Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/yQ5bWrG2yLKQItntFqkI_RRZD3M.roa
File:                     yQ5bWrG2yLKQItntFqkI_RRZD3M.roa (raw, json)
Hash identifier:          6dgereTkYEBvruil0ZD3KfeKaq1Pr8Am23D3rXb7l/8=
Subject key identifier:   C9:0E:5B:5A:B1:B6:C8:B2:90:22:D9:ED:16:A9:08:FD:14:59:0F:73
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       019D874776502A90E163314EE68FA2F5DE3B
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/yQ5bWrG2yLKQItntFqkI_RRZD3M.roa
Signing time:             Mon 13 Apr 2026 14:38:20 +0000
ROA not before:           Mon 13 Apr 2026 14:38:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60647
IP address blocks:        185.88.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:87:47:76:50:2a:90:e1:63:31:4e:e6:8f:a2:f5:de:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Apr 13 14:38:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c90e5b5ab1b6c8b29022d9ed16a908fd14590f73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:fd:d9:6b:97:ba:55:30:4e:70:2d:01:13:34:
                    58:a4:39:22:0c:8b:5b:14:95:2a:99:26:8a:42:8f:
                    65:fd:70:59:71:cc:38:66:b4:b3:6b:9d:86:92:2e:
                    23:ed:c9:0c:d5:78:3c:f8:18:81:7c:42:57:fb:26:
                    75:76:23:77:67:39:00:3b:52:72:68:e6:1a:07:7a:
                    98:2c:52:26:62:9c:08:66:f9:ae:52:8b:d7:f7:c8:
                    63:a1:8e:36:6f:e5:25:1a:ee:0b:38:ca:dc:81:2f:
                    32:55:f4:de:00:68:f6:a8:d0:53:42:e3:f5:ec:9c:
                    ef:19:7b:f8:70:41:b8:76:ce:fe:bd:e7:84:b3:bc:
                    24:e1:b9:ea:64:b7:28:87:f2:03:db:d0:d6:cb:ab:
                    32:01:e8:f9:09:79:20:c7:e8:0b:f9:92:3d:98:89:
                    b3:20:7e:9f:98:e1:84:d1:b0:7d:f2:92:41:77:86:
                    4e:bf:42:ef:ac:a0:fb:6f:8b:64:83:1a:b1:99:8a:
                    ef:56:2e:9c:32:30:78:81:6c:53:04:13:6b:b7:70:
                    ea:cf:cf:71:d9:85:34:55:ed:2e:d7:ee:23:1e:66:
                    35:e0:52:37:dc:53:77:85:38:05:d5:92:02:30:7c:
                    c3:25:8f:7b:61:10:1f:a9:dd:99:e1:c3:e9:b7:04:
                    9f:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:0E:5B:5A:B1:B6:C8:B2:90:22:D9:ED:16:A9:08:FD:14:59:0F:73
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/yQ5bWrG2yLKQItntFqkI_RRZD3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:ad:89:5c:17:57:3a:e9:3a:b5:01:a5:7c:5b:60:9c:d5:06:
         89:84:c5:24:95:50:2d:aa:10:68:28:14:f6:f7:c0:47:4a:0b:
         9f:d0:e9:d0:7a:47:44:5d:a6:f9:5f:28:7b:ca:12:9e:f5:bd:
         f0:af:83:82:b9:b8:66:af:5b:a8:be:99:53:a7:35:ae:bb:91:
         d6:0f:14:c5:00:31:cc:10:19:83:8b:7a:7e:33:ce:c4:db:b3:
         d1:1e:dd:24:cf:ee:c2:7d:ea:cb:86:e9:61:39:b2:ca:e2:a7:
         70:24:6a:d5:4d:44:9b:56:0b:35:b1:a7:7f:7b:4f:9d:ca:1d:
         52:21:a0:6e:f1:88:1b:67:c7:96:6d:67:04:0d:70:79:93:e2:
         5f:55:41:93:5a:48:c3:a3:4d:ec:33:bd:73:bb:67:ca:8c:7e:
         30:3a:bb:b4:6f:99:d2:0e:ad:85:11:1c:17:d9:45:a8:14:81:
         99:56:91:73:5e:b7:75:23:0e:71:49:fa:28:1c:ef:0e:11:c4:
         ea:3f:e4:35:d0:d8:b4:50:14:ee:6e:78:55:cd:45:a2:92:0d:
         03:71:c8:a1:9e:36:5b:f6:92:22:64:c1:eb:71:a8:8f:1a:63:
         da:10:22:b4:c5:3a:56:98:11:92:95:02:bd:f3:70:5d:74:95:
         e1:40:3f:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2HR3ZQKpDhYzFO5o+i9d47MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjYwNDEzMTQzODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTBlNWI1YWIxYjZjOGIyOTAyMmQ5ZWQxNmE5MDhmZDE0NTkwZjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvP3Za5e6VTBOcC0BEzRYpDkiDItb
FJUqmSaKQo9l/XBZccw4ZrSza52Gki4j7ckM1Xg8+BiBfEJX+yZ1diN3ZzkAO1Jy
aOYaB3qYLFImYpwIZvmuUovX98hjoY42b+UlGu4LOMrcgS8yVfTeAGj2qNBTQuP1
7JzvGXv4cEG4ds7+veeEs7wk4bnqZLcoh/ID29DWy6syAej5CXkgx+gL+ZI9mImz
IH6fmOGE0bB98pJBd4ZOv0LvrKD7b4tkgxqxmYrvVi6cMjB4gWxTBBNrt3Dqz89x
2YU0Ve0u1+4jHmY14FI33FN3hTgF1ZICMHzDJY97YRAfqd2Z4cPptwSfLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMkOW1qxtsiykCLZ7RapCP0UWQ9zMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEveVE1YldyRzJ5TEtRSXRudEZxa0lfUlJaRDNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVivMA0G
CSqGSIb3DQEBCwUAA4IBAQA1rYlcF1c66Tq1AaV8W2Cc1QaJhMUklVAtqhBoKBT2
98BHSguf0OnQekdEXab5Xyh7yhKe9b3wr4OCubhmr1uovplTpzWuu5HWDxTFADHM
EBmDi3p+M87E27PRHt0kz+7CferLhulhObLK4qdwJGrVTUSbVgs1sad/e0+dyh1S
IaBu8YgbZ8eWbWcEDXB5k+JfVUGTWkjDo03sM71zu2fKjH4wOru0b5nSDq2FERwX
2UWoFIGZVpFzXrd1Iw5xSfooHO8OEcTqP+Q10Ni0UBTubnhVzUWikg0DccihnjZb
9pIiZMHrcaiPGmPaECK0xTpWmBGSlQK983BddJXhQD/0
-----END CERTIFICATE-----