Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/cYN_uJfjUQXVKgvH7NncztLMjQQ.roa
File:                     cYN_uJfjUQXVKgvH7NncztLMjQQ.roa (raw, json)
Hash identifier:          oZ3AL4FbWrO+OFNx0fhC+VjMp1JtdQW/M5s/iMtyiA0=
Subject key identifier:   71:83:7F:B8:97:E3:51:05:D5:2A:0B:C7:EC:D9:DC:CE:D2:CC:8D:04
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019DD77172C62FB20824C5EE33ADE509A90F
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/cYN_uJfjUQXVKgvH7NncztLMjQQ.roa
Signing time:             Wed 29 Apr 2026 04:13:49 +0000
ROA not before:           Wed 29 Apr 2026 04:13:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200566
IP address blocks:        194.87.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 03:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d7:71:72:c6:2f:b2:08:24:c5:ee:33:ad:e5:09:a9:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Apr 29 04:13:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=71837fb897e35105d52a0bc7ecd9dcced2cc8d04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:d9:da:e8:89:2e:eb:72:93:7c:e3:77:d7:71:
                    5f:bd:0c:d8:e1:d2:10:9f:59:58:f9:d7:ee:99:16:
                    2f:89:6f:cc:a0:d6:16:a5:a6:3a:d6:ff:b2:53:56:
                    b4:99:39:6f:84:fa:76:b7:b1:3c:f5:31:64:f1:73:
                    fd:e5:17:c6:48:11:02:d7:30:52:fb:40:80:a0:ff:
                    ca:81:03:93:fe:33:4d:08:42:ca:8c:3d:88:b4:a8:
                    0b:1d:0d:72:d4:82:e0:b4:a8:ec:79:e9:5e:1c:30:
                    38:63:c9:fd:7a:13:8d:6a:7a:99:b9:2d:c6:35:4d:
                    7e:90:9c:1c:31:15:9f:e4:a6:de:3d:77:1e:1a:43:
                    38:47:0e:d9:ab:98:c9:5b:e4:50:a6:05:03:8b:25:
                    bb:95:aa:ba:c7:95:c5:0e:65:a2:f0:6e:e0:1b:c0:
                    65:7e:ac:5b:8f:10:0e:b1:be:5d:e6:bb:8d:b9:81:
                    89:95:95:7c:09:8c:dc:71:a3:a7:11:46:9a:e7:56:
                    e6:88:0e:a0:42:65:7e:59:45:9e:39:8d:57:4c:ee:
                    4f:e0:67:fb:f4:4f:64:74:6d:f8:6e:b9:f2:cd:c2:
                    db:b1:a3:3b:9c:0b:ec:b9:b4:20:17:47:ac:da:4a:
                    74:c7:98:c0:f8:e3:9f:ce:1c:ac:0f:3a:4f:9c:e3:
                    49:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:83:7F:B8:97:E3:51:05:D5:2A:0B:C7:EC:D9:DC:CE:D2:CC:8D:04
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/cYN_uJfjUQXVKgvH7NncztLMjQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:c0:8b:a8:bd:4c:57:2b:76:2d:a6:25:d0:80:de:8a:33:7e:
         3a:17:2b:f8:df:52:64:8e:f0:ea:54:fa:6a:8a:6b:89:85:8e:
         01:0b:2b:85:cd:26:7f:fb:b2:3a:22:fb:d9:c4:2d:2e:a8:a0:
         4d:18:23:34:62:21:0e:81:f7:02:3c:ea:ec:6d:0f:96:ea:15:
         6b:64:bb:be:99:03:28:05:f9:e6:64:df:fc:e3:5a:01:16:e4:
         14:c2:c8:c3:d5:b6:8b:29:a7:4c:33:99:b2:ff:95:c5:e0:c7:
         f8:b3:2a:d4:4e:fe:53:b6:3f:f2:85:08:51:6c:ca:24:b0:f2:
         3a:e6:7a:2f:e2:57:d0:d4:7f:2c:b7:50:bc:83:59:ac:c1:36:
         9d:e6:20:54:62:e5:84:84:8f:9f:39:46:61:c7:f6:c1:d9:e2:
         64:10:76:ef:d2:c9:63:07:ea:ad:c4:36:62:93:e2:18:3e:f8:
         2c:81:4d:70:a7:2e:d9:e0:bc:e3:7e:85:e1:43:5f:70:fb:12:
         f1:af:0c:40:94:20:5d:44:16:dd:a1:b4:fc:6e:79:1f:39:18:
         59:bf:38:01:93:83:6a:8a:78:3a:48:a0:c1:07:95:f5:be:cf:
         8b:49:86:fe:1e:cb:f6:4c:4d:a2:5b:3c:e1:5f:e0:42:fe:f9:
         10:dd:72:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3XcXLGL7IIJMXuM63lCakPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwNDI5MDQxMzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTgzN2ZiODk3ZTM1MTA1ZDUyYTBiYzdlY2Q5ZGNjZWQyY2M4ZDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNna6Iku63KTfON313FfvQzY4dIQ
n1lY+dfumRYviW/MoNYWpaY61v+yU1a0mTlvhPp2t7E89TFk8XP95RfGSBEC1zBS
+0CAoP/KgQOT/jNNCELKjD2ItKgLHQ1y1ILgtKjseeleHDA4Y8n9ehONanqZuS3G
NU1+kJwcMRWf5KbePXceGkM4Rw7Zq5jJW+RQpgUDiyW7laq6x5XFDmWi8G7gG8Bl
fqxbjxAOsb5d5ruNuYGJlZV8CYzccaOnEUaa51bmiA6gQmV+WUWeOY1XTO5P4Gf7
9E9kdG34brnyzcLbsaM7nAvsubQgF0es2kp0x5jA+OOfzhysDzpPnONJsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHGDf7iX41EF1SoLx+zZ3M7SzI0EMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvY1lOX3VKZmpVUVhWS2d2SDdObmN6dExNalFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlc9MA0G
CSqGSIb3DQEBCwUAA4IBAQCPwIuovUxXK3YtpiXQgN6KM346Fyv431JkjvDqVPpq
imuJhY4BCyuFzSZ/+7I6IvvZxC0uqKBNGCM0YiEOgfcCPOrsbQ+W6hVrZLu+mQMo
BfnmZN/841oBFuQUwsjD1baLKadMM5my/5XF4Mf4syrUTv5Ttj/yhQhRbMoksPI6
5nov4lfQ1H8st1C8g1mswTad5iBUYuWEhI+fOUZhx/bB2eJkEHbv0sljB+qtxDZi
k+IYPvgsgU1wpy7Z4LzjfoXhQ19w+xLxrwxAlCBdRBbdobT8bnkfORhZvzgBk4Nq
ing6SKDBB5X1vs+LSYb+Hsv2TE2iWzzhX+BC/vkQ3XK2
-----END CERTIFICATE-----