Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/ae175a-1c00-4091-a061-9ba4ec31cb6b/1/yAn5EZSwJN77Q9_fywqivDRDN4Q.roa
File:                     yAn5EZSwJN77Q9_fywqivDRDN4Q.roa (raw, json)
Hash identifier:          8+hGym1zWMcvjrGgKZCXrAXD/oBVFk/QhBPlyt1XtWo=
Subject key identifier:   C8:09:F9:11:94:B0:24:DE:FB:43:DF:DF:CB:0A:A2:BC:34:43:37:84
Certificate issuer:       /CN=f589823ba14758007cde873af4bf47fd9c39737b
Certificate serial:       019D3EDBFD328E6F23142A7E3C5B58BCEAFB
Authority key identifier: F5:89:82:3B:A1:47:58:00:7C:DE:87:3A:F4:BF:47:FD:9C:39:73:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9YmCO6FHWAB83oc69L9H_Zw5c3s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/ae175a-1c00-4091-a061-9ba4ec31cb6b/1/yAn5EZSwJN77Q9_fywqivDRDN4Q.roa
Signing time:             Mon 30 Mar 2026 13:08:17 +0000
ROA not before:           Mon 30 Mar 2026 13:08:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6782
IP address blocks:        2a00:ff40::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/ae175a-1c00-4091-a061-9ba4ec31cb6b/1/9YmCO6FHWAB83oc69L9H_Zw5c3s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/ae175a-1c00-4091-a061-9ba4ec31cb6b/1/9YmCO6FHWAB83oc69L9H_Zw5c3s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9YmCO6FHWAB83oc69L9H_Zw5c3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 04:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3e:db:fd:32:8e:6f:23:14:2a:7e:3c:5b:58:bc:ea:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f589823ba14758007cde873af4bf47fd9c39737b
        Validity
            Not Before: Mar 30 13:08:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c809f91194b024defb43dfdfcb0aa2bc34433784
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:0c:38:3d:66:aa:c9:68:ad:13:85:f9:fe:b6:
                    49:bb:f9:99:2d:9a:26:6c:a6:60:64:13:eb:b9:f5:
                    34:dc:d5:5f:c9:21:ad:fd:3c:d0:17:40:2b:c9:c2:
                    92:33:ba:e0:a0:bb:0b:98:dc:0d:51:04:70:8d:6a:
                    11:97:a2:15:fb:71:16:76:45:6d:5f:28:b9:78:20:
                    e9:f5:2b:87:42:e9:eb:60:bf:01:07:f0:49:f6:bc:
                    71:d0:7c:c2:4e:6d:40:c7:3f:55:9b:29:49:99:a8:
                    bd:eb:8b:c5:38:cc:73:2b:e6:8f:bc:0c:45:ca:ff:
                    2e:7a:13:54:5e:df:28:67:d6:4f:ff:5a:8a:a8:c9:
                    6a:f3:08:99:b7:c4:58:a5:41:f1:a8:c0:73:95:f4:
                    26:3c:94:e4:5c:d5:4b:85:a0:14:10:40:7c:f7:b4:
                    7c:0a:36:e8:c2:3a:bb:34:94:2a:39:c5:8f:cd:71:
                    38:4a:ee:08:95:6b:7e:07:aa:69:98:83:18:c2:1d:
                    d3:78:6b:3f:db:74:ad:4a:1a:cc:d3:5a:6c:f6:69:
                    d1:0c:40:87:57:bd:dc:4e:4b:5a:4b:aa:19:fd:82:
                    be:d1:12:69:4d:2a:0e:6d:45:2f:23:97:d6:76:f0:
                    e6:93:ab:1a:94:61:8f:34:d0:2d:0d:30:8b:b8:ca:
                    cc:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:09:F9:11:94:B0:24:DE:FB:43:DF:DF:CB:0A:A2:BC:34:43:37:84
            X509v3 Authority Key Identifier:
                keyid:F5:89:82:3B:A1:47:58:00:7C:DE:87:3A:F4:BF:47:FD:9C:39:73:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9YmCO6FHWAB83oc69L9H_Zw5c3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/ae175a-1c00-4091-a061-9ba4ec31cb6b/1/yAn5EZSwJN77Q9_fywqivDRDN4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/ae175a-1c00-4091-a061-9ba4ec31cb6b/1/9YmCO6FHWAB83oc69L9H_Zw5c3s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:ff40::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:22:0c:58:95:2a:e9:2c:4c:9e:de:54:59:e4:35:d5:48:fd:
         3b:9d:8e:0e:22:5e:7f:80:93:1b:5c:56:f8:ef:32:db:ec:92:
         a8:db:f2:97:9d:a6:f0:5c:c4:72:87:41:f7:6b:cd:fc:46:c9:
         e3:e4:30:b8:44:d7:96:2e:86:fd:40:55:9a:9b:e3:47:c9:68:
         5d:99:1a:2a:0c:6a:85:c9:76:af:73:39:cd:65:fc:1e:d4:49:
         f0:2d:73:71:06:01:8f:97:f2:51:56:48:ce:42:ab:24:28:8b:
         c1:09:09:09:6b:66:c7:4a:63:40:a9:59:95:c7:08:f2:17:05:
         82:03:50:48:7d:84:4d:a9:85:a6:0f:14:a3:c5:07:aa:ca:75:
         ad:49:ef:3a:9e:4b:9a:ca:bd:7f:0f:3e:d3:47:53:e1:ae:cf:
         dd:48:b2:99:c5:b8:bc:a4:31:78:bc:11:f4:55:b2:f0:d1:b0:
         45:6e:43:ad:e4:42:0c:8d:55:4c:4a:8e:e0:99:fb:84:2e:b9:
         d5:be:49:1a:17:19:0b:79:a7:3c:cb:cd:f3:97:0c:64:40:0a:
         e2:25:76:95:99:55:81:ac:b5:d5:0a:3f:51:c1:5d:a6:bb:62:
         8d:10:e3:46:49:bf:e2:52:49:41:a5:de:3b:a0:4f:d7:63:3a:
         2e:e0:7b:cf
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ0+2/0yjm8jFCp+PFtYvOr7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ODk4MjNiYTE0NzU4MDA3Y2RlODczYWY0YmY0N2ZkOWMz
OTczN2IwHhcNMjYwMzMwMTMwODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODA5ZjkxMTk0YjAyNGRlZmI0M2RmZGZjYjBhYTJiYzM0NDMzNzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiAw4PWaqyWitE4X5/rZJu/mZLZom
bKZgZBPrufU03NVfySGt/TzQF0ArycKSM7rgoLsLmNwNUQRwjWoRl6IV+3EWdkVt
Xyi5eCDp9SuHQunrYL8BB/BJ9rxx0HzCTm1Axz9VmylJmai964vFOMxzK+aPvAxF
yv8uehNUXt8oZ9ZP/1qKqMlq8wiZt8RYpUHxqMBzlfQmPJTkXNVLhaAUEEB897R8
Cjbowjq7NJQqOcWPzXE4Su4IlWt+B6ppmIMYwh3TeGs/23StShrM01ps9mnRDECH
V73cTktaS6oZ/YK+0RJpTSoObUUvI5fWdvDmk6salGGPNNAtDTCLuMrMNwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMgJ+RGUsCTe+0Pf38sKorw0QzeEMB8GA1UdIwQY
MBaAFPWJgjuhR1gAfN6HOvS/R/2cOXN7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVltQ082RkhXQUI4M29jNjlMOUhfWnc1YzNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9hZTE3NWEtMWMwMC00MDkxLWEwNjEt
OWJhNGVjMzFjYjZiLzEveUFuNUVaU3dKTjc3UTlfZnl3cWl2RFJETjRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9hZTE3NWEtMWMwMC00MDkxLWEwNjEtOWJhNGVjMzFjYjZi
LzEvOVltQ082RkhXQUI4M29jNjlMOUhfWnc1YzNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgD/QDAN
BgkqhkiG9w0BAQsFAAOCAQEABiIMWJUq6SxMnt5UWeQ11Uj9O52ODiJef4CTG1xW
+O8y2+ySqNvyl52m8FzEcodB92vN/EbJ4+QwuETXli6G/UBVmpvjR8loXZkaKgxq
hcl2r3M5zWX8HtRJ8C1zcQYBj5fyUVZIzkKrJCiLwQkJCWtmx0pjQKlZlccI8hcF
ggNQSH2ETamFpg8Uo8UHqsp1rUnvOp5Lmsq9fw8+00dT4a7P3UiymcW4vKQxeLwR
9FWy8NGwRW5DreRCDI1VTEqO4Jn7hC651b5JGhcZC3mnPMvN85cMZEAK4iV2lZlV
gay11Qo/UcFdprtijRDjRkm/4lJJQaXeO6BP12M6LuB7zw==
-----END CERTIFICATE-----