Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/400b4f-3688-497c-9785-234cbafac86a/1/UmGc4v4dW2AjI48WqepJzGqbsDw.roa
File:                     UmGc4v4dW2AjI48WqepJzGqbsDw.roa (raw, json)
Hash identifier:          fYk22ubS3uWxeAkHoNvB+rbSyEpAOXTAhgTHtjgfUCY=
Subject key identifier:   52:61:9C:E2:FE:1D:5B:60:23:23:8F:16:A9:EA:49:CC:6A:9B:B0:3C
Certificate issuer:       /CN=de3d3687fe7df48c3be8398aad7bd20106545382
Certificate serial:       019B7EA541FC611AF0178BB9C2771EF79246
Authority key identifier: DE:3D:36:87:FE:7D:F4:8C:3B:E8:39:8A:AD:7B:D2:01:06:54:53:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3j02h_599Iw76DmKrXvSAQZUU4I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/400b4f-3688-497c-9785-234cbafac86a/1/UmGc4v4dW2AjI48WqepJzGqbsDw.roa
Signing time:             Fri 02 Jan 2026 12:18:38 +0000
ROA not before:           Fri 02 Jan 2026 12:18:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39648
IP address blocks:        193.93.4.0/22 maxlen: 22
                          195.24.160.0/19 maxlen: 19
                          2a02:17c8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/400b4f-3688-497c-9785-234cbafac86a/1/3j02h_599Iw76DmKrXvSAQZUU4I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/400b4f-3688-497c-9785-234cbafac86a/1/3j02h_599Iw76DmKrXvSAQZUU4I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3j02h_599Iw76DmKrXvSAQZUU4I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:41:fc:61:1a:f0:17:8b:b9:c2:77:1e:f7:92:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de3d3687fe7df48c3be8398aad7bd20106545382
        Validity
            Not Before: Jan  2 12:18:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=52619ce2fe1d5b6023238f16a9ea49cc6a9bb03c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ac:e2:54:4d:3a:41:45:ce:21:4c:c4:79:52:
                    93:40:10:38:f7:8c:19:9f:6e:15:c0:c2:95:58:8b:
                    a0:98:87:54:04:16:e7:ac:f6:df:b7:61:04:61:32:
                    39:5e:45:ef:de:01:28:c2:cc:70:05:13:46:86:eb:
                    dc:75:d2:62:07:f4:77:64:3c:39:ca:c7:2d:b4:7c:
                    55:34:e3:0d:b3:a1:c2:bb:0b:75:b1:ae:d9:8a:63:
                    5a:92:90:f8:3b:d0:8c:06:55:ab:57:d4:a4:4d:89:
                    e4:fd:61:cf:c5:19:5a:a6:5a:dd:17:6e:36:94:07:
                    76:54:0c:9f:c7:bb:67:03:e4:fe:0c:bb:4c:72:a9:
                    fa:90:a7:88:1f:5f:f2:72:b7:77:56:6a:2f:c3:0a:
                    95:a8:f3:1b:7c:fb:f2:01:8e:3d:74:5c:42:33:17:
                    35:9a:eb:dd:ba:01:fc:85:53:2a:27:aa:b9:25:46:
                    91:95:c7:fb:fd:34:95:79:d3:b4:b2:8d:b1:03:32:
                    46:b5:48:86:3e:41:cc:6e:33:cd:06:80:46:cf:87:
                    ff:30:bf:c7:7a:56:0a:40:c1:e3:99:86:8d:a4:96:
                    b8:a2:be:ec:80:bc:2a:20:fb:d6:79:f8:8b:eb:05:
                    3b:32:07:a6:0f:ba:cd:2c:96:eb:8b:b0:54:91:6b:
                    f1:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:61:9C:E2:FE:1D:5B:60:23:23:8F:16:A9:EA:49:CC:6A:9B:B0:3C
            X509v3 Authority Key Identifier:
                keyid:DE:3D:36:87:FE:7D:F4:8C:3B:E8:39:8A:AD:7B:D2:01:06:54:53:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3j02h_599Iw76DmKrXvSAQZUU4I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/400b4f-3688-497c-9785-234cbafac86a/1/UmGc4v4dW2AjI48WqepJzGqbsDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/400b4f-3688-497c-9785-234cbafac86a/1/3j02h_599Iw76DmKrXvSAQZUU4I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.93.4.0/22
                  195.24.160.0/19
                IPv6:
                  2a02:17c8::/32

    Signature Algorithm: sha256WithRSAEncryption
         89:3d:9d:85:49:d0:7d:e6:68:44:b1:ac:12:3f:51:a0:ff:4b:
         be:2b:fb:db:3f:5a:9d:9c:b9:77:97:ef:c2:b3:ca:a2:78:a8:
         0e:30:c3:54:4c:0a:d1:c2:de:08:8e:89:9d:06:70:4b:e1:55:
         bd:e4:b0:30:2f:60:8b:b7:96:e3:0c:0f:fb:ad:a3:65:e5:d8:
         a3:23:fb:54:69:6e:74:c2:35:8b:bb:e6:b3:86:09:cd:2a:aa:
         4b:49:5e:be:d2:66:9d:b1:5d:18:7b:07:b3:b4:0d:fb:04:33:
         00:35:8b:be:c5:86:e6:99:5b:a4:d6:bb:61:1a:5e:2b:61:bf:
         fc:0e:d5:0e:db:7f:45:7c:fb:a0:1c:e5:44:02:09:e1:4f:ac:
         3b:b8:6f:5b:0c:18:74:88:dd:53:49:81:be:9c:62:55:aa:d5:
         7f:43:2b:3e:b1:74:59:e4:02:93:db:03:4b:7e:97:f5:fa:d0:
         24:20:a3:a0:6e:f5:ca:04:e6:ed:54:a8:be:19:8c:b4:1d:75:
         dd:ea:1d:1b:2f:4d:72:4a:09:f5:c2:26:0a:1e:1d:65:7d:8e:
         8c:07:8b:86:c5:e2:f2:4c:c5:a6:5f:55:a1:14:4d:86:f8:54:
         c0:b2:3b:b6:7c:2a:67:3e:78:8d:d0:e8:cb:14:ee:e3:26:7b:
         20:8e:75:69
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt+pUH8YRrwF4u5wnce95JGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlM2QzNjg3ZmU3ZGY0OGMzYmU4Mzk4YWFkN2JkMjAxMDY1
NDUzODIwHhcNMjYwMTAyMTIxODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjYxOWNlMmZlMWQ1YjYwMjMyMzhmMTZhOWVhNDljYzZhOWJiMDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKziVE06QUXOIUzEeVKTQBA494wZ
n24VwMKVWIugmIdUBBbnrPbft2EEYTI5XkXv3gEowsxwBRNGhuvcddJiB/R3ZDw5
yscttHxVNOMNs6HCuwt1sa7ZimNakpD4O9CMBlWrV9SkTYnk/WHPxRlaplrdF242
lAd2VAyfx7tnA+T+DLtMcqn6kKeIH1/ycrd3VmovwwqVqPMbfPvyAY49dFxCMxc1
muvdugH8hVMqJ6q5JUaRlcf7/TSVedO0so2xAzJGtUiGPkHMbjPNBoBGz4f/ML/H
elYKQMHjmYaNpJa4or7sgLwqIPvWefiL6wU7MgemD7rNLJbri7BUkWvxSwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFJhnOL+HVtgIyOPFqnqScxqm7A8MB8GA1UdIwQY
MBaAFN49Nof+ffSMO+g5iq170gEGVFOCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2owMmhfNTk5SXc3NkRtS3JYdlNBUVpVVTRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy80MDBiNGYtMzY4OC00OTdjLTk3ODUt
MjM0Y2JhZmFjODZhLzEvVW1HYzR2NGRXMkFqSTQ4V3FlcEp6R3Fic0R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy80MDBiNGYtMzY4OC00OTdjLTk3ODUtMjM0Y2JhZmFjODZh
LzEvM2owMmhfNTk5SXc3NkRtS3JYdlNBUVpVVTRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCwV0EAwQF
wxigMA0EAgACMAcDBQAqAhfIMA0GCSqGSIb3DQEBCwUAA4IBAQCJPZ2FSdB95mhE
sawSP1Gg/0u+K/vbP1qdnLl3l+/Cs8qieKgOMMNUTArRwt4IjomdBnBL4VW95LAw
L2CLt5bjDA/7raNl5dijI/tUaW50wjWLu+azhgnNKqpLSV6+0madsV0YeweztA37
BDMANYu+xYbmmVuk1rthGl4rYb/8DtUO239FfPugHOVEAgnhT6w7uG9bDBh0iN1T
SYG+nGJVqtV/Qys+sXRZ5AKT2wNLfpf1+tAkIKOgbvXKBObtVKi+GYy0HXXd6h0b
L01ySgn1wiYKHh1lfY6MB4uGxeLyTMWmX1WhFE2G+FTAsju2fCpnPniN0OjLFO7j
JnsgjnVp
-----END CERTIFICATE-----