Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/pbYh77FiXb27xfYI_NyT1Cf15xk.roa
File:                     pbYh77FiXb27xfYI_NyT1Cf15xk.roa (raw, json)
Hash identifier:          q39SrHUMbdH1FdaOFoJ927q3iAAxZg6rcNH177jovDY=
Subject key identifier:   A5:B6:21:EF:B1:62:5D:BD:BB:C5:F6:08:FC:DC:93:D4:27:F5:E7:19
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019D19F4DAFB4DCF1A9AFBD8146D79CFDA48
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/pbYh77FiXb27xfYI_NyT1Cf15xk.roa
Signing time:             Mon 23 Mar 2026 09:09:30 +0000
ROA not before:           Mon 23 Mar 2026 09:09:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214918
IP address blocks:        217.156.22.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:19:f4:da:fb:4d:cf:1a:9a:fb:d8:14:6d:79:cf:da:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Mar 23 09:09:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a5b621efb1625dbdbbc5f608fcdc93d427f5e719
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:39:2d:a5:b7:4d:31:d2:be:fa:1a:be:44:0c:
                    30:6f:ff:06:c6:49:78:d6:68:ad:55:dc:21:df:e8:
                    bd:b8:5f:af:4f:9f:f6:ea:dd:e9:7f:a0:cd:54:26:
                    17:13:a8:a7:83:a4:04:d8:1b:7e:de:e8:2c:c7:eb:
                    2f:22:e5:d7:8e:96:5f:5f:ee:a1:1a:95:7e:57:f0:
                    4a:4c:83:3c:88:c9:a4:75:6d:ba:76:d0:7f:16:87:
                    f9:17:28:18:ac:e8:d0:48:e9:e4:b2:fc:cf:97:e0:
                    27:44:11:dc:87:e2:5a:4a:76:79:ba:ba:2e:53:78:
                    5c:55:c7:a9:6a:a3:6b:db:9b:0e:3a:d9:eb:9c:b9:
                    12:c4:e9:dd:57:56:ed:04:3f:76:98:2d:f2:10:62:
                    7a:07:83:44:5f:63:d9:fa:22:f0:10:8a:60:16:1c:
                    3b:51:1b:14:78:16:52:ce:69:a0:86:bb:f7:10:c5:
                    81:4b:7a:3a:3b:ae:03:cf:d3:75:2f:bd:eb:42:89:
                    10:63:6a:dc:25:e0:f0:7c:ce:e4:d1:40:da:ba:96:
                    2d:2c:c8:d5:cc:3a:8f:11:d7:9c:cc:48:84:32:ab:
                    c8:57:ab:ba:67:aa:5b:f3:8b:60:86:4c:d1:60:3c:
                    71:d9:96:68:ab:10:a5:cd:5d:ba:25:c6:c8:f8:93:
                    5e:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:B6:21:EF:B1:62:5D:BD:BB:C5:F6:08:FC:DC:93:D4:27:F5:E7:19
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/pbYh77FiXb27xfYI_NyT1Cf15xk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.156.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:0a:f5:f2:19:82:79:62:82:c7:6d:4f:a3:ef:76:10:68:ad:
         17:65:24:74:41:f8:bf:52:04:63:52:45:a4:a8:70:79:1c:50:
         64:21:88:80:f5:b7:c3:17:a4:1a:57:27:0b:ff:d5:60:c2:3f:
         b9:96:6a:35:5d:ee:84:78:10:e1:36:76:f6:ad:25:1f:fc:fe:
         fb:fd:f9:63:77:02:11:64:4f:64:b3:59:72:a9:6e:4d:f3:02:
         28:69:37:d4:b0:02:7d:58:8c:fd:ed:99:6f:07:15:6a:7b:35:
         6f:c8:e6:3c:d1:6f:bf:9e:3e:84:61:1b:c0:fd:67:2a:0c:1c:
         0d:8c:ab:f0:cb:04:49:fb:90:35:f9:d0:79:3f:7d:73:58:d5:
         1e:b2:9d:cb:d8:27:9a:db:2a:e2:98:85:2d:65:65:e3:5b:ea:
         76:dc:56:7c:e9:a6:2d:a7:c0:15:d7:fe:52:74:29:3e:79:a0:
         00:bd:01:0f:42:78:8b:75:64:c1:7d:81:5a:6e:75:7c:94:2f:
         d4:ed:4c:5f:7c:ee:27:07:64:bd:6a:ae:c0:02:39:70:97:60:
         1f:9b:34:75:b8:ee:cd:65:ad:03:55:2d:61:93:0a:e0:30:75:
         a2:f4:c9:98:59:69:6b:f9:1e:ae:7c:db:79:f3:4f:20:e8:8b:
         25:fa:c3:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0Z9Nr7Tc8amvvYFG15z9pIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjYwMzIzMDkwOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWI2MjFlZmIxNjI1ZGJkYmJjNWY2MDhmY2RjOTNkNDI3ZjVlNzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTktpbdNMdK++hq+RAwwb/8Gxkl4
1mitVdwh3+i9uF+vT5/26t3pf6DNVCYXE6ing6QE2Bt+3ugsx+svIuXXjpZfX+6h
GpV+V/BKTIM8iMmkdW26dtB/Fof5FygYrOjQSOnksvzPl+AnRBHch+JaSnZ5urou
U3hcVcepaqNr25sOOtnrnLkSxOndV1btBD92mC3yEGJ6B4NEX2PZ+iLwEIpgFhw7
URsUeBZSzmmghrv3EMWBS3o6O64Dz9N1L73rQokQY2rcJeDwfM7k0UDaupYtLMjV
zDqPEdeczEiEMqvIV6u6Z6pb84tghkzRYDxx2ZZoqxClzV26JcbI+JNewwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKW2Ie+xYl29u8X2CPzck9Qn9ecZMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvcGJZaDc3RmlYYjI3eGZZSV9OeVQxQ2YxNXhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2ZwWMA0G
CSqGSIb3DQEBCwUAA4IBAQA8CvXyGYJ5YoLHbU+j73YQaK0XZSR0Qfi/UgRjUkWk
qHB5HFBkIYiA9bfDF6QaVycL/9Vgwj+5lmo1Xe6EeBDhNnb2rSUf/P77/fljdwIR
ZE9ks1lyqW5N8wIoaTfUsAJ9WIz97ZlvBxVqezVvyOY80W+/nj6EYRvA/WcqDBwN
jKvwywRJ+5A1+dB5P31zWNUesp3L2Cea2yrimIUtZWXjW+p23FZ86aYtp8AV1/5S
dCk+eaAAvQEPQniLdWTBfYFabnV8lC/U7UxffO4nB2S9aq7AAjlwl2AfmzR1uO7N
Za0DVS1hkwrgMHWi9MmYWWlr+R6ufNt5808g6Isl+sNE
-----END CERTIFICATE-----