Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/746055-223c-4ca2-87fa-e1508e0a8836/1/YUIe43riMIY5RXnu_EJdi74BiD0.roa
File:                     YUIe43riMIY5RXnu_EJdi74BiD0.roa (raw, json)
Hash identifier:          0nBv6yPBFubyXH/hyUWyIZCqz8H+FHQFrEWthFcJ/fU=
Subject key identifier:   61:42:1E:E3:7A:E2:30:86:39:45:79:EE:FC:42:5D:8B:BE:01:88:3D
Certificate issuer:       /CN=669e212d70111b44de66f575027e000cd441fdce
Certificate serial:       019B7EA6B44B7A49191DCAAB5462CE0492F1
Authority key identifier: 66:9E:21:2D:70:11:1B:44:DE:66:F5:75:02:7E:00:0C:D4:41:FD:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zp4hLXARG0TeZvV1An4ADNRB_c4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/746055-223c-4ca2-87fa-e1508e0a8836/1/YUIe43riMIY5RXnu_EJdi74BiD0.roa
Signing time:             Fri 02 Jan 2026 12:20:12 +0000
ROA not before:           Fri 02 Jan 2026 12:20:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213383
IP address blocks:        185.83.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/746055-223c-4ca2-87fa-e1508e0a8836/1/Zp4hLXARG0TeZvV1An4ADNRB_c4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/746055-223c-4ca2-87fa-e1508e0a8836/1/Zp4hLXARG0TeZvV1An4ADNRB_c4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zp4hLXARG0TeZvV1An4ADNRB_c4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:b4:4b:7a:49:19:1d:ca:ab:54:62:ce:04:92:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=669e212d70111b44de66f575027e000cd441fdce
        Validity
            Not Before: Jan  2 12:20:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=61421ee37ae23086394579eefc425d8bbe01883d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:d4:df:00:88:7a:38:44:7e:04:2a:2f:00:8e:
                    19:68:7b:63:ae:de:a1:b7:01:b4:bf:40:3a:c4:44:
                    91:ae:0b:64:36:c2:bd:02:ca:3e:34:d6:1b:00:18:
                    13:f5:92:88:8d:22:65:6b:32:c4:fd:05:e1:76:be:
                    f1:c8:7f:8f:40:4b:96:d7:bb:41:f2:1a:9c:81:84:
                    ae:0e:68:b0:f4:70:79:05:fd:c4:df:8b:10:af:a1:
                    23:d4:b4:d0:6a:7d:72:76:ea:44:af:41:04:c5:6d:
                    da:35:aa:87:a2:5c:44:1f:94:98:89:87:36:38:7b:
                    1a:78:4b:05:72:ea:f2:5d:9b:5e:8a:f0:41:b4:8a:
                    a5:d0:67:50:54:93:46:84:ce:8c:79:cf:db:00:c4:
                    5b:0c:06:ce:f0:22:c9:2a:2f:ec:a0:2e:6b:3b:bd:
                    ad:71:9d:bd:95:fc:f7:1a:e2:92:0b:87:80:a6:8b:
                    7e:64:f4:86:7d:94:86:8b:c4:de:65:bd:fe:71:03:
                    f0:e3:b4:a5:78:d4:97:eb:00:e9:7f:a7:7b:df:f9:
                    4b:d2:d9:f3:cf:0c:9d:9e:eb:1a:70:19:1b:cc:69:
                    24:e4:18:4d:77:6a:e2:b2:c1:05:7f:6d:5c:5f:d0:
                    6d:3a:72:e9:e1:fb:0a:42:c0:0c:02:37:bb:49:ab:
                    73:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:42:1E:E3:7A:E2:30:86:39:45:79:EE:FC:42:5D:8B:BE:01:88:3D
            X509v3 Authority Key Identifier:
                keyid:66:9E:21:2D:70:11:1B:44:DE:66:F5:75:02:7E:00:0C:D4:41:FD:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zp4hLXARG0TeZvV1An4ADNRB_c4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/746055-223c-4ca2-87fa-e1508e0a8836/1/YUIe43riMIY5RXnu_EJdi74BiD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/746055-223c-4ca2-87fa-e1508e0a8836/1/Zp4hLXARG0TeZvV1An4ADNRB_c4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:92:f3:77:41:14:17:4c:15:fe:af:e5:69:7b:1c:3d:00:c6:
         e1:7a:3b:25:3c:55:d8:db:03:d1:fd:93:f6:89:90:27:e3:cb:
         73:6d:63:8f:23:1f:91:1f:d5:cd:75:97:82:4e:83:7b:f4:a1:
         cc:f5:80:de:02:64:a0:b9:b6:22:c3:e7:f1:c8:df:02:cb:e3:
         da:b0:3c:fa:72:f3:f6:98:a2:85:4e:b6:21:ae:ac:42:08:f5:
         2b:32:fc:47:b7:67:3b:75:55:39:56:8a:86:1a:62:84:3f:15:
         4b:37:22:70:bf:4e:a9:56:fb:ad:14:c3:3e:ee:bc:aa:6b:25:
         71:9a:a7:92:8b:97:f8:9c:42:01:cd:82:ed:e5:07:ac:cc:ed:
         8b:48:bb:46:d1:c7:7c:1f:52:42:00:b3:8f:bb:75:fb:ee:e6:
         80:21:8a:1a:e6:97:1d:26:d8:52:52:02:44:84:78:c4:9b:37:
         1b:59:a0:0b:58:9b:20:7c:5e:dc:d8:77:ec:92:f9:60:9d:b6:
         56:cd:19:d6:2a:d8:53:4f:85:d5:6f:54:2e:12:30:4b:85:de:
         2e:44:2a:79:33:2c:84:7e:63:ce:bf:cf:31:18:c6:c8:2f:84:
         a0:b1:76:3d:a6:d3:a9:7f:ca:7d:05:80:ca:f0:46:b7:f1:36:
         81:54:f0:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+prRLekkZHcqrVGLOBJLxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2OWUyMTJkNzAxMTFiNDRkZTY2ZjU3NTAyN2UwMDBjZDQ0
MWZkY2UwHhcNMjYwMTAyMTIyMDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTQyMWVlMzdhZTIzMDg2Mzk0NTc5ZWVmYzQyNWQ4YmJlMDE4ODNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5NTfAIh6OER+BCovAI4ZaHtjrt6h
twG0v0A6xESRrgtkNsK9Aso+NNYbABgT9ZKIjSJlazLE/QXhdr7xyH+PQEuW17tB
8hqcgYSuDmiw9HB5Bf3E34sQr6Ej1LTQan1ydupEr0EExW3aNaqHolxEH5SYiYc2
OHsaeEsFcuryXZteivBBtIql0GdQVJNGhM6Mec/bAMRbDAbO8CLJKi/soC5rO72t
cZ29lfz3GuKSC4eApot+ZPSGfZSGi8TeZb3+cQPw47SleNSX6wDpf6d73/lL0tnz
zwydnusacBkbzGkk5BhNd2rissEFf21cX9BtOnLp4fsKQsAMAje7SatzMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGFCHuN64jCGOUV57vxCXYu+AYg9MB8GA1UdIwQY
MBaAFGaeIS1wERtE3mb1dQJ+AAzUQf3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnA0aExYQVJHMFRlWnZWMUFuNEFETlJCX2M0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83NDYwNTUtMjIzYy00Y2EyLTg3ZmEt
ZTE1MDhlMGE4ODM2LzEvWVVJZTQzcmlNSVk1UlhudV9FSmRpNzRCaUQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83NDYwNTUtMjIzYy00Y2EyLTg3ZmEtZTE1MDhlMGE4ODM2
LzEvWnA0aExYQVJHMFRlWnZWMUFuNEFETlJCX2M0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVNUMA0G
CSqGSIb3DQEBCwUAA4IBAQCPkvN3QRQXTBX+r+Vpexw9AMbhejslPFXY2wPR/ZP2
iZAn48tzbWOPIx+RH9XNdZeCToN79KHM9YDeAmSgubYiw+fxyN8Cy+PasDz6cvP2
mKKFTrYhrqxCCPUrMvxHt2c7dVU5VoqGGmKEPxVLNyJwv06pVvutFMM+7ryqayVx
mqeSi5f4nEIBzYLt5QeszO2LSLtG0cd8H1JCALOPu3X77uaAIYoa5pcdJthSUgJE
hHjEmzcbWaALWJsgfF7c2HfskvlgnbZWzRnWKthTT4XVb1QuEjBLhd4uRCp5MyyE
fmPOv88xGMbIL4SgsXY9ptOpf8p9BYDK8Ea38TaBVPCW
-----END CERTIFICATE-----