Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/Uhw8Gytn0hJWRi7NKjX-Z1eWYkE.roa
File:                     Uhw8Gytn0hJWRi7NKjX-Z1eWYkE.roa (raw, json)
Hash identifier:          bi6COlnOAt1k7ksejrQR1lVQGMOwNvJTZxLb2OzctTw=
Subject key identifier:   52:1C:3C:1B:2B:67:D2:12:56:46:2E:CD:2A:35:FE:67:57:96:62:41
Certificate issuer:       /CN=b3674e822f3876d27deaed5f66dbe9c1a422eb16
Certificate serial:       019D8D9EAF3BB84F8EBD92549A95ACEB9797
Authority key identifier: B3:67:4E:82:2F:38:76:D2:7D:EA:ED:5F:66:DB:E9:C1:A4:22:EB:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s2dOgi84dtJ96u1fZtvpwaQi6xY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/Uhw8Gytn0hJWRi7NKjX-Z1eWYkE.roa
Signing time:             Tue 14 Apr 2026 20:11:20 +0000
ROA not before:           Tue 14 Apr 2026 20:11:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30058
IP address blocks:        2a01:ef40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/s2dOgi84dtJ96u1fZtvpwaQi6xY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/s2dOgi84dtJ96u1fZtvpwaQi6xY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s2dOgi84dtJ96u1fZtvpwaQi6xY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8d:9e:af:3b:b8:4f:8e:bd:92:54:9a:95:ac:eb:97:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3674e822f3876d27deaed5f66dbe9c1a422eb16
        Validity
            Not Before: Apr 14 20:11:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=521c3c1b2b67d21256462ecd2a35fe6757966241
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ad:9c:c2:78:3e:da:1b:f3:de:0a:7f:e7:71:
                    3e:0d:9e:6a:ce:9d:55:fb:e2:2d:be:db:34:f4:eb:
                    ab:c9:93:01:9c:c1:a2:55:24:8d:b4:8c:f5:3b:72:
                    ab:78:73:ad:4d:fe:29:df:2e:8a:0f:84:95:ec:9f:
                    83:2d:92:2f:9d:a4:74:96:39:10:fb:79:5d:ef:a5:
                    ab:88:2a:93:1c:43:05:c7:de:75:14:ca:d1:46:c4:
                    83:74:0f:41:ba:59:3f:0f:d7:64:34:5d:69:85:e3:
                    90:e9:06:3f:8b:1e:06:9f:28:f8:f4:c7:a1:4a:d6:
                    c4:92:96:95:03:ba:83:3b:bc:65:c3:a6:6b:17:9b:
                    04:91:c5:19:42:6e:76:56:92:83:db:29:ba:0f:41:
                    0c:c1:61:10:17:20:83:3b:32:4b:63:3a:6b:f3:be:
                    e5:00:80:13:44:69:41:4d:69:75:5e:04:81:82:93:
                    c2:9a:ab:27:70:78:31:1b:e6:a6:09:ff:34:fa:63:
                    75:05:41:5a:93:70:15:58:81:f8:a7:d2:18:3f:8f:
                    88:0a:1f:6f:c8:fe:86:b0:50:b7:1e:4b:cf:79:35:
                    7d:6a:3a:e9:d6:0f:f6:39:43:30:7e:f4:f0:57:23:
                    c2:0b:a1:87:f2:71:f9:84:34:60:6a:bd:75:64:10:
                    9a:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:1C:3C:1B:2B:67:D2:12:56:46:2E:CD:2A:35:FE:67:57:96:62:41
            X509v3 Authority Key Identifier:
                keyid:B3:67:4E:82:2F:38:76:D2:7D:EA:ED:5F:66:DB:E9:C1:A4:22:EB:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s2dOgi84dtJ96u1fZtvpwaQi6xY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/Uhw8Gytn0hJWRi7NKjX-Z1eWYkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/s2dOgi84dtJ96u1fZtvpwaQi6xY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ef40::/29

    Signature Algorithm: sha256WithRSAEncryption
         4f:89:78:88:db:75:16:eb:17:cd:ea:56:ce:f9:68:bb:4d:fa:
         09:8d:c6:d0:ab:52:0f:57:a3:bf:9b:29:01:31:74:fc:38:68:
         02:df:d5:69:49:71:74:e7:d4:07:ac:d1:fe:00:2b:b8:ba:93:
         d1:a6:94:e3:67:1e:cf:7d:6a:19:6e:b5:54:f6:f9:23:5e:f3:
         05:83:c4:53:94:c4:9c:3e:d6:51:db:a4:f0:0f:f9:6f:3b:80:
         a5:dd:4b:bf:87:da:51:ac:6f:6c:3b:15:a2:7b:80:5d:9c:6f:
         fd:fa:ca:02:b3:1f:75:0f:be:47:ed:d3:3f:b5:25:8e:c9:ad:
         a5:26:7d:38:f0:6e:8f:78:e8:5d:47:20:12:a5:94:47:bd:a4:
         49:46:84:d2:e6:f7:dc:3e:a5:62:c2:6f:4b:32:70:74:8c:39:
         5e:72:61:28:35:f4:0b:0d:03:71:ab:32:e4:db:ad:5e:23:dd:
         62:5e:bf:e9:71:8e:17:62:ff:8f:6f:94:ad:72:9e:38:94:b6:
         56:f2:01:ac:5d:90:34:68:25:94:b9:ce:d3:88:c3:de:f7:59:
         2c:31:6b:86:61:df:81:be:f3:b4:8a:b1:65:b7:39:05:66:bf:
         4a:c9:0e:e3:8e:01:af:22:6b:a3:59:e9:72:6c:5b:d5:a6:45:
         12:6e:6f:67
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ2Nnq87uE+OvZJUmpWs65eXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzNjc0ZTgyMmYzODc2ZDI3ZGVhZWQ1ZjY2ZGJlOWMxYTQy
MmViMTYwHhcNMjYwNDE0MjAxMTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjFjM2MxYjJiNjdkMjEyNTY0NjJlY2QyYTM1ZmU2NzU3OTY2MjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAta2cwng+2hvz3gp/53E+DZ5qzp1V
++Itvts09OuryZMBnMGiVSSNtIz1O3KreHOtTf4p3y6KD4SV7J+DLZIvnaR0ljkQ
+3ld76WriCqTHEMFx951FMrRRsSDdA9Bulk/D9dkNF1pheOQ6QY/ix4Gnyj49Meh
StbEkpaVA7qDO7xlw6ZrF5sEkcUZQm52VpKD2ym6D0EMwWEQFyCDOzJLYzpr877l
AIATRGlBTWl1XgSBgpPCmqsncHgxG+amCf80+mN1BUFak3AVWIH4p9IYP4+ICh9v
yP6GsFC3HkvPeTV9ajrp1g/2OUMwfvTwVyPCC6GH8nH5hDRgar11ZBCaZwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFIcPBsrZ9ISVkYuzSo1/mdXlmJBMB8GA1UdIwQY
MBaAFLNnToIvOHbSfertX2bb6cGkIusWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczJkT2dpODRkdEo5NnUxZlp0dnB3YVFpNnhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8zOTMyNTEtYjQ4OC00MGQzLWJlMzkt
ZjhmMDhmZTY0ODM4LzEvVWh3OEd5dG4waEpXUmk3TktqWC1aMWVXWWtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8zOTMyNTEtYjQ4OC00MGQzLWJlMzktZjhmMDhmZTY0ODM4
LzEvczJkT2dpODRkdEo5NnUxZlp0dnB3YVFpNnhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgHvQDAN
BgkqhkiG9w0BAQsFAAOCAQEAT4l4iNt1FusXzepWzvlou036CY3G0KtSD1ejv5sp
ATF0/DhoAt/VaUlxdOfUB6zR/gAruLqT0aaU42cez31qGW61VPb5I17zBYPEU5TE
nD7WUduk8A/5bzuApd1Lv4faUaxvbDsVonuAXZxv/frKArMfdQ++R+3TP7Uljsmt
pSZ9OPBuj3joXUcgEqWUR72kSUaE0ub33D6lYsJvSzJwdIw5XnJhKDX0Cw0Dcasy
5NutXiPdYl6/6XGOF2L/j2+UrXKeOJS2VvIBrF2QNGgllLnO04jD3vdZLDFrhmHf
gb7ztIqxZbc5BWa/SskO444BryJro1npcmxb1aZFEm5vZw==
-----END CERTIFICATE-----