Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Ygp_CwrfUmlngetZA-9RIt_9nAI.roa
File:                     Ygp_CwrfUmlngetZA-9RIt_9nAI.roa (raw, json)
Hash identifier:          Dv2oNOTsN3dUkcLt3ulkrBfa4t8Mtbq+2iba1Tv1IAE=
Subject key identifier:   62:0A:7F:0B:0A:DF:52:69:67:81:EB:59:03:EF:51:22:DF:FD:9C:02
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019CDCEE022637669E6D5A14DF069648871F
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Ygp_CwrfUmlngetZA-9RIt_9nAI.roa
Signing time:             Wed 11 Mar 2026 12:45:11 +0000
ROA not before:           Wed 11 Mar 2026 12:45:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200234
IP address blocks:        2a0c:b641:a60::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:dc:ee:02:26:37:66:9e:6d:5a:14:df:06:96:48:87:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Mar 11 12:45:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=620a7f0b0adf52696781eb5903ef5122dffd9c02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:22:28:59:b6:02:59:42:c4:84:93:79:7d:05:
                    dd:64:29:7c:48:b3:50:d7:54:60:da:29:a2:03:19:
                    ae:d9:a8:87:73:99:b4:40:08:e4:4e:e0:4e:9c:2a:
                    43:97:05:b6:f4:b5:1d:fd:aa:20:8a:5a:e5:73:d9:
                    fb:24:df:95:c5:1e:cf:30:71:e4:ea:43:8a:fe:e8:
                    4f:dc:16:04:ec:1b:a0:4e:ef:8b:73:12:bd:40:71:
                    3b:6a:2f:01:2b:9e:f1:78:09:92:4f:46:98:37:ce:
                    60:3b:99:02:77:c9:52:3f:89:0c:8f:ee:33:93:4d:
                    ba:10:55:aa:0b:db:4c:14:d6:0e:b3:dc:d4:0e:e3:
                    e9:1a:90:00:43:c3:5d:43:b7:e6:73:d5:11:4e:57:
                    84:67:ae:a3:06:dc:8b:47:e2:d2:33:7d:4d:dd:3a:
                    dc:16:0f:cd:b3:7f:f4:17:45:41:7c:2e:0f:4f:77:
                    16:15:2b:a0:6b:7d:23:d8:cc:3b:b4:a6:e4:0b:d9:
                    2b:dc:e6:03:d0:13:1e:52:7d:d0:6a:69:da:74:80:
                    33:f0:49:9e:6a:33:c4:a2:0d:65:1c:c6:18:41:86:
                    29:f8:1f:92:df:de:a7:4d:2b:95:94:c8:7f:40:9d:
                    53:9c:d0:30:85:35:86:3b:84:b2:ab:1e:b2:c6:3c:
                    76:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:0A:7F:0B:0A:DF:52:69:67:81:EB:59:03:EF:51:22:DF:FD:9C:02
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Ygp_CwrfUmlngetZA-9RIt_9nAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:a60::/44

    Signature Algorithm: sha256WithRSAEncryption
         3d:52:28:84:7c:a2:45:a4:f4:43:f0:f0:84:eb:71:a0:2f:9b:
         8e:ce:46:1d:bf:a7:4e:d9:26:3d:51:6b:9d:bf:2b:73:1e:51:
         ae:f8:e4:83:0c:a4:e2:fc:d5:ab:f3:d1:c1:53:05:4a:c1:73:
         89:cf:90:4f:3c:2d:89:c1:40:de:fc:8e:26:bc:ec:e4:bf:f6:
         11:d2:44:f5:48:11:5d:ee:27:81:d0:53:3c:bd:05:fd:f7:79:
         c1:c2:32:7b:4c:8f:88:84:d5:b4:0a:8a:3d:9a:2c:f6:9d:a9:
         28:ca:3d:07:40:ba:13:05:37:93:23:78:3e:b0:ae:97:bc:ce:
         de:5e:73:2f:28:f9:79:de:d7:dd:a3:e8:0d:4c:76:4c:9e:6d:
         30:67:07:22:44:60:8d:df:ba:56:eb:82:10:f7:6b:86:5b:2a:
         39:d1:3d:db:b4:fc:31:d1:73:4b:9d:f5:a9:b0:5f:a4:54:2c:
         19:2e:cf:e4:a3:79:c1:c9:7d:8e:74:5e:a8:cb:28:12:16:91:
         58:48:f8:a1:96:a4:9d:79:5d:8c:b7:db:fe:01:c0:2a:95:6c:
         9e:48:ff:07:69:6f:65:50:02:c9:60:d3:01:93:23:8b:ed:11:
         71:d2:c5:5b:8d:34:d4:9f:24:bf:e3:ea:25:f2:1a:8c:6b:8f:
         15:2a:b5:06
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZzc7gImN2aebVoU3waWSIcfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMzExMTI0NTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjBhN2YwYjBhZGY1MjY5Njc4MWViNTkwM2VmNTEyMmRmZmQ5YzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyIoWbYCWULEhJN5fQXdZCl8SLNQ
11Rg2imiAxmu2aiHc5m0QAjkTuBOnCpDlwW29LUd/aogilrlc9n7JN+VxR7PMHHk
6kOK/uhP3BYE7BugTu+LcxK9QHE7ai8BK57xeAmST0aYN85gO5kCd8lSP4kMj+4z
k026EFWqC9tMFNYOs9zUDuPpGpAAQ8NdQ7fmc9URTleEZ66jBtyLR+LSM31N3Trc
Fg/Ns3/0F0VBfC4PT3cWFSuga30j2Mw7tKbkC9kr3OYD0BMeUn3QamnadIAz8Eme
ajPEog1lHMYYQYYp+B+S396nTSuVlMh/QJ1TnNAwhTWGO4Syqx6yxjx2tQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGIKfwsK31JpZ4HrWQPvUSLf/ZwCMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvWWdwX0N3cmZVbWxuZ2V0WkEtOVJJdF85bkFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQpg
MA0GCSqGSIb3DQEBCwUAA4IBAQA9UiiEfKJFpPRD8PCE63GgL5uOzkYdv6dO2SY9
UWudvytzHlGu+OSDDKTi/NWr89HBUwVKwXOJz5BPPC2JwUDe/I4mvOzkv/YR0kT1
SBFd7ieB0FM8vQX993nBwjJ7TI+IhNW0Coo9miz2nakoyj0HQLoTBTeTI3g+sK6X
vM7eXnMvKPl53tfdo+gNTHZMnm0wZwciRGCN37pW64IQ92uGWyo50T3btPwx0XNL
nfWpsF+kVCwZLs/ko3nByX2OdF6oyygSFpFYSPihlqSdeV2Mt9v+AcAqlWyeSP8H
aW9lUALJYNMBkyOL7RFx0sVbjTTUnyS/4+ol8hqMa48VKrUG
-----END CERTIFICATE-----