Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/b4f4bd-4cc8-4132-a9aa-1de2d57881cc/1/UBaMd5m5GavIc5hBfzrZXsgTDzw.roa
File:                     UBaMd5m5GavIc5hBfzrZXsgTDzw.roa (raw, json)
Hash identifier:          RpZSiCo91x9bAEorfRG8RiGXHTBZwFHJ4lexWp3J2OU=
Subject key identifier:   50:16:8C:77:99:B9:19:AB:C8:73:98:41:7F:3A:D9:5E:C8:13:0F:3C
Certificate issuer:       /CN=b87fb0a6b8ff1c272bd092ca7006fd95a520f501
Certificate serial:       019E49754852BCC420C3BFC23B4ABCDE10B8
Authority key identifier: B8:7F:B0:A6:B8:FF:1C:27:2B:D0:92:CA:70:06:FD:95:A5:20:F5:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uH-wprj_HCcr0JLKcAb9laUg9QE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/b4f4bd-4cc8-4132-a9aa-1de2d57881cc/1/UBaMd5m5GavIc5hBfzrZXsgTDzw.roa
Signing time:             Thu 21 May 2026 07:34:43 +0000
ROA not before:           Thu 21 May 2026 07:34:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61108
IP address blocks:        185.136.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/b4f4bd-4cc8-4132-a9aa-1de2d57881cc/1/uH-wprj_HCcr0JLKcAb9laUg9QE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/b4f4bd-4cc8-4132-a9aa-1de2d57881cc/1/uH-wprj_HCcr0JLKcAb9laUg9QE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uH-wprj_HCcr0JLKcAb9laUg9QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 10:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:49:75:48:52:bc:c4:20:c3:bf:c2:3b:4a:bc:de:10:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b87fb0a6b8ff1c272bd092ca7006fd95a520f501
        Validity
            Not Before: May 21 07:34:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=50168c7799b919abc87398417f3ad95ec8130f3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:4b:65:21:cf:4b:c0:17:c6:7c:a8:b6:c8:c4:
                    d0:c2:0b:fc:89:a4:9e:1b:46:ea:82:ff:f1:a8:fb:
                    48:04:71:1f:c2:41:49:af:1d:9b:61:b6:f3:75:ae:
                    84:4e:e2:21:90:78:26:af:1b:a0:ce:38:1b:0a:0b:
                    a8:0a:8e:c7:7c:18:79:70:18:c9:47:fe:2d:06:f6:
                    1a:58:2d:ac:5b:8c:18:10:14:4c:7f:77:6b:c0:4e:
                    1d:da:88:0b:ef:cf:70:31:19:de:c1:24:52:45:53:
                    ac:14:3b:f0:4f:e9:32:d2:b2:8e:96:07:0e:e9:f6:
                    3f:25:6f:b4:76:e8:75:fa:b3:db:bc:00:9b:0d:e6:
                    74:d8:c0:57:b9:bf:6a:90:68:6f:f9:9d:c5:e5:ea:
                    76:61:f3:a7:99:6b:ea:a3:e9:b0:60:66:13:3f:28:
                    e7:34:d2:bc:13:24:07:03:3c:21:33:26:0b:f7:3f:
                    df:1a:c9:3d:35:dd:75:a9:e8:f9:69:34:42:fa:3b:
                    68:03:a0:69:fe:34:4f:b3:3c:97:59:4d:0e:e6:79:
                    4a:44:34:1b:ba:40:2f:f6:2d:f3:fa:b1:51:34:f8:
                    86:da:9d:c9:2b:b4:4d:7d:33:8a:43:b3:f6:56:c9:
                    0c:91:fb:e4:57:a6:f4:bb:69:9b:a8:f6:b4:20:1c:
                    1a:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:16:8C:77:99:B9:19:AB:C8:73:98:41:7F:3A:D9:5E:C8:13:0F:3C
            X509v3 Authority Key Identifier:
                keyid:B8:7F:B0:A6:B8:FF:1C:27:2B:D0:92:CA:70:06:FD:95:A5:20:F5:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uH-wprj_HCcr0JLKcAb9laUg9QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/b4f4bd-4cc8-4132-a9aa-1de2d57881cc/1/UBaMd5m5GavIc5hBfzrZXsgTDzw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/b4f4bd-4cc8-4132-a9aa-1de2d57881cc/1/uH-wprj_HCcr0JLKcAb9laUg9QE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.136.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:7c:99:38:f7:31:6e:41:73:42:72:d5:18:95:fb:6f:2a:4e:
         07:f7:1b:d9:7f:7a:ec:b2:19:9a:71:fa:f3:72:cb:f2:c0:53:
         21:72:f2:5a:76:5d:a1:47:56:30:4f:cc:d1:f3:e3:b7:7d:16:
         05:8a:8c:5f:1f:dd:ab:27:e7:5b:77:11:f1:da:bf:08:6e:4b:
         fa:1b:08:9b:e9:54:d9:13:d9:e6:93:e9:d7:4e:28:45:5b:d4:
         ae:9d:58:4a:dc:1b:bc:de:3c:64:bd:5b:fb:4f:1a:0b:94:bb:
         77:00:52:ef:ea:0c:ba:9f:cb:d5:f1:e1:f0:de:64:01:09:91:
         9e:11:f6:5e:c5:ea:15:12:4a:43:18:85:48:cb:37:62:fb:5c:
         02:58:aa:e7:dd:f3:a1:ed:27:0e:13:4a:68:2e:34:93:5e:6b:
         3a:42:04:59:a6:e2:fe:5e:b3:f5:fb:3c:59:77:65:b2:14:5e:
         ba:b6:21:cd:6c:ac:c7:69:81:a8:49:06:ae:a1:ba:8d:8b:88:
         5e:f5:0e:c4:d3:f6:61:07:0d:9c:7d:1c:3c:b9:4b:ba:46:10:
         e8:fa:0e:1c:39:a1:69:43:88:61:10:23:61:ca:f0:af:9b:8e:
         42:76:50:16:27:3b:c9:24:b6:9d:6e:f9:4f:da:91:db:00:4c:
         08:71:2e:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5JdUhSvMQgw7/CO0q83hC4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4N2ZiMGE2YjhmZjFjMjcyYmQwOTJjYTcwMDZmZDk1YTUy
MGY1MDEwHhcNMjYwNTIxMDczNDQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDE2OGM3Nzk5YjkxOWFiYzg3Mzk4NDE3ZjNhZDk1ZWM4MTMwZjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3EtlIc9LwBfGfKi2yMTQwgv8iaSe
G0bqgv/xqPtIBHEfwkFJrx2bYbbzda6ETuIhkHgmrxugzjgbCguoCo7HfBh5cBjJ
R/4tBvYaWC2sW4wYEBRMf3drwE4d2ogL789wMRnewSRSRVOsFDvwT+ky0rKOlgcO
6fY/JW+0duh1+rPbvACbDeZ02MBXub9qkGhv+Z3F5ep2YfOnmWvqo+mwYGYTPyjn
NNK8EyQHAzwhMyYL9z/fGsk9Nd11qej5aTRC+jtoA6Bp/jRPszyXWU0O5nlKRDQb
ukAv9i3z+rFRNPiG2p3JK7RNfTOKQ7P2VskMkfvkV6b0u2mbqPa0IBwacQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFAWjHeZuRmryHOYQX862V7IEw88MB8GA1UdIwQY
MBaAFLh/sKa4/xwnK9CSynAG/ZWlIPUBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUgtd3Byal9IQ2NyMEpMS2NBYjlsYVVnOVFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9iNGY0YmQtNGNjOC00MTMyLWE5YWEt
MWRlMmQ1Nzg4MWNjLzEvVUJhTWQ1bTVHYXZJYzVoQmZ6clpYc2dURHp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9iNGY0YmQtNGNjOC00MTMyLWE5YWEtMWRlMmQ1Nzg4MWNj
LzEvdUgtd3Byal9IQ2NyMEpMS2NBYjlsYVVnOVFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYhRMA0G
CSqGSIb3DQEBCwUAA4IBAQACfJk49zFuQXNCctUYlftvKk4H9xvZf3rsshmacfrz
csvywFMhcvJadl2hR1YwT8zR8+O3fRYFioxfH92rJ+dbdxHx2r8Ibkv6Gwib6VTZ
E9nmk+nXTihFW9SunVhK3Bu83jxkvVv7TxoLlLt3AFLv6gy6n8vV8eHw3mQBCZGe
EfZexeoVEkpDGIVIyzdi+1wCWKrn3fOh7ScOE0poLjSTXms6QgRZpuL+XrP1+zxZ
d2WyFF66tiHNbKzHaYGoSQauobqNi4he9Q7E0/ZhBw2cfRw8uUu6RhDo+g4cOaFp
Q4hhECNhyvCvm45CdlAWJzvJJLadbvlP2pHbAEwIcS6i
-----END CERTIFICATE-----