Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/ac3260-7069-44f2-9ea9-394ff928f570/1/YlfoTdAGtKVJRl62UD-WprjA018.roa
File:                     YlfoTdAGtKVJRl62UD-WprjA018.roa (raw, json)
Hash identifier:          tlZ2JEwQVRGsx8Mat6/7pCvodOthprr+noO3HnDM5w0=
Subject key identifier:   62:57:E8:4D:D0:06:B4:A5:49:46:5E:B6:50:3F:96:A6:B8:C0:D3:5F
Certificate issuer:       /CN=9e4fae6d2c25dd5f2fb16b4fbea284e6658c12ba
Certificate serial:       019B7EA5990DFBDF5075B47E800800905B1E
Authority key identifier: 9E:4F:AE:6D:2C:25:DD:5F:2F:B1:6B:4F:BE:A2:84:E6:65:8C:12:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nk-ubSwl3V8vsWtPvqKE5mWMEro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/ac3260-7069-44f2-9ea9-394ff928f570/1/YlfoTdAGtKVJRl62UD-WprjA018.roa
Signing time:             Fri 02 Jan 2026 12:19:00 +0000
ROA not before:           Fri 02 Jan 2026 12:19:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     196895
IP address blocks:        193.105.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/ac3260-7069-44f2-9ea9-394ff928f570/1/nk-ubSwl3V8vsWtPvqKE5mWMEro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/ac3260-7069-44f2-9ea9-394ff928f570/1/nk-ubSwl3V8vsWtPvqKE5mWMEro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nk-ubSwl3V8vsWtPvqKE5mWMEro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:99:0d:fb:df:50:75:b4:7e:80:08:00:90:5b:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e4fae6d2c25dd5f2fb16b4fbea284e6658c12ba
        Validity
            Not Before: Jan  2 12:19:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6257e84dd006b4a549465eb6503f96a6b8c0d35f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:59:f8:f5:72:f0:4d:1c:4a:b7:cc:52:2c:1a:
                    7f:23:1a:be:c3:f5:a3:22:1b:49:a8:69:f0:1c:fc:
                    63:10:59:e0:2b:98:ae:72:60:55:86:4d:ab:ef:6d:
                    00:d2:21:a2:f5:c5:0e:cb:8b:cc:4f:b7:26:19:cf:
                    e9:8b:fc:40:26:76:bc:b4:96:dd:75:8e:6c:7f:33:
                    99:8d:33:3d:7d:fd:f9:07:a7:d0:f2:1f:92:07:73:
                    c1:c6:9d:aa:c3:bf:16:6a:d2:a8:46:4b:e0:90:1b:
                    22:bb:9c:96:e6:b6:15:a7:18:57:90:09:7d:75:fc:
                    19:bf:a5:c5:81:5d:89:10:56:62:35:c6:a3:33:f1:
                    fa:9a:4d:a6:86:4d:af:f8:f5:0f:69:73:c5:d4:57:
                    a2:2b:d1:d2:f1:f2:eb:53:92:16:e1:fd:44:f8:92:
                    e7:68:3b:6e:04:57:98:4e:be:bf:5f:89:34:df:6e:
                    2c:18:44:42:c5:03:68:ed:ce:2c:d5:89:03:2d:be:
                    3d:55:eb:b2:50:75:01:da:4d:30:5a:82:0b:e7:31:
                    6a:54:90:20:29:1a:3b:d4:93:b8:98:3b:53:39:c5:
                    bb:0c:aa:6e:35:0f:de:69:31:b5:11:43:5b:f1:1f:
                    e0:43:fc:ab:e9:00:af:2e:10:40:73:39:26:27:ea:
                    ca:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:57:E8:4D:D0:06:B4:A5:49:46:5E:B6:50:3F:96:A6:B8:C0:D3:5F
            X509v3 Authority Key Identifier:
                keyid:9E:4F:AE:6D:2C:25:DD:5F:2F:B1:6B:4F:BE:A2:84:E6:65:8C:12:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nk-ubSwl3V8vsWtPvqKE5mWMEro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/ac3260-7069-44f2-9ea9-394ff928f570/1/YlfoTdAGtKVJRl62UD-WprjA018.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/ac3260-7069-44f2-9ea9-394ff928f570/1/nk-ubSwl3V8vsWtPvqKE5mWMEro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:93:5a:0e:0d:11:98:c1:7d:d6:7c:a9:28:ad:d1:09:06:3f:
         78:38:0b:49:57:74:f0:a5:fc:b5:ec:38:4f:4d:ac:59:ed:81:
         00:06:d1:5f:c3:03:1d:1e:19:50:c8:64:2c:b1:da:21:67:97:
         53:31:09:83:06:7a:95:1c:24:cf:d4:c4:24:a2:8d:a6:07:70:
         0c:37:6d:69:10:6a:9e:55:4c:29:95:03:ff:f9:f6:f1:a2:47:
         c0:8f:b2:53:ec:20:a3:da:26:a2:02:fe:c2:fe:35:f5:fa:6b:
         93:ab:0e:b2:80:fa:1f:7f:bb:11:8c:58:ad:32:51:eb:40:d5:
         0b:3f:a5:87:43:95:6f:fb:4e:cd:79:2b:40:8d:cc:62:4a:8b:
         dd:94:4b:5b:73:33:1e:ee:ca:79:52:c0:39:4c:8c:b3:1e:1e:
         bf:7a:c8:eb:12:80:13:a5:b6:57:25:dc:37:5e:0e:30:ed:28:
         f6:e8:68:96:d2:ea:a7:56:03:93:c2:ad:88:91:26:a7:c9:c0:
         5f:6b:2d:56:64:ee:4e:ee:01:dc:76:51:4a:54:fc:1a:f8:06:
         c5:e5:73:e1:52:fc:2b:7d:74:09:cb:40:c8:3c:fe:d5:9a:b8:
         1c:c3:7c:2a:f5:0e:c8:e6:d2:2f:bc:b0:38:03:5f:20:7c:b1:
         e6:c2:17:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pZkN+99QdbR+gAgAkFseMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNGZhZTZkMmMyNWRkNWYyZmIxNmI0ZmJlYTI4NGU2NjU4
YzEyYmEwHhcNMjYwMTAyMTIxOTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjU3ZTg0ZGQwMDZiNGE1NDk0NjVlYjY1MDNmOTZhNmI4YzBkMzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1n49XLwTRxKt8xSLBp/Ixq+w/Wj
IhtJqGnwHPxjEFngK5iucmBVhk2r720A0iGi9cUOy4vMT7cmGc/pi/xAJna8tJbd
dY5sfzOZjTM9ff35B6fQ8h+SB3PBxp2qw78WatKoRkvgkBsiu5yW5rYVpxhXkAl9
dfwZv6XFgV2JEFZiNcajM/H6mk2mhk2v+PUPaXPF1FeiK9HS8fLrU5IW4f1E+JLn
aDtuBFeYTr6/X4k0324sGERCxQNo7c4s1YkDLb49VeuyUHUB2k0wWoIL5zFqVJAg
KRo71JO4mDtTOcW7DKpuNQ/eaTG1EUNb8R/gQ/yr6QCvLhBAczkmJ+rKtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGJX6E3QBrSlSUZetlA/lqa4wNNfMB8GA1UdIwQY
MBaAFJ5Prm0sJd1fL7FrT76ihOZljBK6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmstdWJTd2wzVjh2c1d0UHZxS0U1bVdNRXJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9hYzMyNjAtNzA2OS00NGYyLTllYTkt
Mzk0ZmY5MjhmNTcwLzEvWWxmb1RkQUd0S1ZKUmw2MlVELVdwcmpBMDE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9hYzMyNjAtNzA2OS00NGYyLTllYTktMzk0ZmY5MjhmNTcw
LzEvbmstdWJTd2wzVjh2c1d0UHZxS0U1bVdNRXJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWkWMA0G
CSqGSIb3DQEBCwUAA4IBAQCak1oODRGYwX3WfKkordEJBj94OAtJV3Twpfy17DhP
TaxZ7YEABtFfwwMdHhlQyGQssdohZ5dTMQmDBnqVHCTP1MQkoo2mB3AMN21pEGqe
VUwplQP/+fbxokfAj7JT7CCj2iaiAv7C/jX1+muTqw6ygPoff7sRjFitMlHrQNUL
P6WHQ5Vv+07NeStAjcxiSovdlEtbczMe7sp5UsA5TIyzHh6/esjrEoATpbZXJdw3
Xg4w7Sj26GiW0uqnVgOTwq2IkSanycBfay1WZO5O7gHcdlFKVPwa+AbF5XPhUvwr
fXQJy0DIPP7Vmrgcw3wq9Q7I5tIvvLA4A18gfLHmwhdi
-----END CERTIFICATE-----