Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/1887fa-43cc-4499-ab74-e28832323f6d/1/YieV5IhtBfHhR0OlHv2vUYM5r_4.roa
File:                     YieV5IhtBfHhR0OlHv2vUYM5r_4.roa (raw, json)
Hash identifier:          8fgRrOxEwtIdvMj2bohx3wRypSi8a7Y8Q0IaEcHrHS0=
Subject key identifier:   62:27:95:E4:88:6D:05:F1:E1:47:43:A5:1E:FD:AF:51:83:39:AF:FE
Certificate issuer:       /CN=17672556984415b78e9d15461784c8c4e691d010
Certificate serial:       019B7C110074FCBDD33DD195D163A59F53D0
Authority key identifier: 17:67:25:56:98:44:15:B7:8E:9D:15:46:17:84:C8:C4:E6:91:D0:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F2clVphEFbeOnRVGF4TIxOaR0BA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/1887fa-43cc-4499-ab74-e28832323f6d/1/YieV5IhtBfHhR0OlHv2vUYM5r_4.roa
Signing time:             Fri 02 Jan 2026 00:17:27 +0000
ROA not before:           Fri 02 Jan 2026 00:17:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200860
IP address blocks:        164.40.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/1887fa-43cc-4499-ab74-e28832323f6d/1/F2clVphEFbeOnRVGF4TIxOaR0BA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/1887fa-43cc-4499-ab74-e28832323f6d/1/F2clVphEFbeOnRVGF4TIxOaR0BA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F2clVphEFbeOnRVGF4TIxOaR0BA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 21:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:00:74:fc:bd:d3:3d:d1:95:d1:63:a5:9f:53:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17672556984415b78e9d15461784c8c4e691d010
        Validity
            Not Before: Jan  2 00:17:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=622795e4886d05f1e14743a51efdaf518339affe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:79:00:5d:1d:4a:8b:74:76:dc:cc:c8:94:a7:
                    21:48:c8:f2:d7:b8:7d:7d:1a:a8:e0:23:66:df:88:
                    de:e7:f3:26:7e:c1:71:36:92:c5:de:0b:88:bc:b0:
                    bf:f1:60:9d:b8:51:a3:d5:90:dd:06:7a:b8:96:66:
                    fa:22:19:24:7d:5c:36:35:35:84:11:99:ed:a8:9d:
                    0b:1a:f0:b7:f5:83:cf:20:05:8f:6e:60:02:38:7e:
                    9b:da:a5:aa:7b:71:96:94:6a:d7:13:8c:c2:76:56:
                    75:07:8f:b2:83:7c:30:e8:b8:b1:d0:95:ff:9c:19:
                    72:73:dd:fe:4a:ad:36:97:6c:ef:67:ec:86:ee:d8:
                    a2:24:a1:8f:65:e7:69:63:23:f5:24:56:5f:23:12:
                    f8:c6:70:2a:6a:95:18:18:2b:48:ab:74:8c:1d:36:
                    61:c3:10:63:e5:ec:a4:77:ee:3b:15:73:71:15:f9:
                    9d:10:e1:5f:92:f9:5e:78:1d:8f:5b:8a:c5:d3:aa:
                    47:fb:eb:59:47:79:9c:1a:03:d6:08:08:3e:c4:08:
                    cc:9a:59:05:b2:02:75:d7:32:39:5c:41:1c:34:ce:
                    c4:b2:1f:ee:d1:92:a6:06:bb:59:71:e5:7d:cc:93:
                    86:42:83:4d:48:e4:20:5f:7d:92:ab:73:42:0f:44:
                    07:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:27:95:E4:88:6D:05:F1:E1:47:43:A5:1E:FD:AF:51:83:39:AF:FE
            X509v3 Authority Key Identifier:
                keyid:17:67:25:56:98:44:15:B7:8E:9D:15:46:17:84:C8:C4:E6:91:D0:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F2clVphEFbeOnRVGF4TIxOaR0BA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/1887fa-43cc-4499-ab74-e28832323f6d/1/YieV5IhtBfHhR0OlHv2vUYM5r_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/1887fa-43cc-4499-ab74-e28832323f6d/1/F2clVphEFbeOnRVGF4TIxOaR0BA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.40.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:fc:7e:30:6b:5b:a7:d7:13:31:6b:3c:01:cc:47:ef:5e:33:
         d2:61:2e:69:84:63:38:3a:cd:5c:8f:4b:bf:3c:02:03:f5:53:
         a4:bd:09:c3:48:5a:db:41:f4:42:13:4c:d6:1b:2b:d5:f1:3b:
         7f:cb:e9:ed:54:25:bd:cd:88:1f:6a:56:91:76:32:2a:2d:db:
         1b:83:40:52:56:cc:0b:a9:bd:08:d9:04:31:5a:10:4c:2b:f9:
         ab:9a:bc:e6:b5:d1:49:8c:aa:ff:ca:d0:78:3f:2e:0a:49:a9:
         98:cd:58:38:9c:18:0e:86:56:96:5f:68:2b:0f:91:3f:ac:b1:
         f1:b6:3c:f9:d8:65:9a:c2:cb:b6:fc:19:53:39:f6:dd:c5:2c:
         d8:c3:55:0f:04:89:2f:d7:58:61:d5:ea:0e:b7:0f:71:06:3c:
         09:6a:41:30:b4:78:24:7f:70:6a:96:a0:17:9a:70:e6:57:62:
         25:19:a8:44:82:c1:6e:ef:88:77:b0:22:29:ef:b0:10:6e:ee:
         14:2e:34:96:50:fa:b8:b0:c3:e6:dd:38:41:0d:8a:9d:84:b1:
         38:11:57:88:a7:f6:81:08:61:78:93:b3:da:b1:01:fe:4e:72:
         e8:34:22:5b:32:51:e0:63:42:86:8d:97:06:a1:8b:f6:13:a0:
         20:ec:ef:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EQB0/L3TPdGV0WOln1PQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NjcyNTU2OTg0NDE1Yjc4ZTlkMTU0NjE3ODRjOGM0ZTY5
MWQwMTAwHhcNMjYwMTAyMDAxNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjI3OTVlNDg4NmQwNWYxZTE0NzQzYTUxZWZkYWY1MTgzMzlhZmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunkAXR1Ki3R23MzIlKchSMjy17h9
fRqo4CNm34je5/MmfsFxNpLF3guIvLC/8WCduFGj1ZDdBnq4lmb6IhkkfVw2NTWE
EZntqJ0LGvC39YPPIAWPbmACOH6b2qWqe3GWlGrXE4zCdlZ1B4+yg3ww6Lix0JX/
nBlyc93+Sq02l2zvZ+yG7tiiJKGPZedpYyP1JFZfIxL4xnAqapUYGCtIq3SMHTZh
wxBj5eykd+47FXNxFfmdEOFfkvleeB2PW4rF06pH++tZR3mcGgPWCAg+xAjMmlkF
sgJ11zI5XEEcNM7Esh/u0ZKmBrtZceV9zJOGQoNNSOQgX32Sq3NCD0QHdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGInleSIbQXx4UdDpR79r1GDOa/+MB8GA1UdIwQY
MBaAFBdnJVaYRBW3jp0VRheEyMTmkdAQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjJjbFZwaEVGYmVPblJWR0Y0VEl4T2FSMEJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC8xODg3ZmEtNDNjYy00NDk5LWFiNzQt
ZTI4ODMyMzIzZjZkLzEvWWllVjVJaHRCZkhoUjBPbEh2MnZVWU01cl80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC8xODg3ZmEtNDNjYy00NDk5LWFiNzQtZTI4ODMyMzIzZjZk
LzEvRjJjbFZwaEVGYmVPblJWR0Y0VEl4T2FSMEJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQApCiqMA0G
CSqGSIb3DQEBCwUAA4IBAQBJ/H4wa1un1xMxazwBzEfvXjPSYS5phGM4Os1cj0u/
PAID9VOkvQnDSFrbQfRCE0zWGyvV8Tt/y+ntVCW9zYgfalaRdjIqLdsbg0BSVswL
qb0I2QQxWhBMK/mrmrzmtdFJjKr/ytB4Py4KSamYzVg4nBgOhlaWX2grD5E/rLHx
tjz52GWawsu2/BlTOfbdxSzYw1UPBIkv11hh1eoOtw9xBjwJakEwtHgkf3BqlqAX
mnDmV2IlGahEgsFu74h3sCIp77AQbu4ULjSWUPq4sMPm3ThBDYqdhLE4EVeIp/aB
CGF4k7PasQH+TnLoNCJbMlHgY0KGjZcGoYv2E6Ag7O8y
-----END CERTIFICATE-----