Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/ytbTd8_u5iOlkNvPaPFEMrScCEQ.roa
File:                     ytbTd8_u5iOlkNvPaPFEMrScCEQ.roa (raw, json)
Hash identifier:          fJDAmuDqt3IvNRKl/+W2JTrxXe2RLg8VX2Iw++Qlw/A=
Subject key identifier:   CA:D6:D3:77:CF:EE:E6:23:A5:90:DB:CF:68:F1:44:32:B4:9C:08:44
Certificate issuer:       /CN=30d58e40c6d91f3729e57e3344d308b5992fe46e
Certificate serial:       019E2BF416624D45F557ADA409B01DAC86EA
Authority key identifier: 30:D5:8E:40:C6:D9:1F:37:29:E5:7E:33:44:D3:08:B5:99:2F:E4:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MNWOQMbZHzcp5X4zRNMItZkv5G4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/ytbTd8_u5iOlkNvPaPFEMrScCEQ.roa
Signing time:             Fri 15 May 2026 14:04:36 +0000
ROA not before:           Fri 15 May 2026 14:04:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202348
IP address blocks:        91.240.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/MNWOQMbZHzcp5X4zRNMItZkv5G4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/MNWOQMbZHzcp5X4zRNMItZkv5G4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MNWOQMbZHzcp5X4zRNMItZkv5G4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2b:f4:16:62:4d:45:f5:57:ad:a4:09:b0:1d:ac:86:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30d58e40c6d91f3729e57e3344d308b5992fe46e
        Validity
            Not Before: May 15 14:04:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cad6d377cfeee623a590dbcf68f14432b49c0844
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:e0:f4:8a:8e:06:59:67:b5:12:da:aa:cb:f9:
                    98:0a:83:c4:ea:37:81:64:f0:48:a6:23:e8:e2:6f:
                    39:a4:fd:6d:95:55:60:9f:b7:6c:41:70:a9:6e:a8:
                    5b:a7:d9:48:b1:16:4f:6f:1e:24:8d:be:08:39:07:
                    85:dc:7e:31:81:60:99:bb:e5:5c:ce:1f:89:6e:51:
                    50:bf:f5:24:1d:ca:c7:38:0d:a4:a8:82:02:d5:a4:
                    c4:53:50:d9:e1:00:fc:a9:36:f1:28:f3:22:3f:a4:
                    47:82:01:9d:22:7e:3b:c0:68:b2:7a:67:09:f5:2a:
                    f1:44:13:58:64:45:4f:70:41:95:16:82:68:3d:c8:
                    8b:98:be:27:36:20:e7:a5:7c:16:b1:eb:39:18:30:
                    a8:46:ca:b2:c7:96:7f:51:13:3b:aa:79:0f:a8:f4:
                    9f:80:80:d2:26:52:a3:ec:e5:78:3c:e8:11:19:7e:
                    1c:d2:7f:c2:f1:63:dd:d8:22:71:8b:c7:66:c6:e3:
                    ae:e5:0e:40:b3:8d:06:fb:dc:cc:9b:2e:0f:6b:7e:
                    9f:6a:3b:aa:70:f7:32:02:90:9a:60:b5:32:c0:a7:
                    4a:33:e4:9d:ed:04:db:04:f5:26:93:21:f1:7a:fe:
                    9a:cf:fd:16:95:64:31:c5:2d:46:99:58:bb:4a:1f:
                    40:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:D6:D3:77:CF:EE:E6:23:A5:90:DB:CF:68:F1:44:32:B4:9C:08:44
            X509v3 Authority Key Identifier:
                keyid:30:D5:8E:40:C6:D9:1F:37:29:E5:7E:33:44:D3:08:B5:99:2F:E4:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MNWOQMbZHzcp5X4zRNMItZkv5G4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/ytbTd8_u5iOlkNvPaPFEMrScCEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/MNWOQMbZHzcp5X4zRNMItZkv5G4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:b4:5a:73:cc:6b:9c:6c:6e:4f:ae:35:c0:69:3d:67:b1:1e:
         ee:ad:52:c6:e8:de:a4:f9:36:3c:19:4a:57:b4:ba:ce:54:7e:
         b7:c5:a3:a3:32:19:f0:29:93:63:c6:c7:0d:72:21:5f:6d:c9:
         27:c8:fd:c1:75:58:7d:54:76:0c:e2:9a:99:e9:3c:d6:37:b3:
         8a:ac:8e:8f:02:fe:ae:8d:35:e8:95:16:79:f3:13:e9:d7:d8:
         1c:74:98:34:c5:94:ba:00:bb:c8:b3:f4:6a:e1:92:7c:56:0d:
         01:71:13:c7:2f:25:a5:68:f0:d8:fc:7a:5a:89:7a:3a:41:41:
         cd:4b:e0:48:e4:02:77:55:b4:fb:79:6e:8d:e3:4a:f6:18:74:
         c3:82:ee:62:ac:a1:39:f5:fd:7d:04:09:bf:fc:19:bf:a2:53:
         fc:12:0a:62:ba:81:8e:af:2a:a7:1a:a6:99:d2:41:3c:de:4b:
         ea:8f:f0:34:0f:df:1f:4d:5e:60:d5:34:ff:a0:6a:f5:23:04:
         a9:f6:4e:f9:3d:b3:63:7f:66:9c:54:43:8a:6e:66:60:07:d9:
         08:23:fc:cb:3d:9f:87:88:5d:bc:86:72:29:60:95:5a:bd:e4:
         de:d1:1b:58:d0:35:9c:6e:f0:70:57:6b:56:8c:21:84:b7:db:
         c8:7a:66:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4r9BZiTUX1V62kCbAdrIbqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZDU4ZTQwYzZkOTFmMzcyOWU1N2UzMzQ0ZDMwOGI1OTky
ZmU0NmUwHhcNMjYwNTE1MTQwNDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWQ2ZDM3N2NmZWVlNjIzYTU5MGRiY2Y2OGYxNDQzMmI0OWMwODQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmOD0io4GWWe1Etqqy/mYCoPE6jeB
ZPBIpiPo4m85pP1tlVVgn7dsQXCpbqhbp9lIsRZPbx4kjb4IOQeF3H4xgWCZu+Vc
zh+JblFQv/UkHcrHOA2kqIIC1aTEU1DZ4QD8qTbxKPMiP6RHggGdIn47wGiyemcJ
9SrxRBNYZEVPcEGVFoJoPciLmL4nNiDnpXwWses5GDCoRsqyx5Z/URM7qnkPqPSf
gIDSJlKj7OV4POgRGX4c0n/C8WPd2CJxi8dmxuOu5Q5As40G+9zMmy4Pa36fajuq
cPcyApCaYLUywKdKM+Sd7QTbBPUmkyHxev6az/0WlWQxxS1GmVi7Sh9A8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMrW03fP7uYjpZDbz2jxRDK0nAhEMB8GA1UdIwQY
MBaAFDDVjkDG2R83KeV+M0TTCLWZL+RuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU5XT1FNYlpIemNwNVg0elJOTUl0Wmt2NUc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy82MjVhMzAtM2E2Yi00NjYxLTg0MGEt
ZjgyYjcwZDhhMGE3LzEveXRiVGQ4X3U1aU9sa052UGFQRkVNclNjQ0VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy82MjVhMzAtM2E2Yi00NjYxLTg0MGEtZjgyYjcwZDhhMGE3
LzEvTU5XT1FNYlpIemNwNVg0elJOTUl0Wmt2NUc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/BZMA0G
CSqGSIb3DQEBCwUAA4IBAQAztFpzzGucbG5PrjXAaT1nsR7urVLG6N6k+TY8GUpX
tLrOVH63xaOjMhnwKZNjxscNciFfbcknyP3BdVh9VHYM4pqZ6TzWN7OKrI6PAv6u
jTXolRZ58xPp19gcdJg0xZS6ALvIs/Rq4ZJ8Vg0BcRPHLyWlaPDY/HpaiXo6QUHN
S+BI5AJ3VbT7eW6N40r2GHTDgu5irKE59f19BAm//Bm/olP8EgpiuoGOryqnGqaZ
0kE83kvqj/A0D98fTV5g1TT/oGr1IwSp9k75PbNjf2acVEOKbmZgB9kII/zLPZ+H
iF28hnIpYJVaveTe0RtY0DWcbvBwV2tWjCGEt9vIemaJ
-----END CERTIFICATE-----