Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/yNQ_zsxyOg6_vZRm8NwG7QkBAgo.roa
File:                     yNQ_zsxyOg6_vZRm8NwG7QkBAgo.roa (raw, json)
Hash identifier:          OrA7KggE3ccZsB2xwagICIqYq57qPP/3q+RlHhZdTRY=
Subject key identifier:   C8:D4:3F:CE:CC:72:3A:0E:BF:BD:94:66:F0:DC:06:ED:09:01:02:0A
Certificate issuer:       /CN=17067977efd14bc89fb0daba03bb0f600fbb0184
Certificate serial:       019DBF996F666F94831444398FA310B548E3
Authority key identifier: 17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/yNQ_zsxyOg6_vZRm8NwG7QkBAgo.roa
Signing time:             Fri 24 Apr 2026 13:06:37 +0000
ROA not before:           Fri 24 Apr 2026 13:06:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        86.110.57.0/24 maxlen: 24
                          86.110.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bf:99:6f:66:6f:94:83:14:44:39:8f:a3:10:b5:48:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17067977efd14bc89fb0daba03bb0f600fbb0184
        Validity
            Not Before: Apr 24 13:06:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c8d43fcecc723a0ebfbd9466f0dc06ed0901020a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:cf:5a:f8:b6:e2:fe:cd:c9:75:24:77:09:c5:
                    89:d4:c3:92:d3:ea:80:06:69:9c:57:7e:12:28:d8:
                    56:a6:b4:00:96:cd:d6:6b:ad:09:11:50:e5:3f:fd:
                    3c:d8:d8:c6:d6:17:02:d5:22:e5:fb:ef:66:44:be:
                    bf:af:7f:e4:52:96:49:8e:ee:72:ca:5c:c4:ce:a2:
                    2e:9f:bb:aa:f4:47:9b:0a:0c:68:f0:92:05:73:86:
                    f9:53:18:45:57:0f:e0:0c:e6:76:7c:5d:5f:16:bc:
                    dd:27:68:f2:76:ac:55:6e:68:5b:8e:5c:17:2a:76:
                    00:4b:17:7b:c4:8c:7a:51:85:57:8b:b2:d5:cc:71:
                    53:e9:78:2b:5b:cd:ec:12:97:15:b0:5b:22:26:d3:
                    cf:36:07:e2:ad:f6:b7:22:da:ea:53:62:c8:ac:34:
                    0c:18:66:fa:0e:ce:d6:cd:7b:db:20:87:8e:b7:79:
                    81:cb:c5:c8:26:96:e8:f5:13:98:b5:90:10:24:c6:
                    92:98:f1:ed:05:38:ff:61:b1:c6:cd:91:6a:85:4c:
                    0d:2a:9a:11:42:76:5b:ba:ae:85:62:d6:36:01:0c:
                    81:4c:98:83:9a:63:f0:50:a4:4f:15:60:d6:75:95:
                    59:ba:f2:be:97:e0:3c:0d:7a:42:d5:53:13:de:1c:
                    d3:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:D4:3F:CE:CC:72:3A:0E:BF:BD:94:66:F0:DC:06:ED:09:01:02:0A
            X509v3 Authority Key Identifier:
                keyid:17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/yNQ_zsxyOg6_vZRm8NwG7QkBAgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.57.0/24
                  86.110.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:70:8f:dd:59:be:8b:c6:d7:c8:d9:5c:8c:06:ae:ba:70:75:
         3d:a2:15:00:0f:d5:30:a1:14:74:55:eb:e9:0e:c0:cb:3a:ed:
         0d:d6:3d:7e:e1:6d:8a:cd:f8:b3:c2:33:fd:0f:34:b7:ce:b0:
         86:da:39:94:c4:c1:9d:ca:76:af:dd:b3:ab:d9:e7:82:56:22:
         4b:4c:27:19:b9:28:09:9e:06:68:95:6f:dc:f4:43:cc:7e:99:
         51:8b:ae:44:a8:20:ab:db:9a:12:d4:ad:50:15:52:b0:fa:05:
         e1:a5:7c:0f:98:12:43:f3:14:18:09:a5:cd:aa:59:23:16:6e:
         49:90:ec:34:f3:90:1a:da:18:b1:2b:5b:1a:0d:7d:9c:9a:df:
         cb:ca:43:ff:53:5e:bd:e1:ed:88:bc:bd:a2:c4:f3:ac:ae:09:
         f0:99:93:e6:51:e1:32:0f:79:fb:6e:02:ef:be:b2:3b:2b:c2:
         e6:13:ca:90:78:5d:d2:d1:46:c5:ad:54:d4:55:a5:c7:67:5b:
         2a:a4:c1:28:69:cb:8d:80:5f:d6:a2:f2:33:62:07:ed:28:04:
         da:dc:77:6c:e3:41:83:1e:14:55:b0:1e:96:0c:a3:c8:1a:38:
         54:6f:21:76:da:2f:61:b5:b0:9a:e3:a7:15:c7:a5:fa:b9:26:
         ba:0f:32:72
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2/mW9mb5SDFEQ5j6MQtUjjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MDY3OTc3ZWZkMTRiYzg5ZmIwZGFiYTAzYmIwZjYwMGZi
YjAxODQwHhcNMjYwNDI0MTMwNjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGQ0M2ZjZWNjNzIzYTBlYmZiZDk0NjZmMGRjMDZlZDA5MDEwMjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw89a+Lbi/s3JdSR3CcWJ1MOS0+qA
BmmcV34SKNhWprQAls3Wa60JEVDlP/082NjG1hcC1SLl++9mRL6/r3/kUpZJju5y
ylzEzqIun7uq9EebCgxo8JIFc4b5UxhFVw/gDOZ2fF1fFrzdJ2jydqxVbmhbjlwX
KnYASxd7xIx6UYVXi7LVzHFT6XgrW83sEpcVsFsiJtPPNgfirfa3ItrqU2LIrDQM
GGb6Ds7WzXvbIIeOt3mBy8XIJpbo9ROYtZAQJMaSmPHtBTj/YbHGzZFqhUwNKpoR
QnZbuq6FYtY2AQyBTJiDmmPwUKRPFWDWdZVZuvK+l+A8DXpC1VMT3hzTNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMjUP87McjoOv72UZvDcBu0JAQIKMB8GA1UdIwQY
MBaAFBcGeXfv0UvIn7DaugO7D2APuwGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEveU5RX3pzeHlPZzZfdlpSbThOd0c3UWtCQWdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVm45AwQA
Vm48MA0GCSqGSIb3DQEBCwUAA4IBAQCscI/dWb6LxtfI2VyMBq66cHU9ohUAD9Uw
oRR0VevpDsDLOu0N1j1+4W2KzfizwjP9DzS3zrCG2jmUxMGdynav3bOr2eeCViJL
TCcZuSgJngZolW/c9EPMfplRi65EqCCr25oS1K1QFVKw+gXhpXwPmBJD8xQYCaXN
qlkjFm5JkOw085Aa2hixK1saDX2cmt/LykP/U1694e2IvL2ixPOsrgnwmZPmUeEy
D3n7bgLvvrI7K8LmE8qQeF3S0UbFrVTUVaXHZ1sqpMEoacuNgF/WovIzYgftKATa
3Hds40GDHhRVsB6WDKPIGjhUbyF22i9htbCa46cVx6X6uSa6DzJy
-----END CERTIFICATE-----