Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b8c7ba-92fa-4b73-a924-3d33e5414d9b/1/ryDLC_ILEFr49nieVNiDA4Xo9hs.roa
File:                     ryDLC_ILEFr49nieVNiDA4Xo9hs.roa (raw, json)
Hash identifier:          em6ryr8LwG3BVr36hOTyHeON9oVwPVEYFMxyRSNV31w=
Subject key identifier:   AF:20:CB:0B:F2:0B:10:5A:F8:F6:78:9E:54:D8:83:03:85:E8:F6:1B
Certificate issuer:       /CN=415a412127b514f6455ec8a86e29d38eb0abb5ac
Certificate serial:       019B7A59ACDE381C3D38745DEFDE3A141227
Authority key identifier: 41:5A:41:21:27:B5:14:F6:45:5E:C8:A8:6E:29:D3:8E:B0:AB:B5:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QVpBISe1FPZFXsiobinTjrCrtaw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b8c7ba-92fa-4b73-a924-3d33e5414d9b/1/ryDLC_ILEFr49nieVNiDA4Xo9hs.roa
Signing time:             Thu 01 Jan 2026 16:17:35 +0000
ROA not before:           Thu 01 Jan 2026 16:17:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29289
IP address blocks:        109.205.46.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b8c7ba-92fa-4b73-a924-3d33e5414d9b/1/QVpBISe1FPZFXsiobinTjrCrtaw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b8c7ba-92fa-4b73-a924-3d33e5414d9b/1/QVpBISe1FPZFXsiobinTjrCrtaw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QVpBISe1FPZFXsiobinTjrCrtaw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:59:ac:de:38:1c:3d:38:74:5d:ef:de:3a:14:12:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=415a412127b514f6455ec8a86e29d38eb0abb5ac
        Validity
            Not Before: Jan  1 16:17:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=af20cb0bf20b105af8f6789e54d8830385e8f61b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:83:b6:18:7a:65:27:77:2c:ee:7a:49:1b:cf:
                    c0:73:66:90:37:78:1a:df:fe:cf:90:87:74:aa:5b:
                    9f:60:ad:7c:53:78:21:db:bb:f0:59:2e:47:b7:4f:
                    e9:8e:7e:da:fb:e7:2f:b7:90:cd:0a:7c:50:d1:bf:
                    9f:9f:05:24:de:ad:8a:75:bf:bb:62:ae:6c:b7:96:
                    96:7a:57:56:45:71:5c:9a:cd:ce:3c:b7:55:76:de:
                    86:5e:76:4f:af:fa:3a:3e:df:f4:2a:aa:f1:dc:99:
                    6e:4f:1d:94:7b:f3:3c:68:d1:b5:2b:f4:77:56:c0:
                    7a:6b:2b:c2:be:00:d2:43:60:94:e0:8c:b3:06:32:
                    cc:ad:b9:f8:5d:53:76:81:1d:a6:b1:9a:56:40:27:
                    31:ce:59:c2:c9:1d:f0:d1:ff:9b:20:f1:c4:ec:27:
                    40:a4:3e:95:ff:c7:84:1a:86:ef:14:b8:13:2f:46:
                    3f:26:a4:88:91:80:e8:24:49:e1:b7:34:1b:43:2c:
                    da:95:6a:b2:2d:32:28:3c:cb:4a:21:ab:46:61:44:
                    66:d7:d4:99:02:38:45:e2:70:9e:d5:18:80:54:fd:
                    f0:4f:01:36:9e:b1:00:45:a8:11:e6:74:00:80:be:
                    97:9e:fc:ed:e5:b0:c0:a3:52:7b:9c:60:11:00:c9:
                    4a:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:20:CB:0B:F2:0B:10:5A:F8:F6:78:9E:54:D8:83:03:85:E8:F6:1B
            X509v3 Authority Key Identifier:
                keyid:41:5A:41:21:27:B5:14:F6:45:5E:C8:A8:6E:29:D3:8E:B0:AB:B5:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QVpBISe1FPZFXsiobinTjrCrtaw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b8c7ba-92fa-4b73-a924-3d33e5414d9b/1/ryDLC_ILEFr49nieVNiDA4Xo9hs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b8c7ba-92fa-4b73-a924-3d33e5414d9b/1/QVpBISe1FPZFXsiobinTjrCrtaw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:bc:f0:ae:53:8e:b5:d1:af:1d:aa:af:fb:36:6d:9e:5a:e4:
         40:73:9a:20:df:25:64:aa:76:30:23:fb:7a:00:ac:36:73:83:
         e4:5d:85:2c:f6:cd:77:8d:f2:96:ee:aa:89:5a:ad:33:3c:88:
         18:d0:14:45:06:58:75:7d:a1:1f:46:e6:a1:18:4c:c5:8c:fa:
         79:75:f9:bf:2d:a6:38:8c:b5:d6:34:48:c6:29:2c:49:bb:9a:
         01:12:14:14:ea:c0:e2:75:ff:59:e0:81:75:95:79:bc:12:87:
         e0:a1:01:d0:69:d5:00:4d:69:ed:e3:bc:cd:8a:80:8e:70:44:
         21:c1:fe:27:1a:b3:de:65:3c:22:69:d4:bd:fe:3b:16:31:d4:
         27:dc:1f:89:37:4a:d8:0f:eb:4f:0a:57:d6:85:47:92:84:11:
         d0:8f:36:8e:9c:ea:9c:46:fb:79:43:d9:e4:72:13:59:c6:ba:
         87:74:10:3e:69:b0:4f:e9:2b:9d:d7:48:e5:cf:c0:49:12:95:
         f6:c6:e0:c9:d8:66:1b:0a:3c:63:4a:d7:70:68:56:78:24:20:
         42:03:93:5b:10:2d:58:fd:a7:45:79:f6:76:93:9f:a3:fb:be:
         0d:f2:f6:44:6d:1b:31:66:d0:20:a7:98:43:5f:d1:c8:90:8c:
         aa:0e:22:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WazeOBw9OHRd7946FBInMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNWE0MTIxMjdiNTE0ZjY0NTVlYzhhODZlMjlkMzhlYjBh
YmI1YWMwHhcNMjYwMTAxMTYxNzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjIwY2IwYmYyMGIxMDVhZjhmNjc4OWU1NGQ4ODMwMzg1ZThmNjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIO2GHplJ3cs7npJG8/Ac2aQN3ga
3/7PkId0qlufYK18U3gh27vwWS5Ht0/pjn7a++cvt5DNCnxQ0b+fnwUk3q2Kdb+7
Yq5st5aWeldWRXFcms3OPLdVdt6GXnZPr/o6Pt/0Kqrx3JluTx2Ue/M8aNG1K/R3
VsB6ayvCvgDSQ2CU4IyzBjLMrbn4XVN2gR2msZpWQCcxzlnCyR3w0f+bIPHE7CdA
pD6V/8eEGobvFLgTL0Y/JqSIkYDoJEnhtzQbQyzalWqyLTIoPMtKIatGYURm19SZ
AjhF4nCe1RiAVP3wTwE2nrEARagR5nQAgL6Xnvzt5bDAo1J7nGARAMlKtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK8gywvyCxBa+PZ4nlTYgwOF6PYbMB8GA1UdIwQY
MBaAFEFaQSEntRT2RV7IqG4p046wq7WsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVZwQklTZTFGUFpGWHNpb2JpblRqckNydGF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iOGM3YmEtOTJmYS00YjczLWE5MjQt
M2QzM2U1NDE0ZDliLzEvcnlETENfSUxFRnI0OW5pZVZOaURBNFhvOWhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iOGM3YmEtOTJmYS00YjczLWE5MjQtM2QzM2U1NDE0ZDli
LzEvUVZwQklTZTFGUFpGWHNpb2JpblRqckNydGF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbc0uMA0G
CSqGSIb3DQEBCwUAA4IBAQCDvPCuU4610a8dqq/7Nm2eWuRAc5og3yVkqnYwI/t6
AKw2c4PkXYUs9s13jfKW7qqJWq0zPIgY0BRFBlh1faEfRuahGEzFjPp5dfm/LaY4
jLXWNEjGKSxJu5oBEhQU6sDidf9Z4IF1lXm8EofgoQHQadUATWnt47zNioCOcEQh
wf4nGrPeZTwiadS9/jsWMdQn3B+JN0rYD+tPClfWhUeShBHQjzaOnOqcRvt5Q9nk
chNZxrqHdBA+abBP6Sud10jlz8BJEpX2xuDJ2GYbCjxjStdwaFZ4JCBCA5NbEC1Y
/adFefZ2k5+j+74N8vZEbRsxZtAgp5hDX9HIkIyqDiKl
-----END CERTIFICATE-----