Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/51d4b5-c27d-4b7c-9070-721175d65eb8/1/yoaSvhM2SxGwNoRmYbo8QxuOKrI.roa
File:                     yoaSvhM2SxGwNoRmYbo8QxuOKrI.roa (raw, json)
Hash identifier:          O7GQTBOF8zlKkXvBbmCOA0WzhhAE8/z/eCQVBfl52Rg=
Subject key identifier:   CA:86:92:BE:13:36:4B:11:B0:36:84:66:61:BA:3C:43:1B:8E:2A:B2
Certificate issuer:       /CN=31518c7b54b44127083f626d3e1518f4454ce055
Certificate serial:       019B7F1577F42D72F4489B156C1F75800994
Authority key identifier: 31:51:8C:7B:54:B4:41:27:08:3F:62:6D:3E:15:18:F4:45:4C:E0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MVGMe1S0QScIP2JtPhUY9EVM4FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/51d4b5-c27d-4b7c-9070-721175d65eb8/1/yoaSvhM2SxGwNoRmYbo8QxuOKrI.roa
Signing time:             Fri 02 Jan 2026 14:21:11 +0000
ROA not before:           Fri 02 Jan 2026 14:21:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201473
IP address blocks:        185.218.206.0/24 maxlen: 25
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/51d4b5-c27d-4b7c-9070-721175d65eb8/1/MVGMe1S0QScIP2JtPhUY9EVM4FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/51d4b5-c27d-4b7c-9070-721175d65eb8/1/MVGMe1S0QScIP2JtPhUY9EVM4FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MVGMe1S0QScIP2JtPhUY9EVM4FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 11:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:77:f4:2d:72:f4:48:9b:15:6c:1f:75:80:09:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31518c7b54b44127083f626d3e1518f4454ce055
        Validity
            Not Before: Jan  2 14:21:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca8692be13364b11b036846661ba3c431b8e2ab2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:70:6b:db:3c:d4:50:5a:7b:76:ad:7c:b4:57:
                    39:b6:d4:9f:14:b7:3a:56:9a:6c:38:ab:38:c5:02:
                    3b:d6:59:05:93:66:75:f0:02:53:74:ab:3b:5a:ab:
                    28:d3:94:7c:e1:db:d3:96:38:37:72:cd:8b:52:ea:
                    e4:ba:f1:66:39:e9:54:4c:04:a4:8d:c1:90:60:52:
                    5a:02:24:d9:31:d4:8c:ae:c2:ab:a4:90:ec:a1:5e:
                    18:5a:3c:0b:93:49:c8:bf:92:e3:02:37:96:b7:ad:
                    45:b6:32:5e:dd:6b:fe:e5:1a:90:fe:0f:06:ce:24:
                    2b:f0:1b:89:42:c1:dc:1c:da:7d:4c:fc:cf:f4:16:
                    e1:3c:91:34:db:1c:7c:7c:4c:7b:22:45:ab:e4:da:
                    2e:6a:b8:9d:94:d5:8f:37:96:11:91:58:7d:52:33:
                    12:b8:c8:e9:80:52:81:8d:66:97:c4:be:a0:5c:dd:
                    41:96:e2:5d:8d:ba:bf:6e:c1:f6:1a:67:50:6a:c7:
                    1f:79:b4:74:fc:a3:74:86:c1:8d:15:37:41:de:e5:
                    d5:38:a6:46:9b:17:3e:cd:e6:57:5c:98:d2:2a:b6:
                    cc:10:a8:df:f2:71:c8:76:99:be:7e:e1:f6:6d:5d:
                    1c:60:79:80:2f:05:22:c7:25:81:48:21:29:d9:e5:
                    b0:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:86:92:BE:13:36:4B:11:B0:36:84:66:61:BA:3C:43:1B:8E:2A:B2
            X509v3 Authority Key Identifier:
                keyid:31:51:8C:7B:54:B4:41:27:08:3F:62:6D:3E:15:18:F4:45:4C:E0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MVGMe1S0QScIP2JtPhUY9EVM4FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/51d4b5-c27d-4b7c-9070-721175d65eb8/1/yoaSvhM2SxGwNoRmYbo8QxuOKrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/51d4b5-c27d-4b7c-9070-721175d65eb8/1/MVGMe1S0QScIP2JtPhUY9EVM4FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:13:a3:67:09:8b:ee:30:bb:9e:f6:5b:35:cc:a8:f8:7d:22:
         9a:3d:4e:72:f1:8c:f4:6c:d8:f9:bc:6c:a9:e7:ae:8c:71:26:
         56:a1:d5:80:a3:8d:96:03:a6:40:b9:63:ed:eb:4b:ee:9f:a3:
         a1:f4:ec:01:92:3d:56:c9:d7:e7:de:8c:39:5a:51:5e:cc:bb:
         71:90:df:e5:ab:d1:b4:47:aa:07:dd:e3:99:de:6d:2b:c7:f3:
         c9:e6:cd:b8:d1:27:2c:1f:7a:50:09:67:e4:fa:d0:57:d4:5a:
         46:29:e1:e6:72:b8:7b:6c:fb:dc:05:53:d5:a0:e3:b0:34:1b:
         60:fd:da:96:f8:3b:41:e3:bd:54:82:b8:f4:6f:e1:a0:0d:78:
         97:fb:bf:31:17:db:01:e1:ff:6a:94:b8:9b:a9:a7:be:b3:0d:
         e9:5f:54:11:03:6a:94:15:54:3c:c0:e5:fe:f7:fb:b7:5f:51:
         9a:62:11:e9:7b:c3:e1:ff:f4:1f:f6:30:14:57:14:68:d7:ca:
         02:1a:9b:b8:29:7c:1d:11:d1:ea:f8:e1:4b:6f:5e:1c:00:0f:
         47:d3:e6:79:e2:0e:e6:b7:ee:ea:37:43:8c:89:cc:2e:5a:c9:
         4b:cd:df:e3:92:27:98:99:ee:83:23:7c:9c:cb:02:9f:68:f2:
         6a:97:20:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FXf0LXL0SJsVbB91gAmUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxNTE4YzdiNTRiNDQxMjcwODNmNjI2ZDNlMTUxOGY0NDU0
Y2UwNTUwHhcNMjYwMTAyMTQyMTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTg2OTJiZTEzMzY0YjExYjAzNjg0NjY2MWJhM2M0MzFiOGUyYWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7HBr2zzUUFp7dq18tFc5ttSfFLc6
VppsOKs4xQI71lkFk2Z18AJTdKs7Wqso05R84dvTljg3cs2LUurkuvFmOelUTASk
jcGQYFJaAiTZMdSMrsKrpJDsoV4YWjwLk0nIv5LjAjeWt61FtjJe3Wv+5RqQ/g8G
ziQr8BuJQsHcHNp9TPzP9BbhPJE02xx8fEx7IkWr5NouaridlNWPN5YRkVh9UjMS
uMjpgFKBjWaXxL6gXN1BluJdjbq/bsH2GmdQascfebR0/KN0hsGNFTdB3uXVOKZG
mxc+zeZXXJjSKrbMEKjf8nHIdpm+fuH2bV0cYHmALwUixyWBSCEp2eWwVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMqGkr4TNksRsDaEZmG6PEMbjiqyMB8GA1UdIwQY
MBaAFDFRjHtUtEEnCD9ibT4VGPRFTOBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVZHTWUxUzBRU2NJUDJKdFBoVVk5RVZNNEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy81MWQ0YjUtYzI3ZC00YjdjLTkwNzAt
NzIxMTc1ZDY1ZWI4LzEveW9hU3ZoTTJTeEd3Tm9SbVlibzhReHVPS3JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy81MWQ0YjUtYzI3ZC00YjdjLTkwNzAtNzIxMTc1ZDY1ZWI4
LzEvTVZHTWUxUzBRU2NJUDJKdFBoVVk5RVZNNEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudrOMA0G
CSqGSIb3DQEBCwUAA4IBAQBYE6NnCYvuMLue9ls1zKj4fSKaPU5y8Yz0bNj5vGyp
566McSZWodWAo42WA6ZAuWPt60vun6Oh9OwBkj1Wydfn3ow5WlFezLtxkN/lq9G0
R6oH3eOZ3m0rx/PJ5s240ScsH3pQCWfk+tBX1FpGKeHmcrh7bPvcBVPVoOOwNBtg
/dqW+DtB471Ugrj0b+GgDXiX+78xF9sB4f9qlLibqae+sw3pX1QRA2qUFVQ8wOX+
9/u3X1GaYhHpe8Ph//Qf9jAUVxRo18oCGpu4KXwdEdHq+OFLb14cAA9H0+Z54g7m
t+7qN0OMicwuWslLzd/jkieYme6DI3ycywKfaPJqlyDZ
-----END CERTIFICATE-----