Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/ce5ca6-f939-4fd7-b9f8-0a1ef0ec0578/1/Y8dm5JaqQYt3MW63hrSFzcdzX7A.roa
File:                     Y8dm5JaqQYt3MW63hrSFzcdzX7A.roa (raw, json)
Hash identifier:          2692THpvoP8e9Zr+Rtyf2g7ZNxMPI9Fsg7sCKTX/LEg=
Subject key identifier:   63:C7:66:E4:96:AA:41:8B:77:31:6E:B7:86:B4:85:CD:C7:73:5F:B0
Certificate issuer:       /CN=e6688ae96323c1fcfab54b294557397b49b03bc7
Certificate serial:       019DFDAC54A9F03727ABFAAF63564DA25F75
Authority key identifier: E6:68:8A:E9:63:23:C1:FC:FA:B5:4B:29:45:57:39:7B:49:B0:3B:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5miK6WMjwfz6tUspRVc5e0mwO8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/ce5ca6-f939-4fd7-b9f8-0a1ef0ec0578/1/Y8dm5JaqQYt3MW63hrSFzcdzX7A.roa
Signing time:             Wed 06 May 2026 14:23:42 +0000
ROA not before:           Wed 06 May 2026 14:23:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57468
IP address blocks:        185.146.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/ce5ca6-f939-4fd7-b9f8-0a1ef0ec0578/1/5miK6WMjwfz6tUspRVc5e0mwO8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/ce5ca6-f939-4fd7-b9f8-0a1ef0ec0578/1/5miK6WMjwfz6tUspRVc5e0mwO8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5miK6WMjwfz6tUspRVc5e0mwO8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fd:ac:54:a9:f0:37:27:ab:fa:af:63:56:4d:a2:5f:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6688ae96323c1fcfab54b294557397b49b03bc7
        Validity
            Not Before: May  6 14:23:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=63c766e496aa418b77316eb786b485cdc7735fb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:83:e3:e9:56:a2:ec:63:a5:c6:24:0b:f0:10:
                    84:cf:9e:76:28:6f:52:78:e1:db:9d:1d:4a:15:4e:
                    dd:b2:e8:95:cf:84:fd:e9:01:93:c7:4e:cb:a0:26:
                    8a:58:54:ed:f7:e6:46:fd:e2:f9:7e:d4:42:bc:62:
                    f9:c0:da:6f:fd:41:9f:e6:cd:32:a8:6e:1b:59:e2:
                    72:ac:f1:1b:d6:fd:09:d1:16:29:d6:d3:fd:30:20:
                    53:d1:9b:b2:bd:34:49:9d:02:ea:dc:a5:a4:7f:01:
                    f0:08:0d:bd:9c:d0:b2:a5:e4:31:8b:29:ed:ad:99:
                    ff:f0:76:c9:87:0a:dd:1c:fb:1c:7b:b6:02:24:6c:
                    88:84:97:71:7b:5e:85:62:de:c6:f7:13:16:1f:e9:
                    68:7e:51:9d:07:56:5f:ff:eb:30:47:de:dd:2d:dc:
                    cc:88:9a:c0:94:7d:7c:9b:5c:bf:48:0b:e0:01:4a:
                    d1:2e:ea:f8:15:15:00:12:66:a7:04:11:43:2d:83:
                    00:ba:61:e8:0a:3b:b7:f2:60:fe:06:99:9e:c0:41:
                    c1:fe:df:e5:c3:87:c5:78:91:74:aa:74:f4:db:89:
                    23:f1:87:32:39:f0:4e:ac:c4:f3:5b:76:a3:7d:23:
                    22:b3:4b:f1:2f:61:84:2c:46:87:07:5b:45:69:ce:
                    50:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:C7:66:E4:96:AA:41:8B:77:31:6E:B7:86:B4:85:CD:C7:73:5F:B0
            X509v3 Authority Key Identifier:
                keyid:E6:68:8A:E9:63:23:C1:FC:FA:B5:4B:29:45:57:39:7B:49:B0:3B:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5miK6WMjwfz6tUspRVc5e0mwO8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/ce5ca6-f939-4fd7-b9f8-0a1ef0ec0578/1/Y8dm5JaqQYt3MW63hrSFzcdzX7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/ce5ca6-f939-4fd7-b9f8-0a1ef0ec0578/1/5miK6WMjwfz6tUspRVc5e0mwO8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:27:f6:d5:3b:be:12:54:7b:b7:ba:1a:44:38:8a:0a:4a:48:
         1e:d1:b1:fe:cb:fd:9d:b9:db:5e:37:7c:93:46:88:55:7e:a3:
         ee:9b:ce:d8:24:8d:ae:bc:96:65:ec:b6:46:7d:64:6a:31:54:
         fa:83:bd:3e:f7:94:5d:1e:85:44:39:ee:ec:ed:94:07:55:21:
         f4:5c:d1:b8:52:2f:a6:e1:0f:31:18:f8:6a:bc:a2:8a:af:3d:
         ce:8c:c5:9c:4c:38:0e:ca:ec:01:2c:a2:d2:ca:e0:f2:d3:f2:
         19:e8:f1:4e:1c:0d:87:ff:ca:4a:86:6b:fd:ee:b1:cb:2c:da:
         32:b3:88:34:c2:e9:b4:b2:42:83:60:81:e4:df:15:d4:88:06:
         cc:0c:b5:47:46:ac:7a:95:a4:39:0b:bc:24:41:75:db:c2:7b:
         e6:a5:63:f3:08:ed:87:74:3a:db:e0:30:4c:d5:06:41:a8:bf:
         86:aa:b2:02:98:51:4c:d9:8c:da:b8:1f:41:cc:11:fe:94:d1:
         f5:8c:00:41:31:8b:48:3a:1d:89:7a:6e:43:c7:45:61:ce:a6:
         02:80:22:3e:9c:5d:6d:97:5d:2a:38:69:8e:ac:20:47:2b:88:
         8d:bd:d5:76:67:38:1a:d5:7a:60:8a:cd:af:50:0c:e3:59:e0:
         91:22:95:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ39rFSp8Dcnq/qvY1ZNol91MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2Njg4YWU5NjMyM2MxZmNmYWI1NGIyOTQ1NTczOTdiNDli
MDNiYzcwHhcNMjYwNTA2MTQyMzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2M3NjZlNDk2YWE0MThiNzczMTZlYjc4NmI0ODVjZGM3NzM1ZmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA74Pj6Vai7GOlxiQL8BCEz552KG9S
eOHbnR1KFU7dsuiVz4T96QGTx07LoCaKWFTt9+ZG/eL5ftRCvGL5wNpv/UGf5s0y
qG4bWeJyrPEb1v0J0RYp1tP9MCBT0ZuyvTRJnQLq3KWkfwHwCA29nNCypeQxiynt
rZn/8HbJhwrdHPsce7YCJGyIhJdxe16FYt7G9xMWH+loflGdB1Zf/+swR97dLdzM
iJrAlH18m1y/SAvgAUrRLur4FRUAEmanBBFDLYMAumHoCju38mD+BpmewEHB/t/l
w4fFeJF0qnT024kj8YcyOfBOrMTzW3ajfSMis0vxL2GELEaHB1tFac5QlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGPHZuSWqkGLdzFut4a0hc3Hc1+wMB8GA1UdIwQY
MBaAFOZoiuljI8H8+rVLKUVXOXtJsDvHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNW1pSzZXTWp3Zno2dFVzcFJWYzVlMG13TzhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9jZTVjYTYtZjkzOS00ZmQ3LWI5Zjgt
MGExZWYwZWMwNTc4LzEvWThkbTVKYXFRWXQzTVc2M2hyU0Z6Y2R6WDdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9jZTVjYTYtZjkzOS00ZmQ3LWI5ZjgtMGExZWYwZWMwNTc4
LzEvNW1pSzZXTWp3Zno2dFVzcFJWYzVlMG13TzhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZIoMA0G
CSqGSIb3DQEBCwUAA4IBAQCTJ/bVO74SVHu3uhpEOIoKSkge0bH+y/2dudteN3yT
RohVfqPum87YJI2uvJZl7LZGfWRqMVT6g70+95RdHoVEOe7s7ZQHVSH0XNG4Ui+m
4Q8xGPhqvKKKrz3OjMWcTDgOyuwBLKLSyuDy0/IZ6PFOHA2H/8pKhmv97rHLLNoy
s4g0wum0skKDYIHk3xXUiAbMDLVHRqx6laQ5C7wkQXXbwnvmpWPzCO2HdDrb4DBM
1QZBqL+GqrICmFFM2YzauB9BzBH+lNH1jABBMYtIOh2Jem5Dx0VhzqYCgCI+nF1t
l10qOGmOrCBHK4iNvdV2Zzga1Xpgis2vUAzjWeCRIpXM
-----END CERTIFICATE-----