Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/YL64UCG9lBQf2cC-lpcj-SskpEI.roa
File:                     YL64UCG9lBQf2cC-lpcj-SskpEI.roa (raw, json)
Hash identifier:          lnS0pWUJWltJjGy6GGVPPPQqPUpdJZqlxppLvOaMzWo=
Subject key identifier:   60:BE:B8:50:21:BD:94:14:1F:D9:C0:BE:96:97:23:F9:2B:24:A4:42
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       019DB54D7B4B92B46FC3A29BBEC4B4D44E86
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/YL64UCG9lBQf2cC-lpcj-SskpEI.roa
Signing time:             Wed 22 Apr 2026 13:07:27 +0000
ROA not before:           Wed 22 Apr 2026 13:07:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        88.216.181.0/24 maxlen: 24
                          88.216.228.0/22 maxlen: 24
                          88.216.236.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b5:4d:7b:4b:92:b4:6f:c3:a2:9b:be:c4:b4:d4:4e:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Apr 22 13:07:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=60beb85021bd94141fd9c0be969723f92b24a442
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:7e:56:63:c4:44:8b:be:fb:3f:ed:64:89:c1:
                    25:c5:c9:35:7e:95:c5:27:62:3b:7e:21:fd:c5:76:
                    0b:94:68:60:12:11:09:58:a3:c0:72:f7:99:8f:4c:
                    1d:07:cd:6d:2c:60:42:3c:cc:aa:af:83:52:f3:bc:
                    77:8b:84:7d:21:84:0a:56:6d:ea:90:48:b7:7a:66:
                    db:cc:00:de:42:e0:15:37:7f:fb:d3:8d:2f:73:98:
                    a8:c9:6f:bb:02:c4:04:8a:6d:6b:34:8e:08:66:3d:
                    a7:68:09:bb:08:0c:3e:11:c6:68:a4:e0:17:bb:45:
                    ef:f7:21:35:d1:ba:e4:51:78:08:d0:3d:44:98:da:
                    d1:f5:a5:67:ed:26:60:40:bf:9b:11:18:15:a3:e7:
                    cd:f5:00:8b:42:90:0d:8c:af:f4:ef:18:c2:5d:01:
                    96:eb:3a:47:4b:6b:87:27:e6:0b:20:83:c1:4b:4c:
                    19:be:a3:72:ac:f2:fe:13:06:98:7a:ba:4c:90:5c:
                    3c:46:45:12:77:71:31:16:4b:4f:ea:28:08:70:18:
                    39:38:89:95:16:07:a2:d9:1f:4b:10:f9:18:30:69:
                    83:3d:c3:b1:4c:b2:be:ba:cf:b6:8d:88:82:88:13:
                    ae:10:d3:ec:b7:25:70:cc:e6:25:d0:08:59:db:53:
                    b6:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:BE:B8:50:21:BD:94:14:1F:D9:C0:BE:96:97:23:F9:2B:24:A4:42
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/YL64UCG9lBQf2cC-lpcj-SskpEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.181.0/24
                  88.216.228.0/22
                  88.216.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:a8:01:d7:44:65:0b:6d:0a:6c:50:2d:24:b6:34:05:ac:0a:
         59:37:94:d4:fa:64:6a:2e:b4:8d:14:c4:bc:f9:85:10:11:ab:
         10:55:a8:35:3c:ab:34:a2:41:a8:86:82:4a:3e:25:e7:a8:c7:
         57:ab:6f:28:71:29:33:c2:ec:7a:dd:6b:ba:ce:cd:1f:d5:cb:
         bf:35:c8:aa:7d:11:a8:2e:1d:e8:32:6f:0e:7f:df:43:f6:15:
         3c:c9:50:73:a5:78:35:5d:71:aa:bc:fa:32:c7:a2:52:8d:6a:
         c2:56:be:39:d2:9f:a6:f3:da:eb:58:e7:d3:73:c5:bb:8d:32:
         a3:1a:13:81:0a:66:8d:72:f5:30:d2:15:67:49:8b:4f:0b:7a:
         1a:3c:ee:49:b1:f2:cf:06:89:40:74:cb:1d:eb:c3:eb:1b:b0:
         a3:5e:61:99:29:91:39:90:96:1f:0a:1a:df:d4:1b:1e:3b:c4:
         f3:33:00:8f:37:8e:37:0e:3d:23:53:4f:3d:e2:17:17:28:d3:
         1a:22:6f:07:f9:61:ca:44:c7:6a:ab:38:62:5f:bc:4b:05:c5:
         0e:46:6c:2c:1c:ea:76:0f:e3:8d:6c:3b:16:cf:b3:a5:3c:2d:
         a0:5c:62:c2:9d:b9:8d:f3:df:01:47:cb:79:92:2d:c7:88:60:
         4c:73:6d:00
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ21TXtLkrRvw6KbvsS01E6GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjYwNDIyMTMwNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGJlYjg1MDIxYmQ5NDE0MWZkOWMwYmU5Njk3MjNmOTJiMjRhNDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA835WY8REi777P+1kicElxck1fpXF
J2I7fiH9xXYLlGhgEhEJWKPAcveZj0wdB81tLGBCPMyqr4NS87x3i4R9IYQKVm3q
kEi3embbzADeQuAVN3/7040vc5ioyW+7AsQEim1rNI4IZj2naAm7CAw+EcZopOAX
u0Xv9yE10brkUXgI0D1EmNrR9aVn7SZgQL+bERgVo+fN9QCLQpANjK/07xjCXQGW
6zpHS2uHJ+YLIIPBS0wZvqNyrPL+EwaYerpMkFw8RkUSd3ExFktP6igIcBg5OImV
Fgei2R9LEPkYMGmDPcOxTLK+us+2jYiCiBOuENPstyVwzOYl0AhZ21O29QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGC+uFAhvZQUH9nAvpaXI/krJKRCMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvWUw2NFVDRzlsQlFmMmNDLWxwY2otU3NrcEVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWNi1AwQC
WNjkAwQCWNjsMA0GCSqGSIb3DQEBCwUAA4IBAQBNqAHXRGULbQpsUC0ktjQFrApZ
N5TU+mRqLrSNFMS8+YUQEasQVag1PKs0okGohoJKPiXnqMdXq28ocSkzwux63Wu6
zs0f1cu/NciqfRGoLh3oMm8Of99D9hU8yVBzpXg1XXGqvPoyx6JSjWrCVr450p+m
89rrWOfTc8W7jTKjGhOBCmaNcvUw0hVnSYtPC3oaPO5JsfLPBolAdMsd68PrG7Cj
XmGZKZE5kJYfChrf1BseO8TzMwCPN443Dj0jU0894hcXKNMaIm8H+WHKRMdqqzhi
X7xLBcUORmwsHOp2D+ONbDsWz7OlPC2gXGLCnbmN898BR8t5ki3HiGBMc20A
-----END CERTIFICATE-----