Authority key identifier: FD:E5:77:FA:A2:35:71:7A:E1:34:38:E1:D5:2E:A4:B4:E3:DA:54:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_eV3-qI1cXrhNDjh1S6ktOPaVJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/aa6192-0427-41c4-97ad-6ee745156844/1/UmYNZqum_4Kzkh8HDuLm7ufNeuA.roa
Signing time:             Fri 01 May 2026 16:25:49 +0000
ROA not before:           Fri 01 May 2026 16:25:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15623
IP address blocks:        2a0c:e480::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/aa6192-0427-41c4-97ad-6ee745156844/1/_eV3-qI1cXrhNDjh1S6ktOPaVJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/aa6192-0427-41c4-97ad-6ee745156844/1/_eV3-qI1cXrhNDjh1S6ktOPaVJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_eV3-qI1cXrhNDjh1S6ktOPaVJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 03 May 2026 01:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e4:5c:53:37:19:6f:b3:b7:24:dc:6b:e4:4a:bd:81:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fde577faa235717ae13438e1d52ea4b4e3da5498
        Validity
            Not Before: May  1 16:25:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=52660d66aba6ff82b3921f070ee2e6eee7cd7ae0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f4:0f:39:2b:5a:d0:d2:c6:43:69:9d:36:22:
                    8f:5b:23:41:c7:5d:74:3e:f9:bd:83:0a:24:4d:cb:
                    4c:c8:8b:fa:72:62:78:30:ee:aa:5b:40:31:9c:00:
                    68:c6:7c:34:66:9d:14:51:27:09:66:35:8d:f2:36:
                    d1:78:4e:b1:a6:fa:cc:82:ab:4d:e0:ed:d6:3f:ce:
                    a7:c6:8d:28:75:50:89:2d:48:a3:c1:3f:68:e0:48:
                    02:d8:6f:6b:66:42:27:7b:e7:d0:17:64:cb:eb:e4:
                    e0:ec:e1:96:96:56:f8:80:32:24:26:5a:34:93:b7:
                    16:bf:08:b1:18:1a:66:19:26:2e:75:fa:49:52:a7:
                    6d:ca:81:52:74:52:e7:65:96:61:ae:ca:47:fc:b8:
                    78:12:91:67:8c:3a:f0:68:b4:4b:17:29:3f:09:30:
                    5e:6c:63:07:3b:7f:4d:f3:26:1c:25:0e:3f:11:60:
                    0b:31:f4:45:cf:21:3a:51:6a:e9:eb:99:d5:be:1a:
                    90:5e:0c:52:22:e1:c8:a5:84:a4:62:8f:40:4f:87:
                    6d:1a:98:10:98:4e:32:83:9e:28:f9:e7:dc:31:29:
                    19:1b:d6:ba:2e:d7:4a:1e:c7:74:31:72:33:ef:6f:
                    83:6d:a7:ab:38:75:f9:9f:be:ce:fd:a3:40:b3:d1:
                    56:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:66:0D:66:AB:A6:FF:82:B3:92:1F:07:0E:E2:E6:EE:E7:CD:7A:E0
            X509v3 Authority Key Identifier:
                keyid:FD:E5:77:FA:A2:35:71:7A:E1:34:38:E1:D5:2E:A4:B4:E3:DA:54:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_eV3-qI1cXrhNDjh1S6ktOPaVJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/aa6192-0427-41c4-97ad-6ee745156844/1/UmYNZqum_4Kzkh8HDuLm7ufNeuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/aa6192-0427-41c4-97ad-6ee745156844/1/_eV3-qI1cXrhNDjh1S6ktOPaVJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:e480::/29

    Signature Algorithm: sha256WithRSAEncryption
         15:98:74:45:10:f1:cf:32:fd:90:fe:14:76:94:da:fe:47:d0:
         73:b6:9d:a5:91:7d:15:3b:b5:79:50:7f:6f:01:62:3a:9e:43:
         43:4e:86:d7:5c:26:ce:06:8a:4d:21:e1:0f:3b:93:7d:b9:8f:
         ee:1b:43:7c:a5:82:86:01:80:0c:a2:6a:44:04:9b:f1:5c:8c:
         7c:c9:6b:60:ab:0d:42:96:72:3c:ba:f7:96:62:41:81:a4:cf:
         43:43:ff:8c:f0:94:87:3e:00:45:91:f9:b6:39:15:22:59:9a:
         7c:f1:fe:29:e2:d1:fb:89:59:f5:80:22:4a:77:91:a6:41:be:
         52:5a:1a:76:d7:55:88:5d:8b:e5:76:cb:a4:aa:23:1c:7f:c9:
         dc:7c:d6:53:18:ff:eb:cd:51:5e:c9:e8:83:e2:10:6b:81:ab:
         96:18:46:31:0a:c6:52:b5:70:78:2b:ce:0b:54:b0:a0:93:ab:
         04:c6:57:d1:c7:8e:e6:74:05:07:fd:68:cc:20:d5:6e:aa:f0:
         ad:99:a3:88:2b:ec:78:46:63:5f:7f:b2:11:57:84:4a:9a:ac:
         70:78:74:3c:6c:0c:37:4b:2f:05:fe:78:78:c1:ac:31:6b:4a:
         ed:b8:84:54:43:45:61:4e:19:83:c1:fb:c3:4f:24:7f:68:3e:
         11:57:25:fa
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ3kXFM3GW+ztyTca+RKvYF2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZTU3N2ZhYTIzNTcxN2FlMTM0MzhlMWQ1MmVhNGI0ZTNk
YTU0OTgwHhcNMjYwNTAxMTYyNTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjY2MGQ2NmFiYTZmZjgyYjM5MjFmMDcwZWUyZTZlZWU3Y2Q3YWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvQPOSta0NLGQ2mdNiKPWyNBx110
Pvm9gwokTctMyIv6cmJ4MO6qW0AxnABoxnw0Zp0UUScJZjWN8jbReE6xpvrMgqtN
4O3WP86nxo0odVCJLUijwT9o4EgC2G9rZkIne+fQF2TL6+Tg7OGWllb4gDIkJlo0
k7cWvwixGBpmGSYudfpJUqdtyoFSdFLnZZZhrspH/Lh4EpFnjDrwaLRLFyk/CTBe
bGMHO39N8yYcJQ4/EWALMfRFzyE6UWrp65nVvhqQXgxSIuHIpYSkYo9AT4dtGpgQ
mE4yg54o+efcMSkZG9a6LtdKHsd0MXIz72+DbaerOHX5n77O/aNAs9FWQQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFJmDWarpv+Cs5IfBw7i5u7nzXrgMB8GA1UdIwQY
MBaAFP3ld/qiNXF64TQ44dUupLTj2lSYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2VWMy1xSTFjWHJoTkRqaDFTNmt0T1BhVkpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9hYTYxOTItMDQyNy00MWM0LTk3YWQt
NmVlNzQ1MTU2ODQ0LzEvVW1ZTlpxdW1fNEt6a2g4SER1TG03dWZOZXVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9hYTYxOTItMDQyNy00MWM0LTk3YWQtNmVlNzQ1MTU2ODQ0
LzEvX2VWMy1xSTFjWHJoTkRqaDFTNmt0T1BhVkpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgzkgDAN
BgkqhkiG9w0BAQsFAAOCAQEAFZh0RRDxzzL9kP4UdpTa/kfQc7adpZF9FTu1eVB/
bwFiOp5DQ06G11wmzgaKTSHhDzuTfbmP7htDfKWChgGADKJqRASb8VyMfMlrYKsN
QpZyPLr3lmJBgaTPQ0P/jPCUhz4ARZH5tjkVIlmafPH+KeLR+4lZ9YAiSneRpkG+
UloadtdViF2L5XbLpKojHH/J3HzWUxj/681RXsnog+IQa4GrlhhGMQrGUrVweCvO
C1SwoJOrBMZX0ceO5nQFB/1ozCDVbqrwrZmjiCvseEZjX3+yEVeESpqscHh0PGwM
N0svBf54eMGsMWtK7biEVENFYU4Zg8H7w08kf2g+EVcl+g==
-----END CERTIFICATE-----