Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/UzKw5JsVVm-z36AxgV1sIfyPCVg.roa
File:                     UzKw5JsVVm-z36AxgV1sIfyPCVg.roa (raw, json)
Hash identifier:          8QY/FsQE18kg5ww8X7hAt6D0NGCuOUcWF14pdaz88ts=
Subject key identifier:   53:32:B0:E4:9B:15:56:6F:B3:DF:A0:31:81:5D:6C:21:FC:8F:09:58
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       019D7686356B499959081DC3B643D8110915
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/UzKw5JsVVm-z36AxgV1sIfyPCVg.roa
Signing time:             Fri 10 Apr 2026 08:33:20 +0000
ROA not before:           Fri 10 Apr 2026 08:33:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211567
IP address blocks:        193.9.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:76:86:35:6b:49:99:59:08:1d:c3:b6:43:d8:11:09:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Apr 10 08:33:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5332b0e49b15566fb3dfa031815d6c21fc8f0958
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f8:bd:db:4b:5a:38:59:df:db:4c:ec:f9:f4:
                    63:69:ed:e8:79:03:1f:e2:48:39:e6:d1:f4:7d:2d:
                    1f:70:fe:0f:e1:00:c9:00:44:35:9c:38:d4:46:ac:
                    c8:3b:d9:fd:1f:9f:32:22:16:63:4e:82:72:49:b4:
                    3d:fc:d8:77:98:4c:5b:ea:a5:00:46:45:1e:a7:4b:
                    ca:b6:df:4c:6d:17:6b:04:3c:df:fe:6f:2d:e4:19:
                    bb:7f:5c:05:c3:06:d6:c8:16:b7:c7:9b:e1:d3:c6:
                    8b:0e:96:d4:e9:c6:c4:8a:2b:53:a2:86:74:9a:78:
                    af:f9:a9:10:61:1d:23:69:37:10:d6:88:08:98:04:
                    62:07:6c:f4:3f:d3:bc:4c:ab:3b:37:d5:b7:4b:e2:
                    c7:f2:91:0f:8c:60:cb:3f:9a:2e:7c:be:48:d7:c0:
                    b4:89:9d:41:c1:79:f3:4d:4c:f4:3e:ac:f0:44:f2:
                    f3:cd:3b:d0:2b:bc:74:ee:ca:1d:e7:01:03:a9:88:
                    8d:07:3b:cd:03:c5:79:22:54:ad:d4:d3:73:e4:c6:
                    1f:b6:19:8e:d4:9f:e6:8a:89:ac:c6:4a:a2:8a:65:
                    d7:67:db:7e:12:52:29:56:26:66:49:64:39:36:bf:
                    da:c4:cd:f7:cc:00:f9:31:65:5f:1a:fd:71:5f:ad:
                    44:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:32:B0:E4:9B:15:56:6F:B3:DF:A0:31:81:5D:6C:21:FC:8F:09:58
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/UzKw5JsVVm-z36AxgV1sIfyPCVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.9.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:54:c0:91:c1:e5:6b:e8:83:db:30:9f:42:86:c6:d0:04:2b:
         4f:af:08:e0:6b:9a:c5:86:36:bb:cb:0c:8e:de:3e:61:3e:8c:
         c5:c3:32:a6:56:f8:06:6b:8c:20:2c:ef:25:78:c8:6d:d7:4c:
         b2:8f:26:39:0a:54:31:c4:ce:af:28:48:4e:83:6f:b2:28:d2:
         48:d4:ea:ff:c5:c4:4d:19:0b:8e:58:42:13:99:36:f3:1e:36:
         29:08:e2:32:80:78:13:d3:57:54:2f:f2:f5:d8:e4:10:72:19:
         5b:be:5f:4c:09:24:06:02:cf:42:37:bf:8f:d1:46:bb:03:85:
         6f:e5:a3:dd:0a:00:6c:ee:3b:f4:62:9c:33:92:32:73:a4:41:
         10:79:91:7d:b3:62:54:9d:e0:26:4a:88:19:d8:e4:c2:30:d7:
         67:62:5a:96:46:82:60:00:f2:6e:8b:0e:3b:7f:b6:88:ba:c5:
         5d:09:40:c7:fb:ac:6b:e7:de:80:a5:cc:e6:b7:a3:81:b9:fe:
         48:b2:c3:95:e2:8d:0b:62:be:b1:27:4e:18:c5:fb:38:7e:20:
         3f:71:6c:f0:85:4c:4d:d0:ff:21:d3:51:cc:fd:24:fe:c2:a5:
         2c:ab:42:9a:15:23:39:ed:65:27:32:df:d3:38:46:bf:1f:a3:
         14:63:fd:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ12hjVrSZlZCB3DtkPYEQkVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjYwNDEwMDgzMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzMyYjBlNDliMTU1NjZmYjNkZmEwMzE4MTVkNmMyMWZjOGYwOTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfi920taOFnf20zs+fRjae3oeQMf
4kg55tH0fS0fcP4P4QDJAEQ1nDjURqzIO9n9H58yIhZjToJySbQ9/Nh3mExb6qUA
RkUep0vKtt9MbRdrBDzf/m8t5Bm7f1wFwwbWyBa3x5vh08aLDpbU6cbEiitTooZ0
mniv+akQYR0jaTcQ1ogImARiB2z0P9O8TKs7N9W3S+LH8pEPjGDLP5oufL5I18C0
iZ1BwXnzTUz0PqzwRPLzzTvQK7x07sod5wEDqYiNBzvNA8V5IlSt1NNz5MYfthmO
1J/miomsxkqiimXXZ9t+ElIpViZmSWQ5Nr/axM33zAD5MWVfGv1xX61ELwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFMysOSbFVZvs9+gMYFdbCH8jwlYMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvVXpLdzVKc1ZWbS16MzZBeGdWMXNJZnlQQ1ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQkQMA0G
CSqGSIb3DQEBCwUAA4IBAQBXVMCRweVr6IPbMJ9ChsbQBCtPrwjga5rFhja7ywyO
3j5hPozFwzKmVvgGa4wgLO8leMht10yyjyY5ClQxxM6vKEhOg2+yKNJI1Or/xcRN
GQuOWEITmTbzHjYpCOIygHgT01dUL/L12OQQchlbvl9MCSQGAs9CN7+P0Ua7A4Vv
5aPdCgBs7jv0YpwzkjJzpEEQeZF9s2JUneAmSogZ2OTCMNdnYlqWRoJgAPJuiw47
f7aIusVdCUDH+6xr596Apczmt6OBuf5IssOV4o0LYr6xJ04Yxfs4fiA/cWzwhUxN
0P8h01HM/ST+wqUsq0KaFSM57WUnMt/TOEa/H6MUY/2W
-----END CERTIFICATE-----