Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/5171c7-8dfc-4d11-ae22-c28be483878a/1/yn22QITeYuSiQ4etW04NOKsyiwg.roa
File:                     yn22QITeYuSiQ4etW04NOKsyiwg.roa (raw, json)
Hash identifier:          Hhng+JY/6IvIYBVuvykD/FKUSe2wsbGUoRKGJNpfZo8=
Subject key identifier:   CA:7D:B6:40:84:DE:62:E4:A2:43:87:AD:5B:4E:0D:38:AB:32:8B:08
Certificate issuer:       /CN=7bf7ace5530e5d50907d2ddb435bf29b4df1d6e4
Certificate serial:       019B7835582E12FE31C6FEB5B365681BE0B4
Authority key identifier: 7B:F7:AC:E5:53:0E:5D:50:90:7D:2D:DB:43:5B:F2:9B:4D:F1:D6:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e_es5VMOXVCQfS3bQ1vym03x1uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/5171c7-8dfc-4d11-ae22-c28be483878a/1/yn22QITeYuSiQ4etW04NOKsyiwg.roa
Signing time:             Thu 01 Jan 2026 06:18:40 +0000
ROA not before:           Thu 01 Jan 2026 06:18:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199969
IP address blocks:        195.88.122.0/24 maxlen: 24
                          195.88.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/5171c7-8dfc-4d11-ae22-c28be483878a/1/e_es5VMOXVCQfS3bQ1vym03x1uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/5171c7-8dfc-4d11-ae22-c28be483878a/1/e_es5VMOXVCQfS3bQ1vym03x1uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e_es5VMOXVCQfS3bQ1vym03x1uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:58:2e:12:fe:31:c6:fe:b5:b3:65:68:1b:e0:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bf7ace5530e5d50907d2ddb435bf29b4df1d6e4
        Validity
            Not Before: Jan  1 06:18:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca7db64084de62e4a24387ad5b4e0d38ab328b08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ea:71:9a:e6:4b:d9:11:24:42:10:a6:47:3e:
                    df:39:d7:68:7f:01:9d:34:d8:c4:c4:44:2b:d4:2a:
                    a3:c0:b2:04:0a:f9:65:74:dc:55:2f:cf:a5:e8:e1:
                    17:6b:2a:ec:3f:e5:9f:1e:45:47:f3:7c:90:8d:4f:
                    4b:69:19:18:b3:62:ed:3a:8c:ce:a0:2a:ad:61:e5:
                    6c:88:04:b6:1b:8f:c9:ea:df:4c:23:9c:49:df:17:
                    77:f2:be:91:7b:7b:29:22:4e:42:9e:11:36:82:a0:
                    b9:9e:91:2c:bb:1b:aa:54:bf:c1:97:c1:a0:e2:78:
                    52:e0:eb:01:9d:f3:c5:b1:e8:04:6e:73:bf:ca:72:
                    31:af:26:6b:0f:c3:7e:a8:ab:00:c3:73:69:eb:cf:
                    ea:63:f9:44:8e:9d:81:cf:86:59:fc:94:87:ab:17:
                    3a:89:db:2f:61:fd:b3:a3:af:38:9d:ad:74:13:ef:
                    c5:e6:3e:c7:ef:33:bb:d6:d4:59:fc:7e:1e:dd:96:
                    47:30:35:e0:eb:50:27:56:22:64:c5:6f:74:d8:72:
                    a0:98:42:72:74:de:83:20:7f:2d:f8:aa:fc:a3:9b:
                    2d:d9:8b:d5:97:40:e2:40:5c:4b:43:64:f7:31:dd:
                    b0:84:20:4a:2d:f8:26:da:7b:b2:1d:2f:e2:b4:1e:
                    73:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:7D:B6:40:84:DE:62:E4:A2:43:87:AD:5B:4E:0D:38:AB:32:8B:08
            X509v3 Authority Key Identifier:
                keyid:7B:F7:AC:E5:53:0E:5D:50:90:7D:2D:DB:43:5B:F2:9B:4D:F1:D6:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e_es5VMOXVCQfS3bQ1vym03x1uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/5171c7-8dfc-4d11-ae22-c28be483878a/1/yn22QITeYuSiQ4etW04NOKsyiwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/5171c7-8dfc-4d11-ae22-c28be483878a/1/e_es5VMOXVCQfS3bQ1vym03x1uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         72:5f:b6:cb:4f:86:34:11:3f:9d:b8:c0:ed:12:01:ee:60:2d:
         a4:15:e6:af:d1:60:5d:84:6b:e8:1f:4d:80:a3:eb:fc:47:57:
         49:0d:71:bc:42:d2:38:a0:50:7d:2b:06:ee:ec:a0:d9:7f:f0:
         d5:e4:b4:d5:fe:bd:70:42:46:ff:b1:a7:fd:1a:3d:da:7e:6a:
         5b:f7:63:db:80:0e:cf:f2:ff:a3:17:89:e3:01:94:bf:51:78:
         ba:d4:39:b1:a2:9e:37:1e:3b:d3:ba:5b:ed:78:d5:bc:52:41:
         60:8f:ee:33:fc:13:90:c7:aa:ca:b7:91:29:53:3b:1c:10:b1:
         cf:23:89:9f:a9:01:5c:cd:fa:23:67:91:a9:a2:ac:1f:1d:68:
         9a:09:18:b3:87:e3:16:36:f5:20:0b:cd:94:8a:68:18:24:12:
         dc:f2:75:77:5a:f9:cf:7f:57:b9:7f:42:fc:6e:44:f7:5b:a9:
         b0:75:57:33:5b:9f:97:05:d6:86:cc:49:17:52:66:a1:02:8a:
         da:77:cc:5c:f2:32:03:d6:e7:2d:11:18:b5:47:7d:11:75:ad:
         86:68:7e:d9:29:cf:76:83:f8:d7:10:3a:4e:10:0c:d9:66:ef:
         38:9e:08:ca:ee:49:8c:50:61:bb:a1:a2:1d:54:fe:b4:06:eb:
         6d:81:f2:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NVguEv4xxv61s2VoG+C0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiZjdhY2U1NTMwZTVkNTA5MDdkMmRkYjQzNWJmMjliNGRm
MWQ2ZTQwHhcNMjYwMTAxMDYxODQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTdkYjY0MDg0ZGU2MmU0YTI0Mzg3YWQ1YjRlMGQzOGFiMzI4YjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApepxmuZL2REkQhCmRz7fOddofwGd
NNjExEQr1CqjwLIECvlldNxVL8+l6OEXayrsP+WfHkVH83yQjU9LaRkYs2LtOozO
oCqtYeVsiAS2G4/J6t9MI5xJ3xd38r6Re3spIk5CnhE2gqC5npEsuxuqVL/Bl8Gg
4nhS4OsBnfPFsegEbnO/ynIxryZrD8N+qKsAw3Np68/qY/lEjp2Bz4ZZ/JSHqxc6
idsvYf2zo684na10E+/F5j7H7zO71tRZ/H4e3ZZHMDXg61AnViJkxW902HKgmEJy
dN6DIH8t+Kr8o5st2YvVl0DiQFxLQ2T3Md2whCBKLfgm2nuyHS/itB5z9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMp9tkCE3mLkokOHrVtODTirMosIMB8GA1UdIwQY
MBaAFHv3rOVTDl1QkH0t20Nb8ptN8dbkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZV9lczVWTU9YVkNRZlMzYlExdnltMDN4MXVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi81MTcxYzctOGRmYy00ZDExLWFlMjIt
YzI4YmU0ODM4NzhhLzEveW4yMlFJVGVZdVNpUTRldFcwNE5PS3N5aXdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi81MTcxYzctOGRmYy00ZDExLWFlMjItYzI4YmU0ODM4Nzhh
LzEvZV9lczVWTU9YVkNRZlMzYlExdnltMDN4MXVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw1h6MA0G
CSqGSIb3DQEBCwUAA4IBAQByX7bLT4Y0ET+duMDtEgHuYC2kFeav0WBdhGvoH02A
o+v8R1dJDXG8QtI4oFB9Kwbu7KDZf/DV5LTV/r1wQkb/saf9Gj3afmpb92PbgA7P
8v+jF4njAZS/UXi61Dmxop43HjvTulvteNW8UkFgj+4z/BOQx6rKt5EpUzscELHP
I4mfqQFczfojZ5GpoqwfHWiaCRizh+MWNvUgC82UimgYJBLc8nV3WvnPf1e5f0L8
bkT3W6mwdVczW5+XBdaGzEkXUmahAorad8xc8jID1uctERi1R30Rda2GaH7ZKc92
g/jXEDpOEAzZZu84ngjK7kmMUGG7oaIdVP60ButtgfJW
-----END CERTIFICATE-----