Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/YaC8j08-JiWFJVbPt1kMB0rRuVA.roa
File:                     YaC8j08-JiWFJVbPt1kMB0rRuVA.roa (raw, json)
Hash identifier:          UAFl3nJWz4DfKsJxrZnTVEYTFvxes0oW/5iepPiCn4w=
Subject key identifier:   61:A0:BC:8F:4F:3E:26:25:85:25:56:CF:B7:59:0C:07:4A:D1:B9:50
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019DFE5D0779053966ACCAC47E051D446821
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/YaC8j08-JiWFJVbPt1kMB0rRuVA.roa
Signing time:             Wed 06 May 2026 17:36:42 +0000
ROA not before:           Wed 06 May 2026 17:36:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214432
IP address blocks:        87.232.110.0/24 maxlen: 24
                          87.232.112.0/24 maxlen: 24
                          87.232.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 17:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fe:5d:07:79:05:39:66:ac:ca:c4:7e:05:1d:44:68:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: May  6 17:36:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=61a0bc8f4f3e2625852556cfb7590c074ad1b950
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c4:5f:98:00:9f:cf:e4:bf:1b:06:38:21:4f:
                    80:92:b7:d3:49:27:e3:3f:5e:31:a7:ee:46:fc:10:
                    97:0b:f6:33:ae:e0:c1:c5:94:c9:bb:17:64:12:e6:
                    ca:5c:4c:89:59:31:12:52:49:eb:ba:25:b9:1d:a9:
                    6e:b5:5e:8d:f4:46:34:f5:05:94:47:be:ae:a2:d7:
                    ad:6a:dc:7f:7b:9f:6b:b2:b6:dd:8d:15:c0:e0:a4:
                    9f:30:98:b1:b9:29:0a:58:eb:09:da:3d:ae:58:d9:
                    a9:18:8a:4e:d3:a1:5f:fc:82:e3:bd:48:bd:5d:20:
                    fd:1e:37:c4:08:ec:12:3e:63:a2:26:e7:6e:ae:77:
                    bf:53:dc:20:75:b8:00:e7:b7:3b:b4:b2:f8:59:5b:
                    a9:e5:51:30:38:c7:7f:d4:e8:2f:dc:f0:9b:9c:0b:
                    18:39:03:e1:b6:91:71:c1:f3:05:87:e7:c4:c7:34:
                    b7:c5:e0:8b:2b:e2:21:36:75:f3:11:a9:c8:b8:8c:
                    5c:ab:cf:87:7e:ae:1e:4c:d1:e5:eb:e7:7e:0f:af:
                    36:85:e5:a5:f9:44:59:fc:1f:9f:08:bc:5c:03:be:
                    d9:59:89:14:fc:22:4d:a8:12:ec:26:79:aa:80:2a:
                    dd:67:96:f0:c7:34:21:8d:42:61:2e:b2:64:09:e1:
                    0e:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:A0:BC:8F:4F:3E:26:25:85:25:56:CF:B7:59:0C:07:4A:D1:B9:50
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/YaC8j08-JiWFJVbPt1kMB0rRuVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.110.0/24
                  87.232.112.0/24
                  87.232.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:0c:5f:96:57:ad:a2:4f:a9:32:b2:1b:0e:b9:f2:21:86:55:
         29:25:90:e8:9e:e1:fe:45:6a:e2:28:95:0c:0f:77:fa:e8:7a:
         4b:37:da:32:bb:c6:6f:02:da:79:5a:6c:20:1f:76:ea:0d:64:
         0e:9f:0c:fa:af:10:ca:ad:08:0b:b4:7e:7c:e3:6e:4a:1c:53:
         01:ed:7c:d2:d0:57:d0:fa:e9:07:6c:48:27:19:71:43:2b:4e:
         90:58:7d:e2:24:98:27:73:63:e8:3f:62:f1:0c:6a:e8:ba:9f:
         37:23:fa:c9:ea:04:49:de:9d:b2:31:6f:13:5f:12:cb:2c:fd:
         ac:53:21:5d:8c:7e:7a:b4:84:f5:b1:30:66:b1:4c:bd:04:cf:
         37:2e:7d:70:94:48:33:3c:c8:f8:8f:18:92:37:ae:fd:bd:f4:
         b6:33:ba:ed:8a:df:56:8f:d8:97:5f:c6:75:42:e7:f8:71:ff:
         0b:52:ab:f5:d5:18:ac:01:a4:60:a0:ae:47:82:60:8e:57:17:
         3f:e0:51:05:5f:0c:0b:8d:ff:6b:34:0b:f3:3f:de:10:bd:52:
         79:f3:dd:4c:4f:2d:d0:ae:5e:49:09:58:fc:eb:fa:6b:09:ab:
         48:70:cf:fd:4f:06:d7:d3:fe:ab:f5:f8:71:1e:ba:d5:41:27:
         4d:7d:bc:8a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ3+XQd5BTlmrMrEfgUdRGghMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwNTA2MTczNjQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWEwYmM4ZjRmM2UyNjI1ODUyNTU2Y2ZiNzU5MGMwNzRhZDFiOTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp8RfmACfz+S/GwY4IU+AkrfTSSfj
P14xp+5G/BCXC/YzruDBxZTJuxdkEubKXEyJWTESUknruiW5HalutV6N9EY09QWU
R76uotetatx/e59rsrbdjRXA4KSfMJixuSkKWOsJ2j2uWNmpGIpO06Ff/ILjvUi9
XSD9HjfECOwSPmOiJudurne/U9wgdbgA57c7tLL4WVup5VEwOMd/1Ogv3PCbnAsY
OQPhtpFxwfMFh+fExzS3xeCLK+IhNnXzEanIuIxcq8+Hfq4eTNHl6+d+D682heWl
+URZ/B+fCLxcA77ZWYkU/CJNqBLsJnmqgCrdZ5bwxzQhjUJhLrJkCeEOjwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGGgvI9PPiYlhSVWz7dZDAdK0blQMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvWWFDOGowOC1KaVdGSlZiUHQxa01CMHJSdVZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAV+huAwQA
V+hwAwQAV+h0MA0GCSqGSIb3DQEBCwUAA4IBAQARDF+WV62iT6kyshsOufIhhlUp
JZDonuH+RWriKJUMD3f66HpLN9oyu8ZvAtp5WmwgH3bqDWQOnwz6rxDKrQgLtH58
425KHFMB7XzS0FfQ+ukHbEgnGXFDK06QWH3iJJgnc2PoP2LxDGroup83I/rJ6gRJ
3p2yMW8TXxLLLP2sUyFdjH56tIT1sTBmsUy9BM83Ln1wlEgzPMj4jxiSN679vfS2
M7rtit9Wj9iXX8Z1Quf4cf8LUqv11RisAaRgoK5HgmCOVxc/4FEFXwwLjf9rNAvz
P94QvVJ5891MTy3Qrl5JCVj86/prCatIcM/9TwbX0/6r9fhxHrrVQSdNfbyK
-----END CERTIFICATE-----