Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/84f86e-4ea7-4db3-aa30-c2c9e2393a32/1/Y4Ztj_LvVduFmJe-S8DAGQ8C-Xw.roa
File:                     Y4Ztj_LvVduFmJe-S8DAGQ8C-Xw.roa (raw, json)
Hash identifier:          PnJYtORtq7q9TMkof+95kidGWv4p60mPQyI6Q4NduWk=
Subject key identifier:   63:86:6D:8F:F2:EF:55:DB:85:98:97:BE:4B:C0:C0:19:0F:02:F9:7C
Certificate issuer:       /CN=317ef55ae76d422504eae5b206724d36443311c7
Certificate serial:       019B7DCA10C440AB908772009030512469E0
Authority key identifier: 31:7E:F5:5A:E7:6D:42:25:04:EA:E5:B2:06:72:4D:36:44:33:11:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MX71WudtQiUE6uWyBnJNNkQzEcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/84f86e-4ea7-4db3-aa30-c2c9e2393a32/1/Y4Ztj_LvVduFmJe-S8DAGQ8C-Xw.roa
Signing time:             Fri 02 Jan 2026 08:19:13 +0000
ROA not before:           Fri 02 Jan 2026 08:19:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197480
IP address blocks:        178.21.136.0/21 maxlen: 21
                          185.3.224.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/84f86e-4ea7-4db3-aa30-c2c9e2393a32/1/MX71WudtQiUE6uWyBnJNNkQzEcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/84f86e-4ea7-4db3-aa30-c2c9e2393a32/1/MX71WudtQiUE6uWyBnJNNkQzEcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MX71WudtQiUE6uWyBnJNNkQzEcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 20:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:10:c4:40:ab:90:87:72:00:90:30:51:24:69:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=317ef55ae76d422504eae5b206724d36443311c7
        Validity
            Not Before: Jan  2 08:19:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=63866d8ff2ef55db859897be4bc0c0190f02f97c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:be:29:96:5f:b3:b6:20:45:15:ff:8a:aa:27:
                    b0:4c:e7:d9:95:cc:63:de:55:36:48:39:e9:44:b0:
                    5c:39:e1:56:6b:f4:43:62:41:35:fc:30:11:f8:19:
                    94:41:08:d8:fc:4f:eb:ee:5b:52:82:77:54:b1:6a:
                    ef:6c:71:15:50:2b:88:1f:af:1f:a6:fe:74:b9:ac:
                    bb:4e:32:97:5d:9c:ca:fe:69:f1:8e:74:92:8c:30:
                    6a:34:f3:af:3b:4c:04:04:59:f2:5d:36:52:81:18:
                    b2:9b:b6:41:81:cb:95:2d:aa:58:bc:e2:7b:1f:a0:
                    d4:f7:09:7f:3b:13:f2:77:79:e1:e6:20:63:f7:87:
                    b3:dd:8d:c8:81:19:de:d3:82:27:84:a8:bd:ae:21:
                    3a:04:2d:25:ed:66:98:c6:c7:bb:4f:99:52:15:c8:
                    02:c8:c9:28:c3:db:b1:6e:09:5f:cf:bd:0c:8e:66:
                    5f:0a:e0:2a:0c:cf:c5:f5:8b:a9:e7:62:0d:d2:1c:
                    f2:0b:79:a3:94:90:46:fa:c4:2f:6e:8a:9e:a9:ef:
                    c9:e2:a4:70:36:4d:2e:c7:b8:31:6c:1a:29:6e:0e:
                    52:6e:45:f1:54:7d:5a:81:ad:24:f6:b2:8d:e3:86:
                    2e:b6:7a:3b:01:aa:ad:0e:49:74:ee:26:69:79:96:
                    3b:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:86:6D:8F:F2:EF:55:DB:85:98:97:BE:4B:C0:C0:19:0F:02:F9:7C
            X509v3 Authority Key Identifier:
                keyid:31:7E:F5:5A:E7:6D:42:25:04:EA:E5:B2:06:72:4D:36:44:33:11:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MX71WudtQiUE6uWyBnJNNkQzEcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/84f86e-4ea7-4db3-aa30-c2c9e2393a32/1/Y4Ztj_LvVduFmJe-S8DAGQ8C-Xw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/84f86e-4ea7-4db3-aa30-c2c9e2393a32/1/MX71WudtQiUE6uWyBnJNNkQzEcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.21.136.0/21
                  185.3.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:fb:8a:ce:fc:e7:b9:f8:94:e3:7e:74:21:24:66:ab:78:11:
         d4:49:f9:87:e6:ee:de:8b:ab:d0:28:96:68:01:a4:ce:8d:6a:
         a4:b5:7c:d7:99:85:9e:db:b8:b3:ce:3e:d4:0c:c8:a0:d5:35:
         08:2b:22:d8:15:da:d9:1e:ea:59:be:31:92:eb:a0:d0:88:14:
         48:db:5f:0f:02:1c:ab:ab:f1:63:d5:e9:c1:f1:71:f2:b4:19:
         dd:b8:59:25:45:17:6f:4e:f7:4e:00:09:8d:bb:6a:a8:9e:26:
         a2:ba:4f:40:0c:fe:63:0d:6a:3f:de:80:7b:49:b4:26:5a:9f:
         c9:70:1e:ac:b1:51:42:d6:06:76:e8:d9:69:34:27:fb:75:09:
         5a:94:a5:65:4c:cc:2f:45:c8:57:fa:00:0b:ac:fc:a9:fc:7e:
         6d:ce:fc:23:0c:5f:d3:24:71:db:6f:1c:53:9f:c4:6c:9c:c4:
         46:b6:51:23:60:01:74:bb:7a:bd:5e:1b:f7:5c:fc:8d:6e:8e:
         c7:3e:bc:01:ce:29:77:a6:7b:b1:8a:c0:a2:f0:42:3e:bd:69:
         44:4d:1e:95:33:3d:76:97:08:94:74:9b:b0:08:17:55:ee:63:
         e9:e4:0a:a4:0d:a5:80:c1:16:29:30:66:9f:fa:c3:d8:76:3a:
         ac:ae:41:4f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZt9yhDEQKuQh3IAkDBRJGngMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxN2VmNTVhZTc2ZDQyMjUwNGVhZTViMjA2NzI0ZDM2NDQz
MzExYzcwHhcNMjYwMTAyMDgxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mzg2NmQ4ZmYyZWY1NWRiODU5ODk3YmU0YmMwYzAxOTBmMDJmOTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs74pll+ztiBFFf+KqiewTOfZlcxj
3lU2SDnpRLBcOeFWa/RDYkE1/DAR+BmUQQjY/E/r7ltSgndUsWrvbHEVUCuIH68f
pv50uay7TjKXXZzK/mnxjnSSjDBqNPOvO0wEBFnyXTZSgRiym7ZBgcuVLapYvOJ7
H6DU9wl/OxPyd3nh5iBj94ez3Y3IgRne04InhKi9riE6BC0l7WaYxse7T5lSFcgC
yMkow9uxbglfz70MjmZfCuAqDM/F9Yup52IN0hzyC3mjlJBG+sQvboqeqe/J4qRw
Nk0ux7gxbBopbg5SbkXxVH1aga0k9rKN44Yutno7AaqtDkl07iZpeZY75QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGOGbY/y71XbhZiXvkvAwBkPAvl8MB8GA1UdIwQY
MBaAFDF+9VrnbUIlBOrlsgZyTTZEMxHHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVg3MVd1ZHRRaVVFNnVXeUJuSk5Oa1F6RWNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS84NGY4NmUtNGVhNy00ZGIzLWFhMzAt
YzJjOWUyMzkzYTMyLzEvWTRadGpfTHZWZHVGbUplLVM4REFHUThDLVh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS84NGY4NmUtNGVhNy00ZGIzLWFhMzAtYzJjOWUyMzkzYTMy
LzEvTVg3MVd1ZHRRaVVFNnVXeUJuSk5Oa1F6RWNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDshWIAwQC
uQPgMA0GCSqGSIb3DQEBCwUAA4IBAQBP+4rO/Oe5+JTjfnQhJGareBHUSfmH5u7e
i6vQKJZoAaTOjWqktXzXmYWe27izzj7UDMig1TUIKyLYFdrZHupZvjGS66DQiBRI
218PAhyrq/Fj1enB8XHytBnduFklRRdvTvdOAAmNu2qoniaiuk9ADP5jDWo/3oB7
SbQmWp/JcB6ssVFC1gZ26NlpNCf7dQlalKVlTMwvRchX+gALrPyp/H5tzvwjDF/T
JHHbbxxTn8RsnMRGtlEjYAF0u3q9Xhv3XPyNbo7HPrwBzil3pnuxisCi8EI+vWlE
TR6VMz12lwiUdJuwCBdV7mPp5AqkDaWAwRYpMGaf+sPYdjqsrkFP
-----END CERTIFICATE-----