Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/UxGBNLJORbA-dUtSWizJlzSR79A.roa
File:                     UxGBNLJORbA-dUtSWizJlzSR79A.roa (raw, json)
Hash identifier:          iSbtbOdc4793QhhKCfmSFXrRr7lnZaOwHAQy1vMKWow=
Subject key identifier:   53:11:81:34:B2:4E:45:B0:3E:75:4B:52:5A:2C:C9:97:34:91:EF:D0
Certificate issuer:       /CN=7c3c39d1899e699bf5177418ee381489edff4380
Certificate serial:       019EAC8D2430D5C8A1C70899AC3E99A609A5
Authority key identifier: 7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/UxGBNLJORbA-dUtSWizJlzSR79A.roa
Signing time:             Tue 09 Jun 2026 13:23:11 +0000
ROA not before:           Tue 09 Jun 2026 13:23:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        185.27.178.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 22:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ac:8d:24:30:d5:c8:a1:c7:08:99:ac:3e:99:a6:09:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3c39d1899e699bf5177418ee381489edff4380
        Validity
            Not Before: Jun  9 13:23:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=53118134b24e45b03e754b525a2cc9973491efd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a4:e3:35:72:00:b1:34:3e:bb:f3:d9:99:88:
                    d4:21:9d:e8:41:dc:c4:88:d9:32:24:a4:dc:6e:ea:
                    60:c1:08:e4:0a:c2:84:ca:f4:ac:fe:3b:87:17:7d:
                    57:1a:a7:c8:0f:d7:6b:9d:a6:6a:dc:a3:fb:62:bb:
                    91:a3:26:7d:ee:a0:82:c5:ca:26:c3:21:1a:4a:ce:
                    0e:2a:a0:fa:6c:66:ba:1c:16:ba:cf:cb:e4:c3:54:
                    54:ed:a7:86:a8:c5:6b:d2:91:46:7a:56:96:15:a8:
                    70:4b:58:cb:3c:b3:ab:6b:8f:54:5f:cd:d0:ea:2e:
                    ec:81:e2:3b:96:02:86:1b:4e:1f:de:28:e3:58:4d:
                    b6:25:c0:ff:a3:40:b5:4b:5b:be:c6:98:cd:82:81:
                    3d:82:5f:f2:16:08:3d:88:94:6c:c6:0e:ee:96:50:
                    0c:4a:24:81:03:32:90:2f:cd:7f:f5:08:6c:21:82:
                    7e:e5:fb:19:29:cd:53:74:ea:b5:39:75:e7:c8:79:
                    38:f6:71:da:27:31:10:50:1a:84:de:75:5f:4d:30:
                    86:cb:5b:09:a1:eb:26:ef:b3:19:39:da:bb:9b:ef:
                    2f:ac:5d:10:1d:8a:76:3c:6f:1a:82:3c:c4:27:4d:
                    b6:bd:1d:78:b0:cf:75:40:a1:ae:29:a6:e5:8f:a0:
                    10:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:11:81:34:B2:4E:45:B0:3E:75:4B:52:5A:2C:C9:97:34:91:EF:D0
            X509v3 Authority Key Identifier:
                keyid:7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/UxGBNLJORbA-dUtSWizJlzSR79A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:40:a3:aa:ea:c0:b1:6f:43:70:b9:e1:1b:36:04:6e:f7:14:
         50:18:cb:3b:ac:34:3b:44:b9:b8:23:45:91:79:5c:27:1e:2b:
         76:ab:42:c8:3d:c7:78:34:dc:74:74:1b:a3:a0:90:11:2c:0c:
         c8:85:4a:d7:61:b1:e8:ff:5f:be:a8:b4:6c:95:04:14:7c:1f:
         50:79:67:fe:73:5b:bb:b8:57:d6:bb:8a:70:f9:68:d5:93:55:
         a2:f3:48:b8:f0:50:66:b0:15:0f:04:bb:82:27:11:b9:87:a9:
         6f:6c:11:e4:2c:a1:07:d2:6f:17:b3:4c:71:d3:74:e2:30:ef:
         31:8a:9a:dd:18:8d:a3:93:96:66:60:95:cc:44:db:f7:f4:a9:
         2c:dd:64:2b:3b:90:3e:a8:48:0d:77:15:c3:b7:0f:54:e1:f2:
         14:60:16:87:00:83:c3:f6:fc:eb:02:a4:52:71:f3:f0:85:2d:
         07:9a:76:b3:ab:35:75:ad:58:6d:f4:70:17:78:fb:e8:a7:2d:
         fe:8f:08:f1:e2:b6:cc:a0:c8:c8:28:2d:7d:1c:7b:4c:19:6a:
         69:17:24:86:a5:20:ab:a0:af:85:0d:f6:e5:cf:38:c0:e4:93:
         39:5d:af:62:93:b8:eb:bf:44:05:51:7a:3c:88:5a:8b:e4:cd:
         90:63:6e:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6sjSQw1cihxwiZrD6ZpgmlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2MzOWQxODk5ZTY5OWJmNTE3NzQxOGVlMzgxNDg5ZWRm
ZjQzODAwHhcNMjYwNjA5MTMyMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzExODEzNGIyNGU0NWIwM2U3NTRiNTI1YTJjYzk5NzM0OTFlZmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6TjNXIAsTQ+u/PZmYjUIZ3oQdzE
iNkyJKTcbupgwQjkCsKEyvSs/juHF31XGqfID9drnaZq3KP7YruRoyZ97qCCxcom
wyEaSs4OKqD6bGa6HBa6z8vkw1RU7aeGqMVr0pFGelaWFahwS1jLPLOra49UX83Q
6i7sgeI7lgKGG04f3ijjWE22JcD/o0C1S1u+xpjNgoE9gl/yFgg9iJRsxg7ullAM
SiSBAzKQL81/9QhsIYJ+5fsZKc1TdOq1OXXnyHk49nHaJzEQUBqE3nVfTTCGy1sJ
oesm77MZOdq7m+8vrF0QHYp2PG8agjzEJ022vR14sM91QKGuKablj6AQsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFMRgTSyTkWwPnVLUlosyZc0ke/QMB8GA1UdIwQY
MBaAFHw8OdGJnmmb9Rd0GO44FInt/0OAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAt
MDYzZmNkZDNhMDU3LzEvVXhHQk5MSk9SYkEtZFV0U1dpekpselNSNzlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAtMDYzZmNkZDNhMDU3
LzEvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuRuyMA0G
CSqGSIb3DQEBCwUAA4IBAQA0QKOq6sCxb0NwueEbNgRu9xRQGMs7rDQ7RLm4I0WR
eVwnHit2q0LIPcd4NNx0dBujoJARLAzIhUrXYbHo/1++qLRslQQUfB9QeWf+c1u7
uFfWu4pw+WjVk1Wi80i48FBmsBUPBLuCJxG5h6lvbBHkLKEH0m8Xs0xx03TiMO8x
iprdGI2jk5ZmYJXMRNv39Kks3WQrO5A+qEgNdxXDtw9U4fIUYBaHAIPD9vzrAqRS
cfPwhS0HmnazqzV1rVht9HAXePvopy3+jwjx4rbMoMjIKC19HHtMGWppFySGpSCr
oK+FDfblzzjA5JM5Xa9ik7jrv0QFUXo8iFqL5M2QY25J
-----END CERTIFICATE-----