Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/YJS-MeNYCL_epOUC5Dr8RF8zFZ0.roa
File:                     YJS-MeNYCL_epOUC5Dr8RF8zFZ0.roa (raw, json)
Hash identifier:          m2DE/6ZTamnRJyCEcFcrnUs7f1LULWgHmaf4oy24rvw=
Subject key identifier:   60:94:BE:31:E3:58:08:BF:DE:A4:E5:02:E4:3A:FC:44:5F:33:15:9D
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       019CAB3A3FC746DAC83F94279E15A61BDB5D
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/YJS-MeNYCL_epOUC5Dr8RF8zFZ0.roa
Signing time:             Sun 01 Mar 2026 21:07:27 +0000
ROA not before:           Sun 01 Mar 2026 21:07:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56971
IP address blocks:        5.144.179.0/24 maxlen: 24
                          5.178.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 21:07:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ab:3a:3f:c7:46:da:c8:3f:94:27:9e:15:a6:1b:db:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Mar  1 21:07:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6094be31e35808bfdea4e502e43afc445f33159d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c4:d9:c6:f0:bb:e3:85:0a:25:b0:13:60:11:
                    2d:df:6b:94:f0:69:17:59:80:c9:f9:23:da:d0:3e:
                    8b:65:c0:a9:44:9e:e2:c8:fc:d5:54:19:3f:23:d5:
                    6d:c0:41:98:fa:12:4f:00:0d:38:56:45:2b:cc:1f:
                    7b:2a:59:66:90:79:aa:2b:35:e1:2f:ed:5e:0f:5b:
                    74:78:82:2d:05:d2:0f:f2:55:e6:8f:28:4e:2c:3e:
                    8f:09:8f:d3:c5:f2:e3:f4:ef:d0:f9:51:b7:25:51:
                    2c:cd:b0:9c:31:1f:55:57:6d:8b:83:3d:b2:f5:e9:
                    c5:86:4e:de:05:e5:b8:ab:df:96:d2:e8:d3:2f:f8:
                    31:10:54:13:c8:50:cf:ee:c7:ce:f7:f4:cc:53:c6:
                    42:4b:03:71:29:1f:9c:86:09:55:ea:d5:9b:0a:23:
                    3a:38:53:28:9d:57:e9:9a:25:cc:89:42:2e:54:de:
                    0a:a5:42:68:df:65:29:16:3f:19:89:5b:9a:eb:49:
                    6b:b2:22:b7:35:91:c0:c4:d6:42:0a:8f:26:cd:8c:
                    e7:da:df:9c:fa:0b:4a:f5:49:69:18:79:6e:8b:8b:
                    80:f6:2b:71:88:e4:87:06:dd:14:74:36:5e:e5:e2:
                    0d:bb:72:90:3f:72:66:76:47:5e:29:a8:af:9e:b8:
                    e1:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:94:BE:31:E3:58:08:BF:DE:A4:E5:02:E4:3A:FC:44:5F:33:15:9D
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/YJS-MeNYCL_epOUC5Dr8RF8zFZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.144.179.0/24
                  5.178.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:ad:25:4a:6c:b4:10:ef:b5:6a:77:86:bc:7c:83:e9:1e:f3:
         a4:1a:64:a4:a3:f8:ad:60:b9:48:0c:1b:92:b5:e9:7a:ef:0b:
         77:13:ca:f7:d2:c5:f0:24:2d:aa:69:8c:37:e2:fc:b5:4e:47:
         69:71:0b:8a:7c:46:c8:35:a3:5e:bd:7e:3d:66:a4:53:a7:ed:
         fd:46:01:34:a7:3e:25:f9:52:50:88:5a:90:b7:89:c6:86:34:
         19:88:b5:df:05:f9:78:93:dc:34:e3:4f:a7:dd:28:f7:50:27:
         e6:f9:b4:b2:ec:5c:96:e7:10:48:3f:4a:64:81:1c:bf:02:67:
         31:65:df:52:5c:a2:6c:8f:53:ba:0c:4b:0d:01:cd:4d:81:0c:
         b3:69:bf:e1:6e:f6:96:9f:99:78:28:1b:40:ab:a1:78:63:69:
         86:95:a0:bf:f4:7e:85:c9:78:80:d2:6e:4e:4f:d4:6d:e9:87:
         7c:75:2b:32:21:4e:09:4a:41:44:f9:49:2a:b0:1c:aa:a2:a3:
         59:0a:ce:f0:0d:cf:b1:a9:9d:2b:f3:f1:51:46:46:a5:30:ac:
         d3:b8:53:c1:3d:f5:7f:9a:51:7d:e7:8c:2f:3a:f1:e1:7d:0c:
         7a:00:ac:d0:b0:6c:1e:af:29:54:01:93:60:fd:2d:05:47:94:
         67:39:af:bd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyrOj/HRtrIP5QnnhWmG9tdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjYwMzAxMjEwNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDk0YmUzMWUzNTgwOGJmZGVhNGU1MDJlNDNhZmM0NDVmMzMxNTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMTZxvC744UKJbATYBEt32uU8GkX
WYDJ+SPa0D6LZcCpRJ7iyPzVVBk/I9VtwEGY+hJPAA04VkUrzB97KllmkHmqKzXh
L+1eD1t0eIItBdIP8lXmjyhOLD6PCY/TxfLj9O/Q+VG3JVEszbCcMR9VV22Lgz2y
9enFhk7eBeW4q9+W0ujTL/gxEFQTyFDP7sfO9/TMU8ZCSwNxKR+chglV6tWbCiM6
OFMonVfpmiXMiUIuVN4KpUJo32UpFj8ZiVua60lrsiK3NZHAxNZCCo8mzYzn2t+c
+gtK9UlpGHlui4uA9itxiOSHBt0UdDZe5eINu3KQP3JmdkdeKaivnrjhYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGCUvjHjWAi/3qTlAuQ6/ERfMxWdMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvWUpTLU1lTllDTF9lcE9VQzVEcjhSRjh6RlowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABZCzAwQA
BbJgMA0GCSqGSIb3DQEBCwUAA4IBAQCurSVKbLQQ77Vqd4a8fIPpHvOkGmSko/it
YLlIDBuStel67wt3E8r30sXwJC2qaYw34vy1TkdpcQuKfEbINaNevX49ZqRTp+39
RgE0pz4l+VJQiFqQt4nGhjQZiLXfBfl4k9w040+n3Sj3UCfm+bSy7FyW5xBIP0pk
gRy/AmcxZd9SXKJsj1O6DEsNAc1NgQyzab/hbvaWn5l4KBtAq6F4Y2mGlaC/9H6F
yXiA0m5OT9Rt6Yd8dSsyIU4JSkFE+UkqsByqoqNZCs7wDc+xqZ0r8/FRRkalMKzT
uFPBPfV/mlF954wvOvHhfQx6AKzQsGwerylUAZNg/S0FR5RnOa+9
-----END CERTIFICATE-----