Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/996cf4-67ea-413d-9317-7eca205fafcb/1/UZbrORTP_ETM2yJiPplsddvS7KA.roa
File:                     UZbrORTP_ETM2yJiPplsddvS7KA.roa (raw, json)
Hash identifier:          KMKv//YG/qKlJS3aeSyQju59WADPz9oMFmNno9Nz5a4=
Subject key identifier:   51:96:EB:39:14:CF:FC:44:CC:DB:22:62:3E:99:6C:75:DB:D2:EC:A0
Certificate issuer:       /CN=c56f772bf3c4641a71bf7f4bc4de11c93addfea6
Certificate serial:       019B7910D5428AFF9B916D6C4840FF5206FD
Authority key identifier: C5:6F:77:2B:F3:C4:64:1A:71:BF:7F:4B:C4:DE:11:C9:3A:DD:FE:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xW93K_PEZBpxv39LxN4RyTrd_qY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/996cf4-67ea-413d-9317-7eca205fafcb/1/UZbrORTP_ETM2yJiPplsddvS7KA.roa
Signing time:             Thu 01 Jan 2026 10:18:24 +0000
ROA not before:           Thu 01 Jan 2026 10:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210670
IP address blocks:        31.222.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/996cf4-67ea-413d-9317-7eca205fafcb/1/xW93K_PEZBpxv39LxN4RyTrd_qY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/996cf4-67ea-413d-9317-7eca205fafcb/1/xW93K_PEZBpxv39LxN4RyTrd_qY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xW93K_PEZBpxv39LxN4RyTrd_qY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 10:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:d5:42:8a:ff:9b:91:6d:6c:48:40:ff:52:06:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c56f772bf3c4641a71bf7f4bc4de11c93addfea6
        Validity
            Not Before: Jan  1 10:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5196eb3914cffc44ccdb22623e996c75dbd2eca0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:09:4c:2e:b7:67:76:d6:5e:df:fb:54:1d:94:
                    08:08:c4:be:49:92:37:10:7f:a5:c0:48:94:cf:ce:
                    e5:f1:46:4a:1e:88:cd:9c:d1:50:91:69:b3:20:17:
                    73:08:d4:fb:65:e2:1d:55:d1:2a:3d:ee:5c:3d:72:
                    63:71:16:62:5e:8d:f4:a0:30:66:6d:20:29:04:4b:
                    8d:43:8a:55:c7:a0:e9:fa:7d:69:ac:4b:57:a6:65:
                    58:e8:ba:4b:8d:9c:2e:15:70:68:50:07:61:53:93:
                    52:e0:26:96:ef:2d:30:52:a2:db:84:9b:48:1c:15:
                    f8:41:13:56:f8:0b:14:3c:a8:43:3f:09:cc:7f:77:
                    64:46:48:5b:59:c1:af:37:11:55:86:d7:3d:f3:ee:
                    7f:25:83:73:17:fb:43:2b:e7:00:29:21:0c:f0:59:
                    ee:ca:cb:9e:42:ae:18:7d:cf:ca:db:1a:47:ce:de:
                    37:d8:21:da:76:f0:57:6e:fa:dc:59:24:a6:d8:74:
                    ea:20:3d:6c:b0:f7:4e:58:21:96:86:82:16:c9:f4:
                    33:67:a1:74:b2:0f:e3:87:1c:8a:91:ec:02:86:95:
                    3a:80:ad:bf:c7:fd:17:42:45:df:9e:fb:84:58:dd:
                    c2:1e:98:13:9a:81:dd:0e:b1:27:19:10:fd:89:01:
                    e0:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:96:EB:39:14:CF:FC:44:CC:DB:22:62:3E:99:6C:75:DB:D2:EC:A0
            X509v3 Authority Key Identifier:
                keyid:C5:6F:77:2B:F3:C4:64:1A:71:BF:7F:4B:C4:DE:11:C9:3A:DD:FE:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xW93K_PEZBpxv39LxN4RyTrd_qY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/996cf4-67ea-413d-9317-7eca205fafcb/1/UZbrORTP_ETM2yJiPplsddvS7KA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/996cf4-67ea-413d-9317-7eca205fafcb/1/xW93K_PEZBpxv39LxN4RyTrd_qY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.222.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:f0:fb:4d:b9:19:21:12:0c:a9:37:06:5d:ab:6b:e8:2a:42:
         ce:25:9f:80:21:60:68:71:45:d4:dd:09:a7:94:09:fe:73:fa:
         cc:c4:52:00:68:f3:bd:c3:f8:a4:63:ed:8a:34:e4:83:df:01:
         d8:ca:95:5c:7f:cf:89:82:e2:48:86:a3:90:22:a1:55:2b:9d:
         8d:71:99:0f:14:ea:97:08:0c:e0:ab:65:fb:6e:05:56:67:85:
         e5:6f:93:41:7e:d2:a0:0a:2a:50:98:58:69:01:6e:d0:4d:1b:
         54:8f:66:a6:0b:a1:c5:9d:69:f9:d9:58:68:24:34:98:cd:50:
         96:1c:14:a6:7e:da:e0:a7:ba:9c:8e:63:b8:1e:eb:8d:a7:fa:
         20:f5:a3:fd:6c:c6:c3:f0:59:a6:8a:1d:ce:59:c8:99:58:c0:
         e4:42:e6:d8:90:7a:d1:81:55:0a:c2:5a:11:2e:77:e2:e1:92:
         37:4c:15:0d:f7:21:23:7f:d9:cb:89:17:eb:1f:34:31:10:1d:
         b3:66:cf:ac:bf:16:f8:b2:b1:a2:e1:f0:b1:0d:b7:3a:65:01:
         d5:d0:a1:e3:1c:fe:9d:73:c9:37:06:1d:78:c5:2b:94:b4:f4:
         d4:e1:73:12:cf:4c:84:fd:64:0a:39:6c:21:e3:6f:39:a0:06:
         9a:b4:32:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ENVCiv+bkW1sSED/Ugb9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1NmY3NzJiZjNjNDY0MWE3MWJmN2Y0YmM0ZGUxMWM5M2Fk
ZGZlYTYwHhcNMjYwMTAxMTAxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTk2ZWIzOTE0Y2ZmYzQ0Y2NkYjIyNjIzZTk5NmM3NWRiZDJlY2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6wlMLrdndtZe3/tUHZQICMS+SZI3
EH+lwEiUz87l8UZKHojNnNFQkWmzIBdzCNT7ZeIdVdEqPe5cPXJjcRZiXo30oDBm
bSApBEuNQ4pVx6Dp+n1prEtXpmVY6LpLjZwuFXBoUAdhU5NS4CaW7y0wUqLbhJtI
HBX4QRNW+AsUPKhDPwnMf3dkRkhbWcGvNxFVhtc98+5/JYNzF/tDK+cAKSEM8Fnu
ysueQq4Yfc/K2xpHzt432CHadvBXbvrcWSSm2HTqID1ssPdOWCGWhoIWyfQzZ6F0
sg/jhxyKkewChpU6gK2/x/0XQkXfnvuEWN3CHpgTmoHdDrEnGRD9iQHguQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFGW6zkUz/xEzNsiYj6ZbHXb0uygMB8GA1UdIwQY
MBaAFMVvdyvzxGQacb9/S8TeEck63f6mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFc5M0tfUEVaQnB4djM5THhONFJ5VHJkX3FZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85OTZjZjQtNjdlYS00MTNkLTkzMTct
N2VjYTIwNWZhZmNiLzEvVVpick9SVFBfRVRNMnlKaVBwbHNkZHZTN0tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85OTZjZjQtNjdlYS00MTNkLTkzMTctN2VjYTIwNWZhZmNi
LzEveFc5M0tfUEVaQnB4djM5THhONFJ5VHJkX3FZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH97oMA0G
CSqGSIb3DQEBCwUAA4IBAQBr8PtNuRkhEgypNwZdq2voKkLOJZ+AIWBocUXU3Qmn
lAn+c/rMxFIAaPO9w/ikY+2KNOSD3wHYypVcf8+JguJIhqOQIqFVK52NcZkPFOqX
CAzgq2X7bgVWZ4Xlb5NBftKgCipQmFhpAW7QTRtUj2amC6HFnWn52VhoJDSYzVCW
HBSmftrgp7qcjmO4HuuNp/og9aP9bMbD8Fmmih3OWciZWMDkQubYkHrRgVUKwloR
Lnfi4ZI3TBUN9yEjf9nLiRfrHzQxEB2zZs+svxb4srGi4fCxDbc6ZQHV0KHjHP6d
c8k3Bh14xSuUtPTU4XMSz0yE/WQKOWwh4285oAaatDL/
-----END CERTIFICATE-----