Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/8efed1-8f65-4fb9-8331-145a01278948/1/UjLpUOdjwMQzw9SBpAhHgAxfg7U.roa
File:                     UjLpUOdjwMQzw9SBpAhHgAxfg7U.roa (raw, json)
Hash identifier:          7CpWMJq8SzwdLsA8hN+1xJucf/Pqf3jlz9jzHMKTOX8=
Subject key identifier:   52:32:E9:50:E7:63:C0:C4:33:C3:D4:81:A4:08:47:80:0C:5F:83:B5
Certificate issuer:       /CN=4370d3b699ac5aeff2db88a5cbc1c9d8d09c7231
Certificate serial:       019B7DCA85855283C04A1D51F53CBF66489A
Authority key identifier: 43:70:D3:B6:99:AC:5A:EF:F2:DB:88:A5:CB:C1:C9:D8:D0:9C:72:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q3DTtpmsWu_y24ily8HJ2NCccjE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/8efed1-8f65-4fb9-8331-145a01278948/1/UjLpUOdjwMQzw9SBpAhHgAxfg7U.roa
Signing time:             Fri 02 Jan 2026 08:19:42 +0000
ROA not before:           Fri 02 Jan 2026 08:19:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211065
IP address blocks:        185.214.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/8efed1-8f65-4fb9-8331-145a01278948/1/Q3DTtpmsWu_y24ily8HJ2NCccjE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/8efed1-8f65-4fb9-8331-145a01278948/1/Q3DTtpmsWu_y24ily8HJ2NCccjE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q3DTtpmsWu_y24ily8HJ2NCccjE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:85:85:52:83:c0:4a:1d:51:f5:3c:bf:66:48:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4370d3b699ac5aeff2db88a5cbc1c9d8d09c7231
        Validity
            Not Before: Jan  2 08:19:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5232e950e763c0c433c3d481a40847800c5f83b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:95:c8:96:87:97:85:ca:72:fc:33:e6:4e:62:
                    71:66:66:e9:ac:f2:7f:28:15:d2:e1:2f:13:90:98:
                    76:0f:97:a7:aa:ec:1a:de:f2:dc:6c:07:9c:6a:7e:
                    cd:b3:ea:c2:51:3e:0d:37:0e:16:47:ae:0c:0a:3e:
                    c8:ca:eb:39:38:ef:09:db:a1:a3:77:70:f1:52:d3:
                    f7:b1:bb:f5:7b:8e:2e:97:75:8a:d6:04:02:a1:1f:
                    ca:d7:8c:44:96:2e:e1:6e:7c:6b:46:d1:58:25:a2:
                    e2:e7:8b:a5:9f:d9:64:c0:d1:66:5d:39:c2:9f:a1:
                    58:1f:ff:f4:8b:d8:53:42:e9:68:17:fc:b7:59:6b:
                    7e:bc:3a:91:7d:02:50:49:c7:a6:55:19:ae:0d:71:
                    88:4b:b8:d6:b9:6c:b4:43:ac:59:c7:ab:5a:05:db:
                    6e:88:14:33:83:6b:26:d6:27:26:8e:73:61:0a:dc:
                    f2:50:86:e4:ec:13:6a:27:f2:e1:b1:d1:d2:0d:1e:
                    25:41:53:f8:dd:90:9c:90:fd:52:73:5c:b2:64:ae:
                    99:1e:71:ac:49:f9:ac:ab:c1:bc:17:99:00:d0:1d:
                    84:40:e4:de:3b:33:cb:e8:1a:b0:58:cb:7e:b3:61:
                    36:2e:d4:2d:c9:7b:fe:ae:28:59:78:8e:a8:b3:db:
                    cf:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:32:E9:50:E7:63:C0:C4:33:C3:D4:81:A4:08:47:80:0C:5F:83:B5
            X509v3 Authority Key Identifier:
                keyid:43:70:D3:B6:99:AC:5A:EF:F2:DB:88:A5:CB:C1:C9:D8:D0:9C:72:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q3DTtpmsWu_y24ily8HJ2NCccjE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/8efed1-8f65-4fb9-8331-145a01278948/1/UjLpUOdjwMQzw9SBpAhHgAxfg7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/8efed1-8f65-4fb9-8331-145a01278948/1/Q3DTtpmsWu_y24ily8HJ2NCccjE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:0f:34:24:e0:6a:3e:41:d0:d3:77:99:47:64:f5:79:c1:f4:
         d1:1d:f0:91:1b:ed:a2:b7:8d:67:78:10:84:06:af:8d:df:ed:
         f9:80:97:2d:66:e1:9e:70:24:6a:ba:6c:f6:4f:a9:03:96:d3:
         bd:c0:3f:df:d2:6d:83:9d:7b:64:40:64:53:3b:d4:c7:f3:18:
         a9:3c:c3:64:ec:c3:18:87:8e:b9:cb:96:57:c4:d4:d5:6f:b8:
         78:b7:f9:d5:c0:7c:76:b2:a6:1e:1c:0d:e4:55:bc:25:04:11:
         3e:21:10:91:b7:7d:b7:0f:27:c9:69:6f:c5:09:b7:ec:ed:80:
         fa:52:29:dc:f1:1f:e6:c1:2b:e9:60:e5:f7:fe:88:b9:d9:29:
         2a:87:62:1a:82:b0:89:44:e0:53:1a:37:8f:56:16:9f:e0:7e:
         23:f5:e3:74:96:60:9c:1e:3a:a4:df:13:a3:fd:9e:89:6c:c1:
         9b:7e:84:52:05:37:f3:9b:4d:f2:52:4c:31:18:9d:68:d8:40:
         5b:a9:0a:df:4b:e6:40:73:fd:8c:82:c8:3e:8f:8c:20:af:c8:
         54:96:d3:af:6e:3f:f9:0f:8b:d5:a1:d6:92:0e:2d:2c:36:c6:
         d2:ae:3b:32:50:98:f2:1c:cd:5f:8e:86:c5:42:9f:bc:75:6f:
         f5:d1:91:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yoWFUoPASh1R9Ty/ZkiaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNzBkM2I2OTlhYzVhZWZmMmRiODhhNWNiYzFjOWQ4ZDA5
YzcyMzEwHhcNMjYwMTAyMDgxOTQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjMyZTk1MGU3NjNjMGM0MzNjM2Q0ODFhNDA4NDc4MDBjNWY4M2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZXIloeXhcpy/DPmTmJxZmbprPJ/
KBXS4S8TkJh2D5enquwa3vLcbAecan7Ns+rCUT4NNw4WR64MCj7Iyus5OO8J26Gj
d3DxUtP3sbv1e44ul3WK1gQCoR/K14xEli7hbnxrRtFYJaLi54uln9lkwNFmXTnC
n6FYH//0i9hTQuloF/y3WWt+vDqRfQJQScemVRmuDXGIS7jWuWy0Q6xZx6taBdtu
iBQzg2sm1icmjnNhCtzyUIbk7BNqJ/LhsdHSDR4lQVP43ZCckP1Sc1yyZK6ZHnGs
Sfmsq8G8F5kA0B2EQOTeOzPL6BqwWMt+s2E2LtQtyXv+rihZeI6os9vPUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFIy6VDnY8DEM8PUgaQIR4AMX4O1MB8GA1UdIwQY
MBaAFENw07aZrFrv8tuIpcvBydjQnHIxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTNEVHRwbXNXdV95MjRpbHk4SEoyTkNjY2pFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS84ZWZlZDEtOGY2NS00ZmI5LTgzMzEt
MTQ1YTAxMjc4OTQ4LzEvVWpMcFVPZGp3TVF6dzlTQnBBaEhnQXhmZzdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS84ZWZlZDEtOGY2NS00ZmI5LTgzMzEtMTQ1YTAxMjc4OTQ4
LzEvUTNEVHRwbXNXdV95MjRpbHk4SEoyTkNjY2pFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudZAMA0G
CSqGSIb3DQEBCwUAA4IBAQBbDzQk4Go+QdDTd5lHZPV5wfTRHfCRG+2it41neBCE
Bq+N3+35gJctZuGecCRqumz2T6kDltO9wD/f0m2DnXtkQGRTO9TH8xipPMNk7MMY
h465y5ZXxNTVb7h4t/nVwHx2sqYeHA3kVbwlBBE+IRCRt323DyfJaW/FCbfs7YD6
Uinc8R/mwSvpYOX3/oi52Skqh2IagrCJROBTGjePVhaf4H4j9eN0lmCcHjqk3xOj
/Z6JbMGbfoRSBTfzm03yUkwxGJ1o2EBbqQrfS+ZAc/2Mgsg+j4wgr8hUltOvbj/5
D4vVodaSDi0sNsbSrjsyUJjyHM1fjobFQp+8dW/10ZF6
-----END CERTIFICATE-----