Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/yyzkxnbQsXACg4Hgj1OyNmgYN7s.roa
File:                     yyzkxnbQsXACg4Hgj1OyNmgYN7s.roa (raw, json)
Hash identifier:          7O7N9ESv1nvBA7o3jbdmn9sXxZItHZJ3uGBLQAiWUXw=
Subject key identifier:   CB:2C:E4:C6:76:D0:B1:70:02:83:81:E0:8F:53:B2:36:68:18:37:BB
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019D5EB7A3991A2F81AF240976EAACC627B2
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/yyzkxnbQsXACg4Hgj1OyNmgYN7s.roa
Signing time:             Sun 05 Apr 2026 17:36:26 +0000
ROA not before:           Sun 05 Apr 2026 17:36:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        85.208.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 19:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:5e:b7:a3:99:1a:2f:81:af:24:09:76:ea:ac:c6:27:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Apr  5 17:36:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cb2ce4c676d0b170028381e08f53b236681837bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:7f:35:c3:6b:f7:cc:19:0d:5a:ba:f8:cb:aa:
                    ba:a8:b5:2e:c8:86:a7:3b:2d:cf:ab:0d:60:69:5a:
                    c0:fc:4b:18:29:69:25:47:22:68:4c:07:f6:33:32:
                    bf:07:fa:e3:5a:de:79:81:30:6b:0d:d1:20:50:fd:
                    5b:d5:f6:01:bb:c7:61:54:9c:e3:a9:ca:44:54:d4:
                    fc:5c:ff:d0:88:6b:5e:4a:07:f4:01:62:b7:0a:f2:
                    5c:53:f6:a6:f8:a9:76:4a:4d:e7:96:90:fc:36:ae:
                    66:61:e9:f1:09:55:1a:a2:b0:ee:98:25:7a:a3:35:
                    54:17:30:d4:79:26:ea:6a:0c:b3:db:be:56:1d:37:
                    4c:09:48:ab:26:72:85:ac:a7:9d:e5:d8:c8:28:75:
                    95:6c:0d:c3:33:82:51:c0:38:10:ed:24:98:de:e3:
                    6b:c9:7b:34:41:7a:5d:87:6f:55:2e:77:db:8b:6b:
                    1b:3a:f6:63:1a:58:b8:cc:ab:d8:61:bf:36:f3:e9:
                    20:b7:6a:5b:c8:f1:a1:c3:e9:94:d1:23:48:36:47:
                    f9:e2:66:8c:6c:86:2f:bb:a4:28:cd:fe:ad:98:77:
                    2b:df:49:f5:0d:0f:2f:af:0b:75:37:6f:c0:f7:4c:
                    3a:0a:ea:7e:44:53:2d:65:46:af:20:70:6d:e4:0e:
                    ff:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:2C:E4:C6:76:D0:B1:70:02:83:81:E0:8F:53:B2:36:68:18:37:BB
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/yyzkxnbQsXACg4Hgj1OyNmgYN7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:25:53:33:9c:a0:4e:02:88:0e:a4:cf:5d:16:1f:aa:9b:21:
         2c:33:40:64:0e:82:f7:2c:e4:1c:0e:17:7f:96:33:86:b9:8a:
         e8:32:b3:50:2f:1c:5c:f2:09:b1:88:24:59:4e:b1:c1:a6:93:
         71:f7:60:7b:41:9b:8b:2b:f9:51:4b:a8:94:46:17:0e:c6:15:
         05:f2:21:93:2c:3d:25:bf:46:6b:ca:d7:f3:7d:5b:1e:58:c9:
         d4:28:1d:e8:f7:8b:55:d4:b4:59:86:72:32:7b:74:0d:9f:fb:
         5a:2b:70:61:93:61:b2:a1:ef:07:25:d4:3b:eb:eb:93:12:95:
         29:e8:bf:29:7a:13:7e:18:4c:7c:65:54:c7:31:43:b1:e6:ee:
         9b:dc:d2:06:09:ce:a4:54:c3:07:24:eb:72:88:84:b3:7b:b5:
         8d:0a:7f:a9:fd:46:a5:d2:61:68:50:10:4d:09:41:6a:72:3b:
         57:ee:52:bb:28:31:59:44:dc:24:a1:89:41:5f:5a:44:d5:73:
         e6:e3:89:63:88:75:14:d3:d5:9b:50:df:f0:e9:fd:73:82:f7:
         18:7c:b8:85:c9:8c:cc:84:e9:31:6a:88:2e:d2:59:b8:87:11:
         f4:1c:06:70:b4:78:0d:97:78:10:a8:8c:2a:99:0b:6d:67:3c:
         85:2f:7a:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1et6OZGi+BryQJduqsxieyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjYwNDA1MTczNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjJjZTRjNjc2ZDBiMTcwMDI4MzgxZTA4ZjUzYjIzNjY4MTgzN2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuH81w2v3zBkNWrr4y6q6qLUuyIan
Oy3Pqw1gaVrA/EsYKWklRyJoTAf2MzK/B/rjWt55gTBrDdEgUP1b1fYBu8dhVJzj
qcpEVNT8XP/QiGteSgf0AWK3CvJcU/am+Kl2Sk3nlpD8Nq5mYenxCVUaorDumCV6
ozVUFzDUeSbqagyz275WHTdMCUirJnKFrKed5djIKHWVbA3DM4JRwDgQ7SSY3uNr
yXs0QXpdh29VLnfbi2sbOvZjGli4zKvYYb828+kgt2pbyPGhw+mU0SNINkf54maM
bIYvu6Qozf6tmHcr30n1DQ8vrwt1N2/A90w6Cup+RFMtZUavIHBt5A7/RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMss5MZ20LFwAoOB4I9TsjZoGDe7MB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEveXl6a3huYlFzWEFDZzRIZ2oxT3lObWdZTjdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdBpMA0G
CSqGSIb3DQEBCwUAA4IBAQCDJVMznKBOAogOpM9dFh+qmyEsM0BkDoL3LOQcDhd/
ljOGuYroMrNQLxxc8gmxiCRZTrHBppNx92B7QZuLK/lRS6iURhcOxhUF8iGTLD0l
v0ZrytfzfVseWMnUKB3o94tV1LRZhnIye3QNn/taK3Bhk2Gyoe8HJdQ76+uTEpUp
6L8pehN+GEx8ZVTHMUOx5u6b3NIGCc6kVMMHJOtyiISze7WNCn+p/Ual0mFoUBBN
CUFqcjtX7lK7KDFZRNwkoYlBX1pE1XPm44ljiHUU09WbUN/w6f1zgvcYfLiFyYzM
hOkxaogu0lm4hxH0HAZwtHgNl3gQqIwqmQttZzyFL3qR
-----END CERTIFICATE-----