Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/y-OM-U7sOF-cjNb2s-_tfw50GRw.roa
File:                     y-OM-U7sOF-cjNb2s-_tfw50GRw.roa (raw, json)
Hash identifier:          tFAk+2h+DTHha1/z4sqqqPG0x3vaR1FdXgyUx3q0bPk=
Subject key identifier:   CB:E3:8C:F9:4E:EC:38:5F:9C:8C:D6:F6:B3:EF:ED:7F:0E:74:19:1C
Certificate issuer:       /CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Certificate serial:       019D45C5B392B0A01928FA1CCE6394417C7A
Authority key identifier: CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/y-OM-U7sOF-cjNb2s-_tfw50GRw.roa
Signing time:             Tue 31 Mar 2026 21:21:17 +0000
ROA not before:           Tue 31 Mar 2026 21:21:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205775
IP address blocks:        138.226.236.0/24 maxlen: 24
                          138.226.237.0/24 maxlen: 24
                          207.89.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:45:c5:b3:92:b0:a0:19:28:fa:1c:ce:63:94:41:7c:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
        Validity
            Not Before: Mar 31 21:21:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cbe38cf94eec385f9c8cd6f6b3efed7f0e74191c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:45:56:a7:95:98:fd:8a:a0:2c:c1:4c:b5:bf:
                    f5:f5:8d:6a:aa:ab:80:d5:f3:4a:f6:d7:9c:41:c2:
                    4d:9e:4b:73:34:ee:51:94:0c:d2:68:dc:3d:cb:22:
                    8b:41:a5:51:fd:ac:47:3d:b7:0e:a7:ec:a6:f4:99:
                    84:73:4c:f7:7a:0a:25:4c:96:76:7c:db:df:b4:c5:
                    3e:17:9c:34:e3:09:6c:76:bb:43:e4:87:11:9c:ca:
                    81:db:94:8a:b3:01:16:9b:7d:f9:4c:69:13:3b:66:
                    6d:74:c8:33:fe:ba:80:a1:ca:87:26:01:0a:72:fd:
                    e1:0f:94:79:71:28:8a:fe:9f:15:21:71:4f:22:5f:
                    87:9d:23:17:77:ae:da:a3:95:32:33:e1:36:81:00:
                    91:0f:71:5b:92:b5:45:c7:17:5b:3c:2f:ce:96:9b:
                    f8:97:1e:dd:91:8d:75:f1:02:02:a7:13:73:b1:28:
                    b1:28:1f:08:ca:40:84:e3:97:53:05:4a:60:31:c4:
                    17:78:c9:0d:4c:1c:19:55:7a:1b:d7:b7:3f:b6:b3:
                    fb:a9:53:3f:eb:1f:86:0e:24:28:a3:c1:96:cf:b8:
                    40:30:35:9d:9f:c7:fd:06:d6:09:a9:0b:c3:e6:ba:
                    64:09:58:e0:29:1f:a0:c9:35:76:27:55:6e:9f:b4:
                    ca:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:E3:8C:F9:4E:EC:38:5F:9C:8C:D6:F6:B3:EF:ED:7F:0E:74:19:1C
            X509v3 Authority Key Identifier:
                keyid:CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/y-OM-U7sOF-cjNb2s-_tfw50GRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.226.236.0/23
                  207.89.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:4e:aa:52:3a:b1:4a:e0:5d:83:13:ea:f5:48:0c:46:47:5e:
         bc:ac:01:da:84:fc:6f:d9:45:8d:ac:5a:3f:4d:c2:80:53:1c:
         81:b2:36:12:e0:b8:ce:96:08:37:0a:5c:e3:c0:37:75:6f:84:
         57:bf:e0:00:ee:c2:00:14:4d:c4:6b:71:62:21:54:e9:48:9a:
         a8:57:69:88:9f:eb:d9:55:80:fd:23:fa:be:5b:14:82:bc:e8:
         5b:a4:24:b8:2d:1d:87:78:75:8d:46:98:cc:15:d9:31:fd:68:
         7d:72:12:f1:71:2d:ed:0f:52:3c:75:25:a9:dd:64:76:84:92:
         dd:f0:dc:53:dd:52:69:b0:96:67:38:18:53:c8:c6:0b:96:81:
         68:40:c5:22:10:f6:23:bc:6c:d1:22:18:93:2c:9f:c0:9b:41:
         45:38:43:e4:33:82:59:b2:40:8c:cb:ea:49:30:cd:a1:80:1e:
         e6:ad:eb:a7:be:5a:1b:69:cc:b9:50:05:bd:7d:e7:df:49:04:
         33:ad:2c:de:b3:78:f6:f2:06:cc:8a:ae:09:00:3f:ec:b5:b0:
         e8:8f:d8:a4:1e:a7:1f:81:2e:94:b2:ab:9e:c3:4b:a4:73:97:
         48:8a:fb:0f:af:f5:0f:ce:75:0e:06:15:84:4f:fb:b4:35:19:
         ea:ef:b3:c2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1FxbOSsKAZKPoczmOUQXx6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjQ0MWQ5ZDgwN2UwZDc4Y2U3NTIxM2ExMDM0MDBlZTE0
YTdjZGMwHhcNMjYwMzMxMjEyMTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmUzOGNmOTRlZWMzODVmOWM4Y2Q2ZjZiM2VmZWQ3ZjBlNzQxOTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5kVWp5WY/YqgLMFMtb/19Y1qqquA
1fNK9tecQcJNnktzNO5RlAzSaNw9yyKLQaVR/axHPbcOp+ym9JmEc0z3egolTJZ2
fNvftMU+F5w04wlsdrtD5IcRnMqB25SKswEWm335TGkTO2ZtdMgz/rqAocqHJgEK
cv3hD5R5cSiK/p8VIXFPIl+HnSMXd67ao5UyM+E2gQCRD3FbkrVFxxdbPC/Olpv4
lx7dkY118QICpxNzsSixKB8IykCE45dTBUpgMcQXeMkNTBwZVXob17c/trP7qVM/
6x+GDiQoo8GWz7hAMDWdn8f9BtYJqQvD5rpkCVjgKR+gyTV2J1Vun7TKFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMvjjPlO7DhfnIzW9rPv7X8OdBkcMB8GA1UdIwQY
MBaAFMpkQdnYB+DXjOdSE6EDQA7hSnzcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYt
MmUyOGI5NjQ5OGE5LzEveS1PTS1VN3NPRi1jak5iMnMtX3RmdzUwR1J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYtMmUyOGI5NjQ5OGE5
LzEveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBiuLsAwQA
z1kSMA0GCSqGSIb3DQEBCwUAA4IBAQA/TqpSOrFK4F2DE+r1SAxGR168rAHahPxv
2UWNrFo/TcKAUxyBsjYS4LjOlgg3ClzjwDd1b4RXv+AA7sIAFE3Ea3FiIVTpSJqo
V2mIn+vZVYD9I/q+WxSCvOhbpCS4LR2HeHWNRpjMFdkx/Wh9chLxcS3tD1I8dSWp
3WR2hJLd8NxT3VJpsJZnOBhTyMYLloFoQMUiEPYjvGzRIhiTLJ/Am0FFOEPkM4JZ
skCMy+pJMM2hgB7mreunvlobacy5UAW9feffSQQzrSzes3j28gbMiq4JAD/stbDo
j9ikHqcfgS6Usquew0ukc5dIivsPr/UPznUOBhWET/u0NRnq77PC
-----END CERTIFICATE-----