Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/UmIn3HEWiK2GDmhIr6ww95r-n2c.roa
File:                     UmIn3HEWiK2GDmhIr6ww95r-n2c.roa (raw, json)
Hash identifier:          YoVJhQktjcmU6U7jw0e4jjVpOHdbKEvs6zK7O0/6/qE=
Subject key identifier:   52:62:27:DC:71:16:88:AD:86:0E:68:48:AF:AC:30:F7:9A:FE:9F:67
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019D46D1F59ACD3C595C2BDFE55C0D39DCBE
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/UmIn3HEWiK2GDmhIr6ww95r-n2c.roa
Signing time:             Wed 01 Apr 2026 02:14:18 +0000
ROA not before:           Wed 01 Apr 2026 02:14:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201907
IP address blocks:        192.144.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:46:d1:f5:9a:cd:3c:59:5c:2b:df:e5:5c:0d:39:dc:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: Apr  1 02:14:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=526227dc711688ad860e6848afac30f79afe9f67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e8:be:66:06:ce:94:dd:68:6b:53:30:73:6c:
                    61:d0:8f:55:d1:88:bc:45:dd:ee:d7:15:a8:7a:ed:
                    0e:6e:6d:7a:eb:33:a4:b6:32:d0:5d:a9:d1:26:2e:
                    09:b7:9e:31:61:ec:05:6f:d1:b9:76:b7:28:b4:9b:
                    c3:98:af:63:37:a5:1f:36:0c:e5:6d:38:54:7c:dd:
                    33:34:40:0b:f5:0f:ed:65:66:28:6c:d6:0a:58:00:
                    9f:86:dd:21:3a:97:ab:ea:6f:3b:27:8b:4c:a5:5f:
                    ef:c8:a9:86:1b:bf:ce:03:b4:72:f8:14:de:e1:45:
                    c6:02:1f:fc:8d:aa:ee:92:59:c5:8c:0d:74:14:99:
                    8b:6c:31:7f:5f:74:ea:d7:c0:f3:b0:e9:a9:58:cc:
                    46:9c:f2:8f:a9:6c:51:6b:56:86:24:fd:cd:a4:91:
                    6c:73:ae:94:94:ca:04:ee:f4:e3:f1:3a:9f:4c:3b:
                    9b:ee:39:3b:e4:56:53:52:15:cb:ec:c0:dc:e6:6a:
                    03:bc:94:89:61:a6:ce:75:60:8c:57:58:1c:51:da:
                    29:30:c5:2f:62:3f:1e:d3:5f:83:fd:23:49:43:9b:
                    24:23:59:38:ee:0c:d2:46:f5:88:64:9c:d9:44:2a:
                    08:be:fc:84:fc:08:da:c7:9b:cc:c4:cf:7d:ec:7b:
                    69:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:62:27:DC:71:16:88:AD:86:0E:68:48:AF:AC:30:F7:9A:FE:9F:67
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/UmIn3HEWiK2GDmhIr6ww95r-n2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.144.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:f3:6b:f5:60:d4:63:8f:0a:7a:c0:85:e6:4e:03:80:d8:07:
         61:78:3d:39:29:3d:44:06:ce:a7:0e:a7:e2:cf:dd:a4:25:9c:
         6c:70:41:59:db:b5:34:e1:4a:20:5d:23:1e:f5:6e:9f:eb:7a:
         9d:eb:9d:e3:49:19:b4:b3:dc:3f:cd:46:89:16:f2:db:bb:2e:
         30:f3:0b:60:f1:a1:09:78:3f:75:54:db:72:7f:e2:c5:dd:91:
         31:f5:4b:eb:80:8d:ed:25:38:7c:39:35:61:4d:b9:f0:77:be:
         8f:5b:f9:96:4b:e4:f6:9e:46:a9:7c:d9:de:19:ef:b2:bf:ce:
         5c:96:9d:6d:dc:34:bd:06:23:35:09:88:2b:e4:bb:bb:d4:7d:
         ae:2c:a5:7f:ee:fb:d0:8d:6a:e3:2f:f1:d6:0f:e0:9f:61:32:
         ef:38:34:51:4e:07:83:5e:33:c6:13:38:37:02:cb:90:60:03:
         86:da:b1:ea:23:4b:82:ab:49:6b:1d:02:f2:32:39:8c:8f:f8:
         18:33:b7:ef:4f:5b:cd:e2:45:48:e7:55:45:cc:ed:2c:ab:fc:
         08:be:f2:09:9a:7d:e3:c2:af:b1:51:33:0d:f7:0f:a5:0e:74:
         78:8e:83:1e:3b:11:8c:b3:04:b4:01:28:ac:87:93:4e:f3:45:
         a3:5c:87:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1G0fWazTxZXCvf5VwNOdy+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwNDAxMDIxNDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjYyMjdkYzcxMTY4OGFkODYwZTY4NDhhZmFjMzBmNzlhZmU5ZjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+i+ZgbOlN1oa1Mwc2xh0I9V0Yi8
Rd3u1xWoeu0Obm166zOktjLQXanRJi4Jt54xYewFb9G5drcotJvDmK9jN6UfNgzl
bThUfN0zNEAL9Q/tZWYobNYKWACfht0hOper6m87J4tMpV/vyKmGG7/OA7Ry+BTe
4UXGAh/8jaruklnFjA10FJmLbDF/X3Tq18DzsOmpWMxGnPKPqWxRa1aGJP3NpJFs
c66UlMoE7vTj8TqfTDub7jk75FZTUhXL7MDc5moDvJSJYabOdWCMV1gcUdopMMUv
Yj8e01+D/SNJQ5skI1k47gzSRvWIZJzZRCoIvvyE/Ajax5vMxM997Htp3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFJiJ9xxFoithg5oSK+sMPea/p9nMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvVW1JbjNIRVdpSzJHRG1oSXI2d3c5NXItbjJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwJBOMA0G
CSqGSIb3DQEBCwUAA4IBAQCg82v1YNRjjwp6wIXmTgOA2AdheD05KT1EBs6nDqfi
z92kJZxscEFZ27U04UogXSMe9W6f63qd653jSRm0s9w/zUaJFvLbuy4w8wtg8aEJ
eD91VNtyf+LF3ZEx9UvrgI3tJTh8OTVhTbnwd76PW/mWS+T2nkapfNneGe+yv85c
lp1t3DS9BiM1CYgr5Lu71H2uLKV/7vvQjWrjL/HWD+CfYTLvODRRTgeDXjPGEzg3
AsuQYAOG2rHqI0uCq0lrHQLyMjmMj/gYM7fvT1vN4kVI51VFzO0sq/wIvvIJmn3j
wq+xUTMN9w+lDnR4joMeOxGMswS0ASish5NO80WjXId1
-----END CERTIFICATE-----