Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/4af7c1-50cb-479d-a377-007b447d4b39/1/yioBfIKpCAXHu9336TVjAd3X1RA.roa
File:                     yioBfIKpCAXHu9336TVjAd3X1RA.roa (raw, json)
Hash identifier:          hDhWVC4ZZYkJWpPcxwB/RaiXt1f4BNCF60m4AjA55Dw=
Subject key identifier:   CA:2A:01:7C:82:A9:08:05:C7:BB:DD:F7:E9:35:63:01:DD:D7:D5:10
Certificate issuer:       /CN=c18de4f2af8c7050e6e70e08a152573edd42e678
Certificate serial:       019B7C803CD22EEB235AE792D0640586505A
Authority key identifier: C1:8D:E4:F2:AF:8C:70:50:E6:E7:0E:08:A1:52:57:3E:DD:42:E6:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wY3k8q-McFDm5w4IoVJXPt1C5ng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/4af7c1-50cb-479d-a377-007b447d4b39/1/yioBfIKpCAXHu9336TVjAd3X1RA.roa
Signing time:             Fri 02 Jan 2026 02:18:57 +0000
ROA not before:           Fri 02 Jan 2026 02:18:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205740
IP address blocks:        2001:67c:c18::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/4af7c1-50cb-479d-a377-007b447d4b39/1/wY3k8q-McFDm5w4IoVJXPt1C5ng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/4af7c1-50cb-479d-a377-007b447d4b39/1/wY3k8q-McFDm5w4IoVJXPt1C5ng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wY3k8q-McFDm5w4IoVJXPt1C5ng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 08:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:3c:d2:2e:eb:23:5a:e7:92:d0:64:05:86:50:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c18de4f2af8c7050e6e70e08a152573edd42e678
        Validity
            Not Before: Jan  2 02:18:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca2a017c82a90805c7bbddf7e9356301ddd7d510
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:e4:e0:f3:75:c4:a7:bb:95:37:37:65:56:75:
                    bd:7d:5d:76:af:63:44:30:b7:3f:7d:45:a8:f3:8f:
                    3e:54:50:c0:d7:01:57:48:ec:52:ed:40:64:60:98:
                    00:94:16:60:51:78:13:dc:4f:38:2a:f5:b1:9a:14:
                    01:d5:21:89:7d:7d:a0:71:6a:e8:5e:08:0e:d5:0d:
                    dd:47:82:53:37:09:fc:fb:18:36:b1:43:1f:d4:c3:
                    38:50:7c:a9:db:96:d1:38:d8:74:2a:77:fd:bc:9e:
                    ce:7f:e7:c3:ca:fd:83:1b:97:22:a3:a2:aa:95:81:
                    70:ac:76:aa:84:86:50:11:10:77:08:c3:a7:68:55:
                    22:53:e7:08:ad:51:e7:55:f0:44:99:48:e8:3f:9e:
                    f6:19:6c:67:f3:59:d5:c6:6b:13:4e:34:8c:23:0d:
                    84:9a:da:4d:37:7f:1c:70:1e:c6:5e:cb:16:c0:2d:
                    f9:b4:a1:33:40:d9:82:bd:bc:eb:ab:3d:ff:7c:c7:
                    fb:68:60:27:a5:06:64:0c:60:55:42:01:f5:e3:57:
                    3f:02:12:49:4c:d0:fb:3b:c4:bc:28:31:3b:f8:bf:
                    eb:61:a5:73:a2:b5:fd:32:b0:59:d8:c9:3c:89:c8:
                    2c:41:2d:3a:a2:bd:54:51:39:ba:8e:13:19:8f:41:
                    9b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:2A:01:7C:82:A9:08:05:C7:BB:DD:F7:E9:35:63:01:DD:D7:D5:10
            X509v3 Authority Key Identifier:
                keyid:C1:8D:E4:F2:AF:8C:70:50:E6:E7:0E:08:A1:52:57:3E:DD:42:E6:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wY3k8q-McFDm5w4IoVJXPt1C5ng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/4af7c1-50cb-479d-a377-007b447d4b39/1/yioBfIKpCAXHu9336TVjAd3X1RA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/4af7c1-50cb-479d-a377-007b447d4b39/1/wY3k8q-McFDm5w4IoVJXPt1C5ng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:c18::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:b2:77:b7:33:fb:77:26:2e:27:dd:dc:57:0b:b4:7d:e1:80:
         b8:e0:c0:d6:76:8c:c1:a6:76:4e:68:1d:25:ed:6a:28:80:88:
         80:70:fd:f5:e2:56:f5:95:47:53:78:c5:d9:ce:a2:b0:08:c0:
         d0:5a:3a:ed:99:77:7f:e8:f6:db:94:c3:87:f9:55:e2:17:d1:
         43:06:5d:1b:78:35:fa:27:1c:03:d4:b0:fb:6d:56:90:42:34:
         3b:a1:b0:eb:fe:cb:1d:09:7c:99:b2:1a:7d:8b:07:b7:83:8b:
         09:f0:71:f8:9f:34:ab:64:49:8a:61:51:b8:33:db:fe:e1:f8:
         95:c0:e7:04:0f:d8:5b:8d:ad:5c:c4:27:4b:e0:4a:24:ef:6d:
         f7:81:2b:25:d7:3a:db:ad:11:16:ee:24:0c:0a:ac:93:78:a0:
         2e:14:27:77:9e:20:ae:6b:ab:23:59:92:f0:f0:6a:93:a1:6f:
         9f:7f:a3:01:33:68:a4:b2:dd:9d:e5:e4:bc:02:2e:fe:43:5f:
         20:14:84:d6:82:d2:e0:73:aa:23:b8:2a:1c:86:e3:b1:d1:4c:
         39:88:21:4f:a9:c4:f1:70:1f:37:d7:f1:e8:f5:be:e6:18:bb:
         8a:e9:75:71:ec:8e:09:e6:34:25:ec:58:6c:a9:33:68:55:cf:
         f3:b3:13:80
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt8gDzSLusjWueS0GQFhlBaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxOGRlNGYyYWY4YzcwNTBlNmU3MGUwOGExNTI1NzNlZGQ0
MmU2NzgwHhcNMjYwMTAyMDIxODU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTJhMDE3YzgyYTkwODA1YzdiYmRkZjdlOTM1NjMwMWRkZDdkNTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4+Tg83XEp7uVNzdlVnW9fV12r2NE
MLc/fUWo848+VFDA1wFXSOxS7UBkYJgAlBZgUXgT3E84KvWxmhQB1SGJfX2gcWro
XggO1Q3dR4JTNwn8+xg2sUMf1MM4UHyp25bRONh0Knf9vJ7Of+fDyv2DG5cio6Kq
lYFwrHaqhIZQERB3CMOnaFUiU+cIrVHnVfBEmUjoP572GWxn81nVxmsTTjSMIw2E
mtpNN38ccB7GXssWwC35tKEzQNmCvbzrqz3/fMf7aGAnpQZkDGBVQgH141c/AhJJ
TND7O8S8KDE7+L/rYaVzorX9MrBZ2Mk8icgsQS06or1UUTm6jhMZj0GbaQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMoqAXyCqQgFx7vd9+k1YwHd19UQMB8GA1UdIwQY
MBaAFMGN5PKvjHBQ5ucOCKFSVz7dQuZ4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1kzazhxLU1jRkRtNXc0SW9WSlhQdDFDNW5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni80YWY3YzEtNTBjYi00NzlkLWEzNzct
MDA3YjQ0N2Q0YjM5LzEveWlvQmZJS3BDQVhIdTkzMzZUVmpBZDNYMVJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni80YWY3YzEtNTBjYi00NzlkLWEzNzctMDA3YjQ0N2Q0YjM5
LzEvd1kzazhxLU1jRkRtNXc0SW9WSlhQdDFDNW5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAwY
MA0GCSqGSIb3DQEBCwUAA4IBAQCDsne3M/t3Ji4n3dxXC7R94YC44MDWdozBpnZO
aB0l7WoogIiAcP314lb1lUdTeMXZzqKwCMDQWjrtmXd/6PbblMOH+VXiF9FDBl0b
eDX6JxwD1LD7bVaQQjQ7obDr/ssdCXyZshp9iwe3g4sJ8HH4nzSrZEmKYVG4M9v+
4fiVwOcED9hbja1cxCdL4Eok7233gSsl1zrbrREW7iQMCqyTeKAuFCd3niCua6sj
WZLw8GqToW+ff6MBM2ikst2d5eS8Ai7+Q18gFITWgtLgc6ojuCochuOx0Uw5iCFP
qcTxcB831/Ho9b7mGLuK6XVx7I4J5jQl7FhsqTNoVc/zsxOA
-----END CERTIFICATE-----