Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/Y19P_g-vBYYPjku8AAu-CeAzWW0.roa
File:                     Y19P_g-vBYYPjku8AAu-CeAzWW0.roa (raw, json)
Hash identifier:          0p9ZYZuTWuetqmVFdCZJU25sYbQjPpo04+Hro2GGGZA=
Subject key identifier:   63:5F:4F:FE:0F:AF:05:86:0F:8E:4B:BC:00:0B:BE:09:E0:33:59:6D
Certificate issuer:       /CN=90f25e6a6893f466d2695e90670c047443643701
Certificate serial:       019D4822FF19967BA791AFCB14011ABC78AA
Authority key identifier: 90:F2:5E:6A:68:93:F4:66:D2:69:5E:90:67:0C:04:74:43:64:37:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kPJeamiT9GbSaV6QZwwEdENkNwE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/Y19P_g-vBYYPjku8AAu-CeAzWW0.roa
Signing time:             Wed 01 Apr 2026 08:22:26 +0000
ROA not before:           Wed 01 Apr 2026 08:22:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     33915
IP address blocks:        94.168.0.0/16 maxlen: 16
                          94.168.0.0/17 maxlen: 17
                          94.168.0.0/18 maxlen: 18
                          94.168.64.0/18 maxlen: 18
                          94.168.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/kPJeamiT9GbSaV6QZwwEdENkNwE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/kPJeamiT9GbSaV6QZwwEdENkNwE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kPJeamiT9GbSaV6QZwwEdENkNwE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 17:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:48:22:ff:19:96:7b:a7:91:af:cb:14:01:1a:bc:78:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90f25e6a6893f466d2695e90670c047443643701
        Validity
            Not Before: Apr  1 08:22:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=635f4ffe0faf05860f8e4bbc000bbe09e033596d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:2a:82:75:5b:3a:f1:05:c9:22:f4:8f:9b:b4:
                    09:f8:23:55:63:44:03:91:16:dd:cc:53:68:04:00:
                    aa:57:ea:27:f9:fa:c5:3f:28:dd:96:74:11:96:3a:
                    b4:3c:16:e1:8c:73:37:e2:ec:2d:72:ef:32:e2:70:
                    06:7e:cd:46:4f:47:b1:e8:2c:f5:8f:29:2e:d7:30:
                    b0:5b:fe:cb:13:89:2b:33:37:07:12:60:cf:6f:4f:
                    53:36:7a:59:44:70:f2:1c:43:07:31:42:62:90:d9:
                    72:5a:1b:e2:52:78:82:db:c8:e5:4c:3d:0a:f6:a3:
                    42:f8:9f:21:63:88:3a:68:20:56:92:8c:0e:68:d1:
                    a8:4e:fe:87:66:39:78:02:6e:75:6a:68:03:85:ce:
                    6e:68:68:68:38:10:6d:fa:3f:bc:49:c7:80:92:fe:
                    52:cd:d3:95:35:fa:2e:b0:7b:c7:2f:67:65:69:b3:
                    05:a4:25:37:ca:9f:b0:4d:9e:46:6f:b3:dd:ca:db:
                    a0:49:e2:33:44:bb:b9:b9:7f:6d:58:19:2e:5b:e3:
                    cc:b8:64:c6:28:84:56:a1:08:ab:76:86:09:b9:0e:
                    b9:f7:5a:7d:7b:d7:b1:96:21:47:7c:c7:16:5e:d3:
                    bd:65:58:d7:a8:c4:35:3e:b2:4e:16:8c:77:5d:d5:
                    79:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:5F:4F:FE:0F:AF:05:86:0F:8E:4B:BC:00:0B:BE:09:E0:33:59:6D
            X509v3 Authority Key Identifier:
                keyid:90:F2:5E:6A:68:93:F4:66:D2:69:5E:90:67:0C:04:74:43:64:37:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kPJeamiT9GbSaV6QZwwEdENkNwE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/Y19P_g-vBYYPjku8AAu-CeAzWW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/kPJeamiT9GbSaV6QZwwEdENkNwE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.168.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         75:18:e4:51:bf:1f:8f:9f:d6:fc:fd:10:45:3f:04:c4:d5:41:
         ba:1f:fd:44:bf:82:d6:e1:d4:3e:e6:44:14:b7:95:51:1b:13:
         a9:35:3c:4f:19:6b:00:50:ce:40:ca:09:13:ec:01:eb:14:ad:
         ba:dc:99:ce:b4:14:0f:28:92:0d:ed:c4:5b:65:f7:d5:d1:4d:
         64:bd:5f:2a:5c:05:a2:3f:c5:63:54:51:4c:09:8d:31:c6:cc:
         30:9c:2e:6f:85:cc:55:7f:fd:39:74:35:ba:7a:86:bc:c1:c4:
         ae:1c:7a:7f:40:d9:6e:3b:4e:ed:69:56:65:0f:4b:a8:3f:17:
         7d:b0:32:de:d1:2c:e4:2e:d3:91:97:e6:f7:86:69:60:af:97:
         36:a7:4e:8e:02:60:d6:93:22:b2:d7:c5:9a:4b:10:15:79:31:
         ed:db:f9:22:20:b8:11:09:19:37:bf:45:13:07:7b:33:13:c3:
         80:8a:ea:ec:6a:1d:fe:cb:ae:cb:86:38:d7:71:f5:dd:f4:11:
         43:b9:e5:6d:ce:02:e7:68:c8:7a:57:64:d3:43:06:dd:c7:46:
         c1:09:49:71:8f:7b:ef:d0:09:c3:c9:27:e0:f6:1a:9b:74:53:
         71:d7:3f:94:e2:9e:8e:b2:b8:86:3b:a0:2b:91:46:7a:a7:c5:
         eb:26:92:7a
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZ1IIv8Zlnunka/LFAEavHiqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwZjI1ZTZhNjg5M2Y0NjZkMjY5NWU5MDY3MGMwNDc0NDM2
NDM3MDEwHhcNMjYwNDAxMDgyMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzVmNGZmZTBmYWYwNTg2MGY4ZTRiYmMwMDBiYmUwOWUwMzM1OTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSqCdVs68QXJIvSPm7QJ+CNVY0QD
kRbdzFNoBACqV+on+frFPyjdlnQRljq0PBbhjHM34uwtcu8y4nAGfs1GT0ex6Cz1
jyku1zCwW/7LE4krMzcHEmDPb09TNnpZRHDyHEMHMUJikNlyWhviUniC28jlTD0K
9qNC+J8hY4g6aCBWkowOaNGoTv6HZjl4Am51amgDhc5uaGhoOBBt+j+8SceAkv5S
zdOVNfousHvHL2dlabMFpCU3yp+wTZ5Gb7PdytugSeIzRLu5uX9tWBkuW+PMuGTG
KIRWoQirdoYJuQ6591p9e9exliFHfMcWXtO9ZVjXqMQ1PrJOFox3XdV5QwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFGNfT/4PrwWGD45LvAALvgngM1ltMB8GA1UdIwQY
MBaAFJDyXmpok/Rm0mlekGcMBHRDZDcBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1BKZWFtaVQ5R2JTYVY2UVp3d0VkRU5rTndFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8wNGIxNjItNzA5OS00MDRkLTgzOTEt
M2IwYjRiOGEyOTgzLzEvWTE5UF9nLXZCWVlQamt1OEFBdS1DZUF6V1cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8wNGIxNjItNzA5OS00MDRkLTgzOTEtM2IwYjRiOGEyOTgz
LzEva1BKZWFtaVQ5R2JTYVY2UVp3d0VkRU5rTndFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAXqgwDQYJ
KoZIhvcNAQELBQADggEBAHUY5FG/H4+f1vz9EEU/BMTVQbof/US/gtbh1D7mRBS3
lVEbE6k1PE8ZawBQzkDKCRPsAesUrbrcmc60FA8okg3txFtl99XRTWS9XypcBaI/
xWNUUUwJjTHGzDCcLm+FzFV//Tl0Nbp6hrzBxK4cen9A2W47Tu1pVmUPS6g/F32w
Mt7RLOQu05GX5veGaWCvlzanTo4CYNaTIrLXxZpLEBV5Me3b+SIguBEJGTe/RRMH
ezMTw4CK6uxqHf7LrsuGONdx9d30EUO55W3OAudoyHpXZNNDBt3HRsEJSXGPe+/Q
CcPJJ+D2Gpt0U3HXP5Tino6yuIY7oCuRRnqnxesmkno=
-----END CERTIFICATE-----