Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/YW2aciSVYXaEcsT6Cw2TPB-ioVI.roa
File:                     YW2aciSVYXaEcsT6Cw2TPB-ioVI.roa (raw, json)
Hash identifier:          FYTfWP3WjxHy4LFxZvm+eYE5FixchH+77/YlERbrQJI=
Subject key identifier:   61:6D:9A:72:24:95:61:76:84:72:C4:FA:0B:0D:93:3C:1F:A2:A1:52
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019C195DBA27693EE9FDB6C75108AA310405
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/YW2aciSVYXaEcsT6Cw2TPB-ioVI.roa
Signing time:             Sun 01 Feb 2026 13:21:38 +0000
ROA not before:           Sun 01 Feb 2026 13:21:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58232
IP address blocks:        185.215.247.0/24 maxlen: 24
                          188.253.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 22:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:19:5d:ba:27:69:3e:e9:fd:b6:c7:51:08:aa:31:04:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Feb  1 13:21:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=616d9a72249561768472c4fa0b0d933c1fa2a152
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:47:24:5e:ce:66:8e:d0:d9:59:5e:b7:9b:78:
                    30:de:5e:3e:61:b7:fa:3e:b7:69:cf:cd:65:12:43:
                    f4:28:a4:86:09:3e:8a:fb:2c:c7:0f:b4:5a:33:6e:
                    c0:20:3b:34:5e:64:e4:66:8a:82:b8:c1:c0:25:b9:
                    6b:f4:ab:67:3d:5e:88:33:6e:e4:14:f8:72:8c:9a:
                    0b:e5:27:52:72:f0:e7:f2:2b:2a:62:6d:d1:eb:bd:
                    23:5f:90:50:d9:e1:97:d3:67:75:1d:a2:03:f9:fd:
                    d6:3c:de:f8:70:05:b1:4d:0f:14:ba:37:1c:1d:5e:
                    c3:38:66:b3:fe:d2:f3:c6:13:96:5d:ad:8c:f3:18:
                    57:5e:31:24:a3:3b:3d:20:74:a3:c2:78:4b:75:25:
                    f3:1c:4e:c6:b5:50:3f:72:81:1f:8a:ae:06:15:6c:
                    89:c8:6a:b7:e7:4b:d5:96:bb:73:e2:05:e7:7b:90:
                    77:b3:8b:2f:37:09:88:46:90:f6:ba:47:09:64:f0:
                    78:e7:60:3f:fa:a6:d1:d6:c2:ce:3f:21:b7:a3:ab:
                    e9:e3:e0:6e:10:b7:b3:09:a8:e4:90:a7:c3:b8:fd:
                    3b:b5:5c:7c:ca:6f:59:7b:03:1e:ff:cb:37:8c:94:
                    ad:9c:a4:a3:af:38:b1:3d:7f:be:c3:ec:45:c1:f5:
                    89:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:6D:9A:72:24:95:61:76:84:72:C4:FA:0B:0D:93:3C:1F:A2:A1:52
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/YW2aciSVYXaEcsT6Cw2TPB-ioVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.215.247.0/24
                  188.253.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:dc:e0:a0:87:1c:80:8d:cf:04:b2:62:5e:90:56:63:f0:59:
         57:09:87:85:d2:79:82:d7:0a:cd:b6:8a:2c:74:86:17:cf:ed:
         be:9d:60:3a:33:b2:1c:aa:75:e2:42:8e:c7:86:e6:f8:11:26:
         cf:36:03:51:d6:a6:4a:ab:79:2f:47:01:c0:27:fe:34:6a:c9:
         e3:1f:4a:93:8c:fa:c7:d2:bc:45:1d:bd:6b:86:b8:91:b6:b0:
         77:55:04:4e:70:31:7d:29:0e:da:c4:e8:7c:84:f4:97:d4:eb:
         39:03:7e:4b:bb:89:a2:d7:b4:a1:4f:23:39:ab:92:49:3c:3d:
         ff:ad:bb:76:1a:f8:bc:8a:61:95:75:ae:be:b4:ca:7d:8f:8d:
         34:b5:b2:ef:4c:d6:74:09:5b:87:47:c1:58:bc:18:c3:13:bb:
         d3:80:2f:e7:da:0e:0b:b5:5a:fc:8b:0e:da:92:98:b6:92:88:
         b7:1f:48:16:8b:17:05:88:7c:d7:da:9c:d3:91:c1:fc:bd:fe:
         be:5f:f6:dc:e1:b6:2d:37:1d:2e:1c:32:7e:1d:38:9f:44:9b:
         db:82:37:eb:51:50:7a:1e:dd:20:e8:bf:56:00:24:39:c5:cf:
         43:c6:c3:3e:13:b4:bf:d7:c9:89:c9:a5:8d:23:62:a1:06:cf:
         ff:d2:de:46
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZwZXbonaT7p/bbHUQiqMQQFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjYwMjAxMTMyMTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTZkOWE3MjI0OTU2MTc2ODQ3MmM0ZmEwYjBkOTMzYzFmYTJhMTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0ckXs5mjtDZWV63m3gw3l4+Ybf6
Prdpz81lEkP0KKSGCT6K+yzHD7RaM27AIDs0XmTkZoqCuMHAJblr9KtnPV6IM27k
FPhyjJoL5SdScvDn8isqYm3R670jX5BQ2eGX02d1HaID+f3WPN74cAWxTQ8Uujcc
HV7DOGaz/tLzxhOWXa2M8xhXXjEkozs9IHSjwnhLdSXzHE7GtVA/coEfiq4GFWyJ
yGq350vVlrtz4gXne5B3s4svNwmIRpD2ukcJZPB452A/+qbR1sLOPyG3o6vp4+Bu
ELezCajkkKfDuP07tVx8ym9ZewMe/8s3jJStnKSjrzixPX++w+xFwfWJ6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGFtmnIklWF2hHLE+gsNkzwfoqFSMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvWVcyYWNpU1ZZWGFFY3NUNkN3MlRQQi1pb1ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAudf3AwQA
vP0BMA0GCSqGSIb3DQEBCwUAA4IBAQCk3OCghxyAjc8EsmJekFZj8FlXCYeF0nmC
1wrNtoosdIYXz+2+nWA6M7IcqnXiQo7Hhub4ESbPNgNR1qZKq3kvRwHAJ/40asnj
H0qTjPrH0rxFHb1rhriRtrB3VQROcDF9KQ7axOh8hPSX1Os5A35Lu4mi17ShTyM5
q5JJPD3/rbt2Gvi8imGVda6+tMp9j400tbLvTNZ0CVuHR8FYvBjDE7vTgC/n2g4L
tVr8iw7akpi2koi3H0gWixcFiHzX2pzTkcH8vf6+X/bc4bYtNx0uHDJ+HTifRJvb
gjfrUVB6Ht0g6L9WACQ5xc9DxsM+E7S/18mJyaWNI2KhBs//0t5G
-----END CERTIFICATE-----