Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/2cc46c-8c51-4330-b623-1835cc8a1d9d/1/yJQ9nBonMQnEt_O9rr5CmMqvpwA.roa
File:                     yJQ9nBonMQnEt_O9rr5CmMqvpwA.roa (raw, json)
Hash identifier:          eo5bnMB5ExtqJKvflsj0G9k/9EeksB8fwhEsz05U4Zs=
Subject key identifier:   C8:94:3D:9C:1A:27:31:09:C4:B7:F3:BD:AE:BE:42:98:CA:AF:A7:00
Certificate issuer:       /CN=dc0e25e17a51696923a5c02966787409aac9aa36
Certificate serial:       019E8DE44DA09BED2F26F67F214A9B869417
Authority key identifier: DC:0E:25:E1:7A:51:69:69:23:A5:C0:29:66:78:74:09:AA:C9:AA:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3A4l4XpRaWkjpcApZnh0CarJqjY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/2cc46c-8c51-4330-b623-1835cc8a1d9d/1/yJQ9nBonMQnEt_O9rr5CmMqvpwA.roa
Signing time:             Wed 03 Jun 2026 14:30:10 +0000
ROA not before:           Wed 03 Jun 2026 14:30:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59726
IP address blocks:        37.230.201.0/24 maxlen: 24
                          212.86.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/2cc46c-8c51-4330-b623-1835cc8a1d9d/1/3A4l4XpRaWkjpcApZnh0CarJqjY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/2cc46c-8c51-4330-b623-1835cc8a1d9d/1/3A4l4XpRaWkjpcApZnh0CarJqjY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3A4l4XpRaWkjpcApZnh0CarJqjY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8d:e4:4d:a0:9b:ed:2f:26:f6:7f:21:4a:9b:86:94:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc0e25e17a51696923a5c02966787409aac9aa36
        Validity
            Not Before: Jun  3 14:30:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c8943d9c1a273109c4b7f3bdaebe4298caafa700
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:57:f9:c7:1a:cc:b1:ea:85:c4:d9:14:d6:52:
                    16:b3:b4:11:57:57:47:c5:42:dc:f0:21:f6:a9:9e:
                    c0:f2:51:6d:34:9b:c4:1b:0a:c5:fe:bb:d8:5b:72:
                    51:58:34:35:80:5c:9d:55:96:07:c1:36:23:a2:b4:
                    01:ac:ba:bf:e5:a0:ab:87:49:92:3c:8f:01:49:8d:
                    6b:0a:7d:03:78:6f:8b:52:82:5e:d7:68:aa:ba:3d:
                    13:d5:7e:a3:98:ae:80:f4:46:85:e4:4f:17:87:57:
                    fe:2f:39:4c:20:c5:a6:3f:5b:3f:41:49:10:2d:7e:
                    66:54:44:de:a8:4c:e6:63:35:50:0b:b7:2b:a7:35:
                    62:43:08:05:3f:07:57:4b:0b:71:ee:c3:26:4d:92:
                    0c:d3:4e:57:61:6d:1a:3d:89:58:6d:04:d0:24:9c:
                    91:9c:44:71:21:42:c5:7d:11:81:8b:70:cd:de:18:
                    b3:ed:30:54:8c:ef:c5:f6:c3:73:1c:17:9a:2e:e2:
                    64:fe:9f:06:b3:a2:40:c9:bd:8e:ac:5f:a0:0b:52:
                    ea:28:34:20:9f:22:90:1c:6e:20:39:42:30:14:42:
                    77:21:5b:6a:6e:e0:ed:c4:9b:e2:66:51:02:ce:7d:
                    73:12:03:13:56:4b:93:98:fc:89:da:70:c2:ea:dc:
                    65:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:94:3D:9C:1A:27:31:09:C4:B7:F3:BD:AE:BE:42:98:CA:AF:A7:00
            X509v3 Authority Key Identifier:
                keyid:DC:0E:25:E1:7A:51:69:69:23:A5:C0:29:66:78:74:09:AA:C9:AA:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3A4l4XpRaWkjpcApZnh0CarJqjY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/2cc46c-8c51-4330-b623-1835cc8a1d9d/1/yJQ9nBonMQnEt_O9rr5CmMqvpwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/2cc46c-8c51-4330-b623-1835cc8a1d9d/1/3A4l4XpRaWkjpcApZnh0CarJqjY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.230.201.0/24
                  212.86.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:6e:ce:78:17:f1:20:b9:bb:f3:f6:bc:5b:bf:1c:ce:3f:db:
         18:ad:25:5b:20:89:6a:80:cd:3f:3b:6b:33:97:4b:5c:50:48:
         6f:e3:d7:b2:ae:ce:64:16:8f:c6:42:4e:58:2e:a6:58:3a:98:
         83:8b:8b:49:de:6f:f4:f7:d6:d8:89:0c:eb:7c:e4:ec:a4:57:
         57:40:b1:c1:ca:08:17:01:61:93:1e:c7:f3:45:41:66:4f:fe:
         1b:c5:30:31:73:56:c8:76:cd:c5:ff:ef:99:50:0a:d1:98:bf:
         54:98:61:2a:33:a2:ac:4c:cc:33:33:43:66:fa:dd:a7:e6:ac:
         bf:2f:23:1c:2b:af:96:9f:da:92:38:e2:60:85:98:db:b2:a4:
         1f:54:f9:01:a9:9f:d5:03:98:1f:24:de:41:9f:25:08:be:e0:
         6e:a3:bf:74:1e:f6:e9:c7:dc:79:af:08:30:77:a9:5e:34:0b:
         ed:a1:33:e2:86:88:4e:9a:d9:a6:75:9c:68:53:4b:af:4c:89:
         a0:1e:92:e6:dd:18:4f:20:21:f4:62:b3:43:8e:f4:4d:b3:a6:
         08:fa:65:6b:4e:fb:ea:7d:05:42:a3:4b:99:b6:aa:2c:b8:c8:
         c4:82:55:7e:ad:ae:65:a3:76:71:f2:4a:99:b2:03:65:dd:3f:
         3a:a2:ce:90
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6N5E2gm+0vJvZ/IUqbhpQXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMGUyNWUxN2E1MTY5NjkyM2E1YzAyOTY2Nzg3NDA5YWFj
OWFhMzYwHhcNMjYwNjAzMTQzMDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODk0M2Q5YzFhMjczMTA5YzRiN2YzYmRhZWJlNDI5OGNhYWZhNzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylf5xxrMseqFxNkU1lIWs7QRV1dH
xULc8CH2qZ7A8lFtNJvEGwrF/rvYW3JRWDQ1gFydVZYHwTYjorQBrLq/5aCrh0mS
PI8BSY1rCn0DeG+LUoJe12iquj0T1X6jmK6A9EaF5E8Xh1f+LzlMIMWmP1s/QUkQ
LX5mVETeqEzmYzVQC7crpzViQwgFPwdXSwtx7sMmTZIM005XYW0aPYlYbQTQJJyR
nERxIULFfRGBi3DN3hiz7TBUjO/F9sNzHBeaLuJk/p8Gs6JAyb2OrF+gC1LqKDQg
nyKQHG4gOUIwFEJ3IVtqbuDtxJviZlECzn1zEgMTVkuTmPyJ2nDC6txlJQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMiUPZwaJzEJxLfzva6+QpjKr6cAMB8GA1UdIwQY
MBaAFNwOJeF6UWlpI6XAKWZ4dAmqyao2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0E0bDRYcFJhV2tqcGNBcFpuaDBDYXJKcWpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS8yY2M0NmMtOGM1MS00MzMwLWI2MjMt
MTgzNWNjOGExZDlkLzEveUpROW5Cb25NUW5FdF9POXJyNUNtTXF2cHdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS8yY2M0NmMtOGM1MS00MzMwLWI2MjMtMTgzNWNjOGExZDlk
LzEvM0E0bDRYcFJhV2tqcGNBcFpuaDBDYXJKcWpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJebJAwQA
1FZjMA0GCSqGSIb3DQEBCwUAA4IBAQAQbs54F/Egubvz9rxbvxzOP9sYrSVbIIlq
gM0/O2szl0tcUEhv49eyrs5kFo/GQk5YLqZYOpiDi4tJ3m/099bYiQzrfOTspFdX
QLHByggXAWGTHsfzRUFmT/4bxTAxc1bIds3F/++ZUArRmL9UmGEqM6KsTMwzM0Nm
+t2n5qy/LyMcK6+Wn9qSOOJghZjbsqQfVPkBqZ/VA5gfJN5BnyUIvuBuo790Hvbp
x9x5rwgwd6leNAvtoTPihohOmtmmdZxoU0uvTImgHpLm3RhPICH0YrNDjvRNs6YI
+mVrTvvqfQVCo0uZtqosuMjEglV+ra5lo3Zx8kqZsgNl3T86os6Q
-----END CERTIFICATE-----