Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/yFniHWXO7_eCIiqp5zEklB0-E4M.roa
File:                     yFniHWXO7_eCIiqp5zEklB0-E4M.roa (raw, json)
Hash identifier:          AVejDieEOPpUjiHa4BQgEX+ocNwhYeJQ16YzzFkL1AM=
Subject key identifier:   C8:59:E2:1D:65:CE:EF:F7:82:22:2A:A9:E7:31:24:94:1D:3E:13:83
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       019D8AAFF46FC079944325991F76601E73A0
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/yFniHWXO7_eCIiqp5zEklB0-E4M.roa
Signing time:             Tue 14 Apr 2026 06:31:20 +0000
ROA not before:           Tue 14 Apr 2026 06:31:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206533
IP address blocks:        91.225.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8a:af:f4:6f:c0:79:94:43:25:99:1f:76:60:1e:73:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Apr 14 06:31:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c859e21d65ceeff782222aa9e73124941d3e1383
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:60:4e:5b:cb:b5:7f:bd:ff:8c:5a:10:20:bc:
                    73:24:47:b6:91:45:08:e5:3b:39:10:0c:b3:fa:ed:
                    b0:f7:d7:1e:38:16:52:87:4b:31:1a:d6:5b:0d:66:
                    75:58:0b:9f:21:9a:ec:2f:bb:53:56:ea:b8:76:cd:
                    00:00:05:fc:8e:11:5c:f3:8a:04:30:28:79:d3:76:
                    38:f4:e6:3b:e1:5a:20:57:a2:a7:28:10:c4:9c:9b:
                    a6:2d:14:53:7c:46:e9:e9:87:81:6e:55:11:93:ff:
                    87:d8:e1:da:67:8a:e0:f1:1c:5d:ea:2d:0e:41:b4:
                    b4:88:d7:98:5d:e7:d5:67:f4:3e:5e:46:e5:6d:e5:
                    06:1b:4b:05:98:77:8b:fb:60:ce:a8:4a:d5:da:cc:
                    42:1d:8d:f9:65:74:03:dc:f0:4f:2d:e7:e6:4a:59:
                    7e:c1:7c:2f:10:7a:ef:3b:76:0e:e9:39:2a:48:84:
                    fb:11:c2:a8:a6:f9:15:d0:de:65:fa:a7:6c:bd:3c:
                    f6:09:4d:c7:ff:c7:9c:c0:46:48:c1:16:a6:8a:07:
                    29:fa:cb:de:82:18:1a:38:ee:b0:38:0b:fc:e0:f3:
                    1b:53:a7:c8:c0:4b:9c:21:a6:e7:db:4c:25:1c:2c:
                    ce:da:e9:91:f9:2a:df:53:74:c4:a9:95:60:64:c9:
                    6e:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:59:E2:1D:65:CE:EF:F7:82:22:2A:A9:E7:31:24:94:1D:3E:13:83
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/yFniHWXO7_eCIiqp5zEklB0-E4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.225.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:f7:de:4c:77:d8:8b:fd:dc:ba:3e:f1:6f:79:65:35:f6:1b:
         64:b1:7f:f8:03:e9:6f:a5:ed:ed:68:91:30:f4:1a:b3:ad:fc:
         c6:f5:71:e4:d6:1a:f3:22:7f:47:5b:11:30:aa:1c:a0:af:db:
         a5:3e:c3:c2:fc:c8:1e:21:50:b0:2a:d8:ea:a2:ab:86:23:72:
         e6:f5:3d:1a:12:56:f3:cf:8a:b7:1f:97:40:0f:60:cd:d3:a7:
         04:29:c8:6b:77:a2:cb:ec:c9:ae:02:82:56:64:1a:3c:37:f4:
         1b:b7:5e:dd:f0:4c:4e:f5:26:78:d8:82:b8:0c:86:a2:c4:cc:
         f6:fb:1a:f4:b3:dd:b0:64:43:08:07:1b:65:5b:f6:77:e7:c3:
         19:47:92:f0:1b:36:c1:46:e1:bf:1b:b2:69:88:2e:63:1e:db:
         07:f4:3e:02:54:41:7f:35:0c:1c:df:80:fd:bd:9f:cd:73:d0:
         2d:61:34:e9:62:77:ff:89:14:98:88:b1:3f:75:ec:cf:4e:9a:
         60:c8:c4:58:01:53:47:9d:c1:b8:04:ad:a2:a3:36:e8:3a:8a:
         85:1e:47:25:ac:fc:1e:48:4f:df:35:f0:91:f9:71:af:42:df:
         a0:cf:1c:a7:bb:ab:ec:4d:fc:95:14:f5:01:68:a5:c1:94:d7:
         e8:eb:f8:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2Kr/RvwHmUQyWZH3ZgHnOgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjYwNDE0MDYzMTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODU5ZTIxZDY1Y2VlZmY3ODIyMjJhYTllNzMxMjQ5NDFkM2UxMzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2BOW8u1f73/jFoQILxzJEe2kUUI
5Ts5EAyz+u2w99ceOBZSh0sxGtZbDWZ1WAufIZrsL7tTVuq4ds0AAAX8jhFc84oE
MCh503Y49OY74VogV6KnKBDEnJumLRRTfEbp6YeBblURk/+H2OHaZ4rg8Rxd6i0O
QbS0iNeYXefVZ/Q+XkblbeUGG0sFmHeL+2DOqErV2sxCHY35ZXQD3PBPLefmSll+
wXwvEHrvO3YO6TkqSIT7EcKopvkV0N5l+qdsvTz2CU3H/8ecwEZIwRamigcp+sve
ghgaOO6wOAv84PMbU6fIwEucIabn20wlHCzO2umR+SrfU3TEqZVgZMluDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMhZ4h1lzu/3giIqqecxJJQdPhODMB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEveUZuaUhXWE83X2VDSWlxcDV6RWtsQjAtRTRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+HiMA0G
CSqGSIb3DQEBCwUAA4IBAQBP995Md9iL/dy6PvFveWU19htksX/4A+lvpe3taJEw
9BqzrfzG9XHk1hrzIn9HWxEwqhygr9ulPsPC/MgeIVCwKtjqoquGI3Lm9T0aElbz
z4q3H5dAD2DN06cEKchrd6LL7MmuAoJWZBo8N/Qbt17d8ExO9SZ42IK4DIaixMz2
+xr0s92wZEMIBxtlW/Z358MZR5LwGzbBRuG/G7JpiC5jHtsH9D4CVEF/NQwc34D9
vZ/Nc9AtYTTpYnf/iRSYiLE/dezPTppgyMRYAVNHncG4BK2iozboOoqFHkclrPwe
SE/fNfCR+XGvQt+gzxynu6vsTfyVFPUBaKXBlNfo6/jd
-----END CERTIFICATE-----