Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/4e9414-bc4d-4f2c-b9f1-23f0c04d2c17/1/UgHcaBSwg0Iexf-S3Ppu9ltxOdY.roa
File:                     UgHcaBSwg0Iexf-S3Ppu9ltxOdY.roa (raw, json)
Hash identifier:          uwkGrsjIen3tBe54+2c/5zWUfceUkyrc4GB8+Uk2gSA=
Subject key identifier:   52:01:DC:68:14:B0:83:42:1E:C5:FF:92:DC:FA:6E:F6:5B:71:39:D6
Certificate issuer:       /CN=5f7f70250082c3e056f3fe528bd77b06e20e407c
Certificate serial:       019D8D1E8236A2944C3503968BE4E66B526F
Authority key identifier: 5F:7F:70:25:00:82:C3:E0:56:F3:FE:52:8B:D7:7B:06:E2:0E:40:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X39wJQCCw-BW8_5Si9d7BuIOQHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/4e9414-bc4d-4f2c-b9f1-23f0c04d2c17/1/UgHcaBSwg0Iexf-S3Ppu9ltxOdY.roa
Signing time:             Tue 14 Apr 2026 17:51:19 +0000
ROA not before:           Tue 14 Apr 2026 17:51:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205997
IP address blocks:        185.136.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/4e9414-bc4d-4f2c-b9f1-23f0c04d2c17/1/X39wJQCCw-BW8_5Si9d7BuIOQHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/4e9414-bc4d-4f2c-b9f1-23f0c04d2c17/1/X39wJQCCw-BW8_5Si9d7BuIOQHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X39wJQCCw-BW8_5Si9d7BuIOQHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8d:1e:82:36:a2:94:4c:35:03:96:8b:e4:e6:6b:52:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f7f70250082c3e056f3fe528bd77b06e20e407c
        Validity
            Not Before: Apr 14 17:51:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5201dc6814b083421ec5ff92dcfa6ef65b7139d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:d5:ba:12:27:93:0f:87:0c:7a:4c:8d:ed:e8:
                    bf:01:34:1d:2f:15:ba:a4:b9:bf:cb:45:f3:01:51:
                    c8:a3:27:8a:7b:71:80:c6:0a:96:ef:0d:31:99:99:
                    2e:b5:08:33:ab:92:be:58:a1:dc:5e:3c:93:df:e0:
                    f7:f2:f6:d3:ab:3b:47:ab:9f:a3:82:f5:82:1b:d7:
                    f6:5c:35:3d:3c:ad:c0:5e:4a:91:10:ef:b1:75:51:
                    68:47:65:a9:1e:b8:89:88:f8:cd:a7:97:d5:28:0c:
                    71:1c:38:f2:23:00:43:e2:09:d2:90:c7:38:16:f0:
                    37:56:b8:e9:c7:05:5f:69:9a:7f:af:9f:9c:93:a2:
                    0c:a9:d1:11:16:b1:b9:3f:21:e9:39:2f:c1:4b:24:
                    a9:c0:33:d2:7d:88:5b:2b:a5:e3:63:3a:57:95:df:
                    e3:3c:fa:a1:28:82:42:ca:87:3d:5e:7f:83:7c:09:
                    39:f6:2b:66:62:05:07:9b:55:33:2d:7a:2f:93:fb:
                    fd:22:ea:6d:92:61:98:d8:6e:26:57:8c:16:87:26:
                    f0:9c:fc:e4:39:9c:16:7c:24:bd:3a:b7:42:df:10:
                    30:10:8c:66:4d:69:25:60:82:20:7e:6e:b3:56:f5:
                    02:c1:0e:76:1d:ca:6b:78:e3:e7:72:50:bc:0e:1d:
                    58:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:01:DC:68:14:B0:83:42:1E:C5:FF:92:DC:FA:6E:F6:5B:71:39:D6
            X509v3 Authority Key Identifier:
                keyid:5F:7F:70:25:00:82:C3:E0:56:F3:FE:52:8B:D7:7B:06:E2:0E:40:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X39wJQCCw-BW8_5Si9d7BuIOQHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/4e9414-bc4d-4f2c-b9f1-23f0c04d2c17/1/UgHcaBSwg0Iexf-S3Ppu9ltxOdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/4e9414-bc4d-4f2c-b9f1-23f0c04d2c17/1/X39wJQCCw-BW8_5Si9d7BuIOQHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.136.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:c5:81:2c:eb:e0:80:b6:99:5a:b9:5b:3d:05:4f:2a:c1:82:
         3c:c1:cd:b3:91:5d:97:4a:b0:a5:84:f4:88:fb:80:f3:3a:9d:
         9e:51:61:21:a1:83:f1:41:56:53:71:05:96:54:3a:48:d1:50:
         e3:cb:ae:94:35:bc:f7:4c:ab:69:57:d0:7f:36:de:1b:84:4e:
         20:c3:29:ab:08:0f:83:33:37:1c:ea:4a:ce:3a:fa:ef:5c:cb:
         dc:26:d6:7c:57:c6:d5:a5:3d:b8:6e:39:a0:70:15:40:fa:c7:
         84:19:cb:e0:f2:a4:46:a4:7b:73:c0:f9:ac:2c:2c:95:5e:9a:
         2f:05:43:fa:73:ac:f5:74:02:02:3f:9e:30:9c:b4:c9:28:79:
         e5:ad:69:b3:af:e7:54:82:e4:de:4b:ff:81:67:8a:c6:ae:33:
         66:76:6d:2e:4c:99:73:f7:a4:89:7a:34:4e:ea:a5:9f:69:d9:
         bc:0a:a4:5b:9b:d1:91:96:d6:a6:53:fe:f3:95:78:aa:30:d3:
         6d:81:5b:5a:02:6d:7e:b6:89:e0:66:80:14:88:43:9e:6b:01:
         0a:2d:04:b6:8f:c2:2b:b2:46:eb:f4:ef:b6:44:97:f8:20:01:
         9e:6e:cf:af:6f:36:6d:cb:eb:d9:5f:44:45:98:b2:c1:48:fb:
         45:f0:3f:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2NHoI2opRMNQOWi+Tma1JvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmN2Y3MDI1MDA4MmMzZTA1NmYzZmU1MjhiZDc3YjA2ZTIw
ZTQwN2MwHhcNMjYwNDE0MTc1MTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjAxZGM2ODE0YjA4MzQyMWVjNWZmOTJkY2ZhNmVmNjViNzEzOWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntW6EieTD4cMekyN7ei/ATQdLxW6
pLm/y0XzAVHIoyeKe3GAxgqW7w0xmZkutQgzq5K+WKHcXjyT3+D38vbTqztHq5+j
gvWCG9f2XDU9PK3AXkqREO+xdVFoR2WpHriJiPjNp5fVKAxxHDjyIwBD4gnSkMc4
FvA3VrjpxwVfaZp/r5+ck6IMqdERFrG5PyHpOS/BSySpwDPSfYhbK6XjYzpXld/j
PPqhKIJCyoc9Xn+DfAk59itmYgUHm1UzLXovk/v9IuptkmGY2G4mV4wWhybwnPzk
OZwWfCS9OrdC3xAwEIxmTWklYIIgfm6zVvUCwQ52HcpreOPnclC8Dh1YkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFIB3GgUsINCHsX/ktz6bvZbcTnWMB8GA1UdIwQY
MBaAFF9/cCUAgsPgVvP+UovXewbiDkB8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDM5d0pRQ0N3LUJXOF81U2k5ZDdCdUlPUUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC80ZTk0MTQtYmM0ZC00ZjJjLWI5ZjEt
MjNmMGMwNGQyYzE3LzEvVWdIY2FCU3dnMElleGYtUzNQcHU5bHR4T2RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC80ZTk0MTQtYmM0ZC00ZjJjLWI5ZjEtMjNmMGMwNGQyYzE3
LzEvWDM5d0pRQ0N3LUJXOF81U2k5ZDdCdUlPUUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYgPMA0G
CSqGSIb3DQEBCwUAA4IBAQB9xYEs6+CAtplauVs9BU8qwYI8wc2zkV2XSrClhPSI
+4DzOp2eUWEhoYPxQVZTcQWWVDpI0VDjy66UNbz3TKtpV9B/Nt4bhE4gwymrCA+D
Mzcc6krOOvrvXMvcJtZ8V8bVpT24bjmgcBVA+seEGcvg8qRGpHtzwPmsLCyVXpov
BUP6c6z1dAICP54wnLTJKHnlrWmzr+dUguTeS/+BZ4rGrjNmdm0uTJlz96SJejRO
6qWfadm8CqRbm9GRltamU/7zlXiqMNNtgVtaAm1+tongZoAUiEOeawEKLQS2j8Ir
skbr9O+2RJf4IAGebs+vbzZty+vZX0RFmLLBSPtF8D8N
-----END CERTIFICATE-----