Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/yybwBXyiz9EWNOxrwF0GcCKfX54.roa
File:                     yybwBXyiz9EWNOxrwF0GcCKfX54.roa (raw, json)
Hash identifier:          cgd3DDi76As8vDEWXPMuXF0S6L5gR4Q9w8jJpzj4LV0=
Subject key identifier:   CB:26:F0:05:7C:A2:CF:D1:16:34:EC:6B:C0:5D:06:70:22:9F:5F:9E
Certificate issuer:       /CN=2e252a477242fb45f20bb08020a403a2bb466a9b
Certificate serial:       019C08B168691B5214A526A8B0C78B0564DF
Authority key identifier: 2E:25:2A:47:72:42:FB:45:F2:0B:B0:80:20:A4:03:A2:BB:46:6A:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/yybwBXyiz9EWNOxrwF0GcCKfX54.roa
Signing time:             Thu 29 Jan 2026 07:39:30 +0000
ROA not before:           Thu 29 Jan 2026 07:39:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29049
IP address blocks:        85.132.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:08:b1:68:69:1b:52:14:a5:26:a8:b0:c7:8b:05:64:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e252a477242fb45f20bb08020a403a2bb466a9b
        Validity
            Not Before: Jan 29 07:39:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cb26f0057ca2cfd11634ec6bc05d0670229f5f9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:1f:10:ee:ce:85:e6:75:f0:72:ee:75:dc:1a:
                    cd:40:b7:db:3b:ce:49:2e:ce:c4:24:b6:87:af:2c:
                    1a:39:5b:bb:cb:9b:e5:c8:c7:11:0e:f7:5a:7c:30:
                    8d:15:63:e9:0e:42:6d:11:e6:9f:ee:44:1f:94:03:
                    ee:19:5e:64:dc:2d:f4:33:55:ab:aa:14:71:df:27:
                    c9:7e:4d:ae:ac:3e:83:50:7d:5e:cc:0b:a8:c5:1d:
                    be:0f:c0:cc:6f:f0:9d:c4:a0:be:22:d4:df:af:ab:
                    a5:d6:c0:0e:7b:2d:c7:81:ae:85:66:fb:88:f5:a0:
                    83:00:ec:fd:ee:5d:0a:9d:48:fd:5b:c7:3e:4a:8a:
                    de:6f:e1:fa:56:4f:ad:06:b7:78:c7:22:7b:3d:ad:
                    8c:8d:f8:23:20:07:66:e1:6a:46:a5:7c:e5:b5:80:
                    e4:35:47:ec:50:97:0f:d2:45:c1:e9:f3:5b:43:e0:
                    70:ef:07:e9:4c:87:4c:d4:8e:5b:8f:8d:60:d5:aa:
                    b9:64:3f:9c:2c:bf:1b:4a:54:5e:b6:24:75:e5:6d:
                    f0:25:00:bf:2d:96:18:d2:bc:b0:1a:e9:31:f9:ac:
                    e2:09:9c:cd:d7:3c:90:60:69:49:a1:7d:61:7a:3f:
                    78:d6:d9:32:8d:ef:ff:48:54:8a:20:92:b6:52:65:
                    ef:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:26:F0:05:7C:A2:CF:D1:16:34:EC:6B:C0:5D:06:70:22:9F:5F:9E
            X509v3 Authority Key Identifier:
                keyid:2E:25:2A:47:72:42:FB:45:F2:0B:B0:80:20:A4:03:A2:BB:46:6A:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/yybwBXyiz9EWNOxrwF0GcCKfX54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.132.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:f4:4d:8b:91:3b:3a:75:64:a6:77:b3:5a:ab:d7:6b:91:b9:
         89:d0:08:c6:2a:b8:ff:69:24:d1:72:ea:2d:a2:b8:04:12:a0:
         dd:00:b0:77:01:f8:3e:6f:62:86:9e:c1:71:f1:6c:74:91:ae:
         32:7f:d9:27:0b:06:52:63:e4:97:63:3e:05:52:bc:6c:f4:d0:
         61:0b:d7:8e:da:4d:8a:25:b8:8c:64:d6:8e:07:4a:fa:b9:0c:
         f5:fd:c6:e3:25:02:1a:62:6d:d9:56:14:8c:32:50:35:7b:a8:
         25:6f:67:7d:f0:e4:49:80:cf:99:24:b1:6e:1f:15:c8:b9:20:
         d3:c1:ce:5a:13:45:93:f1:27:7e:bb:93:5e:50:d3:79:18:92:
         0f:c2:a9:f2:cd:3f:53:40:b2:bf:98:fa:6c:cb:98:8b:f0:e0:
         ff:e5:54:21:21:0a:77:da:5b:2f:10:c5:1b:7b:e5:35:7f:3d:
         24:dd:06:db:05:01:09:6e:eb:33:ff:41:e4:c9:12:1e:80:f9:
         aa:77:0a:7e:5f:42:ce:5e:bc:a0:77:c1:3c:b3:a2:89:6d:2a:
         86:f0:af:bb:63:1d:41:da:cb:09:26:c5:a1:43:ba:26:cc:82:
         c9:21:74:eb:85:84:89:09:9f:37:d5:fa:95:eb:0a:52:2c:2a:
         0e:df:de:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwIsWhpG1IUpSaosMeLBWTfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMjUyYTQ3NzI0MmZiNDVmMjBiYjA4MDIwYTQwM2EyYmI0
NjZhOWIwHhcNMjYwMTI5MDczOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjI2ZjAwNTdjYTJjZmQxMTYzNGVjNmJjMDVkMDY3MDIyOWY1ZjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyx8Q7s6F5nXwcu513BrNQLfbO85J
Ls7EJLaHrywaOVu7y5vlyMcRDvdafDCNFWPpDkJtEeaf7kQflAPuGV5k3C30M1Wr
qhRx3yfJfk2urD6DUH1ezAuoxR2+D8DMb/CdxKC+ItTfr6ul1sAOey3Hga6FZvuI
9aCDAOz97l0KnUj9W8c+Soreb+H6Vk+tBrd4xyJ7Pa2MjfgjIAdm4WpGpXzltYDk
NUfsUJcP0kXB6fNbQ+Bw7wfpTIdM1I5bj41g1aq5ZD+cLL8bSlRetiR15W3wJQC/
LZYY0rywGukx+aziCZzN1zyQYGlJoX1hej941tkyje//SFSKIJK2UmXvmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMsm8AV8os/RFjTsa8BdBnAin1+eMB8GA1UdIwQY
MBaAFC4lKkdyQvtF8guwgCCkA6K7RmqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGlVcVIzSkMtMFh5QzdDQUlLUURvcnRHYXBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9iMTA1NjItMjZhMS00NjQ1LThkMmIt
MTZmMTQ2YmVmOTk1LzEveXlid0JYeWl6OUVXTk94cndGMEdjQ0tmWDU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9iMTA1NjItMjZhMS00NjQ1LThkMmItMTZmMTQ2YmVmOTk1
LzEvTGlVcVIzSkMtMFh5QzdDQUlLUURvcnRHYXBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVYRwMA0G
CSqGSIb3DQEBCwUAA4IBAQBf9E2LkTs6dWSmd7Naq9drkbmJ0AjGKrj/aSTRcuot
orgEEqDdALB3Afg+b2KGnsFx8Wx0ka4yf9knCwZSY+SXYz4FUrxs9NBhC9eO2k2K
JbiMZNaOB0r6uQz1/cbjJQIaYm3ZVhSMMlA1e6glb2d98ORJgM+ZJLFuHxXIuSDT
wc5aE0WT8Sd+u5NeUNN5GJIPwqnyzT9TQLK/mPpsy5iL8OD/5VQhIQp32lsvEMUb
e+U1fz0k3QbbBQEJbusz/0HkyRIegPmqdwp+X0LOXrygd8E8s6KJbSqG8K+7Yx1B
2ssJJsWhQ7omzILJIXTrhYSJCZ831fqV6wpSLCoO397C
-----END CERTIFICATE-----