Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/yKIWYNr0-qa1nFUb6RUt7swkZqE.roa
File:                     yKIWYNr0-qa1nFUb6RUt7swkZqE.roa (raw, json)
Hash identifier:          kV1sVR5qmlL6L9NOocuQGCqE4Q1jF9vgw2KJ9M2mLZ0=
Subject key identifier:   C8:A2:16:60:DA:F4:FA:A6:B5:9C:55:1B:E9:15:2D:EE:CC:24:66:A1
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019EB297794F0C6CAC291B2115B924A1A592
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/yKIWYNr0-qa1nFUb6RUt7swkZqE.roa
Signing time:             Wed 10 Jun 2026 17:32:11 +0000
ROA not before:           Wed 10 Jun 2026 17:32:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        147.45.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 08:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b2:97:79:4f:0c:6c:ac:29:1b:21:15:b9:24:a1:a5:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jun 10 17:32:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c8a21660daf4faa6b59c551be9152deecc2466a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:7b:e4:75:e4:13:49:f1:48:69:d5:7a:cb:04:
                    97:6d:74:67:d1:b9:22:2d:df:0c:2c:88:09:ff:40:
                    e6:29:21:3d:47:c4:22:20:9e:6a:a2:ec:b7:a0:71:
                    c8:e0:1c:7a:b1:f1:c5:0a:44:53:6e:68:73:95:1c:
                    f5:b1:d4:6b:24:cf:1f:e0:bf:12:0f:e0:f2:43:9c:
                    f3:0d:45:10:5c:a2:5f:9e:92:df:3e:3d:57:55:4f:
                    28:c3:e9:e3:15:91:2a:9c:df:fe:2d:71:52:13:74:
                    59:f2:1c:5c:1c:5b:8f:8f:1e:0d:d8:01:d1:f5:2f:
                    52:a8:13:ab:66:cd:75:10:d2:f6:17:f0:7a:61:da:
                    8d:b3:38:f1:e7:0a:3a:ac:ed:88:01:a6:c5:0b:f5:
                    fa:5f:e2:86:68:40:a8:b4:a8:de:47:81:7f:80:8a:
                    d3:4a:3d:27:1f:d1:00:30:72:3d:12:2c:07:1c:e3:
                    20:c3:cd:21:ad:f8:8f:c3:15:aa:a1:a2:10:ba:5b:
                    7b:40:af:6d:c8:60:4e:11:ab:a6:17:43:6f:45:eb:
                    2d:11:b7:27:7b:b5:c4:d8:9f:48:76:68:9d:ce:55:
                    03:0d:56:41:38:ca:d6:89:d5:8f:07:af:37:40:19:
                    28:4a:30:5c:98:6b:16:82:c6:5a:e9:19:3f:0b:1f:
                    78:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:A2:16:60:DA:F4:FA:A6:B5:9C:55:1B:E9:15:2D:EE:CC:24:66:A1
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/yKIWYNr0-qa1nFUb6RUt7swkZqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:8a:9f:51:c0:ec:86:3f:53:90:dd:eb:51:39:32:b3:3e:65:
         78:56:42:ba:2e:6f:61:f9:c1:bc:33:29:55:74:f5:d0:cb:f2:
         7b:80:74:81:6c:ce:a4:13:22:22:86:ab:bd:c9:bc:48:5d:3e:
         2e:2f:b4:8b:b4:96:6b:fa:4b:ae:95:96:e3:2b:15:11:33:a7:
         b2:b4:52:98:85:e1:48:9f:9c:68:7a:93:bd:f6:80:45:80:96:
         15:32:75:70:ed:18:fc:2f:0d:75:0e:f3:e9:94:82:24:b0:49:
         14:e2:27:23:8c:1e:90:29:b2:2b:bc:5a:c7:dd:d3:2e:c9:4a:
         73:e6:d6:66:df:dc:fc:1b:5c:64:23:97:62:e8:8d:ef:ae:af:
         26:11:e2:7c:4a:69:ac:da:87:69:a6:f6:6c:52:a7:2c:5d:d8:
         bb:a6:42:d1:b2:63:dc:e5:77:af:60:d5:06:dd:b5:9a:be:8b:
         ab:b3:78:f0:35:7f:1e:0d:4f:55:f7:00:85:b1:a3:5c:52:57:
         82:97:eb:8d:4c:87:a3:08:23:3f:d8:82:cf:28:1f:72:03:67:
         1a:58:6e:90:0f:82:7f:bd:f7:f0:0e:7f:65:73:0c:56:54:d3:
         f4:57:60:dd:39:5e:a4:70:2f:b7:b2:2f:27:e2:3e:aa:a9:b4:
         59:32:7d:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6yl3lPDGysKRshFbkkoaWSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjYwNjEwMTczMjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGEyMTY2MGRhZjRmYWE2YjU5YzU1MWJlOTE1MmRlZWNjMjQ2NmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXvkdeQTSfFIadV6ywSXbXRn0bki
Ld8MLIgJ/0DmKSE9R8QiIJ5qouy3oHHI4Bx6sfHFCkRTbmhzlRz1sdRrJM8f4L8S
D+DyQ5zzDUUQXKJfnpLfPj1XVU8ow+njFZEqnN/+LXFSE3RZ8hxcHFuPjx4N2AHR
9S9SqBOrZs11ENL2F/B6YdqNszjx5wo6rO2IAabFC/X6X+KGaECotKjeR4F/gIrT
Sj0nH9EAMHI9EiwHHOMgw80hrfiPwxWqoaIQult7QK9tyGBOEaumF0NvRestEbcn
e7XE2J9IdmidzlUDDVZBOMrWidWPB683QBkoSjBcmGsWgsZa6Rk/Cx948wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMiiFmDa9PqmtZxVG+kVLe7MJGahMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEveUtJV1lOcjAtcWExbkZVYjZSVXQ3c3drWnFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAky0mMA0G
CSqGSIb3DQEBCwUAA4IBAQBWip9RwOyGP1OQ3etROTKzPmV4VkK6Lm9h+cG8MylV
dPXQy/J7gHSBbM6kEyIihqu9ybxIXT4uL7SLtJZr+kuulZbjKxURM6eytFKYheFI
n5xoepO99oBFgJYVMnVw7Rj8Lw11DvPplIIksEkU4icjjB6QKbIrvFrH3dMuyUpz
5tZm39z8G1xkI5di6I3vrq8mEeJ8Smms2odppvZsUqcsXdi7pkLRsmPc5XevYNUG
3bWavours3jwNX8eDU9V9wCFsaNcUleCl+uNTIejCCM/2ILPKB9yA2caWG6QD4J/
vffwDn9lcwxWVNP0V2DdOV6kcC+3si8n4j6qqbRZMn0o
-----END CERTIFICATE-----