Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/9YlysPtVTEwS2FnSYKmXWK5fG9k.roa
File:                     9YlysPtVTEwS2FnSYKmXWK5fG9k.roa (raw, json)
Hash identifier:          PZpws1i/n8l20ITPpZrngd7OOBW1H8sAPAQXDA4/JNI=
Subject key identifier:   F5:89:72:B0:FB:55:4C:4C:12:D8:59:D2:60:A9:97:58:AE:5F:1B:D9
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       019C28516B1493BA565FE45F78F45F5BEAC7
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/9YlysPtVTEwS2FnSYKmXWK5fG9k.roa
Signing time:             Wed 04 Feb 2026 11:02:30 +0000
ROA not before:           Wed 04 Feb 2026 11:02:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25198
IP address blocks:        185.253.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:28:51:6b:14:93:ba:56:5f:e4:5f:78:f4:5f:5b:ea:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Feb  4 11:02:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f58972b0fb554c4c12d859d260a99758ae5f1bd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:a3:d7:1f:c0:4a:a4:6d:0f:74:7f:86:ea:e5:
                    61:50:66:9e:d6:e2:1c:c3:d5:eb:c2:31:fe:42:47:
                    d7:80:96:1f:ba:b9:1c:d2:68:4f:1f:a2:eb:08:32:
                    19:63:89:ed:80:fe:1e:0c:25:0a:e2:f2:84:37:38:
                    25:97:9a:b8:f2:f2:d7:02:50:7d:91:41:e6:e5:69:
                    bd:dd:eb:cd:29:c1:d6:3e:83:78:ad:a8:c0:af:54:
                    c8:8b:7b:8e:5e:16:b6:6c:ff:c4:1e:a9:a6:2f:39:
                    b3:a2:db:60:07:09:14:c7:b0:3e:55:cc:e6:3e:94:
                    93:6b:a4:88:62:fc:d3:c5:c9:61:31:bb:d7:f2:b0:
                    09:74:51:02:1c:ba:28:d4:d5:da:fa:cb:be:23:a5:
                    ea:49:13:33:f6:9e:2a:ef:04:a6:31:78:57:88:1c:
                    5c:fc:ef:db:c9:11:34:04:68:02:42:1e:43:f2:b1:
                    43:af:ff:0e:ec:f1:f7:0f:cc:46:2e:61:b7:79:dd:
                    ef:ce:7b:ab:07:2d:0c:03:6b:90:da:b6:cb:74:fb:
                    eb:11:3b:3e:67:a3:f5:5d:dc:e7:e8:ce:82:92:3c:
                    b4:01:b2:a5:12:0c:d7:5e:90:85:ff:ff:26:35:87:
                    c5:5e:d7:71:a0:a3:8a:11:42:ec:e6:d5:94:5d:22:
                    6f:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:89:72:B0:FB:55:4C:4C:12:D8:59:D2:60:A9:97:58:AE:5F:1B:D9
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/9YlysPtVTEwS2FnSYKmXWK5fG9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:63:52:5f:da:8d:0f:8d:ca:e7:e2:11:8d:13:51:76:b0:66:
         d7:37:89:a7:89:cb:c5:5b:bb:5f:20:50:e7:c5:b2:14:2e:c6:
         9d:cc:f3:c2:4f:d7:ff:2f:14:f2:36:f7:a6:c3:56:56:ab:6a:
         78:90:6d:18:86:a9:79:80:d0:29:ec:82:2d:44:ca:a0:b3:d4:
         eb:0a:cb:0a:a0:f3:eb:6f:2d:ed:d7:a6:29:fe:99:d1:3e:48:
         89:84:5e:17:2e:03:00:75:43:f9:2a:2e:9b:29:9b:3a:1e:92:
         b7:64:d5:83:01:dd:d0:9c:1f:e3:8e:31:26:08:4f:a5:9e:21:
         f0:65:62:0b:9e:70:90:72:6f:ae:19:89:74:b3:78:9e:dd:05:
         1b:07:ec:fc:cc:09:84:47:31:18:24:2d:8a:4c:1f:42:e9:b5:
         22:83:51:b3:e7:23:23:aa:83:b3:7c:17:2d:0f:9f:b3:c3:62:
         02:ff:83:be:fd:12:e4:bb:ad:74:5b:27:bc:1f:da:f1:13:54:
         59:88:45:70:e4:b2:9c:28:84:e0:26:7f:ad:f2:2c:64:36:5d:
         84:c2:de:99:ad:6e:fd:02:c5:7a:0a:9a:95:1d:19:a6:a3:77:
         08:3c:63:3e:ec:5f:28:46:a4:e8:70:95:f3:2d:30:82:60:bc:
         f5:fe:30:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwoUWsUk7pWX+RfePRfW+rHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjYwMjA0MTEwMjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTg5NzJiMGZiNTU0YzRjMTJkODU5ZDI2MGE5OTc1OGFlNWYxYmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzKPXH8BKpG0PdH+G6uVhUGae1uIc
w9XrwjH+QkfXgJYfurkc0mhPH6LrCDIZY4ntgP4eDCUK4vKENzgll5q48vLXAlB9
kUHm5Wm93evNKcHWPoN4rajAr1TIi3uOXha2bP/EHqmmLzmzottgBwkUx7A+Vczm
PpSTa6SIYvzTxclhMbvX8rAJdFECHLoo1NXa+su+I6XqSRMz9p4q7wSmMXhXiBxc
/O/byRE0BGgCQh5D8rFDr/8O7PH3D8xGLmG3ed3vznurBy0MA2uQ2rbLdPvrETs+
Z6P1Xdzn6M6Ckjy0AbKlEgzXXpCF//8mNYfFXtdxoKOKEULs5tWUXSJvCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPWJcrD7VUxMEthZ0mCpl1iuXxvZMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvOVlseXNQdFZURXdTMkZuU1lLbVhXSzVmRzlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf09MA0G
CSqGSIb3DQEBCwUAA4IBAQCVY1Jf2o0Pjcrn4hGNE1F2sGbXN4mnicvFW7tfIFDn
xbIULsadzPPCT9f/LxTyNvemw1ZWq2p4kG0Yhql5gNAp7IItRMqgs9TrCssKoPPr
by3t16Yp/pnRPkiJhF4XLgMAdUP5Ki6bKZs6HpK3ZNWDAd3QnB/jjjEmCE+lniHw
ZWILnnCQcm+uGYl0s3ie3QUbB+z8zAmERzEYJC2KTB9C6bUig1Gz5yMjqoOzfBct
D5+zw2IC/4O+/RLku610Wye8H9rxE1RZiEVw5LKcKITgJn+t8ixkNl2Ewt6ZrW79
AsV6CpqVHRmmo3cIPGM+7F8oRqTocJXzLTCCYLz1/jCM
-----END CERTIFICATE-----