Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/dcc2b4-9ded-4678-8398-ab79a3789f8f/1/yvpIZfiXJrwugGnY8W0FyE6MSYY.roa
File:                     yvpIZfiXJrwugGnY8W0FyE6MSYY.roa (raw, json)
Hash identifier:          DTFYVK7K9TZPbDz7/73V8tXEHb2zMN5hyl3mObjqscw=
Subject key identifier:   CA:FA:48:65:F8:97:26:BC:2E:80:69:D8:F1:6D:05:C8:4E:8C:49:86
Certificate issuer:       /CN=700a1231d1c27a754e46ef10e92a730ae15d0f55
Certificate serial:       019D5241348120B7211BE450C0EC4257265D
Authority key identifier: 70:0A:12:31:D1:C2:7A:75:4E:46:EF:10:E9:2A:73:0A:E1:5D:0F:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cAoSMdHCenVORu8Q6SpzCuFdD1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/dcc2b4-9ded-4678-8398-ab79a3789f8f/1/yvpIZfiXJrwugGnY8W0FyE6MSYY.roa
Signing time:             Fri 03 Apr 2026 07:31:38 +0000
ROA not before:           Fri 03 Apr 2026 07:31:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56544
IP address blocks:        217.11.140.0/23 maxlen: 23
                          217.11.142.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/dcc2b4-9ded-4678-8398-ab79a3789f8f/1/cAoSMdHCenVORu8Q6SpzCuFdD1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/dcc2b4-9ded-4678-8398-ab79a3789f8f/1/cAoSMdHCenVORu8Q6SpzCuFdD1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cAoSMdHCenVORu8Q6SpzCuFdD1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 04:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:52:41:34:81:20:b7:21:1b:e4:50:c0:ec:42:57:26:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=700a1231d1c27a754e46ef10e92a730ae15d0f55
        Validity
            Not Before: Apr  3 07:31:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cafa4865f89726bc2e8069d8f16d05c84e8c4986
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:e6:59:b3:83:37:5e:f2:35:82:e5:c7:e8:0d:
                    74:7e:3a:d8:ce:ba:a4:a3:be:0f:f3:ca:ed:20:20:
                    11:a8:5d:41:f5:9f:f2:6f:83:a1:43:3e:f4:cd:89:
                    20:71:a2:bf:1a:b6:2d:3e:28:3a:f3:d8:b7:8b:3b:
                    fd:cf:01:26:2d:33:b8:10:bf:26:d8:f3:ad:68:20:
                    a5:a9:20:e2:e8:82:13:47:2c:85:a8:66:5f:54:68:
                    81:47:36:95:2c:1e:82:6f:5b:f1:5e:0c:5e:a4:a1:
                    4a:db:2b:aa:8b:f3:5d:46:47:f6:c8:48:31:17:f6:
                    e3:3e:c9:b7:0a:35:e8:08:6c:d2:ae:93:92:ff:59:
                    04:8e:7f:bf:3b:30:d7:62:ad:98:29:75:a8:16:30:
                    00:ee:ec:cf:ee:37:9d:a4:d5:e2:6f:2c:24:cc:14:
                    98:c5:dd:48:f4:f5:33:c6:b5:f6:94:c4:74:80:79:
                    b0:94:45:c3:c2:b5:00:db:11:7e:39:5f:8a:30:2b:
                    d1:86:fa:d3:84:75:71:63:d8:3d:8a:8e:92:8f:99:
                    4f:87:a6:cb:74:9d:79:96:40:d0:e7:ff:ab:06:f2:
                    bd:af:06:3b:2e:53:46:77:6b:c1:da:8a:e0:fb:52:
                    18:53:a9:50:ef:e7:25:5d:2e:6b:40:be:94:ea:58:
                    67:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:FA:48:65:F8:97:26:BC:2E:80:69:D8:F1:6D:05:C8:4E:8C:49:86
            X509v3 Authority Key Identifier:
                keyid:70:0A:12:31:D1:C2:7A:75:4E:46:EF:10:E9:2A:73:0A:E1:5D:0F:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cAoSMdHCenVORu8Q6SpzCuFdD1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/dcc2b4-9ded-4678-8398-ab79a3789f8f/1/yvpIZfiXJrwugGnY8W0FyE6MSYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/dcc2b4-9ded-4678-8398-ab79a3789f8f/1/cAoSMdHCenVORu8Q6SpzCuFdD1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.11.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:51:ac:fe:93:26:22:cf:66:8d:6a:32:29:79:34:8a:82:4c:
         b8:f5:5c:56:ec:52:13:65:70:c6:09:5f:b2:e4:10:6f:4c:ab:
         fb:b0:19:91:36:bf:17:a3:96:92:1b:1a:05:b9:09:f3:eb:3b:
         21:02:a5:77:6b:dc:d8:7c:f0:0d:15:30:c5:fc:74:b9:7b:be:
         fb:ac:22:52:c5:f5:e1:8d:71:60:94:53:c7:a7:53:90:cb:9f:
         51:51:3c:47:f5:66:a0:67:5a:32:48:5f:18:d5:c9:ec:ad:67:
         4a:40:cd:b0:1b:50:50:3b:2e:db:06:29:d3:70:a1:35:ff:13:
         fe:a1:ca:fd:55:81:01:e0:58:19:f2:99:0c:bf:69:47:0a:5d:
         15:a7:fe:8e:cc:06:23:fc:85:e8:8d:60:4c:4a:cf:92:ee:ae:
         b1:d1:56:5e:fb:15:6e:60:3e:1c:a4:89:59:01:b8:22:d2:ae:
         5e:19:af:b9:7a:15:69:8e:fc:28:67:5c:3c:f4:d0:2f:88:e4:
         90:05:88:db:73:31:1e:4d:80:bd:53:9d:1c:7a:1e:38:e9:d7:
         0d:f8:7e:b6:e7:5e:fd:6f:f9:5e:0c:20:ab:7c:e8:ee:a7:36:
         9b:78:0e:5b:1e:c0:ca:84:c2:54:d2:7f:f0:1c:3f:49:c1:91:
         b8:75:73:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1SQTSBILchG+RQwOxCVyZdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMGExMjMxZDFjMjdhNzU0ZTQ2ZWYxMGU5MmE3MzBhZTE1
ZDBmNTUwHhcNMjYwNDAzMDczMTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWZhNDg2NWY4OTcyNmJjMmU4MDY5ZDhmMTZkMDVjODRlOGM0OTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8eZZs4M3XvI1guXH6A10fjrYzrqk
o74P88rtICARqF1B9Z/yb4OhQz70zYkgcaK/GrYtPig689i3izv9zwEmLTO4EL8m
2POtaCClqSDi6IITRyyFqGZfVGiBRzaVLB6Cb1vxXgxepKFK2yuqi/NdRkf2yEgx
F/bjPsm3CjXoCGzSrpOS/1kEjn+/OzDXYq2YKXWoFjAA7uzP7jedpNXibywkzBSY
xd1I9PUzxrX2lMR0gHmwlEXDwrUA2xF+OV+KMCvRhvrThHVxY9g9io6Sj5lPh6bL
dJ15lkDQ5/+rBvK9rwY7LlNGd2vB2org+1IYU6lQ7+clXS5rQL6U6lhnHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMr6SGX4lya8LoBp2PFtBchOjEmGMB8GA1UdIwQY
MBaAFHAKEjHRwnp1TkbvEOkqcwrhXQ9VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0FvU01kSENlblZPUnU4UTZTcHpDdUZkRDFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9kY2MyYjQtOWRlZC00Njc4LTgzOTgt
YWI3OWEzNzg5ZjhmLzEveXZwSVpmaVhKcnd1Z0duWThXMEZ5RTZNU1lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9kY2MyYjQtOWRlZC00Njc4LTgzOTgtYWI3OWEzNzg5Zjhm
LzEvY0FvU01kSENlblZPUnU4UTZTcHpDdUZkRDFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2QuMMA0G
CSqGSIb3DQEBCwUAA4IBAQCAUaz+kyYiz2aNajIpeTSKgky49VxW7FITZXDGCV+y
5BBvTKv7sBmRNr8Xo5aSGxoFuQnz6zshAqV3a9zYfPANFTDF/HS5e777rCJSxfXh
jXFglFPHp1OQy59RUTxH9WagZ1oySF8Y1cnsrWdKQM2wG1BQOy7bBinTcKE1/xP+
ocr9VYEB4FgZ8pkMv2lHCl0Vp/6OzAYj/IXojWBMSs+S7q6x0VZe+xVuYD4cpIlZ
Abgi0q5eGa+5ehVpjvwoZ1w89NAviOSQBYjbczEeTYC9U50ceh446dcN+H625179
b/leDCCrfOjupzabeA5bHsDKhMJU0n/wHD9JwZG4dXMx
-----END CERTIFICATE-----