Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/6b6335-0439-47f2-ae34-7424fdee210e/1/Uc8-vtLFC1N8lVj4ndp6unkcS6U.roa
File:                     Uc8-vtLFC1N8lVj4ndp6unkcS6U.roa (raw, json)
Hash identifier:          UrDkg/Sd+X+UaUrCGrnxftMeAYE4D59TadpDzTu8j1Y=
Subject key identifier:   51:CF:3E:BE:D2:C5:0B:53:7C:95:58:F8:9D:DA:7A:BA:79:1C:4B:A5
Certificate issuer:       /CN=6fcedcbda03c3b36cd7d7037ead339bcb88c9a24
Certificate serial:       019B7F1452F7E79E3D9558AEF71F1A1F862C
Authority key identifier: 6F:CE:DC:BD:A0:3C:3B:36:CD:7D:70:37:EA:D3:39:BC:B8:8C:9A:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b87cvaA8OzbNfXA36tM5vLiMmiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/6b6335-0439-47f2-ae34-7424fdee210e/1/Uc8-vtLFC1N8lVj4ndp6unkcS6U.roa
Signing time:             Fri 02 Jan 2026 14:19:56 +0000
ROA not before:           Fri 02 Jan 2026 14:19:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43374
IP address blocks:        193.228.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/6b6335-0439-47f2-ae34-7424fdee210e/1/b87cvaA8OzbNfXA36tM5vLiMmiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/6b6335-0439-47f2-ae34-7424fdee210e/1/b87cvaA8OzbNfXA36tM5vLiMmiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b87cvaA8OzbNfXA36tM5vLiMmiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 02:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:52:f7:e7:9e:3d:95:58:ae:f7:1f:1a:1f:86:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fcedcbda03c3b36cd7d7037ead339bcb88c9a24
        Validity
            Not Before: Jan  2 14:19:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=51cf3ebed2c50b537c9558f89dda7aba791c4ba5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:92:80:99:5e:94:25:24:0e:eb:39:f9:94:7c:
                    d0:d4:bd:93:43:b3:37:77:1f:2e:5d:8a:34:b6:f5:
                    94:e1:93:09:69:50:c5:7f:49:72:84:84:de:16:ba:
                    55:83:6b:5d:12:47:c5:76:5a:e8:4b:18:10:36:83:
                    79:9e:f2:9d:6d:ac:79:03:9d:8c:d7:d3:65:79:a8:
                    ec:e0:52:99:82:62:f1:92:59:0d:1e:ed:84:ad:42:
                    8d:8d:71:30:59:7e:ae:3f:18:5b:fe:f7:9c:63:e8:
                    7a:1a:b7:ae:3d:a4:c6:5a:18:3a:4e:24:b4:b1:81:
                    5b:3c:5c:c2:6c:5c:5d:8f:37:cc:b4:a1:c7:5b:d5:
                    6c:3d:72:87:03:dc:aa:5f:6d:27:dd:f6:ae:64:67:
                    3d:e2:0b:55:1d:ae:a3:9d:1b:64:5c:c5:3d:0b:0f:
                    33:f5:c0:03:77:ec:27:b6:a6:b0:1e:bb:25:b1:a0:
                    ac:dd:2a:78:0c:0d:6c:8d:18:22:08:15:5c:5f:26:
                    17:56:16:2f:67:7f:cf:ec:b8:b2:17:7f:b9:96:cc:
                    16:39:6d:7e:79:c7:4c:e5:14:80:61:27:7e:21:db:
                    25:2f:83:1c:65:41:ca:db:93:55:75:2e:b0:dd:46:
                    10:7d:ba:1e:6c:fe:7e:cb:b7:f0:cc:a3:cb:b0:b0:
                    a5:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:CF:3E:BE:D2:C5:0B:53:7C:95:58:F8:9D:DA:7A:BA:79:1C:4B:A5
            X509v3 Authority Key Identifier:
                keyid:6F:CE:DC:BD:A0:3C:3B:36:CD:7D:70:37:EA:D3:39:BC:B8:8C:9A:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b87cvaA8OzbNfXA36tM5vLiMmiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/6b6335-0439-47f2-ae34-7424fdee210e/1/Uc8-vtLFC1N8lVj4ndp6unkcS6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/6b6335-0439-47f2-ae34-7424fdee210e/1/b87cvaA8OzbNfXA36tM5vLiMmiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.228.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:0f:43:d1:e8:2e:2e:ca:16:6c:ed:91:9b:fb:30:a3:98:96:
         27:3d:79:63:62:14:32:f6:f9:ef:1b:33:23:18:a7:f3:af:94:
         e4:67:7d:75:e0:06:d0:f2:f8:16:14:a8:50:d6:46:3d:43:c8:
         17:ef:46:63:97:8d:fc:d9:c2:12:50:cf:d3:5b:59:a2:15:f5:
         3e:e5:bd:3e:e5:c6:35:fa:2a:40:72:dd:50:97:c1:89:c1:8b:
         cc:24:28:9f:b1:d3:9b:00:22:4b:35:f5:db:4b:85:c4:00:7c:
         2f:db:3c:38:c5:ab:01:d2:3e:41:41:29:f7:66:c6:77:5b:b9:
         cd:23:1a:6f:a8:3c:e7:1e:df:5e:a9:a2:e3:23:8a:2b:04:a3:
         e1:ce:38:56:5c:72:78:e0:09:63:83:5d:3f:82:20:9d:1b:6f:
         c9:45:1d:28:65:18:ed:fd:3b:9f:28:b8:e7:75:9e:1e:9a:71:
         23:ac:70:13:29:9c:e1:f1:fe:7a:26:13:d6:05:a4:ec:1a:a2:
         73:67:22:38:27:0c:f5:13:6f:0f:8f:ef:3a:be:3e:a0:33:7e:
         2e:75:13:34:72:79:d8:0e:88:02:90:30:52:88:15:2b:7e:6f:
         12:0e:be:fb:62:f1:c1:f1:1b:99:a4:2c:57:70:87:47:93:8e:
         96:cd:e3:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FFL35549lViu9x8aH4YsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmY2VkY2JkYTAzYzNiMzZjZDdkNzAzN2VhZDMzOWJjYjg4
YzlhMjQwHhcNMjYwMTAyMTQxOTU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWNmM2ViZWQyYzUwYjUzN2M5NTU4Zjg5ZGRhN2FiYTc5MWM0YmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxpKAmV6UJSQO6zn5lHzQ1L2TQ7M3
dx8uXYo0tvWU4ZMJaVDFf0lyhITeFrpVg2tdEkfFdlroSxgQNoN5nvKdbax5A52M
19Nleajs4FKZgmLxklkNHu2ErUKNjXEwWX6uPxhb/vecY+h6GreuPaTGWhg6TiS0
sYFbPFzCbFxdjzfMtKHHW9VsPXKHA9yqX20n3fauZGc94gtVHa6jnRtkXMU9Cw8z
9cADd+wntqawHrslsaCs3Sp4DA1sjRgiCBVcXyYXVhYvZ3/P7LiyF3+5lswWOW1+
ecdM5RSAYSd+IdslL4McZUHK25NVdS6w3UYQfboebP5+y7fwzKPLsLClIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFHPPr7SxQtTfJVY+J3aerp5HEulMB8GA1UdIwQY
MBaAFG/O3L2gPDs2zX1wN+rTOby4jJokMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjg3Y3ZhQThPemJOZlhBMzZ0TTV2TGlNbWlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC82YjYzMzUtMDQzOS00N2YyLWFlMzQt
NzQyNGZkZWUyMTBlLzEvVWM4LXZ0TEZDMU44bFZqNG5kcDZ1bmtjUzZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC82YjYzMzUtMDQzOS00N2YyLWFlMzQtNzQyNGZkZWUyMTBl
LzEvYjg3Y3ZhQThPemJOZlhBMzZ0TTV2TGlNbWlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweSfMA0G
CSqGSIb3DQEBCwUAA4IBAQCoD0PR6C4uyhZs7ZGb+zCjmJYnPXljYhQy9vnvGzMj
GKfzr5TkZ3114AbQ8vgWFKhQ1kY9Q8gX70Zjl4382cISUM/TW1miFfU+5b0+5cY1
+ipAct1Ql8GJwYvMJCifsdObACJLNfXbS4XEAHwv2zw4xasB0j5BQSn3ZsZ3W7nN
IxpvqDznHt9eqaLjI4orBKPhzjhWXHJ44Aljg10/giCdG2/JRR0oZRjt/TufKLjn
dZ4emnEjrHATKZzh8f56JhPWBaTsGqJzZyI4Jwz1E28Pj+86vj6gM34udRM0cnnY
DogCkDBSiBUrfm8SDr77YvHB8RuZpCxXcIdHk46WzeP3
-----END CERTIFICATE-----