Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/7a6545-5277-40f3-b366-2ea87e6ea2a0/1/y61TMPU9uTpw-fP74jB87JnJlns.roa
File:                     y61TMPU9uTpw-fP74jB87JnJlns.roa (raw, json)
Hash identifier:          xoRuWFnPF806vhscGwTKOQWiYGep0k98Sfbqbw83bcI=
Subject key identifier:   CB:AD:53:30:F5:3D:B9:3A:70:F9:F3:FB:E2:30:7C:EC:99:C9:96:7B
Certificate issuer:       /CN=d356ae625d9506df4a3e577b24a86fce3c73a8f8
Certificate serial:       019E4FBCD84CABFC97B406A9230FA0B98958
Authority key identifier: D3:56:AE:62:5D:95:06:DF:4A:3E:57:7B:24:A8:6F:CE:3C:73:A8:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/01auYl2VBt9KPld7JKhvzjxzqPg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/7a6545-5277-40f3-b366-2ea87e6ea2a0/1/y61TMPU9uTpw-fP74jB87JnJlns.roa
Signing time:             Fri 22 May 2026 12:50:36 +0000
ROA not before:           Fri 22 May 2026 12:50:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2832
IP address blocks:        109.105.115.0/24 maxlen: 24
                          2001:948:feed::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/7a6545-5277-40f3-b366-2ea87e6ea2a0/1/01auYl2VBt9KPld7JKhvzjxzqPg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/7a6545-5277-40f3-b366-2ea87e6ea2a0/1/01auYl2VBt9KPld7JKhvzjxzqPg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/01auYl2VBt9KPld7JKhvzjxzqPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 15:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4f:bc:d8:4c:ab:fc:97:b4:06:a9:23:0f:a0:b9:89:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d356ae625d9506df4a3e577b24a86fce3c73a8f8
        Validity
            Not Before: May 22 12:50:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cbad5330f53db93a70f9f3fbe2307cec99c9967b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d9:a2:09:7f:65:bd:ec:eb:59:f7:a6:f4:9e:
                    02:ee:26:8e:eb:a2:f6:bf:74:a9:4f:0b:9b:68:85:
                    12:f3:ff:7a:b6:09:87:96:ca:44:d0:f5:12:fc:f7:
                    86:19:7c:5d:0f:92:d0:e6:7c:1f:e7:f6:7c:70:0f:
                    c0:86:98:a4:77:a0:ae:f6:b6:66:1d:36:13:8d:cf:
                    ab:51:38:70:ff:4b:8f:f7:1e:9d:b9:d2:e1:1f:3e:
                    ae:e8:01:93:02:2b:38:4d:2a:0a:5e:64:d0:cd:ab:
                    63:99:f6:6f:d9:cc:5b:79:5b:cb:b6:bc:2c:8f:ac:
                    a4:ee:13:76:72:67:74:4d:14:a9:02:32:b0:87:fd:
                    f4:06:a6:42:c6:59:b2:da:b6:d7:47:39:74:4b:7d:
                    73:61:42:0b:8e:70:45:26:4a:10:06:55:99:f0:4b:
                    88:c6:7a:68:81:10:8f:e9:55:7c:23:ba:e3:ed:d4:
                    3e:6e:02:05:86:0d:9f:78:a8:f3:18:e4:ae:d1:74:
                    8e:91:2c:cb:eb:5a:03:e9:0e:8e:cf:06:3c:bd:7a:
                    cf:dd:78:82:12:6f:8f:80:3a:fb:9c:a7:7a:6c:59:
                    92:33:ed:5e:db:b5:74:c4:92:c1:17:31:47:f5:21:
                    d4:a7:78:13:7a:f3:53:22:1a:55:6e:e8:d4:7c:ca:
                    d3:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:AD:53:30:F5:3D:B9:3A:70:F9:F3:FB:E2:30:7C:EC:99:C9:96:7B
            X509v3 Authority Key Identifier:
                keyid:D3:56:AE:62:5D:95:06:DF:4A:3E:57:7B:24:A8:6F:CE:3C:73:A8:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/01auYl2VBt9KPld7JKhvzjxzqPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/7a6545-5277-40f3-b366-2ea87e6ea2a0/1/y61TMPU9uTpw-fP74jB87JnJlns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/7a6545-5277-40f3-b366-2ea87e6ea2a0/1/01auYl2VBt9KPld7JKhvzjxzqPg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.105.115.0/24
                IPv6:
                  2001:948:feed::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:08:8f:cf:00:6d:93:1d:17:67:0e:7f:cd:c5:d8:47:17:51:
         cb:86:93:00:38:a4:33:68:57:4b:6c:5a:12:71:68:bd:92:02:
         86:8c:1e:0a:ff:31:b6:14:fc:55:c8:93:61:a0:d6:7f:b0:7c:
         64:6b:94:95:91:da:56:ff:8e:ff:a7:47:53:eb:05:66:bb:17:
         e7:d3:15:cd:f9:c0:a4:07:e0:0f:47:70:ed:62:4e:69:0e:12:
         f5:b1:4a:c1:73:62:b3:b8:d1:13:78:21:d3:f9:cc:32:87:a7:
         a2:33:af:bb:d7:76:dc:ef:97:0f:79:95:3c:b5:79:f9:1c:bf:
         42:30:61:30:ac:15:8e:70:d2:f0:30:21:e6:bf:ac:7b:10:bf:
         55:f3:b2:2b:22:8a:2e:13:d8:5d:dd:39:e0:9c:25:ee:36:10:
         b5:a9:30:c6:83:0d:f9:52:80:d1:d2:60:97:50:3a:ee:3a:1c:
         8f:fa:8d:c7:f1:bc:b4:cd:1b:18:d4:18:6d:de:df:ba:29:7e:
         d1:46:a7:5b:3a:37:54:27:c6:e8:92:3f:16:2f:b5:1e:25:39:
         0c:50:9e:17:81:52:fa:f0:f2:c6:bd:12:18:74:cf:1e:fb:07:
         66:16:00:be:c0:69:35:dc:75:9e:e6:64:d6:26:bf:61:77:9d:
         8d:2c:24:52
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ5PvNhMq/yXtAapIw+guYlYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNTZhZTYyNWQ5NTA2ZGY0YTNlNTc3YjI0YTg2ZmNlM2M3
M2E4ZjgwHhcNMjYwNTIyMTI1MDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmFkNTMzMGY1M2RiOTNhNzBmOWYzZmJlMjMwN2NlYzk5Yzk5NjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtmiCX9lvezrWfem9J4C7iaO66L2
v3SpTwubaIUS8/96tgmHlspE0PUS/PeGGXxdD5LQ5nwf5/Z8cA/Ahpikd6Cu9rZm
HTYTjc+rUThw/0uP9x6dudLhHz6u6AGTAis4TSoKXmTQzatjmfZv2cxbeVvLtrws
j6yk7hN2cmd0TRSpAjKwh/30BqZCxlmy2rbXRzl0S31zYUILjnBFJkoQBlWZ8EuI
xnpogRCP6VV8I7rj7dQ+bgIFhg2feKjzGOSu0XSOkSzL61oD6Q6OzwY8vXrP3XiC
Em+PgDr7nKd6bFmSM+1e27V0xJLBFzFH9SHUp3gTevNTIhpVbujUfMrTHwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMutUzD1Pbk6cPnz++IwfOyZyZZ7MB8GA1UdIwQY
MBaAFNNWrmJdlQbfSj5XeySob848c6j4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDFhdVlsMlZCdDlLUGxkN0pLaHZ6anh6cVBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS83YTY1NDUtNTI3Ny00MGYzLWIzNjYt
MmVhODdlNmVhMmEwLzEveTYxVE1QVTl1VHB3LWZQNzRqQjg3Sm5KbG5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS83YTY1NDUtNTI3Ny00MGYzLWIzNjYtMmVhODdlNmVhMmEw
LzEvMDFhdVlsMlZCdDlLUGxkN0pLaHZ6anh6cVBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAbWlzMA8E
AgACMAkDBwAgAQlI/u0wDQYJKoZIhvcNAQELBQADggEBAIYIj88AbZMdF2cOf83F
2EcXUcuGkwA4pDNoV0tsWhJxaL2SAoaMHgr/MbYU/FXIk2Gg1n+wfGRrlJWR2lb/
jv+nR1PrBWa7F+fTFc35wKQH4A9HcO1iTmkOEvWxSsFzYrO40RN4IdP5zDKHp6Iz
r7vXdtzvlw95lTy1efkcv0IwYTCsFY5w0vAwIea/rHsQv1Xzsisiii4T2F3dOeCc
Je42ELWpMMaDDflSgNHSYJdQOu46HI/6jcfxvLTNGxjUGG3e37opftFGp1s6N1Qn
xuiSPxYvtR4lOQxQnheBUvrw8sa9Ehh0zx77B2YWAL7AaTXcdZ7mZNYmv2F3nY0s
JFI=
-----END CERTIFICATE-----