Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/y_GcCsfSfaQjGz_SPaSfHi-dJc8.roa
File:                     y_GcCsfSfaQjGz_SPaSfHi-dJc8.roa (raw, json)
Hash identifier:          AgL+OrWbRwy8UGkbrgT4UM/oCwI3h3pWQBfXUwydd1E=
Subject key identifier:   CB:F1:9C:0A:C7:D2:7D:A4:23:1B:3F:D2:3D:A4:9F:1E:2F:9D:25:CF
Certificate issuer:       /CN=07f231365985828d5a9663ed1b440624b24fec13
Certificate serial:       019D0B6A4FE788239F0CB023CB576803FFF0
Authority key identifier: 07:F2:31:36:59:85:82:8D:5A:96:63:ED:1B:44:06:24:B2:4F:EC:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/y_GcCsfSfaQjGz_SPaSfHi-dJc8.roa
Signing time:             Fri 20 Mar 2026 13:23:29 +0000
ROA not before:           Fri 20 Mar 2026 13:23:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2914
IP address blocks:        36.255.92.0/23 maxlen: 23
                          36.255.92.0/24 maxlen: 24
                          36.255.93.0/24 maxlen: 24
                          36.255.94.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0b:6a:4f:e7:88:23:9f:0c:b0:23:cb:57:68:03:ff:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07f231365985828d5a9663ed1b440624b24fec13
        Validity
            Not Before: Mar 20 13:23:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cbf19c0ac7d27da4231b3fd23da49f1e2f9d25cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:7b:06:d8:f6:bc:64:d0:f1:c0:82:26:93:ce:
                    83:88:6c:0d:bf:f3:b0:3f:39:2e:3b:d4:9a:e6:1f:
                    44:ec:eb:44:a0:fc:58:60:4c:3c:b3:56:23:26:35:
                    ab:02:a7:c8:f0:ef:db:51:17:61:2b:53:35:a5:bd:
                    55:85:08:09:8b:1d:78:21:a6:79:73:21:a9:df:d4:
                    96:13:d8:2c:42:a9:e1:fa:db:a6:49:5b:78:3d:67:
                    2c:06:72:cb:c0:9d:37:59:a6:3f:aa:a6:9e:00:c7:
                    72:a5:eb:e8:d2:77:84:1e:85:a7:3e:1c:6f:ed:12:
                    fd:ba:9e:5a:2f:bb:a2:e7:b1:f1:4e:13:05:8c:95:
                    a8:c2:50:91:e3:79:96:a7:ca:ec:27:29:a1:4c:54:
                    fb:3e:f4:e2:f8:75:75:97:d1:b7:41:82:37:4a:73:
                    7b:20:ac:93:79:04:e1:1a:5e:33:dd:c7:a4:27:10:
                    a2:a1:b7:53:40:87:41:82:f0:8f:7f:e3:aa:bb:88:
                    47:1d:60:70:13:ab:ef:85:c5:4c:cb:e6:78:f0:23:
                    79:e2:ba:be:d2:2d:84:ae:fc:cc:ce:ac:4e:c8:4d:
                    6f:70:06:cf:19:c4:4d:88:2a:3a:a0:6d:aa:71:6c:
                    ee:ff:ba:42:17:53:3b:7d:6b:3e:65:57:8e:f0:c7:
                    ae:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:F1:9C:0A:C7:D2:7D:A4:23:1B:3F:D2:3D:A4:9F:1E:2F:9D:25:CF
            X509v3 Authority Key Identifier:
                keyid:07:F2:31:36:59:85:82:8D:5A:96:63:ED:1B:44:06:24:B2:4F:EC:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/y_GcCsfSfaQjGz_SPaSfHi-dJc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  36.255.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3f:49:13:64:17:0d:48:a9:62:e2:d5:db:50:b3:66:3a:28:27:
         97:32:13:86:d5:63:c0:1f:1c:fb:43:f6:bb:c8:4f:44:d0:03:
         46:ce:27:83:96:ae:2a:b8:f0:18:4f:10:e9:35:51:f1:4c:e3:
         8a:69:e8:eb:dc:0c:f9:d3:80:93:db:b2:43:ec:50:72:67:d0:
         af:20:aa:52:bc:c5:45:fc:0b:21:7c:f1:b7:ae:15:b2:d9:31:
         86:89:8a:c2:d7:6b:36:5b:d9:ad:66:a3:8a:64:3b:b7:82:8f:
         9f:20:d9:97:72:64:3f:77:aa:6b:c5:75:b5:f6:bf:d8:c4:1b:
         a1:61:c9:3f:e7:31:c5:ae:b8:b5:a3:e0:f6:a1:31:bd:81:f0:
         48:d4:df:2f:d6:6c:8a:4e:fe:44:8e:87:ab:67:be:26:66:d9:
         34:de:2b:5b:93:ec:80:e2:a1:74:b8:0c:91:47:33:33:da:05:
         bb:d7:38:8e:94:e4:96:cb:62:f4:f6:f1:d2:d7:f3:cb:98:b2:
         78:05:f6:47:f7:24:0e:74:1f:bc:28:aa:17:ba:a3:19:fe:e4:
         91:86:43:83:74:6a:f2:4b:12:f8:68:a0:ed:9c:df:1d:81:85:
         17:ed:7d:96:83:93:a8:88:1d:57:8f:48:b6:be:b8:5a:e0:54:
         8a:60:58:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0Lak/niCOfDLAjy1doA//wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZjIzMTM2NTk4NTgyOGQ1YTk2NjNlZDFiNDQwNjI0YjI0
ZmVjMTMwHhcNMjYwMzIwMTMyMzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmYxOWMwYWM3ZDI3ZGE0MjMxYjNmZDIzZGE0OWYxZTJmOWQyNWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHsG2Pa8ZNDxwIImk86DiGwNv/Ow
PzkuO9Sa5h9E7OtEoPxYYEw8s1YjJjWrAqfI8O/bURdhK1M1pb1VhQgJix14IaZ5
cyGp39SWE9gsQqnh+tumSVt4PWcsBnLLwJ03WaY/qqaeAMdypevo0neEHoWnPhxv
7RL9up5aL7ui57HxThMFjJWowlCR43mWp8rsJymhTFT7PvTi+HV1l9G3QYI3SnN7
IKyTeQThGl4z3cekJxCiobdTQIdBgvCPf+Oqu4hHHWBwE6vvhcVMy+Z48CN54rq+
0i2ErvzMzqxOyE1vcAbPGcRNiCo6oG2qcWzu/7pCF1M7fWs+ZVeO8MeuFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMvxnArH0n2kIxs/0j2knx4vnSXPMB8GA1UdIwQY
MBaAFAfyMTZZhYKNWpZj7RtEBiSyT+wTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9JeE5sbUZnbzFhbG1QdEcwUUdKTEpQN0JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9lZjVmYjMtM2U1Ni00Yjc3LWFhYzct
MDg1ZmEwYTU2MDUyLzEveV9HY0NzZlNmYVFqR3pfU1BhU2ZIaS1kSmM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9lZjVmYjMtM2U1Ni00Yjc3LWFhYzctMDg1ZmEwYTU2MDUy
LzEvQl9JeE5sbUZnbzFhbG1QdEcwUUdKTEpQN0JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJP9cMA0G
CSqGSIb3DQEBCwUAA4IBAQA/SRNkFw1IqWLi1dtQs2Y6KCeXMhOG1WPAHxz7Q/a7
yE9E0ANGzieDlq4quPAYTxDpNVHxTOOKaejr3Az504CT27JD7FByZ9CvIKpSvMVF
/AshfPG3rhWy2TGGiYrC12s2W9mtZqOKZDu3go+fINmXcmQ/d6prxXW19r/YxBuh
Yck/5zHFrri1o+D2oTG9gfBI1N8v1myKTv5EjoerZ74mZtk03itbk+yA4qF0uAyR
RzMz2gW71ziOlOSWy2L09vHS1/PLmLJ4BfZH9yQOdB+8KKoXuqMZ/uSRhkODdGry
SxL4aKDtnN8dgYUX7X2Wg5OoiB1Xj0i2vrha4FSKYFgf
-----END CERTIFICATE-----