Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/uoYwc_MOACyBk_MqF0qcXxuBmFE.roa
File:                     uoYwc_MOACyBk_MqF0qcXxuBmFE.roa (raw, json)
Hash identifier:          0XVXcAZ4f9KIG0VWEmAtwKYdBw/7Q40fzGdDuFKeOBg=
Subject key identifier:   BA:86:30:73:F3:0E:00:2C:81:93:F3:2A:17:4A:9C:5F:1B:81:98:51
Certificate issuer:       /CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Certificate serial:       019D306682BE3B66C288511B0D487DA06A70
Authority key identifier: CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/uoYwc_MOACyBk_MqF0qcXxuBmFE.roa
Signing time:             Fri 27 Mar 2026 17:45:17 +0000
ROA not before:           Fri 27 Mar 2026 17:45:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30058
IP address blocks:        207.89.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:30:66:82:be:3b:66:c2:88:51:1b:0d:48:7d:a0:6a:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
        Validity
            Not Before: Mar 27 17:45:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ba863073f30e002c8193f32a174a9c5f1b819851
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:f4:1f:80:96:e1:22:b9:35:87:32:77:05:90:
                    83:63:34:65:eb:65:fb:fc:2b:8b:27:15:4e:cf:2b:
                    0e:e1:8f:8b:d3:de:ac:a2:a2:87:49:27:e8:3b:bf:
                    1c:40:09:e2:95:e4:d8:b4:59:3e:d1:3c:18:26:b6:
                    b6:df:37:81:76:01:0c:77:2b:3c:bd:0d:72:2c:e3:
                    9e:5e:32:f6:b4:f8:b7:ea:94:28:90:9b:00:30:bd:
                    34:fe:77:79:71:12:79:41:98:fd:25:cf:0f:7e:05:
                    cb:4e:59:77:11:02:74:13:d1:0a:48:86:0f:40:5e:
                    15:25:2c:ca:d4:11:51:eb:16:ca:3f:c8:98:f6:88:
                    e0:b7:86:94:9c:14:18:90:6b:1b:a4:fa:e4:61:04:
                    69:96:ba:3f:e0:5d:e3:49:83:db:e5:81:8c:73:f0:
                    55:46:11:02:b8:32:32:a8:ac:2b:47:1b:36:15:43:
                    21:61:d2:6a:fb:19:36:29:05:56:e4:83:6d:a7:d5:
                    9b:8d:f2:55:8e:c5:c7:a4:2e:0b:f7:30:2f:95:3d:
                    38:99:3b:da:0d:55:87:95:d6:b7:86:ae:4b:b3:20:
                    bf:8d:71:b1:d0:c2:c2:6a:2d:53:70:80:f3:cb:66:
                    58:5d:e7:9f:9f:19:05:29:f1:64:68:2f:9d:9f:8d:
                    89:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:86:30:73:F3:0E:00:2C:81:93:F3:2A:17:4A:9C:5F:1B:81:98:51
            X509v3 Authority Key Identifier:
                keyid:CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/uoYwc_MOACyBk_MqF0qcXxuBmFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.89.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:1b:52:1f:df:af:34:37:6f:4a:36:ff:5a:30:4c:99:f6:ae:
         79:94:ef:6d:68:a1:f1:48:bc:6d:63:7e:14:99:b1:51:b8:6b:
         a4:43:0a:32:4c:26:32:23:49:c8:04:21:01:af:93:d5:d2:cb:
         6b:fe:ac:ae:fd:84:82:76:9b:54:c8:92:42:8f:bf:1d:dd:eb:
         e6:06:ed:79:a5:d5:94:b1:66:ba:31:66:2f:21:f1:b5:e0:da:
         b8:9b:82:42:7b:5c:a4:cf:45:f5:eb:21:5f:15:b0:46:08:94:
         f9:c0:ad:35:80:07:9f:fd:3d:af:89:6e:14:33:c3:b5:51:d5:
         fc:d0:22:12:47:c1:71:21:8a:50:aa:93:a9:c7:f8:e4:91:01:
         40:85:c1:5d:9e:d2:46:28:ec:40:7b:d9:6d:67:62:0d:34:b8:
         fa:f6:c8:61:94:a3:78:7a:f9:11:6d:5d:aa:c4:ff:97:aa:d0:
         6d:d2:24:04:8e:14:03:a0:a8:67:30:bc:da:01:fb:11:64:87:
         6e:e9:e0:08:a6:00:6f:28:e1:cb:3c:8b:a1:7d:21:87:2b:85:
         ae:e4:77:e2:ed:e9:2f:50:e9:96:8d:89:7d:20:09:11:b7:4a:
         83:64:15:6c:c1:30:28:3d:4e:4d:bd:d4:fb:63:9c:47:9c:cf:
         d4:d5:04:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0wZoK+O2bCiFEbDUh9oGpwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjQ0MWQ5ZDgwN2UwZDc4Y2U3NTIxM2ExMDM0MDBlZTE0
YTdjZGMwHhcNMjYwMzI3MTc0NTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTg2MzA3M2YzMGUwMDJjODE5M2YzMmExNzRhOWM1ZjFiODE5ODUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0PQfgJbhIrk1hzJ3BZCDYzRl62X7
/CuLJxVOzysO4Y+L096soqKHSSfoO78cQAnileTYtFk+0TwYJra23zeBdgEMdys8
vQ1yLOOeXjL2tPi36pQokJsAML00/nd5cRJ5QZj9Jc8PfgXLTll3EQJ0E9EKSIYP
QF4VJSzK1BFR6xbKP8iY9ojgt4aUnBQYkGsbpPrkYQRplro/4F3jSYPb5YGMc/BV
RhECuDIyqKwrRxs2FUMhYdJq+xk2KQVW5INtp9WbjfJVjsXHpC4L9zAvlT04mTva
DVWHlda3hq5LsyC/jXGx0MLCai1TcIDzy2ZYXeefnxkFKfFkaC+dn42JfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLqGMHPzDgAsgZPzKhdKnF8bgZhRMB8GA1UdIwQY
MBaAFMpkQdnYB+DXjOdSE6EDQA7hSnzcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYt
MmUyOGI5NjQ5OGE5LzEvdW9Zd2NfTU9BQ3lCa19NcUYwcWNYeHVCbUZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYtMmUyOGI5NjQ5OGE5
LzEveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAz1kTMA0G
CSqGSIb3DQEBCwUAA4IBAQBuG1If3680N29KNv9aMEyZ9q55lO9taKHxSLxtY34U
mbFRuGukQwoyTCYyI0nIBCEBr5PV0str/qyu/YSCdptUyJJCj78d3evmBu15pdWU
sWa6MWYvIfG14Nq4m4JCe1ykz0X16yFfFbBGCJT5wK01gAef/T2viW4UM8O1UdX8
0CISR8FxIYpQqpOpx/jkkQFAhcFdntJGKOxAe9ltZ2INNLj69shhlKN4evkRbV2q
xP+XqtBt0iQEjhQDoKhnMLzaAfsRZIdu6eAIpgBvKOHLPIuhfSGHK4Wu5Hfi7ekv
UOmWjYl9IAkRt0qDZBVswTAoPU5NvdT7Y5xHnM/U1QTt
-----END CERTIFICATE-----