Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/uWcWuKv5l-YphFUFyOmJ7BN17KU.roa
File:                     uWcWuKv5l-YphFUFyOmJ7BN17KU.roa (raw, json)
Hash identifier:          gFBYC097vWrUNJN88xKDqs1J1lmxSpBLR3dnknZJ73g=
Subject key identifier:   B9:67:16:B8:AB:F9:97:E6:29:84:55:05:C8:E9:89:EC:13:75:EC:A5
Certificate issuer:       /CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
Certificate serial:       019EA8B14B9AAEACA67049B1AEA31B75BE53
Authority key identifier: 5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/uWcWuKv5l-YphFUFyOmJ7BN17KU.roa
Signing time:             Mon 08 Jun 2026 19:24:11 +0000
ROA not before:           Mon 08 Jun 2026 19:24:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50049
IP address blocks:        87.232.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a8:b1:4b:9a:ae:ac:a6:70:49:b1:ae:a3:1b:75:be:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
        Validity
            Not Before: Jun  8 19:24:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b96716b8abf997e629845505c8e989ec1375eca5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:53:77:7f:6f:77:1e:28:3b:ae:1e:ed:6c:9b:
                    6a:d3:9e:23:78:56:53:15:3a:c0:ac:1d:ae:82:34:
                    ce:bc:ff:dd:3c:db:d8:aa:72:04:2e:e4:f7:87:ad:
                    f5:15:b9:d0:39:f6:ce:8f:a2:ba:3c:50:f8:6b:35:
                    bf:e6:1e:1b:87:f7:9e:21:d1:59:32:6d:16:7d:dd:
                    22:44:12:14:84:16:ca:84:46:d4:af:8b:77:7a:c6:
                    95:4d:c7:dc:29:14:c4:d0:79:2c:c0:02:8e:37:3e:
                    bc:ad:7c:b5:4c:5e:84:10:cf:74:94:42:e7:4f:b4:
                    57:13:c3:33:fa:aa:a9:f5:07:5f:93:fd:c0:04:7c:
                    79:82:99:1f:9c:b5:0e:df:be:37:9f:84:34:dc:f5:
                    3d:87:7a:41:7a:fc:29:ae:07:ae:b3:35:c7:c6:b9:
                    c4:94:de:99:93:39:09:c6:4a:a9:71:a4:77:9e:dc:
                    31:5f:c0:22:68:e3:0c:93:11:cf:de:28:ab:1a:a1:
                    40:9d:02:a0:11:6c:e7:51:c7:40:38:43:ec:1c:ac:
                    1e:9b:18:25:1e:ba:ca:78:29:67:8d:ad:3b:0c:16:
                    cc:64:13:17:32:c2:74:81:3c:ac:82:cd:43:be:ee:
                    21:73:7f:3f:57:e5:13:1c:2f:67:78:f0:14:62:e2:
                    a3:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:67:16:B8:AB:F9:97:E6:29:84:55:05:C8:E9:89:EC:13:75:EC:A5
            X509v3 Authority Key Identifier:
                keyid:5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/uWcWuKv5l-YphFUFyOmJ7BN17KU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:d7:48:4f:0a:df:53:b4:4c:8f:05:44:b1:1c:6b:3b:f4:22:
         1e:0b:86:9d:00:ac:69:97:88:51:6c:5c:95:de:f2:9d:97:2a:
         37:7c:c8:eb:7a:08:f3:ce:a2:ef:0f:ff:29:2b:56:7a:fb:d2:
         a5:8b:08:61:ab:6a:1e:f0:24:14:bc:c2:28:d8:59:43:86:17:
         62:bc:12:ba:52:68:90:15:74:28:5d:b8:ce:ff:4e:49:f0:50:
         34:d4:ca:b4:ea:0c:bc:7c:29:99:28:3c:4c:17:d6:dd:8c:00:
         df:78:08:35:09:d9:79:66:47:cc:13:07:eb:d2:60:26:4d:2a:
         b7:27:72:2a:32:d0:eb:ba:bf:56:03:d8:ba:66:2f:d3:e0:f4:
         52:db:70:34:58:e0:42:bd:d9:4f:08:f5:0f:dd:98:d7:7a:0f:
         5f:85:2a:3d:67:54:1f:87:02:9d:0d:45:9a:cf:64:d9:4a:14:
         2d:5e:1d:3a:9b:40:0c:ed:9d:78:c6:6c:4c:a6:87:c3:2e:9d:
         5f:d0:91:6e:29:2a:b0:b9:6a:0d:71:43:0d:86:e6:9a:1a:6b:
         be:06:b3:9e:66:29:a9:eb:3d:4c:d5:a9:1f:ee:db:c9:b1:62:
         45:49:d1:db:f9:3d:2a:6c:c1:fa:ec:47:45:b8:12:c1:5a:c0:
         46:b2:ab:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6osUuarqymcEmxrqMbdb5TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmZTUzYzBiZmMzYzhmYjU2YjgxMTkxMzE3MTQ0NDQzZTBl
MjlkMjUwHhcNMjYwNjA4MTkyNDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTY3MTZiOGFiZjk5N2U2Mjk4NDU1MDVjOGU5ODllYzEzNzVlY2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolN3f293Hig7rh7tbJtq054jeFZT
FTrArB2ugjTOvP/dPNvYqnIELuT3h631FbnQOfbOj6K6PFD4azW/5h4bh/eeIdFZ
Mm0Wfd0iRBIUhBbKhEbUr4t3esaVTcfcKRTE0HkswAKONz68rXy1TF6EEM90lELn
T7RXE8Mz+qqp9Qdfk/3ABHx5gpkfnLUO3743n4Q03PU9h3pBevwprgeuszXHxrnE
lN6ZkzkJxkqpcaR3ntwxX8AiaOMMkxHP3iirGqFAnQKgEWznUcdAOEPsHKwemxgl
HrrKeClnja07DBbMZBMXMsJ0gTysgs1Dvu4hc38/V+UTHC9nePAUYuKjdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLlnFrir+ZfmKYRVBcjpiewTdeylMB8GA1UdIwQY
MBaAFF/lPAv8PI+1a4EZExcUREPg4p0lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDct
NWNmNTZlZTQzNWIzLzEvdVdjV3VLdjVsLVlwaEZVRnlPbUo3Qk4xN0tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDctNWNmNTZlZTQzNWIz
LzEvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+hfMA0G
CSqGSIb3DQEBCwUAA4IBAQAW10hPCt9TtEyPBUSxHGs79CIeC4adAKxpl4hRbFyV
3vKdlyo3fMjregjzzqLvD/8pK1Z6+9Kliwhhq2oe8CQUvMIo2FlDhhdivBK6UmiQ
FXQoXbjO/05J8FA01Mq06gy8fCmZKDxMF9bdjADfeAg1Cdl5ZkfMEwfr0mAmTSq3
J3IqMtDrur9WA9i6Zi/T4PRS23A0WOBCvdlPCPUP3ZjXeg9fhSo9Z1QfhwKdDUWa
z2TZShQtXh06m0AM7Z14xmxMpofDLp1f0JFuKSqwuWoNcUMNhuaaGmu+BrOeZimp
6z1M1akf7tvJsWJFSdHb+T0qbMH67EdFuBLBWsBGsqtA
-----END CERTIFICATE-----