Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/YtrFFew7F-IJuvDevadQeXv6emo.roa
File:                     YtrFFew7F-IJuvDevadQeXv6emo.roa (raw, json)
Hash identifier:          lWnq704RCeMP3czSxmRASNU6IR9rB5dXUj1a3+zIN4c=
Subject key identifier:   62:DA:C5:15:EC:3B:17:E2:09:BA:F0:DE:BD:A7:50:79:7B:FA:7A:6A
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       019DE74591298F1FE053E7B6BEE21F4008F0
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/YtrFFew7F-IJuvDevadQeXv6emo.roa
Signing time:             Sat 02 May 2026 05:59:49 +0000
ROA not before:           Sat 02 May 2026 05:59:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213711
IP address blocks:        212.16.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e7:45:91:29:8f:1f:e0:53:e7:b6:be:e2:1f:40:08:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: May  2 05:59:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=62dac515ec3b17e209baf0debda750797bfa7a6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7a:b6:73:57:3b:f6:64:8d:a1:b5:5c:39:7a:
                    e1:f7:14:0f:c7:c5:69:e6:fd:f0:5b:64:62:85:20:
                    78:b9:45:1d:c8:bd:5a:e1:90:81:d3:dd:56:46:17:
                    01:f7:83:01:bd:c0:ab:68:b4:6b:83:58:06:d9:33:
                    ad:5c:63:c9:d6:57:80:72:42:c7:57:23:30:14:e5:
                    e7:c4:18:ca:de:c4:87:c9:78:0d:97:d4:70:19:ea:
                    68:90:e6:50:b1:aa:a3:ab:43:a7:c2:54:c8:b8:f6:
                    21:f0:2a:73:08:77:f8:60:05:15:21:d9:b0:df:81:
                    ec:93:9e:58:76:88:e7:83:f2:df:da:68:86:08:3f:
                    58:ec:2b:88:c6:32:e6:c9:32:2f:66:48:77:f6:89:
                    be:b2:82:5c:59:78:36:5c:6b:97:5c:50:25:46:97:
                    8c:38:01:1d:30:e2:85:3d:4f:a3:b2:d3:a6:b8:ce:
                    02:84:dd:6b:e1:04:05:05:2b:17:0e:37:26:b4:1f:
                    be:5b:be:8f:5e:50:1c:8a:45:de:42:ff:b3:f1:fa:
                    a7:a3:dd:6d:58:b4:a8:24:96:db:58:c5:e1:54:19:
                    d5:28:7c:b2:f6:37:d7:77:1c:70:91:d5:4e:ae:17:
                    49:5b:44:fb:cc:a7:43:45:64:33:1b:98:4a:fe:e1:
                    5f:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:DA:C5:15:EC:3B:17:E2:09:BA:F0:DE:BD:A7:50:79:7B:FA:7A:6A
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/YtrFFew7F-IJuvDevadQeXv6emo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.16.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:f5:0b:4f:72:ac:d6:42:55:61:f5:df:1b:79:d7:da:1c:40:
         67:b3:aa:ef:9f:1c:b9:62:8f:4e:b7:16:7b:11:3a:e2:7b:88:
         9c:ae:f3:75:3f:3b:e5:7e:9e:92:20:29:dd:8f:04:e6:6e:de:
         0e:38:c7:fb:74:bd:d8:fa:13:68:2c:fe:56:b0:93:12:05:c9:
         92:48:12:5e:36:1d:43:e7:01:ce:51:12:b1:0c:12:6d:c7:8b:
         78:59:09:d6:ef:85:bb:c7:b9:2b:82:8e:10:c4:db:0e:af:e1:
         82:5c:8f:ef:92:e4:27:96:4a:e9:5b:e2:7f:a8:a5:94:79:f2:
         9f:9b:1b:d3:48:60:2b:ee:f3:a6:ea:9e:97:4c:56:d5:b1:b0:
         41:9d:f2:20:5f:97:72:97:fa:9a:16:1b:d3:a8:7f:53:12:38:
         f4:b8:3f:0d:ab:07:bb:9e:d7:c6:aa:f5:fd:33:d7:7e:5c:01:
         93:73:0d:45:06:46:36:55:54:62:91:54:42:3f:75:08:f8:e9:
         75:03:57:ea:49:55:64:2a:41:ec:0d:e0:e9:5e:94:e4:fb:26:
         28:1c:ac:91:c2:6d:63:ff:f3:7b:ac:02:b8:f2:16:1b:b9:c2:
         e5:67:67:bb:b3:48:ab:5d:14:ee:38:34:8c:b0:6a:da:b4:6f:
         91:7f:27:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3nRZEpjx/gU+e2vuIfQAjwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjYwNTAyMDU1OTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmRhYzUxNWVjM2IxN2UyMDliYWYwZGViZGE3NTA3OTdiZmE3YTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3q2c1c79mSNobVcOXrh9xQPx8Vp
5v3wW2RihSB4uUUdyL1a4ZCB091WRhcB94MBvcCraLRrg1gG2TOtXGPJ1leAckLH
VyMwFOXnxBjK3sSHyXgNl9RwGepokOZQsaqjq0OnwlTIuPYh8CpzCHf4YAUVIdmw
34Hsk55Ydojng/Lf2miGCD9Y7CuIxjLmyTIvZkh39om+soJcWXg2XGuXXFAlRpeM
OAEdMOKFPU+jstOmuM4ChN1r4QQFBSsXDjcmtB++W76PXlAcikXeQv+z8fqno91t
WLSoJJbbWMXhVBnVKHyy9jfXdxxwkdVOrhdJW0T7zKdDRWQzG5hK/uFfXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGLaxRXsOxfiCbrw3r2nUHl7+npqMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvWXRyRkZldzdGLUlKdXZEZXZhZFFlWHY2ZW1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BBdMA0G
CSqGSIb3DQEBCwUAA4IBAQB29QtPcqzWQlVh9d8bedfaHEBns6rvnxy5Yo9OtxZ7
ETrie4icrvN1Pzvlfp6SICndjwTmbt4OOMf7dL3Y+hNoLP5WsJMSBcmSSBJeNh1D
5wHOURKxDBJtx4t4WQnW74W7x7krgo4QxNsOr+GCXI/vkuQnlkrpW+J/qKWUefKf
mxvTSGAr7vOm6p6XTFbVsbBBnfIgX5dyl/qaFhvTqH9TEjj0uD8Nqwe7ntfGqvX9
M9d+XAGTcw1FBkY2VVRikVRCP3UI+Ol1A1fqSVVkKkHsDeDpXpTk+yYoHKyRwm1j
//N7rAK48hYbucLlZ2e7s0irXRTuODSMsGratG+RfyeA
-----END CERTIFICATE-----