Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/b41e9d-afbb-45fe-bc62-fd5f3f3b395e/1/yhrEM60mTBoZo2jYDcdeC80qq_4.roa
File:                     yhrEM60mTBoZo2jYDcdeC80qq_4.roa (raw, json)
Hash identifier:          f28L8yAejPgmHP7zxhH5BnZ3WGxqJ9qhYeMBFPjFOA0=
Subject key identifier:   CA:1A:C4:33:AD:26:4C:1A:19:A3:68:D8:0D:C7:5E:0B:CD:2A:AB:FE
Certificate issuer:       /CN=95348ff7b08ea3f9fe222d7f7ba13da27dcb6895
Certificate serial:       019B78A2F21B6561B0ADBB42F419E7D4B2A7
Authority key identifier: 95:34:8F:F7:B0:8E:A3:F9:FE:22:2D:7F:7B:A1:3D:A2:7D:CB:68:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lTSP97COo_n-Ii1_e6E9on3LaJU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/b41e9d-afbb-45fe-bc62-fd5f3f3b395e/1/yhrEM60mTBoZo2jYDcdeC80qq_4.roa
Signing time:             Thu 01 Jan 2026 08:18:23 +0000
ROA not before:           Thu 01 Jan 2026 08:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56523
IP address blocks:        91.224.224.0/23 maxlen: 23
                          185.38.221.0/24 maxlen: 24
                          2a04:7840::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/b41e9d-afbb-45fe-bc62-fd5f3f3b395e/1/lTSP97COo_n-Ii1_e6E9on3LaJU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/b41e9d-afbb-45fe-bc62-fd5f3f3b395e/1/lTSP97COo_n-Ii1_e6E9on3LaJU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lTSP97COo_n-Ii1_e6E9on3LaJU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:f2:1b:65:61:b0:ad:bb:42:f4:19:e7:d4:b2:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95348ff7b08ea3f9fe222d7f7ba13da27dcb6895
        Validity
            Not Before: Jan  1 08:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca1ac433ad264c1a19a368d80dc75e0bcd2aabfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:ab:05:8f:5d:39:a5:9a:e9:7a:fa:27:a5:42:
                    8e:2b:5c:30:9e:0c:de:f3:fb:4c:bf:af:7c:e6:db:
                    c8:22:a5:e1:e4:07:5c:33:69:4a:c5:de:d0:0b:94:
                    34:ee:a4:a9:91:d4:ba:bc:ac:21:37:4e:35:ca:10:
                    f1:c6:58:42:cb:f2:53:e3:15:ac:5d:32:97:66:ca:
                    6b:91:6e:c1:a1:40:4a:32:92:99:af:03:1d:bd:20:
                    ef:bc:43:14:95:61:05:4c:4f:42:6f:6f:c3:86:59:
                    de:0d:5f:5c:20:3b:a1:7f:3c:d5:ad:e4:31:ec:66:
                    92:fd:20:d3:2b:b8:a6:9a:52:6e:54:6b:e0:7c:93:
                    04:f2:c2:de:40:07:fe:ab:fd:4b:6f:25:ff:e2:3c:
                    f4:02:22:43:5d:02:89:e0:31:3e:58:15:d5:3f:68:
                    b0:ed:8a:c9:38:19:23:72:40:db:ed:d6:7c:06:a7:
                    a8:77:65:34:30:bc:31:2d:07:dd:31:ed:71:d2:b6:
                    16:0c:30:43:04:ea:c6:6c:a7:bc:78:ca:68:a2:3d:
                    37:d6:5a:30:d8:0e:ce:3a:76:2a:f6:31:24:79:99:
                    e9:21:21:2f:9d:9e:ac:be:bd:d6:83:70:91:27:17:
                    6b:20:06:07:75:1f:f5:de:b2:bd:04:d2:75:eb:a9:
                    1c:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:1A:C4:33:AD:26:4C:1A:19:A3:68:D8:0D:C7:5E:0B:CD:2A:AB:FE
            X509v3 Authority Key Identifier:
                keyid:95:34:8F:F7:B0:8E:A3:F9:FE:22:2D:7F:7B:A1:3D:A2:7D:CB:68:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lTSP97COo_n-Ii1_e6E9on3LaJU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/b41e9d-afbb-45fe-bc62-fd5f3f3b395e/1/yhrEM60mTBoZo2jYDcdeC80qq_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/b41e9d-afbb-45fe-bc62-fd5f3f3b395e/1/lTSP97COo_n-Ii1_e6E9on3LaJU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.224.0/23
                  185.38.221.0/24
                IPv6:
                  2a04:7840::/32

    Signature Algorithm: sha256WithRSAEncryption
         88:9d:93:65:80:15:56:66:2d:35:c5:7f:e4:6f:98:49:d2:65:
         7e:8d:5f:f5:fd:c3:71:1e:e9:27:68:1e:a4:f1:1f:64:ac:9f:
         34:91:74:ae:95:ae:0d:b3:71:fc:22:30:6e:4d:13:48:a8:5d:
         32:df:b6:ad:41:0b:9d:3c:a2:d8:19:85:97:7b:64:46:7b:91:
         f8:a6:0f:14:29:7a:82:92:68:02:0e:99:58:b9:e9:3a:56:c6:
         d4:72:01:44:0d:0c:c5:fc:b2:37:44:50:33:cb:60:02:dd:80:
         7e:a2:10:57:db:4a:58:ae:94:6e:41:60:7b:3d:ca:57:95:cc:
         55:5e:38:09:64:d1:b7:52:b5:1a:25:ea:bc:2d:03:3e:88:82:
         37:20:6f:38:0b:b7:37:e3:b9:ac:8b:7d:c4:84:1a:f9:bb:26:
         73:2c:29:48:60:74:5d:c8:33:9a:ad:9c:07:0d:f2:4e:14:6d:
         67:8d:c5:c1:ff:9d:f4:5e:77:d1:f1:4d:5a:81:6d:95:75:5a:
         a1:09:99:42:bc:bd:c6:e6:5b:1a:ac:5e:dc:0c:73:64:43:53:
         00:38:4e:0d:b0:85:c0:f0:f7:12:f2:de:2f:1c:cb:ff:48:f5:
         30:32:f9:ac:8c:a1:1b:e0:67:bc:ca:66:1a:18:56:5c:94:dd:
         05:dc:b6:56
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt4ovIbZWGwrbtC9Bnn1LKnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MzQ4ZmY3YjA4ZWEzZjlmZTIyMmQ3ZjdiYTEzZGEyN2Rj
YjY4OTUwHhcNMjYwMTAxMDgxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTFhYzQzM2FkMjY0YzFhMTlhMzY4ZDgwZGM3NWUwYmNkMmFhYmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5KsFj105pZrpevonpUKOK1wwngze
8/tMv6985tvIIqXh5AdcM2lKxd7QC5Q07qSpkdS6vKwhN041yhDxxlhCy/JT4xWs
XTKXZsprkW7BoUBKMpKZrwMdvSDvvEMUlWEFTE9Cb2/DhlneDV9cIDuhfzzVreQx
7GaS/SDTK7immlJuVGvgfJME8sLeQAf+q/1LbyX/4jz0AiJDXQKJ4DE+WBXVP2iw
7YrJOBkjckDb7dZ8Bqeod2U0MLwxLQfdMe1x0rYWDDBDBOrGbKe8eMpooj031low
2A7OOnYq9jEkeZnpISEvnZ6svr3Wg3CRJxdrIAYHdR/13rK9BNJ166kcmQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMoaxDOtJkwaGaNo2A3HXgvNKqv+MB8GA1UdIwQY
MBaAFJU0j/ewjqP5/iItf3uhPaJ9y2iVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFRTUDk3Q09vX24tSWkxX2U2RTlvbjNMYUpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9iNDFlOWQtYWZiYi00NWZlLWJjNjIt
ZmQ1ZjNmM2IzOTVlLzEveWhyRU02MG1UQm9abzJqWURjZGVDODBxcV80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9iNDFlOWQtYWZiYi00NWZlLWJjNjItZmQ1ZjNmM2IzOTVl
LzEvbFRTUDk3Q09vX24tSWkxX2U2RTlvbjNMYUpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBW+DgAwQA
uSbdMA0EAgACMAcDBQAqBHhAMA0GCSqGSIb3DQEBCwUAA4IBAQCInZNlgBVWZi01
xX/kb5hJ0mV+jV/1/cNxHuknaB6k8R9krJ80kXSula4Ns3H8IjBuTRNIqF0y37at
QQudPKLYGYWXe2RGe5H4pg8UKXqCkmgCDplYuek6VsbUcgFEDQzF/LI3RFAzy2AC
3YB+ohBX20pYrpRuQWB7PcpXlcxVXjgJZNG3UrUaJeq8LQM+iII3IG84C7c347ms
i33EhBr5uyZzLClIYHRdyDOarZwHDfJOFG1njcXB/530XnfR8U1agW2VdVqhCZlC
vL3G5lsarF7cDHNkQ1MAOE4NsIXA8PcS8t4vHMv/SPUwMvmsjKEb4Ge8ymYaGFZc
lN0F3LZW
-----END CERTIFICATE-----