Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/04ec6b-251a-4eb7-9199-25194525d516/1/pYYR9UI_sLtKcyNmvvaeAyGho10.roa
File:                     pYYR9UI_sLtKcyNmvvaeAyGho10.roa (raw, json)
Hash identifier:          Visrk6MwePbwviSVCYu3l4j6eSQ3jEUFOOu9154zYk0=
Subject key identifier:   A5:86:11:F5:42:3F:B0:BB:4A:73:23:66:BE:F6:9E:03:21:A1:A3:5D
Certificate issuer:       /CN=cddce12ae50e80a4534d80f786a824497b26fadb
Certificate serial:       019E15D404E8E69E099959647C1D8A94089E
Authority key identifier: CD:DC:E1:2A:E5:0E:80:A4:53:4D:80:F7:86:A8:24:49:7B:26:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zdzhKuUOgKRTTYD3hqgkSXsm-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/04ec6b-251a-4eb7-9199-25194525d516/1/pYYR9UI_sLtKcyNmvvaeAyGho10.roa
Signing time:             Mon 11 May 2026 06:57:56 +0000
ROA not before:           Mon 11 May 2026 06:57:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214225
IP address blocks:        192.166.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/04ec6b-251a-4eb7-9199-25194525d516/1/zdzhKuUOgKRTTYD3hqgkSXsm-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/04ec6b-251a-4eb7-9199-25194525d516/1/zdzhKuUOgKRTTYD3hqgkSXsm-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zdzhKuUOgKRTTYD3hqgkSXsm-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 03:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:15:d4:04:e8:e6:9e:09:99:59:64:7c:1d:8a:94:08:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cddce12ae50e80a4534d80f786a824497b26fadb
        Validity
            Not Before: May 11 06:57:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a58611f5423fb0bb4a732366bef69e0321a1a35d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:6d:df:a3:21:2a:6b:65:02:8a:68:15:13:e4:
                    cb:5a:63:cf:cd:39:e0:fa:ef:3f:fb:08:d0:e5:d0:
                    d2:97:34:06:ff:7d:ad:09:5a:1f:da:c3:15:1f:ff:
                    c0:03:69:74:22:a4:4f:3c:61:29:66:12:03:65:f8:
                    5b:d6:0a:ba:0b:91:bc:59:f6:aa:09:ab:44:1b:27:
                    86:33:08:59:4a:7e:13:e3:18:d3:7b:24:9a:46:42:
                    ba:a5:c7:ed:a3:df:6d:df:0b:fe:4d:82:0e:89:8d:
                    6b:63:e6:a6:81:e7:f9:59:a9:a7:0a:8d:a0:cc:29:
                    61:94:1d:65:bd:e4:63:35:d8:14:e3:d7:95:7f:cb:
                    4d:63:ad:07:e9:7b:90:a1:fa:64:15:50:a6:69:d7:
                    9f:93:9e:2d:c2:cb:2c:f4:40:78:93:26:e3:e8:2d:
                    18:34:b5:a7:9b:7b:0b:07:77:5e:22:54:c9:45:88:
                    72:3d:02:3f:7a:4d:33:84:4a:cc:23:83:cb:9a:ff:
                    87:f1:74:b5:b8:03:5c:71:4e:4c:0a:67:e2:3f:d0:
                    4e:e8:fe:e8:ea:cd:fb:bf:bf:db:79:4c:8c:12:b9:
                    a5:e7:74:f2:01:69:da:36:63:e5:4a:92:b0:89:42:
                    9c:47:1e:fb:3b:bf:56:aa:1e:31:6f:11:05:d6:4e:
                    75:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:86:11:F5:42:3F:B0:BB:4A:73:23:66:BE:F6:9E:03:21:A1:A3:5D
            X509v3 Authority Key Identifier:
                keyid:CD:DC:E1:2A:E5:0E:80:A4:53:4D:80:F7:86:A8:24:49:7B:26:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zdzhKuUOgKRTTYD3hqgkSXsm-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/04ec6b-251a-4eb7-9199-25194525d516/1/pYYR9UI_sLtKcyNmvvaeAyGho10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/04ec6b-251a-4eb7-9199-25194525d516/1/zdzhKuUOgKRTTYD3hqgkSXsm-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:f5:01:c3:5e:a2:f0:f2:28:6f:80:f9:da:33:b4:b4:47:62:
         82:05:53:d5:24:3c:ce:07:37:46:8c:c1:9e:a2:e7:ff:2c:1e:
         cc:60:15:5e:e1:3f:bd:fa:97:f3:77:75:fd:d5:6d:cd:1a:0e:
         0d:8e:1b:4e:18:cb:86:36:2f:a2:1e:64:f2:d5:ea:c0:71:59:
         99:49:da:9c:d2:91:be:79:b4:c6:86:0b:6f:49:72:98:0f:6d:
         ec:c6:96:44:1c:73:22:e0:38:69:6b:39:81:22:18:69:14:d2:
         f3:6b:e1:b2:22:95:96:0d:ac:81:77:e9:ed:68:40:e7:ea:8a:
         d2:5b:ec:9b:cf:3d:ea:29:55:0b:fa:91:c8:9d:38:4c:3f:ef:
         f8:f4:2e:76:99:0e:b4:37:d3:b8:cc:12:cf:52:9c:60:b6:e3:
         8d:e2:de:1f:41:00:28:c8:f6:88:90:d3:c0:51:f3:6c:9d:43:
         d8:3a:fd:2e:42:6b:f8:dc:ce:f6:c9:c9:54:82:65:57:c5:c3:
         e6:ee:a8:59:6a:01:9e:ff:89:0d:25:5f:b7:30:5d:74:65:44:
         d3:8a:52:f8:bd:17:c9:6c:c5:f9:dc:e3:d1:f6:75:ab:9a:e9:
         b5:bb:ae:52:13:83:84:98:57:5f:ba:1c:b3:98:f3:78:09:39:
         ad:27:2b:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4V1ATo5p4JmVlkfB2KlAieMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkZGNlMTJhZTUwZTgwYTQ1MzRkODBmNzg2YTgyNDQ5N2Iy
NmZhZGIwHhcNMjYwNTExMDY1NzU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTg2MTFmNTQyM2ZiMGJiNGE3MzIzNjZiZWY2OWUwMzIxYTFhMzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv23foyEqa2UCimgVE+TLWmPPzTng
+u8/+wjQ5dDSlzQG/32tCVof2sMVH//AA2l0IqRPPGEpZhIDZfhb1gq6C5G8Wfaq
CatEGyeGMwhZSn4T4xjTeySaRkK6pcfto99t3wv+TYIOiY1rY+amgef5WamnCo2g
zClhlB1lveRjNdgU49eVf8tNY60H6XuQofpkFVCmadefk54twsss9EB4kybj6C0Y
NLWnm3sLB3deIlTJRYhyPQI/ek0zhErMI4PLmv+H8XS1uANccU5MCmfiP9BO6P7o
6s37v7/beUyMErml53TyAWnaNmPlSpKwiUKcRx77O79Wqh4xbxEF1k51SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKWGEfVCP7C7SnMjZr72ngMhoaNdMB8GA1UdIwQY
MBaAFM3c4SrlDoCkU02A94aoJEl7JvrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemR6aEt1VU9nS1JUVFlEM2hxZ2tTWHNtLXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8wNGVjNmItMjUxYS00ZWI3LTkxOTkt
MjUxOTQ1MjVkNTE2LzEvcFlZUjlVSV9zTHRLY3lObXZ2YWVBeUdobzEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8wNGVjNmItMjUxYS00ZWI3LTkxOTktMjUxOTQ1MjVkNTE2
LzEvemR6aEt1VU9nS1JUVFlEM2hxZ2tTWHNtLXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKYlMA0G
CSqGSIb3DQEBCwUAA4IBAQA69QHDXqLw8ihvgPnaM7S0R2KCBVPVJDzOBzdGjMGe
ouf/LB7MYBVe4T+9+pfzd3X91W3NGg4NjhtOGMuGNi+iHmTy1erAcVmZSdqc0pG+
ebTGhgtvSXKYD23sxpZEHHMi4DhpazmBIhhpFNLza+GyIpWWDayBd+ntaEDn6orS
W+ybzz3qKVUL+pHInThMP+/49C52mQ60N9O4zBLPUpxgtuON4t4fQQAoyPaIkNPA
UfNsnUPYOv0uQmv43M72yclUgmVXxcPm7qhZagGe/4kNJV+3MF10ZUTTilL4vRfJ
bMX53OPR9nWrmum1u65SE4OEmFdfuhyzmPN4CTmtJyth
-----END CERTIFICATE-----