Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/YLjsu-ME555sTWq6xQaBk12RTHI.roa
File:                     YLjsu-ME555sTWq6xQaBk12RTHI.roa (raw, json)
Hash identifier:          iZDrgab1o/HZT8v/s/c94kd+y7+rf2+jsai5MRtDr7U=
Subject key identifier:   60:B8:EC:BB:E3:04:E7:9E:6C:4D:6A:BA:C5:06:81:93:5D:91:4C:72
Certificate issuer:       /CN=04cbe5b4623dab42f15a905002db7ce62e854f29
Certificate serial:       019C8EE82ECE5E0EA50962063B25A56A4B0D
Authority key identifier: 04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/YLjsu-ME555sTWq6xQaBk12RTHI.roa
Signing time:             Tue 24 Feb 2026 09:08:26 +0000
ROA not before:           Tue 24 Feb 2026 09:08:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213529
IP address blocks:        212.113.99.0/24 maxlen: 24
                          212.113.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8e:e8:2e:ce:5e:0e:a5:09:62:06:3b:25:a5:6a:4b:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04cbe5b4623dab42f15a905002db7ce62e854f29
        Validity
            Not Before: Feb 24 09:08:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=60b8ecbbe304e79e6c4d6abac50681935d914c72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:06:64:bd:56:2d:ea:7a:c6:ce:6d:13:8c:52:
                    91:eb:03:b3:7a:71:98:cf:22:1a:10:03:17:ed:eb:
                    41:9f:52:b7:78:81:61:b5:ff:11:26:21:cb:59:d2:
                    65:e9:7d:5c:94:5a:82:0b:bc:b7:83:84:a0:b4:45:
                    df:fc:5a:9c:be:d4:cd:f1:c3:66:41:f7:ac:c6:e1:
                    84:59:68:97:ca:a5:11:e7:e5:5d:e1:9e:fe:76:e8:
                    9a:75:c7:3a:f6:f6:52:ef:02:b8:92:8e:9e:76:2c:
                    c9:29:a2:70:3d:0c:c3:b2:de:1f:fe:53:29:24:d8:
                    21:b8:ad:37:f0:7e:76:b3:c1:87:49:5d:33:64:67:
                    f2:76:94:ea:ec:fa:58:4a:13:b4:73:b3:fd:aa:3a:
                    07:2d:66:a7:50:54:24:75:eb:54:17:7e:29:62:a1:
                    e0:ea:3d:e6:74:b5:42:7b:8a:12:ca:ff:55:e5:fb:
                    1f:8e:17:44:20:1b:f8:4f:89:cb:ae:93:b2:9a:67:
                    78:10:6c:f7:6e:e8:12:53:fc:0a:0b:e7:e6:80:cb:
                    8e:43:d4:85:90:3a:dd:13:5a:58:7e:6c:8f:a2:dd:
                    55:a3:9d:15:e0:25:88:a4:94:96:45:d1:6a:7c:66:
                    70:a3:83:a6:3e:ca:cd:56:c4:79:8d:b0:00:09:ab:
                    fd:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:B8:EC:BB:E3:04:E7:9E:6C:4D:6A:BA:C5:06:81:93:5D:91:4C:72
            X509v3 Authority Key Identifier:
                keyid:04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/YLjsu-ME555sTWq6xQaBk12RTHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.113.99.0/24
                  212.113.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:97:0f:21:33:41:6d:0a:e5:b7:81:af:48:e4:0a:4d:dd:ef:
         5f:a0:85:8a:54:db:c7:1e:5e:eb:42:d3:5f:be:a6:71:b1:ec:
         5a:bf:80:50:94:21:38:5b:4c:16:1c:27:37:29:f5:e5:bd:91:
         6a:35:41:04:ac:59:d2:2d:6e:21:1a:dd:cf:a7:b9:9c:34:87:
         66:91:2f:b1:ad:95:e7:97:1f:45:e4:05:fb:9c:f1:63:e7:a5:
         85:2e:fc:be:c6:5f:26:fe:bc:47:69:85:22:31:a7:09:e9:3f:
         d1:89:c7:cf:b9:3e:99:98:b0:50:97:d0:58:e2:eb:64:45:85:
         91:62:10:67:b9:d8:b6:b1:42:7e:69:38:49:8f:73:9d:2f:3f:
         ff:cf:66:68:f3:89:b8:88:54:a4:a9:de:2a:72:a4:b0:04:62:
         9f:1f:b4:18:90:33:fb:f5:d5:f5:ad:af:c2:39:f8:69:e4:21:
         e1:4c:52:66:14:31:27:03:fb:31:f0:cf:87:50:70:5c:84:59:
         b8:1e:d7:f3:38:89:9a:0d:44:c5:82:ec:64:da:a7:5f:b6:cc:
         06:0d:33:46:0f:75:2c:d6:54:68:b6:e1:63:aa:26:6c:f7:b9:
         14:2a:67:aa:f2:ab:da:93:cb:a0:9c:22:f8:9f:38:a0:d2:3b:
         48:77:18:a7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyO6C7OXg6lCWIGOyWlaksNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0Y2JlNWI0NjIzZGFiNDJmMTVhOTA1MDAyZGI3Y2U2MmU4
NTRmMjkwHhcNMjYwMjI0MDkwODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGI4ZWNiYmUzMDRlNzllNmM0ZDZhYmFjNTA2ODE5MzVkOTE0YzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAZkvVYt6nrGzm0TjFKR6wOzenGY
zyIaEAMX7etBn1K3eIFhtf8RJiHLWdJl6X1clFqCC7y3g4SgtEXf/FqcvtTN8cNm
QfesxuGEWWiXyqUR5+Vd4Z7+duiadcc69vZS7wK4ko6edizJKaJwPQzDst4f/lMp
JNghuK038H52s8GHSV0zZGfydpTq7PpYShO0c7P9qjoHLWanUFQkdetUF34pYqHg
6j3mdLVCe4oSyv9V5fsfjhdEIBv4T4nLrpOymmd4EGz3bugSU/wKC+fmgMuOQ9SF
kDrdE1pYfmyPot1Vo50V4CWIpJSWRdFqfGZwo4OmPsrNVsR5jbAACav9tQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGC47LvjBOeebE1qusUGgZNdkUxyMB8GA1UdIwQY
MBaAFATL5bRiPatC8VqQUALbfOYuhU8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODct
MDU3ODE3YmE5ZmI3LzEvWUxqc3UtTUU1NTVzVFdxNnhRYUJrMTJSVEhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODctMDU3ODE3YmE5ZmI3
LzEvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1HFjAwQA
1HFoMA0GCSqGSIb3DQEBCwUAA4IBAQCHlw8hM0FtCuW3ga9I5ApN3e9foIWKVNvH
Hl7rQtNfvqZxsexav4BQlCE4W0wWHCc3KfXlvZFqNUEErFnSLW4hGt3Pp7mcNIdm
kS+xrZXnlx9F5AX7nPFj56WFLvy+xl8m/rxHaYUiMacJ6T/RicfPuT6ZmLBQl9BY
4utkRYWRYhBnudi2sUJ+aThJj3OdLz//z2Zo84m4iFSkqd4qcqSwBGKfH7QYkDP7
9dX1ra/COfhp5CHhTFJmFDEnA/sx8M+HUHBchFm4HtfzOImaDUTFguxk2qdftswG
DTNGD3Us1lRotuFjqiZs97kUKmeq8qvak8ugnCL4nzig0jtIdxin
-----END CERTIFICATE-----