Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/U8YrDUVn3egAnNyXxX_1fs7ypak.roa
File:                     U8YrDUVn3egAnNyXxX_1fs7ypak.roa (raw, json)
Hash identifier:          0J1ye72rXLmhonZZf0ebjERiurn0AgXIl7ABqMnbTn0=
Subject key identifier:   53:C6:2B:0D:45:67:DD:E8:00:9C:DC:97:C5:7F:F5:7E:CE:F2:A5:A9
Certificate issuer:       /CN=a316c7659af1d56bc718faf614f092758f5edc7f
Certificate serial:       019D496BAA257798E7A74C67B8E4E82F56CA
Authority key identifier: A3:16:C7:65:9A:F1:D5:6B:C7:18:FA:F6:14:F0:92:75:8F:5E:DC:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/U8YrDUVn3egAnNyXxX_1fs7ypak.roa
Signing time:             Wed 01 Apr 2026 14:21:25 +0000
ROA not before:           Wed 01 Apr 2026 14:21:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     23467
IP address blocks:        212.32.0.0/20 maxlen: 24
                          212.32.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:49:6b:aa:25:77:98:e7:a7:4c:67:b8:e4:e8:2f:56:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a316c7659af1d56bc718faf614f092758f5edc7f
        Validity
            Not Before: Apr  1 14:21:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=53c62b0d4567dde8009cdc97c57ff57ecef2a5a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:8c:5b:a2:6b:4e:7b:ff:b1:ff:7d:a4:30:e7:
                    74:ba:85:ca:07:ec:a9:38:3f:9a:2b:d1:7b:fe:1d:
                    36:f2:29:f6:d9:cf:80:3f:53:6a:42:a2:58:6e:89:
                    cf:af:2b:91:ea:43:c9:5a:d3:f1:35:e8:7d:82:07:
                    40:5e:61:1d:57:a7:6c:b6:57:86:65:a1:f4:30:4e:
                    99:20:3f:93:b6:14:dd:4a:5b:71:4b:83:db:64:d1:
                    7d:67:66:ae:7c:6d:29:53:23:ed:e1:a2:ff:60:61:
                    2b:63:3d:91:41:8d:9d:8e:6b:b8:df:ea:13:30:64:
                    67:46:ab:1b:be:0c:3a:61:4a:d4:03:24:09:61:55:
                    18:01:4b:14:93:61:9e:57:5b:da:e0:79:93:f6:db:
                    f8:b9:e2:c7:cf:55:b6:4b:e8:0f:52:a1:21:69:aa:
                    a8:8e:97:57:25:00:68:75:08:4a:18:bd:48:50:70:
                    b0:d7:95:05:87:5e:76:44:96:98:df:c1:61:1e:26:
                    f3:bf:ef:cb:e1:09:ee:fd:26:23:f2:e6:b4:f9:95:
                    4f:40:7f:91:82:ab:dc:0c:86:6d:e4:67:bb:1f:14:
                    7c:68:0a:e8:b5:4e:92:2b:30:72:69:51:d9:5d:2a:
                    b6:25:42:f3:7e:01:fe:38:69:02:fe:5d:d9:3a:89:
                    5f:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:C6:2B:0D:45:67:DD:E8:00:9C:DC:97:C5:7F:F5:7E:CE:F2:A5:A9
            X509v3 Authority Key Identifier:
                keyid:A3:16:C7:65:9A:F1:D5:6B:C7:18:FA:F6:14:F0:92:75:8F:5E:DC:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/U8YrDUVn3egAnNyXxX_1fs7ypak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.32.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         b3:3f:ea:cb:e7:20:c6:91:4c:28:23:5e:a2:4a:e4:ad:a2:e5:
         77:9c:fc:59:aa:f3:43:7a:d1:91:d6:da:92:99:64:ec:c2:bf:
         be:2d:b2:bd:18:d1:d4:40:5a:00:de:1e:e5:0e:49:fa:c6:61:
         ec:ed:3b:31:0b:49:c5:4a:46:47:49:c9:90:51:32:08:95:15:
         a3:60:e1:18:c8:d5:43:70:ce:16:78:f6:23:8f:2b:af:47:38:
         37:ea:0a:7e:df:ec:34:cd:05:f5:6c:e5:97:36:a0:d6:a7:e8:
         94:ad:c0:68:bc:de:84:5c:e4:e9:67:fc:14:1e:eb:b5:6b:5e:
         f9:80:8b:14:76:3a:ce:72:8b:cc:7d:ea:fd:ae:d2:76:fd:91:
         a3:80:cd:b8:9d:5e:88:0c:4e:70:bc:04:80:71:70:fe:a0:89:
         15:0e:51:6d:39:80:e1:66:f9:96:92:9a:69:61:d3:d5:bc:dc:
         d4:2d:57:f5:7a:51:61:9b:ab:26:11:82:86:a1:ad:15:c7:f1:
         d2:52:ed:f4:fc:03:db:14:80:1c:6e:cb:ee:a8:ef:c2:a9:36:
         1f:a3:c9:ae:f4:d9:02:b1:59:9e:62:57:cc:fc:31:be:66:6e:
         54:c7:b1:60:75:c6:26:cf:1b:e8:3c:c3:79:d3:ee:5f:7b:64:
         d6:f2:a2:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1Ja6old5jnp0xnuOToL1bKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzMTZjNzY1OWFmMWQ1NmJjNzE4ZmFmNjE0ZjA5Mjc1OGY1
ZWRjN2YwHhcNMjYwNDAxMTQyMTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2M2MmIwZDQ1NjdkZGU4MDA5Y2RjOTdjNTdmZjU3ZWNlZjJhNWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIxbomtOe/+x/32kMOd0uoXKB+yp
OD+aK9F7/h028in22c+AP1NqQqJYbonPryuR6kPJWtPxNeh9ggdAXmEdV6dstleG
ZaH0ME6ZID+TthTdSltxS4PbZNF9Z2aufG0pUyPt4aL/YGErYz2RQY2djmu43+oT
MGRnRqsbvgw6YUrUAyQJYVUYAUsUk2GeV1va4HmT9tv4ueLHz1W2S+gPUqEhaaqo
jpdXJQBodQhKGL1IUHCw15UFh152RJaY38FhHibzv+/L4Qnu/SYj8ua0+ZVPQH+R
gqvcDIZt5Ge7HxR8aArotU6SKzByaVHZXSq2JULzfgH+OGkC/l3ZOolf7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPGKw1FZ93oAJzcl8V/9X7O8qWpMB8GA1UdIwQY
MBaAFKMWx2Wa8dVrxxj69hTwknWPXtx/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3hiSFpacngxV3ZIR1ByMkZQQ1NkWTllM0g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8zMGQ0ZTgtZTA5MC00YmYyLTgxODUt
MzY4N2M4MThlZGU1LzEvVThZckRVVm4zZWdBbk55WHhYXzFmczd5cGFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8zMGQ0ZTgtZTA5MC00YmYyLTgxODUtMzY4N2M4MThlZGU1
LzEvb3hiSFpacngxV3ZIR1ByMkZQQ1NkWTllM0g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE1CAAMA0G
CSqGSIb3DQEBCwUAA4IBAQCzP+rL5yDGkUwoI16iSuStouV3nPxZqvNDetGR1tqS
mWTswr++LbK9GNHUQFoA3h7lDkn6xmHs7TsxC0nFSkZHScmQUTIIlRWjYOEYyNVD
cM4WePYjjyuvRzg36gp+3+w0zQX1bOWXNqDWp+iUrcBovN6EXOTpZ/wUHuu1a175
gIsUdjrOcovMfer9rtJ2/ZGjgM24nV6IDE5wvASAcXD+oIkVDlFtOYDhZvmWkppp
YdPVvNzULVf1elFhm6smEYKGoa0Vx/HSUu30/APbFIAcbsvuqO/CqTYfo8mu9NkC
sVmeYlfM/DG+Zm5Ux7FgdcYmzxvoPMN50+5fe2TW8qJF
-----END CERTIFICATE-----