Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8a4bd2-fd0b-4f2e-afdb-9f8f83f82228/1/UqSLybQPqtyf12w058GGJrCrwlE.roa
File:                     UqSLybQPqtyf12w058GGJrCrwlE.roa (raw, json)
Hash identifier:          ay496TJzckN/WV79yGM4pv+K/GRv47GhhBgHEduwC9o=
Subject key identifier:   52:A4:8B:C9:B4:0F:AA:DC:9F:D7:6C:34:E7:C1:86:26:B0:AB:C2:51
Certificate issuer:       /CN=8dc6b2395163ce47b036fae02a71f948804bf55f
Certificate serial:       019D47906178DA12754D5F8FCD35F6F0BBAD
Authority key identifier: 8D:C6:B2:39:51:63:CE:47:B0:36:FA:E0:2A:71:F9:48:80:4B:F5:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jcayOVFjzkewNvrgKnH5SIBL9V8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8a4bd2-fd0b-4f2e-afdb-9f8f83f82228/1/UqSLybQPqtyf12w058GGJrCrwlE.roa
Signing time:             Wed 01 Apr 2026 05:42:17 +0000
ROA not before:           Wed 01 Apr 2026 05:42:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57562
IP address blocks:        91.232.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8a4bd2-fd0b-4f2e-afdb-9f8f83f82228/1/jcayOVFjzkewNvrgKnH5SIBL9V8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8a4bd2-fd0b-4f2e-afdb-9f8f83f82228/1/jcayOVFjzkewNvrgKnH5SIBL9V8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jcayOVFjzkewNvrgKnH5SIBL9V8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:47:90:61:78:da:12:75:4d:5f:8f:cd:35:f6:f0:bb:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8dc6b2395163ce47b036fae02a71f948804bf55f
        Validity
            Not Before: Apr  1 05:42:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=52a48bc9b40faadc9fd76c34e7c18626b0abc251
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:3d:63:cf:32:8a:32:10:4d:77:a8:d6:30:86:
                    fc:36:4d:9d:14:51:3b:b7:fe:0d:ba:f3:eb:b1:e2:
                    91:3c:86:67:23:1a:89:a6:07:60:0a:92:e0:77:8c:
                    84:32:97:37:99:e0:e0:fd:59:62:c8:53:8d:e4:f0:
                    2f:55:53:26:0e:c3:08:ba:83:05:6b:3b:e9:97:24:
                    33:00:f3:50:63:90:5d:ed:fd:f2:4f:0c:d8:aa:09:
                    ce:57:83:bc:3d:3f:14:8e:3c:fc:25:48:58:a2:0f:
                    5d:47:90:a5:c2:77:8c:78:be:1d:fc:19:f3:fe:13:
                    d7:18:ea:1c:b4:aa:59:9f:40:58:41:7a:e8:8c:2d:
                    52:ac:97:69:28:e1:65:a7:ef:2a:f9:eb:7d:70:93:
                    2a:60:6e:51:94:57:3a:9e:4e:79:68:84:9d:47:30:
                    e9:61:3f:38:99:cd:8f:a0:53:7d:03:3a:54:a0:65:
                    30:48:f5:2f:db:c2:09:9b:ce:e5:53:14:f2:f1:2a:
                    43:71:72:a0:21:d6:c3:56:e2:77:65:d8:a7:be:d9:
                    13:6e:0a:89:c8:3c:28:20:af:95:db:7b:f5:e5:80:
                    7b:bf:92:26:8b:9d:1c:73:1e:26:cc:1d:11:35:e4:
                    9b:5b:e8:dd:b1:11:80:c2:bb:11:90:3b:60:22:b1:
                    69:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:A4:8B:C9:B4:0F:AA:DC:9F:D7:6C:34:E7:C1:86:26:B0:AB:C2:51
            X509v3 Authority Key Identifier:
                keyid:8D:C6:B2:39:51:63:CE:47:B0:36:FA:E0:2A:71:F9:48:80:4B:F5:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jcayOVFjzkewNvrgKnH5SIBL9V8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8a4bd2-fd0b-4f2e-afdb-9f8f83f82228/1/UqSLybQPqtyf12w058GGJrCrwlE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8a4bd2-fd0b-4f2e-afdb-9f8f83f82228/1/jcayOVFjzkewNvrgKnH5SIBL9V8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:91:28:69:22:07:b0:50:54:36:b7:88:e5:67:7c:86:7f:9b:
         86:bb:21:0e:4c:fc:6d:2e:fa:3f:64:de:1a:af:a0:4a:14:59:
         48:de:23:f4:41:06:ff:8e:d1:e2:b0:bb:66:9c:2f:24:c7:bf:
         3b:71:9f:ab:cb:13:5e:62:89:72:81:87:2f:29:c2:3f:00:7c:
         6e:7b:40:02:d1:b7:de:43:76:ab:05:9c:9a:22:4f:1a:c1:ff:
         7b:c3:ad:0c:f7:7e:8e:c4:b0:e1:a0:7c:97:90:a7:40:39:ec:
         5b:ad:77:46:85:2a:b6:81:7e:f4:13:39:34:4f:f5:12:06:38:
         65:ef:ec:8c:4a:82:af:49:10:70:d3:d0:19:5e:40:a1:58:9c:
         8c:10:69:58:b1:25:46:5b:f3:c8:ad:5c:ad:6b:9e:6e:c3:09:
         a5:21:29:5d:36:f3:8f:cb:71:1a:28:2f:33:36:7e:b8:ef:a7:
         50:58:8a:6e:f6:01:bf:3f:5d:26:4d:8a:8f:6e:10:da:c5:00:
         8f:17:86:86:7d:54:bc:35:6b:fa:43:ad:a4:a8:9f:9a:c3:94:
         63:a2:a4:20:06:b0:2a:c4:1f:6b:63:ef:dc:14:63:ab:53:ef:
         3a:1f:0d:3c:20:61:9d:66:f8:97:3b:e3:7b:82:42:3e:77:26:
         4a:60:df:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1HkGF42hJ1TV+PzTX28LutMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYzZiMjM5NTE2M2NlNDdiMDM2ZmFlMDJhNzFmOTQ4ODA0
YmY1NWYwHhcNMjYwNDAxMDU0MjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmE0OGJjOWI0MGZhYWRjOWZkNzZjMzRlN2MxODYyNmIwYWJjMjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz1jzzKKMhBNd6jWMIb8Nk2dFFE7
t/4NuvPrseKRPIZnIxqJpgdgCpLgd4yEMpc3meDg/VliyFON5PAvVVMmDsMIuoMF
azvplyQzAPNQY5Bd7f3yTwzYqgnOV4O8PT8Ujjz8JUhYog9dR5ClwneMeL4d/Bnz
/hPXGOoctKpZn0BYQXrojC1SrJdpKOFlp+8q+et9cJMqYG5RlFc6nk55aISdRzDp
YT84mc2PoFN9AzpUoGUwSPUv28IJm87lUxTy8SpDcXKgIdbDVuJ3ZdinvtkTbgqJ
yDwoIK+V23v15YB7v5Imi50ccx4mzB0RNeSbW+jdsRGAwrsRkDtgIrFp7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFKki8m0D6rcn9dsNOfBhiawq8JRMB8GA1UdIwQY
MBaAFI3GsjlRY85HsDb64Cpx+UiAS/VfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamNheU9WRmp6a2V3TnZyZ0tuSDVTSUJMOVY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YTRiZDItZmQwYi00ZjJlLWFmZGIt
OWY4ZjgzZjgyMjI4LzEvVXFTTHliUVBxdHlmMTJ3MDU4R0dKckNyd2xFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YTRiZDItZmQwYi00ZjJlLWFmZGItOWY4ZjgzZjgyMjI4
LzEvamNheU9WRmp6a2V3TnZyZ0tuSDVTSUJMOVY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+jYMA0G
CSqGSIb3DQEBCwUAA4IBAQAjkShpIgewUFQ2t4jlZ3yGf5uGuyEOTPxtLvo/ZN4a
r6BKFFlI3iP0QQb/jtHisLtmnC8kx787cZ+ryxNeYolygYcvKcI/AHxue0AC0bfe
Q3arBZyaIk8awf97w60M936OxLDhoHyXkKdAOexbrXdGhSq2gX70Ezk0T/USBjhl
7+yMSoKvSRBw09AZXkChWJyMEGlYsSVGW/PIrVyta55uwwmlISldNvOPy3EaKC8z
Nn6476dQWIpu9gG/P10mTYqPbhDaxQCPF4aGfVS8NWv6Q62kqJ+aw5RjoqQgBrAq
xB9rY+/cFGOrU+86Hw08IGGdZviXO+N7gkI+dyZKYN/9
-----END CERTIFICATE-----