Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/4d9bad-d2ac-4179-8945-94bb83a20029/1/YasjItyYLr7ldXZzoAE4Tqx_wK0.roa
File:                     YasjItyYLr7ldXZzoAE4Tqx_wK0.roa (raw, json)
Hash identifier:          OuG7rFmV3hcieE9XEH+njL33ISFbow8zG5iA5JYMNV4=
Subject key identifier:   61:AB:23:22:DC:98:2E:BE:E5:75:76:73:A0:01:38:4E:AC:7F:C0:AD
Certificate issuer:       /CN=ab6f6a36ec2960d4d05f3d9dcb187b9b904ea59b
Certificate serial:       019E7CD928810AD84DB8B83CF0F8AC133336
Authority key identifier: AB:6F:6A:36:EC:29:60:D4:D0:5F:3D:9D:CB:18:7B:9B:90:4E:A5:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q29qNuwpYNTQXz2dyxh7m5BOpZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/4d9bad-d2ac-4179-8945-94bb83a20029/1/YasjItyYLr7ldXZzoAE4Tqx_wK0.roa
Signing time:             Sun 31 May 2026 07:04:26 +0000
ROA not before:           Sun 31 May 2026 07:04:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21277
IP address blocks:        185.184.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/4d9bad-d2ac-4179-8945-94bb83a20029/1/q29qNuwpYNTQXz2dyxh7m5BOpZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/4d9bad-d2ac-4179-8945-94bb83a20029/1/q29qNuwpYNTQXz2dyxh7m5BOpZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q29qNuwpYNTQXz2dyxh7m5BOpZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:7c:d9:28:81:0a:d8:4d:b8:b8:3c:f0:f8:ac:13:33:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab6f6a36ec2960d4d05f3d9dcb187b9b904ea59b
        Validity
            Not Before: May 31 07:04:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=61ab2322dc982ebee5757673a001384eac7fc0ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:7c:7f:8f:9f:e3:6f:71:37:b7:5b:1a:8a:2c:
                    03:08:ac:c7:73:f3:f2:49:5d:9d:eb:63:f3:a4:56:
                    cc:a9:45:f6:19:b2:c8:17:41:b7:e5:58:c4:80:2a:
                    ae:0a:72:b0:6f:d0:b5:33:aa:a2:18:21:f7:99:c1:
                    b5:ee:ed:90:76:74:08:5d:43:1e:c3:38:07:9c:79:
                    bb:36:6f:87:17:06:00:21:65:0d:ad:0f:4f:35:8f:
                    0c:61:d9:42:98:b3:63:02:6b:b2:21:59:9f:4f:c3:
                    31:06:1e:0a:2e:cb:93:4d:7a:d7:05:90:e5:26:64:
                    e5:1a:1e:70:9f:fb:da:80:74:12:3f:6d:d0:69:9a:
                    f8:3b:db:21:f1:74:bf:90:1f:c7:fb:4a:c6:66:83:
                    c0:f7:e7:04:a6:cf:dd:7d:c7:ae:5e:31:1a:50:5e:
                    b7:d1:b6:12:5d:73:46:1b:51:75:1f:0c:d8:60:8e:
                    fb:8e:0e:e3:cf:0a:e3:04:37:d2:71:e1:b9:60:2f:
                    dc:1b:22:a1:28:53:cc:ef:96:5c:cb:c1:04:86:78:
                    80:20:6e:2f:e8:ba:55:42:12:a2:cd:e1:a7:96:68:
                    b9:6f:61:5f:8c:76:8d:81:b7:f0:10:f9:b6:e0:4f:
                    21:8b:05:ee:91:dd:87:c1:6c:8d:39:2f:19:bd:2c:
                    88:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:AB:23:22:DC:98:2E:BE:E5:75:76:73:A0:01:38:4E:AC:7F:C0:AD
            X509v3 Authority Key Identifier:
                keyid:AB:6F:6A:36:EC:29:60:D4:D0:5F:3D:9D:CB:18:7B:9B:90:4E:A5:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q29qNuwpYNTQXz2dyxh7m5BOpZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/4d9bad-d2ac-4179-8945-94bb83a20029/1/YasjItyYLr7ldXZzoAE4Tqx_wK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/4d9bad-d2ac-4179-8945-94bb83a20029/1/q29qNuwpYNTQXz2dyxh7m5BOpZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.184.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:60:f5:b0:b8:4f:14:f3:aa:9c:b7:bb:5a:c1:db:fa:96:43:
         94:b3:50:bb:26:34:48:a4:07:13:e5:85:14:25:a1:fa:51:38:
         91:e5:cf:0e:2c:3c:7e:6b:d2:87:bb:d8:9c:a8:c6:77:5e:96:
         78:e7:1a:fb:1e:a3:b2:93:e4:e6:52:f0:2e:3d:50:34:7f:ef:
         25:28:6b:a6:a7:75:ae:93:17:a2:1f:fe:8f:61:02:c7:55:ef:
         e2:5f:ad:7e:37:9f:86:77:4f:4c:a3:88:43:db:07:03:dd:b4:
         32:96:63:ee:ff:a9:89:43:a4:5b:7d:d8:17:ab:de:16:e6:aa:
         08:30:48:62:d5:58:4e:a5:8f:87:8f:3a:c3:40:f4:60:65:e4:
         09:2c:bc:96:b1:75:6f:45:33:64:87:a7:4f:f4:49:98:31:e7:
         d2:9d:54:c4:6d:8a:d0:72:68:78:5f:a7:32:7d:ba:dc:75:62:
         bb:4a:7f:b5:a3:bf:39:88:88:ea:1f:15:4e:5b:7a:d2:ef:17:
         55:72:9b:93:f9:3e:17:5d:7d:e4:c1:b2:00:1b:02:77:72:07:
         d1:4d:24:63:28:dd:45:ab:d9:6a:e8:cd:6d:ba:a7:49:f7:34:
         d6:cc:e0:7e:1f:c3:4a:fd:39:3d:ab:ef:94:6f:ab:dd:d1:6b:
         08:1b:0b:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ582SiBCthNuLg88PisEzM2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNmY2YTM2ZWMyOTYwZDRkMDVmM2Q5ZGNiMTg3YjliOTA0
ZWE1OWIwHhcNMjYwNTMxMDcwNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWFiMjMyMmRjOTgyZWJlZTU3NTc2NzNhMDAxMzg0ZWFjN2ZjMGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3x/j5/jb3E3t1saiiwDCKzHc/Py
SV2d62PzpFbMqUX2GbLIF0G35VjEgCquCnKwb9C1M6qiGCH3mcG17u2QdnQIXUMe
wzgHnHm7Nm+HFwYAIWUNrQ9PNY8MYdlCmLNjAmuyIVmfT8MxBh4KLsuTTXrXBZDl
JmTlGh5wn/vagHQSP23QaZr4O9sh8XS/kB/H+0rGZoPA9+cEps/dfceuXjEaUF63
0bYSXXNGG1F1HwzYYI77jg7jzwrjBDfSceG5YC/cGyKhKFPM75Zcy8EEhniAIG4v
6LpVQhKizeGnlmi5b2FfjHaNgbfwEPm24E8hiwXukd2HwWyNOS8ZvSyIKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGGrIyLcmC6+5XV2c6ABOE6sf8CtMB8GA1UdIwQY
MBaAFKtvajbsKWDU0F89ncsYe5uQTqWbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTI5cU51d3BZTlRRWHoyZHl4aDdtNUJPcFpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy80ZDliYWQtZDJhYy00MTc5LTg5NDUt
OTRiYjgzYTIwMDI5LzEvWWFzakl0eVlMcjdsZFhaem9BRTRUcXhfd0swLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy80ZDliYWQtZDJhYy00MTc5LTg5NDUtOTRiYjgzYTIwMDI5
LzEvcTI5cU51d3BZTlRRWHoyZHl4aDdtNUJPcFpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubjFMA0G
CSqGSIb3DQEBCwUAA4IBAQAxYPWwuE8U86qct7tawdv6lkOUs1C7JjRIpAcT5YUU
JaH6UTiR5c8OLDx+a9KHu9icqMZ3XpZ45xr7HqOyk+TmUvAuPVA0f+8lKGump3Wu
kxeiH/6PYQLHVe/iX61+N5+Gd09Mo4hD2wcD3bQylmPu/6mJQ6RbfdgXq94W5qoI
MEhi1VhOpY+HjzrDQPRgZeQJLLyWsXVvRTNkh6dP9EmYMefSnVTEbYrQcmh4X6cy
fbrcdWK7Sn+1o785iIjqHxVOW3rS7xdVcpuT+T4XXX3kwbIAGwJ3cgfRTSRjKN1F
q9lq6M1tuqdJ9zTWzOB+H8NK/Tk9q++Ub6vd0WsIGwvG
-----END CERTIFICATE-----