Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/591600-8b26-4286-9ec2-77002f70fb4a/1/UvT296TDY2CQIThciNgffZ0wmFU.roa
File:                     UvT296TDY2CQIThciNgffZ0wmFU.roa (raw, json)
Hash identifier:          vTAhfAAI/q2ZHiUMxy01M4sUZUAz0nKerT6JRvUEa5s=
Subject key identifier:   52:F4:F6:F7:A4:C3:63:60:90:21:38:5C:88:D8:1F:7D:9D:30:98:55
Certificate issuer:       /CN=d41f8efdcf6e266a82c61302526f6bcfc465e571
Certificate serial:       019B7A5B29E98020415990E1C08305B420BB
Authority key identifier: D4:1F:8E:FD:CF:6E:26:6A:82:C6:13:02:52:6F:6B:CF:C4:65:E5:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1B-O_c9uJmqCxhMCUm9rz8Rl5XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/591600-8b26-4286-9ec2-77002f70fb4a/1/UvT296TDY2CQIThciNgffZ0wmFU.roa
Signing time:             Thu 01 Jan 2026 16:19:13 +0000
ROA not before:           Thu 01 Jan 2026 16:19:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51143
IP address blocks:        91.216.172.0/24 maxlen: 24
                          2001:678:29c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/591600-8b26-4286-9ec2-77002f70fb4a/1/1B-O_c9uJmqCxhMCUm9rz8Rl5XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/591600-8b26-4286-9ec2-77002f70fb4a/1/1B-O_c9uJmqCxhMCUm9rz8Rl5XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1B-O_c9uJmqCxhMCUm9rz8Rl5XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:29:e9:80:20:41:59:90:e1:c0:83:05:b4:20:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d41f8efdcf6e266a82c61302526f6bcfc465e571
        Validity
            Not Before: Jan  1 16:19:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=52f4f6f7a4c363609021385c88d81f7d9d309855
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:37:25:18:1e:f9:96:f6:eb:a4:d4:02:5a:05:
                    64:25:1a:1c:3b:ed:19:bb:1b:42:80:0a:99:56:fa:
                    3f:7d:14:e9:5b:7c:eb:cd:b0:41:90:74:44:81:42:
                    f7:58:39:e1:0d:f9:f5:35:c2:10:4d:0f:c6:d8:c9:
                    52:1d:f0:cb:a4:48:02:c7:39:db:f6:f6:b6:77:91:
                    cc:52:79:4a:87:4b:a2:3a:fa:23:07:02:9d:d3:de:
                    9c:7b:f2:aa:55:4b:ef:ed:3a:ef:44:a7:8c:5e:9b:
                    73:4d:66:d4:c0:69:53:36:1b:d4:53:57:bb:73:a8:
                    9e:45:79:de:c9:b6:fe:d8:0f:41:68:1f:46:30:26:
                    ca:e8:43:a7:ba:29:e7:3a:ad:51:4d:64:e2:4b:e1:
                    c4:01:45:1d:3c:88:7e:8e:25:19:79:be:6f:97:b2:
                    97:0b:20:20:7e:7a:51:ab:48:b1:69:f8:0d:43:81:
                    2e:f7:5f:4a:b2:0b:0b:eb:83:54:a4:b9:7f:db:11:
                    b1:81:f6:15:6f:84:05:54:00:f8:8b:39:8f:a0:9e:
                    fb:79:bb:db:56:f7:4a:5a:0f:46:bf:a2:17:e7:22:
                    e1:6e:df:e4:a2:b8:de:50:4b:1f:09:2b:7e:f6:eb:
                    81:be:4f:dd:f7:3a:78:ba:1c:17:82:6b:62:a4:48:
                    c0:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:F4:F6:F7:A4:C3:63:60:90:21:38:5C:88:D8:1F:7D:9D:30:98:55
            X509v3 Authority Key Identifier:
                keyid:D4:1F:8E:FD:CF:6E:26:6A:82:C6:13:02:52:6F:6B:CF:C4:65:E5:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1B-O_c9uJmqCxhMCUm9rz8Rl5XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/591600-8b26-4286-9ec2-77002f70fb4a/1/UvT296TDY2CQIThciNgffZ0wmFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/591600-8b26-4286-9ec2-77002f70fb4a/1/1B-O_c9uJmqCxhMCUm9rz8Rl5XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.172.0/24
                IPv6:
                  2001:678:29c::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:c8:43:7d:1b:92:a4:07:7b:ba:7c:ee:cf:9c:d7:b0:f5:7c:
         96:29:92:e9:8a:c3:98:02:67:8e:3b:f9:35:87:17:73:e0:61:
         ea:3c:ea:b9:73:e0:57:b3:a3:d9:7d:e6:c4:28:c4:80:e3:77:
         08:e6:50:03:62:17:66:9d:66:1b:d1:fd:c7:d9:fb:05:1f:59:
         8f:d6:75:43:d7:11:a1:0d:a9:73:4f:c7:6b:c4:29:8f:c2:39:
         50:9a:50:9d:f2:50:44:eb:44:a4:3d:c0:45:d1:3f:9a:ac:2c:
         46:2a:37:fb:0b:35:1f:b1:2c:be:4e:4b:b0:e7:25:3c:7d:f7:
         f6:e3:bf:70:c2:85:50:78:5c:54:95:6a:75:bf:bb:e3:fc:16:
         83:f1:15:1b:a6:f2:7d:2a:61:7e:39:ae:73:cf:89:d4:88:7c:
         9b:3a:7e:01:17:65:9b:da:35:f7:80:06:78:45:65:79:28:b8:
         cd:2f:7a:b3:d1:6f:00:24:31:46:75:be:4c:09:fc:9c:20:34:
         5b:ca:d2:57:31:7a:33:fe:de:0a:48:82:91:92:3c:87:85:b2:
         5f:e9:a5:a4:28:f1:4f:e1:c1:9b:ab:14:54:f5:4f:f4:ad:f2:
         ae:7b:55:9e:8d:0a:37:e5:d4:bb:79:b3:09:e3:1e:51:12:29:
         4a:62:69:a3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt6WynpgCBBWZDhwIMFtCC7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MWY4ZWZkY2Y2ZTI2NmE4MmM2MTMwMjUyNmY2YmNmYzQ2
NWU1NzEwHhcNMjYwMTAxMTYxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmY0ZjZmN2E0YzM2MzYwOTAyMTM4NWM4OGQ4MWY3ZDlkMzA5ODU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDclGB75lvbrpNQCWgVkJRocO+0Z
uxtCgAqZVvo/fRTpW3zrzbBBkHREgUL3WDnhDfn1NcIQTQ/G2MlSHfDLpEgCxznb
9va2d5HMUnlKh0uiOvojBwKd096ce/KqVUvv7TrvRKeMXptzTWbUwGlTNhvUU1e7
c6ieRXneybb+2A9BaB9GMCbK6EOnuinnOq1RTWTiS+HEAUUdPIh+jiUZeb5vl7KX
CyAgfnpRq0ixafgNQ4Eu919KsgsL64NUpLl/2xGxgfYVb4QFVAD4izmPoJ77ebvb
VvdKWg9Gv6IX5yLhbt/korjeUEsfCSt+9uuBvk/d9zp4uhwXgmtipEjAawIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFL09vekw2NgkCE4XIjYH32dMJhVMB8GA1UdIwQY
MBaAFNQfjv3PbiZqgsYTAlJva8/EZeVxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUItT19jOXVKbXFDeGhNQ1VtOXJ6OFJsNVhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi81OTE2MDAtOGIyNi00Mjg2LTllYzIt
NzcwMDJmNzBmYjRhLzEvVXZUMjk2VERZMkNRSVRoY2lOZ2ZmWjB3bUZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi81OTE2MDAtOGIyNi00Mjg2LTllYzItNzcwMDJmNzBmYjRh
LzEvMUItT19jOXVKbXFDeGhNQ1VtOXJ6OFJsNVhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9isMA8E
AgACMAkDBwAgAQZ4ApwwDQYJKoZIhvcNAQELBQADggEBACfIQ30bkqQHe7p87s+c
17D1fJYpkumKw5gCZ447+TWHF3PgYeo86rlz4Fezo9l95sQoxIDjdwjmUANiF2ad
ZhvR/cfZ+wUfWY/WdUPXEaENqXNPx2vEKY/COVCaUJ3yUETrRKQ9wEXRP5qsLEYq
N/sLNR+xLL5OS7DnJTx99/bjv3DChVB4XFSVanW/u+P8FoPxFRum8n0qYX45rnPP
idSIfJs6fgEXZZvaNfeABnhFZXkouM0verPRbwAkMUZ1vkwJ/JwgNFvK0lcxejP+
3gpIgpGSPIeFsl/ppaQo8U/hwZurFFT1T/St8q57VZ6NCjfl1Lt5swnjHlESKUpi
aaM=
-----END CERTIFICATE-----