Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/4c32b9-f775-4868-923d-dca38d59a158/1/YF-tWCFsSuAIoswUePA1e2Wc2vc.roa
File:                     YF-tWCFsSuAIoswUePA1e2Wc2vc.roa (raw, json)
Hash identifier:          pEIfFvCDAADSX4Ka/xFTpfoKfdGNNPSk4G6XnaiqnGo=
Subject key identifier:   60:5F:AD:58:21:6C:4A:E0:08:A2:CC:14:78:F0:35:7B:65:9C:DA:F7
Certificate issuer:       /CN=0057ad09ae9a1a98012275851aabe69e4e15a2f4
Certificate serial:       019B7F82E3AEA51A1068DAA1F8BCED0E73F3
Authority key identifier: 00:57:AD:09:AE:9A:1A:98:01:22:75:85:1A:AB:E6:9E:4E:15:A2:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AFetCa6aGpgBInWFGqvmnk4VovQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/4c32b9-f775-4868-923d-dca38d59a158/1/YF-tWCFsSuAIoswUePA1e2Wc2vc.roa
Signing time:             Fri 02 Jan 2026 16:20:42 +0000
ROA not before:           Fri 02 Jan 2026 16:20:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209304
IP address blocks:        5.11.56.0/22 maxlen: 24
                          213.217.12.0/22 maxlen: 24
                          2a09:5940::/29 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/4c32b9-f775-4868-923d-dca38d59a158/1/AFetCa6aGpgBInWFGqvmnk4VovQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/4c32b9-f775-4868-923d-dca38d59a158/1/AFetCa6aGpgBInWFGqvmnk4VovQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AFetCa6aGpgBInWFGqvmnk4VovQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 04:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:e3:ae:a5:1a:10:68:da:a1:f8:bc:ed:0e:73:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0057ad09ae9a1a98012275851aabe69e4e15a2f4
        Validity
            Not Before: Jan  2 16:20:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=605fad58216c4ae008a2cc1478f0357b659cdaf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:44:24:84:62:74:78:ec:8e:7e:42:8b:fd:a5:
                    60:b3:b6:6c:6c:c0:1b:d3:8e:07:c2:40:75:bb:72:
                    ee:ea:6a:8a:96:e7:63:56:a6:b4:da:de:e9:77:34:
                    bf:16:e8:65:cc:df:4e:d8:8c:1d:41:64:48:b1:fa:
                    82:6e:a2:7f:3b:5e:87:f6:22:bb:07:f4:40:8f:32:
                    82:99:ff:15:08:09:20:00:55:15:f3:cd:bb:f5:fa:
                    d5:5a:f2:b4:35:0b:39:b9:aa:61:cd:23:5e:8f:2d:
                    75:ad:0f:f4:89:66:1f:1f:b9:bd:3d:6a:3a:ca:cf:
                    35:3b:11:0c:44:ca:31:71:5c:1e:f2:3c:4f:71:a9:
                    f5:c4:3b:46:da:18:c3:19:8b:92:5c:37:06:60:10:
                    18:54:e1:fe:ff:01:13:88:73:8a:92:76:03:de:26:
                    0d:7f:07:c6:6a:61:93:c4:7a:f2:bc:1b:38:56:dc:
                    00:cc:7f:f6:ba:d5:35:eb:7e:45:6a:d8:b7:bc:7e:
                    a0:5f:c1:e0:ba:29:45:1d:51:60:da:b1:06:ac:8d:
                    26:28:08:82:46:d9:52:75:d4:c3:d8:05:ee:47:15:
                    8a:29:5e:05:17:67:5b:6e:0f:45:99:69:bd:85:ac:
                    8e:36:e4:61:ed:0c:e7:de:d3:d3:37:21:2e:00:a0:
                    3d:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:5F:AD:58:21:6C:4A:E0:08:A2:CC:14:78:F0:35:7B:65:9C:DA:F7
            X509v3 Authority Key Identifier:
                keyid:00:57:AD:09:AE:9A:1A:98:01:22:75:85:1A:AB:E6:9E:4E:15:A2:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AFetCa6aGpgBInWFGqvmnk4VovQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/4c32b9-f775-4868-923d-dca38d59a158/1/YF-tWCFsSuAIoswUePA1e2Wc2vc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/4c32b9-f775-4868-923d-dca38d59a158/1/AFetCa6aGpgBInWFGqvmnk4VovQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.11.56.0/22
                  213.217.12.0/22
                IPv6:
                  2a09:5940::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:a6:34:27:e1:bb:54:7f:a2:41:6a:58:7a:56:fd:0a:90:4a:
         cd:8a:a8:3c:a5:97:a3:25:f1:90:ee:7e:2f:26:46:d1:8e:70:
         e8:bd:96:39:1d:8c:06:a9:fc:12:8c:23:4c:18:24:1b:33:2f:
         6a:bc:7a:77:7e:f2:b5:5a:99:b0:73:09:01:4f:89:54:a2:5c:
         88:0a:7b:ba:4f:8e:f4:87:c2:57:af:ef:d8:67:a3:97:10:08:
         e5:1b:eb:c1:5e:86:63:23:c4:e0:08:e0:8d:4d:ba:d8:e7:97:
         cb:5b:f3:b5:21:a7:cf:c4:92:33:c7:b1:46:32:02:c5:c2:46:
         81:3c:68:24:a0:f9:7c:f7:03:86:11:b7:24:80:56:15:2a:ab:
         27:5a:ca:8a:20:24:e0:c8:82:f5:82:95:1c:b1:a7:7d:4e:3d:
         23:21:0e:8e:4c:66:43:86:87:82:d7:35:08:8d:a9:bb:bc:7f:
         c0:ed:7f:1f:d7:28:cc:54:e1:ac:99:86:30:94:c5:9d:e5:3a:
         c7:13:d4:6f:61:a7:6a:72:6d:ce:a4:28:8f:62:13:a9:e6:97:
         84:3f:3d:c6:7c:90:93:30:70:9d:3e:17:78:95:d3:31:98:8e:
         a3:75:ba:e5:8b:a6:19:a4:b5:ac:26:9d:10:fe:8d:40:7c:43:
         9f:03:61:3b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt/guOupRoQaNqh+LztDnPzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNTdhZDA5YWU5YTFhOTgwMTIyNzU4NTFhYWJlNjllNGUx
NWEyZjQwHhcNMjYwMTAyMTYyMDQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDVmYWQ1ODIxNmM0YWUwMDhhMmNjMTQ3OGYwMzU3YjY1OWNkYWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhkQkhGJ0eOyOfkKL/aVgs7ZsbMAb
044HwkB1u3Lu6mqKludjVqa02t7pdzS/FuhlzN9O2IwdQWRIsfqCbqJ/O16H9iK7
B/RAjzKCmf8VCAkgAFUV88279frVWvK0NQs5uaphzSNejy11rQ/0iWYfH7m9PWo6
ys81OxEMRMoxcVwe8jxPcan1xDtG2hjDGYuSXDcGYBAYVOH+/wETiHOKknYD3iYN
fwfGamGTxHryvBs4VtwAzH/2utU1635Fati3vH6gX8HguilFHVFg2rEGrI0mKAiC
RtlSddTD2AXuRxWKKV4FF2dbbg9FmWm9hayONuRh7Qzn3tPTNyEuAKA92QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGBfrVghbErgCKLMFHjwNXtlnNr3MB8GA1UdIwQY
MBaAFABXrQmumhqYASJ1hRqr5p5OFaL0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUZldENhNmFHcGdCSW5XRkdxdm1uazRWb3ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy80YzMyYjktZjc3NS00ODY4LTkyM2Qt
ZGNhMzhkNTlhMTU4LzEvWUYtdFdDRnNTdUFJb3N3VWVQQTFlMldjMnZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy80YzMyYjktZjc3NS00ODY4LTkyM2QtZGNhMzhkNTlhMTU4
LzEvQUZldENhNmFHcGdCSW5XRkdxdm1uazRWb3ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCBQs4AwQC
1dkMMA0EAgACMAcDBQMqCVlAMA0GCSqGSIb3DQEBCwUAA4IBAQABpjQn4btUf6JB
alh6Vv0KkErNiqg8pZejJfGQ7n4vJkbRjnDovZY5HYwGqfwSjCNMGCQbMy9qvHp3
fvK1WpmwcwkBT4lUolyICnu6T470h8JXr+/YZ6OXEAjlG+vBXoZjI8TgCOCNTbrY
55fLW/O1IafPxJIzx7FGMgLFwkaBPGgkoPl89wOGEbckgFYVKqsnWsqKICTgyIL1
gpUcsad9Tj0jIQ6OTGZDhoeC1zUIjam7vH/A7X8f1yjMVOGsmYYwlMWd5TrHE9Rv
Yadqcm3OpCiPYhOp5peEPz3GfJCTMHCdPhd4ldMxmI6jdbrli6YZpLWsJp0Q/o1A
fEOfA2E7
-----END CERTIFICATE-----