Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/080e92-fffe-47d9-a6e2-c238eae0663b/1/Yw4KeJZQd4fDI6XgNROc612klZ8.roa
File:                     Yw4KeJZQd4fDI6XgNROc612klZ8.roa (raw, json)
Hash identifier:          ksqJ6JeWEi7OT1uotIS0TGh2mFny8Jt60myfEmkHw/w=
Subject key identifier:   63:0E:0A:78:96:50:77:87:C3:23:A5:E0:35:13:9C:EB:5D:A4:95:9F
Certificate issuer:       /CN=4f4b2aab1d67f6d4c058392b9137bd03228f7d2a
Certificate serial:       019E108B7B3C9E4F4CA59423EFE440FC13D6
Authority key identifier: 4F:4B:2A:AB:1D:67:F6:D4:C0:58:39:2B:91:37:BD:03:22:8F:7D:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T0sqqx1n9tTAWDkrkTe9AyKPfSo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/080e92-fffe-47d9-a6e2-c238eae0663b/1/Yw4KeJZQd4fDI6XgNROc612klZ8.roa
Signing time:             Sun 10 May 2026 06:20:36 +0000
ROA not before:           Sun 10 May 2026 06:20:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3303
IP address blocks:        185.58.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/080e92-fffe-47d9-a6e2-c238eae0663b/1/T0sqqx1n9tTAWDkrkTe9AyKPfSo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/080e92-fffe-47d9-a6e2-c238eae0663b/1/T0sqqx1n9tTAWDkrkTe9AyKPfSo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T0sqqx1n9tTAWDkrkTe9AyKPfSo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:10:8b:7b:3c:9e:4f:4c:a5:94:23:ef:e4:40:fc:13:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f4b2aab1d67f6d4c058392b9137bd03228f7d2a
        Validity
            Not Before: May 10 06:20:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=630e0a7896507787c323a5e035139ceb5da4959f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:30:da:28:54:a2:6c:35:30:24:e1:93:50:2b:
                    27:52:3e:43:76:74:24:68:bf:da:27:58:ba:a7:82:
                    cb:f5:e3:ef:77:a6:65:5d:35:c4:69:a4:da:1f:1c:
                    b9:37:b4:b3:19:d7:84:21:71:bd:bf:a4:de:9c:e7:
                    a3:25:ad:e2:90:80:e2:22:c0:7a:2b:37:01:13:1f:
                    f1:1c:92:01:8b:60:e4:ac:de:79:fb:64:36:42:44:
                    b9:07:64:15:03:e8:aa:c6:ec:98:6a:c2:cb:7a:e9:
                    79:3e:f9:80:b0:a9:84:b2:8d:3d:73:51:05:a5:91:
                    7c:5a:88:9d:49:8b:f0:3c:8d:28:bf:2d:db:1b:9a:
                    b6:99:05:72:67:16:3d:67:d4:10:42:dd:f6:93:68:
                    af:06:b4:9d:77:16:58:10:47:9f:e1:75:a5:d6:f3:
                    c4:66:57:95:ba:bd:ca:f4:be:11:b1:e6:8c:71:53:
                    8c:04:ea:0a:c0:a6:68:68:8e:24:81:9b:c3:6d:59:
                    df:44:9a:79:cc:56:ce:d8:d2:79:20:c4:23:5c:7b:
                    4f:20:03:c8:4f:9f:64:c6:b1:01:bc:f2:05:2d:3f:
                    fd:8b:88:46:eb:97:25:f5:ce:69:36:60:b4:ad:48:
                    16:df:cd:aa:4f:74:df:21:0d:5d:23:c9:35:37:3f:
                    97:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:0E:0A:78:96:50:77:87:C3:23:A5:E0:35:13:9C:EB:5D:A4:95:9F
            X509v3 Authority Key Identifier:
                keyid:4F:4B:2A:AB:1D:67:F6:D4:C0:58:39:2B:91:37:BD:03:22:8F:7D:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T0sqqx1n9tTAWDkrkTe9AyKPfSo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/080e92-fffe-47d9-a6e2-c238eae0663b/1/Yw4KeJZQd4fDI6XgNROc612klZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/080e92-fffe-47d9-a6e2-c238eae0663b/1/T0sqqx1n9tTAWDkrkTe9AyKPfSo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.58.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:3c:21:70:cf:40:60:10:6a:ff:11:30:8b:da:cf:9a:70:64:
         bd:17:dc:fd:ee:d5:c8:30:f8:2e:45:62:3a:40:4f:00:32:7e:
         81:0e:fc:a9:c3:26:49:f6:14:6b:df:18:eb:11:d6:15:14:e7:
         67:e4:d0:8c:bc:a5:11:ff:36:06:57:32:2b:63:f6:0b:97:10:
         e0:41:21:6d:a9:03:4d:8e:77:d8:11:cc:84:bc:36:42:dd:05:
         55:e9:c2:79:7c:59:5c:6e:7d:d9:ad:d5:a7:2f:51:13:6d:d4:
         fb:dc:eb:19:6e:4c:a6:48:30:b3:f6:96:44:3b:cd:34:6c:c0:
         f4:28:6e:87:32:5c:e2:fc:3c:17:4d:68:ee:39:e0:03:6a:9c:
         33:e6:3a:ca:58:89:f6:b1:c5:0b:d6:b2:dd:65:0c:b9:d3:11:
         5a:ef:5b:47:7b:a4:72:08:f8:bf:c7:6b:5b:3b:c4:13:b1:21:
         62:35:d3:b4:b3:b9:96:c2:8c:c0:24:fc:50:34:56:b7:00:43:
         5b:6a:32:73:66:b4:1d:fb:4d:1e:9b:48:17:d7:da:5b:4d:59:
         e2:b5:a7:a3:64:e4:73:17:48:8f:2d:18:69:3a:be:60:56:12:
         b8:72:8b:47:08:f5:4d:74:ea:df:87:3c:da:4b:4d:3f:47:a5:
         c3:ab:6c:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4Qi3s8nk9MpZQj7+RA/BPWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmNGIyYWFiMWQ2N2Y2ZDRjMDU4MzkyYjkxMzdiZDAzMjI4
ZjdkMmEwHhcNMjYwNTEwMDYyMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzBlMGE3ODk2NTA3Nzg3YzMyM2E1ZTAzNTEzOWNlYjVkYTQ5NTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTDaKFSibDUwJOGTUCsnUj5DdnQk
aL/aJ1i6p4LL9ePvd6ZlXTXEaaTaHxy5N7SzGdeEIXG9v6TenOejJa3ikIDiIsB6
KzcBEx/xHJIBi2DkrN55+2Q2QkS5B2QVA+iqxuyYasLLeul5PvmAsKmEso09c1EF
pZF8WoidSYvwPI0ovy3bG5q2mQVyZxY9Z9QQQt32k2ivBrSddxZYEEef4XWl1vPE
ZleVur3K9L4RseaMcVOMBOoKwKZoaI4kgZvDbVnfRJp5zFbO2NJ5IMQjXHtPIAPI
T59kxrEBvPIFLT/9i4hG65cl9c5pNmC0rUgW382qT3TfIQ1dI8k1Nz+XYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGMOCniWUHeHwyOl4DUTnOtdpJWfMB8GA1UdIwQY
MBaAFE9LKqsdZ/bUwFg5K5E3vQMij30qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDBzcXF4MW45dFRBV0RrcmtUZTlBeUtQZlNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC8wODBlOTItZmZmZS00N2Q5LWE2ZTIt
YzIzOGVhZTA2NjNiLzEvWXc0S2VKWlFkNGZESTZYZ05ST2M2MTJrbFo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC8wODBlOTItZmZmZS00N2Q5LWE2ZTItYzIzOGVhZTA2NjNi
LzEvVDBzcXF4MW45dFRBV0RrcmtUZTlBeUtQZlNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuToBMA0G
CSqGSIb3DQEBCwUAA4IBAQABPCFwz0BgEGr/ETCL2s+acGS9F9z97tXIMPguRWI6
QE8AMn6BDvypwyZJ9hRr3xjrEdYVFOdn5NCMvKUR/zYGVzIrY/YLlxDgQSFtqQNN
jnfYEcyEvDZC3QVV6cJ5fFlcbn3ZrdWnL1ETbdT73OsZbkymSDCz9pZEO800bMD0
KG6HMlzi/DwXTWjuOeADapwz5jrKWIn2scUL1rLdZQy50xFa71tHe6RyCPi/x2tb
O8QTsSFiNdO0s7mWwozAJPxQNFa3AENbajJzZrQd+00em0gX19pbTVnitaejZORz
F0iPLRhpOr5gVhK4cotHCPVNdOrfhzzaS00/R6XDq2xe
-----END CERTIFICATE-----