Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/UF7QBqdoE-90-2ErsJhTaZEA9Jw.roa
File:                     UF7QBqdoE-90-2ErsJhTaZEA9Jw.roa (raw, json)
Hash identifier:          y8KALfg/A9ZQoSBfRXYsuUsTnM2o7AmSVN+QqsI9w7k=
Subject key identifier:   50:5E:D0:06:A7:68:13:EF:74:FB:61:2B:B0:98:53:69:91:00:F4:9C
Certificate issuer:       /CN=bf1d5feafd39174725bfe4bef91bd27c7b2f6f91
Certificate serial:       019D85AB76FF2FDEAEA08334D2AEE21B1052
Authority key identifier: BF:1D:5F:EA:FD:39:17:47:25:BF:E4:BE:F9:1B:D2:7C:7B:2F:6F:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/UF7QBqdoE-90-2ErsJhTaZEA9Jw.roa
Signing time:             Mon 13 Apr 2026 07:08:19 +0000
ROA not before:           Mon 13 Apr 2026 07:08:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198250
IP address blocks:        193.31.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 04:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:85:ab:76:ff:2f:de:ae:a0:83:34:d2:ae:e2:1b:10:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf1d5feafd39174725bfe4bef91bd27c7b2f6f91
        Validity
            Not Before: Apr 13 07:08:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=505ed006a76813ef74fb612bb09853699100f49c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:1f:a3:49:e0:d7:6f:5e:c3:ad:22:c5:24:fa:
                    65:6f:bd:c5:9d:72:b3:56:7e:1c:ea:20:8f:ee:45:
                    9b:8f:d8:64:75:0c:17:be:4e:40:55:c2:b4:a6:29:
                    f3:53:6c:25:ca:19:33:53:72:d8:bb:24:7f:0b:e5:
                    bb:e2:31:08:21:f9:11:4c:a0:66:3e:8f:6f:02:07:
                    66:f4:59:4f:a5:44:fc:5f:7b:d0:0f:09:3a:95:d6:
                    54:10:a8:8f:dd:bf:c8:35:66:b7:3c:55:5f:1b:34:
                    ae:a0:08:28:08:d8:e9:a8:15:66:64:8f:e3:ce:d8:
                    20:03:69:99:41:05:fe:f7:e1:52:4b:a7:7e:7b:62:
                    70:f7:7e:0d:71:44:41:23:4e:b5:1f:25:32:c1:44:
                    2c:8a:9d:64:f8:cd:65:72:b3:fa:54:74:1e:76:1a:
                    04:b4:af:21:37:d8:2e:61:26:d9:e2:fd:de:1b:ce:
                    ba:a9:bb:bb:70:a4:9d:d1:20:e5:c0:e8:fe:19:f3:
                    54:8d:78:b5:a8:31:99:3f:c3:6f:a3:1b:92:3f:da:
                    05:95:da:7f:7a:16:d1:75:26:5c:03:00:39:6f:28:
                    f7:19:1d:04:fa:80:79:70:2e:e5:49:40:88:43:c5:
                    c9:22:d5:43:ff:f0:a7:f7:19:3c:2b:07:f4:bb:f3:
                    92:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:5E:D0:06:A7:68:13:EF:74:FB:61:2B:B0:98:53:69:91:00:F4:9C
            X509v3 Authority Key Identifier:
                keyid:BF:1D:5F:EA:FD:39:17:47:25:BF:E4:BE:F9:1B:D2:7C:7B:2F:6F:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/UF7QBqdoE-90-2ErsJhTaZEA9Jw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.31.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:d6:4d:71:1a:23:88:fb:a3:74:af:63:f6:fd:b3:31:72:d9:
         69:30:fd:70:a1:cd:0c:f8:28:5f:a6:dd:31:a1:ea:bf:1a:5c:
         aa:55:70:7c:f6:d3:6c:fb:ac:0a:79:1e:ff:2b:e9:45:db:08:
         e5:e0:7e:75:2a:8d:25:eb:74:90:46:c5:d3:55:2f:94:21:7d:
         78:95:1b:e3:fd:72:ad:41:f1:3d:9e:d9:0b:4e:76:f3:85:ac:
         45:a5:bd:21:52:06:45:de:97:eb:e6:99:48:ee:62:57:dc:87:
         07:fb:90:f8:ae:70:a0:70:03:41:25:b6:c9:5c:a2:1e:39:86:
         9e:ff:67:bb:46:07:7c:5f:7f:80:80:94:ba:a4:83:c0:94:0b:
         03:e1:1d:78:2c:60:64:ce:49:e1:44:ee:74:c3:ea:60:4c:ff:
         69:cf:b7:b1:b9:bf:28:e3:9d:d4:fc:9f:99:b1:32:98:c8:34:
         ca:37:46:4f:95:e5:50:af:5f:80:a7:d5:a2:9a:90:ab:24:4b:
         df:3f:24:a6:8e:0b:f6:0a:80:19:6a:ab:ea:62:60:36:a3:cf:
         7c:36:63:5c:34:e5:19:78:78:c9:18:d8:b4:db:09:63:f7:a5:
         84:92:a2:39:7f:4d:13:0f:69:ae:52:4b:c9:57:89:2f:f0:3e:
         6f:63:f0:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2Fq3b/L96uoIM00q7iGxBSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmMWQ1ZmVhZmQzOTE3NDcyNWJmZTRiZWY5MWJkMjdjN2Iy
ZjZmOTEwHhcNMjYwNDEzMDcwODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDVlZDAwNmE3NjgxM2VmNzRmYjYxMmJiMDk4NTM2OTkxMDBmNDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiR+jSeDXb17DrSLFJPplb73FnXKz
Vn4c6iCP7kWbj9hkdQwXvk5AVcK0pinzU2wlyhkzU3LYuyR/C+W74jEIIfkRTKBm
Po9vAgdm9FlPpUT8X3vQDwk6ldZUEKiP3b/INWa3PFVfGzSuoAgoCNjpqBVmZI/j
ztggA2mZQQX+9+FSS6d+e2Jw934NcURBI061HyUywUQsip1k+M1lcrP6VHQedhoE
tK8hN9guYSbZ4v3eG866qbu7cKSd0SDlwOj+GfNUjXi1qDGZP8NvoxuSP9oFldp/
ehbRdSZcAwA5byj3GR0E+oB5cC7lSUCIQ8XJItVD//Cn9xk8Kwf0u/OSHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFBe0AanaBPvdPthK7CYU2mRAPScMB8GA1UdIwQY
MBaAFL8dX+r9ORdHJb/kvvkb0nx7L2+RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdngxZjZ2MDVGMGNsdi1TLS1SdlNmSHN2YjVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy82MDY1ZDItMTAzZS00YWI3LWJmYjMt
MWE4Yzg0MmFmZTJhLzEvVUY3UUJxZG9FLTkwLTJFcnNKaFRhWkVBOUp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy82MDY1ZDItMTAzZS00YWI3LWJmYjMtMWE4Yzg0MmFmZTJh
LzEvdngxZjZ2MDVGMGNsdi1TLS1SdlNmSHN2YjVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR8PMA0G
CSqGSIb3DQEBCwUAA4IBAQAr1k1xGiOI+6N0r2P2/bMxctlpMP1woc0M+Chfpt0x
oeq/GlyqVXB89tNs+6wKeR7/K+lF2wjl4H51Ko0l63SQRsXTVS+UIX14lRvj/XKt
QfE9ntkLTnbzhaxFpb0hUgZF3pfr5plI7mJX3IcH+5D4rnCgcANBJbbJXKIeOYae
/2e7Rgd8X3+AgJS6pIPAlAsD4R14LGBkzknhRO50w+pgTP9pz7exub8o453U/J+Z
sTKYyDTKN0ZPleVQr1+Ap9WimpCrJEvfPySmjgv2CoAZaqvqYmA2o898NmNcNOUZ
eHjJGNi02wlj96WEkqI5f00TD2muUkvJV4kv8D5vY/Aw
-----END CERTIFICATE-----