Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/8490a4-87c1-4b8c-8344-2ad02eb04915/1/YIr7vHC2bGtjaGYrfIq4xc4SY1w.roa
File:                     YIr7vHC2bGtjaGYrfIq4xc4SY1w.roa (raw, json)
Hash identifier:          szj1ZQWcHg/rNeW4UE66lqJF6Ui02P9VIF4rG837XFI=
Subject key identifier:   60:8A:FB:BC:70:B6:6C:6B:63:68:66:2B:7C:8A:B8:C5:CE:12:63:5C
Certificate issuer:       /CN=8c17f04e9c407458a7ac9ad15f7a0ccea511ba52
Certificate serial:       019E3649F40F48C378AB4669B2EF5447CD9A
Authority key identifier: 8C:17:F0:4E:9C:40:74:58:A7:AC:9A:D1:5F:7A:0C:CE:A5:11:BA:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBfwTpxAdFinrJrRX3oMzqURulI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/8490a4-87c1-4b8c-8344-2ad02eb04915/1/YIr7vHC2bGtjaGYrfIq4xc4SY1w.roa
Signing time:             Sun 17 May 2026 14:14:36 +0000
ROA not before:           Sun 17 May 2026 14:14:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     22295
IP address blocks:        207.241.172.0/23 maxlen: 24
                          2a04:c300::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/8490a4-87c1-4b8c-8344-2ad02eb04915/1/jBfwTpxAdFinrJrRX3oMzqURulI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/8490a4-87c1-4b8c-8344-2ad02eb04915/1/jBfwTpxAdFinrJrRX3oMzqURulI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jBfwTpxAdFinrJrRX3oMzqURulI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:36:49:f4:0f:48:c3:78:ab:46:69:b2:ef:54:47:cd:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c17f04e9c407458a7ac9ad15f7a0ccea511ba52
        Validity
            Not Before: May 17 14:14:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=608afbbc70b66c6b6368662b7c8ab8c5ce12635c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:a7:a0:36:49:d2:9e:0b:33:7c:83:77:0d:6c:
                    3f:9e:5d:e9:86:b4:4c:9a:f7:c4:00:68:0b:3e:2e:
                    ba:f0:b0:a2:6f:8f:49:d9:bb:f9:f5:b1:3c:8d:fe:
                    3a:e5:84:82:81:57:0a:60:c8:6d:39:28:30:c6:fa:
                    79:9c:bb:56:92:5a:1b:e8:1a:44:f1:57:60:e8:e7:
                    3b:c0:6e:ef:a4:e0:39:bd:37:48:df:10:29:ec:6f:
                    e2:5b:4d:5e:04:74:43:cb:20:0c:c0:f2:49:10:b0:
                    cc:67:62:70:9f:be:46:59:68:56:03:da:e1:69:81:
                    ee:76:1f:f7:4c:01:dc:bb:5a:12:55:5d:93:87:70:
                    2a:f2:45:95:80:e6:26:e4:fe:cd:d1:57:94:bf:02:
                    37:3f:d5:ea:d6:60:e8:b8:67:fc:fb:1d:d8:f7:5a:
                    7c:6c:ec:45:ee:30:54:15:6d:af:6d:4b:30:ad:53:
                    e5:7a:58:02:ac:e2:5c:85:b4:67:85:b3:8a:c9:a6:
                    88:41:29:67:08:47:ad:95:ae:d4:2b:ef:7f:49:23:
                    d2:9f:c6:35:fd:08:2e:18:f5:69:e9:8f:d8:3a:7b:
                    32:9a:87:f1:5f:12:52:06:9b:da:39:bc:7a:77:5d:
                    47:fd:5b:aa:3b:f4:e4:0e:af:af:6e:be:0e:d1:cc:
                    da:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:8A:FB:BC:70:B6:6C:6B:63:68:66:2B:7C:8A:B8:C5:CE:12:63:5C
            X509v3 Authority Key Identifier:
                keyid:8C:17:F0:4E:9C:40:74:58:A7:AC:9A:D1:5F:7A:0C:CE:A5:11:BA:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBfwTpxAdFinrJrRX3oMzqURulI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/8490a4-87c1-4b8c-8344-2ad02eb04915/1/YIr7vHC2bGtjaGYrfIq4xc4SY1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/8490a4-87c1-4b8c-8344-2ad02eb04915/1/jBfwTpxAdFinrJrRX3oMzqURulI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.241.172.0/23
                IPv6:
                  2a04:c300::/29

    Signature Algorithm: sha256WithRSAEncryption
         97:03:5b:dc:73:ad:14:50:47:65:dd:f1:f7:d8:dd:ab:41:d0:
         05:8b:b7:fa:19:e4:de:5b:a0:66:39:71:e8:41:b7:75:61:c7:
         ab:c8:ee:b2:9c:b0:f2:46:f0:67:4f:5f:92:2a:6f:e9:a3:68:
         2a:9a:99:35:81:86:03:fe:5c:2d:e4:29:42:b2:ce:66:b9:02:
         c4:70:5d:59:2c:37:f4:0e:54:83:63:ab:11:26:04:59:e6:f8:
         f3:f1:d2:86:fe:bb:7e:da:80:97:eb:11:8f:47:07:9f:fd:4e:
         68:8e:f6:1b:01:92:a3:53:68:ab:28:62:91:06:bd:2b:34:1d:
         3e:1c:e7:13:fd:2e:11:83:72:4d:af:b2:ec:a5:8c:c4:07:f8:
         f7:d4:2d:1e:de:e9:e1:fc:72:34:a5:16:44:ba:f2:ea:79:8d:
         f8:14:2d:f1:4f:43:e5:66:0c:01:1d:cc:3d:8d:b8:fc:7e:ad:
         60:d0:07:2a:37:7c:60:ba:7f:29:54:ae:54:a7:10:d3:c4:51:
         15:d2:b2:db:f1:85:1f:d7:2d:45:5d:5b:a4:6d:2c:9b:32:ab:
         e2:f9:d7:d7:32:4b:9e:22:5b:35:b7:da:ce:c6:92:8b:6c:ce:
         d3:b8:8b:f9:a8:bf:21:7e:27:25:93:fe:40:c5:9d:f9:14:9c:
         2f:7d:41:02
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ42SfQPSMN4q0Zpsu9UR82aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjMTdmMDRlOWM0MDc0NThhN2FjOWFkMTVmN2EwY2NlYTUx
MWJhNTIwHhcNMjYwNTE3MTQxNDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDhhZmJiYzcwYjY2YzZiNjM2ODY2MmI3YzhhYjhjNWNlMTI2MzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoKegNknSngszfIN3DWw/nl3phrRM
mvfEAGgLPi668LCib49J2bv59bE8jf465YSCgVcKYMhtOSgwxvp5nLtWklob6BpE
8Vdg6Oc7wG7vpOA5vTdI3xAp7G/iW01eBHRDyyAMwPJJELDMZ2Jwn75GWWhWA9rh
aYHudh/3TAHcu1oSVV2Th3Aq8kWVgOYm5P7N0VeUvwI3P9Xq1mDouGf8+x3Y91p8
bOxF7jBUFW2vbUswrVPlelgCrOJchbRnhbOKyaaIQSlnCEetla7UK+9/SSPSn8Y1
/QguGPVp6Y/YOnsymofxXxJSBpvaObx6d11H/VuqO/TkDq+vbr4O0czavQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGCK+7xwtmxrY2hmK3yKuMXOEmNcMB8GA1UdIwQY
MBaAFIwX8E6cQHRYp6ya0V96DM6lEbpSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakJmd1RweEFkRmluckpyUlgzb016cVVSdWxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC84NDkwYTQtODdjMS00YjhjLTgzNDQt
MmFkMDJlYjA0OTE1LzEvWUlyN3ZIQzJiR3RqYUdZcmZJcTR4YzRTWTF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC84NDkwYTQtODdjMS00YjhjLTgzNDQtMmFkMDJlYjA0OTE1
LzEvakJmd1RweEFkRmluckpyUlgzb016cVVSdWxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBz/GsMA0E
AgACMAcDBQMqBMMAMA0GCSqGSIb3DQEBCwUAA4IBAQCXA1vcc60UUEdl3fH32N2r
QdAFi7f6GeTeW6BmOXHoQbd1YceryO6ynLDyRvBnT1+SKm/po2gqmpk1gYYD/lwt
5ClCss5muQLEcF1ZLDf0DlSDY6sRJgRZ5vjz8dKG/rt+2oCX6xGPRwef/U5ojvYb
AZKjU2irKGKRBr0rNB0+HOcT/S4Rg3JNr7LspYzEB/j31C0e3unh/HI0pRZEuvLq
eY34FC3xT0PlZgwBHcw9jbj8fq1g0AcqN3xgun8pVK5UpxDTxFEV0rLb8YUf1y1F
XVukbSybMqvi+dfXMkueIls1t9rOxpKLbM7TuIv5qL8hficlk/5AxZ35FJwvfUEC
-----END CERTIFICATE-----