Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/56b53f-90c0-4a35-bf23-ff2dfd62d376/1/UBF65ckkUeTb5TbQD9-moIuJwLc.roa
File:                     UBF65ckkUeTb5TbQD9-moIuJwLc.roa (raw, json)
Hash identifier:          RrSAA6sqxIszGdOffmEq9g8ZmL1cSXwchcGnATyPrPg=
Subject key identifier:   50:11:7A:E5:C9:24:51:E4:DB:E5:36:D0:0F:DF:A6:A0:8B:89:C0:B7
Certificate issuer:       /CN=ab19000781c183366cba55416fd75b57dba0e4bb
Certificate serial:       019C00B1616F2419ADED0D9FBF07EB53E1EB
Authority key identifier: AB:19:00:07:81:C1:83:36:6C:BA:55:41:6F:D7:5B:57:DB:A0:E4:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qxkAB4HBgzZsulVBb9dbV9ug5Ls.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/56b53f-90c0-4a35-bf23-ff2dfd62d376/1/UBF65ckkUeTb5TbQD9-moIuJwLc.roa
Signing time:             Tue 27 Jan 2026 18:22:30 +0000
ROA not before:           Tue 27 Jan 2026 18:22:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213962
IP address blocks:        188.93.113.0/24 maxlen: 24
                          2a01:e780::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/56b53f-90c0-4a35-bf23-ff2dfd62d376/1/qxkAB4HBgzZsulVBb9dbV9ug5Ls.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/56b53f-90c0-4a35-bf23-ff2dfd62d376/1/qxkAB4HBgzZsulVBb9dbV9ug5Ls.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qxkAB4HBgzZsulVBb9dbV9ug5Ls.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:00:b1:61:6f:24:19:ad:ed:0d:9f:bf:07:eb:53:e1:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab19000781c183366cba55416fd75b57dba0e4bb
        Validity
            Not Before: Jan 27 18:22:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=50117ae5c92451e4dbe536d00fdfa6a08b89c0b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:32:05:09:c5:f4:98:c6:d8:2b:50:c3:b1:a0:
                    99:2c:77:b4:8c:ec:51:93:dd:43:d8:5e:d9:3f:99:
                    45:1e:8f:5f:27:15:43:cf:4a:d1:d9:6c:25:a2:61:
                    09:b9:aa:b0:ce:5f:e2:8a:4f:34:d9:55:bf:2e:96:
                    55:e5:fa:fb:3a:a7:b8:ab:6d:56:64:e4:4f:96:e7:
                    13:66:06:88:ce:c5:2f:15:e5:9a:84:0d:f7:e5:31:
                    46:88:4a:c9:84:71:54:5d:3b:b1:1b:5d:64:47:24:
                    d3:69:2f:a1:15:30:10:18:de:9c:92:dc:fd:fb:03:
                    bb:74:d2:a2:23:ec:89:5a:56:e7:19:43:04:ee:05:
                    ef:e6:01:64:51:5c:e9:84:c5:55:5f:d7:d8:44:47:
                    39:20:50:17:43:99:c9:f5:ff:e2:f0:40:d5:de:97:
                    2d:26:61:de:71:6c:ba:31:d8:c3:f2:34:87:79:41:
                    31:a6:a7:13:9f:34:50:33:b6:60:b0:08:0e:fa:ed:
                    5f:14:e9:a4:2e:ec:a2:14:c8:3b:55:69:f9:2f:69:
                    97:20:f2:ac:d0:03:15:12:f3:6e:52:60:6e:db:28:
                    71:97:eb:5f:87:ba:61:be:b2:14:5f:21:74:61:32:
                    bd:ad:15:7c:98:dc:96:81:e6:9d:70:35:5c:fe:c0:
                    4c:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:11:7A:E5:C9:24:51:E4:DB:E5:36:D0:0F:DF:A6:A0:8B:89:C0:B7
            X509v3 Authority Key Identifier:
                keyid:AB:19:00:07:81:C1:83:36:6C:BA:55:41:6F:D7:5B:57:DB:A0:E4:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qxkAB4HBgzZsulVBb9dbV9ug5Ls.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/56b53f-90c0-4a35-bf23-ff2dfd62d376/1/UBF65ckkUeTb5TbQD9-moIuJwLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/56b53f-90c0-4a35-bf23-ff2dfd62d376/1/qxkAB4HBgzZsulVBb9dbV9ug5Ls.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.93.113.0/24
                IPv6:
                  2a01:e780::/29

    Signature Algorithm: sha256WithRSAEncryption
         2c:b4:e8:50:7f:e0:dc:08:87:df:47:16:27:f7:80:29:25:e8:
         32:3f:4f:ba:06:85:5a:57:1b:a2:22:2d:57:e3:7f:db:3b:ea:
         3a:58:28:9f:18:1c:6c:48:03:bd:67:f3:b2:cb:62:5c:79:d1:
         b3:a3:5c:63:d6:f1:f3:1d:dc:d0:8c:f7:e0:18:3e:4d:8b:6c:
         98:94:87:03:76:be:b8:0f:30:97:33:d0:72:c3:7d:b4:2d:c8:
         f2:b6:0f:39:0a:2b:0e:67:f4:9e:67:09:2e:a5:ef:7c:e5:99:
         f8:e8:f6:6c:9b:1c:2c:7b:f4:fc:42:15:40:bc:93:d2:94:c3:
         30:84:f5:61:98:1e:8d:4b:58:46:88:6d:c6:20:4d:f3:8c:59:
         23:d4:6e:12:2e:21:ab:bf:9b:56:dc:19:7c:2f:d9:e2:8d:cc:
         1d:29:b2:a0:07:5c:32:64:86:43:5e:c0:cb:c5:5f:86:c9:cb:
         80:28:69:aa:1f:36:34:c8:d9:d7:ae:84:57:21:76:fb:1a:12:
         d0:bd:3b:f6:db:5b:ed:5d:ae:02:3c:31:2d:7a:15:52:40:9b:
         27:93:fa:cc:40:64:b6:54:12:8a:40:6f:ec:5b:e8:93:d6:9c:
         3c:b1:0d:3e:88:05:e4:4a:2e:bb:68:e5:46:6b:d6:83:aa:f2:
         df:5c:15:96
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZwAsWFvJBmt7Q2fvwfrU+HrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMTkwMDA3ODFjMTgzMzY2Y2JhNTU0MTZmZDc1YjU3ZGJh
MGU0YmIwHhcNMjYwMTI3MTgyMjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDExN2FlNWM5MjQ1MWU0ZGJlNTM2ZDAwZmRmYTZhMDhiODljMGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzIFCcX0mMbYK1DDsaCZLHe0jOxR
k91D2F7ZP5lFHo9fJxVDz0rR2WwlomEJuaqwzl/iik802VW/LpZV5fr7Oqe4q21W
ZORPlucTZgaIzsUvFeWahA335TFGiErJhHFUXTuxG11kRyTTaS+hFTAQGN6cktz9
+wO7dNKiI+yJWlbnGUME7gXv5gFkUVzphMVVX9fYREc5IFAXQ5nJ9f/i8EDV3pct
JmHecWy6MdjD8jSHeUExpqcTnzRQM7ZgsAgO+u1fFOmkLuyiFMg7VWn5L2mXIPKs
0AMVEvNuUmBu2yhxl+tfh7phvrIUXyF0YTK9rRV8mNyWgeadcDVc/sBMGwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFAReuXJJFHk2+U20A/fpqCLicC3MB8GA1UdIwQY
MBaAFKsZAAeBwYM2bLpVQW/XW1fboOS7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXhrQUI0SEJnelpzdWxWQmI5ZGJWOXVnNUxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy81NmI1M2YtOTBjMC00YTM1LWJmMjMt
ZmYyZGZkNjJkMzc2LzEvVUJGNjVja2tVZVRiNVRiUUQ5LW1vSXVKd0xjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy81NmI1M2YtOTBjMC00YTM1LWJmMjMtZmYyZGZkNjJkMzc2
LzEvcXhrQUI0SEJnelpzdWxWQmI5ZGJWOXVnNUxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAvF1xMA0E
AgACMAcDBQMqAeeAMA0GCSqGSIb3DQEBCwUAA4IBAQAstOhQf+DcCIffRxYn94Ap
JegyP0+6BoVaVxuiIi1X43/bO+o6WCifGBxsSAO9Z/Oyy2JcedGzo1xj1vHzHdzQ
jPfgGD5Ni2yYlIcDdr64DzCXM9Byw320Lcjytg85CisOZ/SeZwkupe985Zn46PZs
mxwse/T8QhVAvJPSlMMwhPVhmB6NS1hGiG3GIE3zjFkj1G4SLiGrv5tW3Bl8L9ni
jcwdKbKgB1wyZIZDXsDLxV+GycuAKGmqHzY0yNnXroRXIXb7GhLQvTv221vtXa4C
PDEtehVSQJsnk/rMQGS2VBKKQG/sW+iT1pw8sQ0+iAXkSi67aOVGa9aDqvLfXBWW
-----END CERTIFICATE-----