Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/acd34b-357f-4307-83c0-0857e3ec03e0/1/ylpTnnja-umYtT0xG4eucRtmOO4.roa
File:                     ylpTnnja-umYtT0xG4eucRtmOO4.roa (raw, json)
Hash identifier:          fGrm2sVpnOv9GySIUrKEn7PHTRJ1EIP/yM4K2ur9PoQ=
Subject key identifier:   CA:5A:53:9E:78:DA:FA:E9:98:B5:3D:31:1B:87:AE:71:1B:66:38:EE
Certificate issuer:       /CN=11a3864558bf42892bf9e5359bdb13f03b2527a9
Certificate serial:       019D2B8EE266A944A44DDA731382485F5D12
Authority key identifier: 11:A3:86:45:58:BF:42:89:2B:F9:E5:35:9B:DB:13:F0:3B:25:27:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaOGRVi_Qokr-eU1m9sT8DslJ6k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/acd34b-357f-4307-83c0-0857e3ec03e0/1/ylpTnnja-umYtT0xG4eucRtmOO4.roa
Signing time:             Thu 26 Mar 2026 19:11:17 +0000
ROA not before:           Thu 26 Mar 2026 19:11:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199911
IP address blocks:        95.133.136.0/23 maxlen: 23
                          2001:7f8:171::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/acd34b-357f-4307-83c0-0857e3ec03e0/1/EaOGRVi_Qokr-eU1m9sT8DslJ6k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/acd34b-357f-4307-83c0-0857e3ec03e0/1/EaOGRVi_Qokr-eU1m9sT8DslJ6k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaOGRVi_Qokr-eU1m9sT8DslJ6k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2b:8e:e2:66:a9:44:a4:4d:da:73:13:82:48:5f:5d:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a3864558bf42892bf9e5359bdb13f03b2527a9
        Validity
            Not Before: Mar 26 19:11:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca5a539e78dafae998b53d311b87ae711b6638ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:40:d6:1c:24:5e:3c:d9:9e:ca:60:97:01:26:
                    cb:f0:54:ed:bd:84:a7:ea:b1:af:de:4f:b8:b2:c3:
                    5e:23:73:ce:fd:f1:95:2c:a4:07:46:e8:5e:5f:2f:
                    fb:43:76:29:06:54:f4:69:b5:f9:9e:f3:16:42:c1:
                    04:3a:a2:04:08:8a:09:79:ac:0a:f1:26:8d:50:d1:
                    0f:37:22:8f:61:eb:52:d5:5c:47:22:9f:49:24:0e:
                    20:af:c5:44:93:8c:bd:a7:85:b8:17:32:4b:6a:b2:
                    e7:c3:9d:25:df:4e:89:18:19:d5:32:6e:d5:43:8f:
                    12:8e:45:8a:7c:ab:b3:54:4b:52:13:34:0b:e4:32:
                    38:c8:37:c3:ff:36:68:91:0c:9c:d1:4e:39:e7:41:
                    73:46:f6:81:1a:f5:23:b3:e7:52:f0:ba:24:ec:55:
                    bf:8c:3c:9e:da:e7:18:02:0b:9c:93:5b:45:ef:10:
                    ac:c4:f9:44:2b:72:1d:de:93:39:d5:e8:83:a8:31:
                    5d:bb:00:60:31:e0:11:27:aa:42:48:fa:a2:c2:3c:
                    4d:19:74:88:2a:4f:3b:ff:33:91:ef:98:d5:12:5a:
                    ae:b9:a5:2c:4a:b2:fb:9e:d8:28:76:22:bc:86:23:
                    fe:ed:b5:99:4e:bb:54:25:db:a3:12:ac:ff:3e:11:
                    15:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:5A:53:9E:78:DA:FA:E9:98:B5:3D:31:1B:87:AE:71:1B:66:38:EE
            X509v3 Authority Key Identifier:
                keyid:11:A3:86:45:58:BF:42:89:2B:F9:E5:35:9B:DB:13:F0:3B:25:27:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaOGRVi_Qokr-eU1m9sT8DslJ6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/acd34b-357f-4307-83c0-0857e3ec03e0/1/ylpTnnja-umYtT0xG4eucRtmOO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/acd34b-357f-4307-83c0-0857e3ec03e0/1/EaOGRVi_Qokr-eU1m9sT8DslJ6k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.133.136.0/23
                IPv6:
                  2001:7f8:171::/48

    Signature Algorithm: sha256WithRSAEncryption
         13:e1:32:e4:36:93:98:8f:2e:92:46:18:d0:14:07:88:b0:78:
         c5:60:25:74:02:98:c8:79:bf:49:20:a3:de:36:b7:54:0f:df:
         4c:cf:31:71:e6:a3:08:f2:6a:2e:63:9c:cc:bb:59:cd:c6:f2:
         48:e6:9d:4b:d6:e0:89:ba:70:03:1e:94:cc:78:4b:a9:0f:af:
         b9:f5:c6:4d:66:13:5c:19:27:98:42:6b:5c:f1:f0:bf:b0:99:
         ed:fd:6a:5a:c6:80:80:8a:ab:b2:59:94:10:a7:a0:86:c6:36:
         8c:91:f9:45:62:68:3d:6c:4f:e7:38:2e:d8:39:0c:19:fa:d6:
         2d:45:fe:ad:87:cf:44:cd:16:81:31:c0:e8:6e:bb:cd:1e:09:
         92:a3:20:ee:81:d4:41:26:3f:f0:4f:ca:0c:08:72:c4:e4:b9:
         23:71:ba:ba:2a:50:6a:3c:0b:6a:71:3c:c9:4a:85:65:69:ac:
         4c:11:14:6f:5e:5a:b1:18:b0:9d:a2:ac:0e:31:92:60:91:53:
         5d:4f:e1:5b:9b:ec:3c:f6:92:7c:c3:e3:a9:d7:56:5c:ae:2f:
         35:d3:7e:3b:93:86:87:4a:b1:ba:c1:5f:c0:2d:59:ef:69:b1:
         dc:d0:b0:f8:04:4d:d9:7a:63:6f:d3:ff:3a:77:6e:1d:3c:b5:
         ec:f8:2f:20
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ0rjuJmqUSkTdpzE4JIX10SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTM4NjQ1NThiZjQyODkyYmY5ZTUzNTliZGIxM2YwM2Iy
NTI3YTkwHhcNMjYwMzI2MTkxMTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTVhNTM5ZTc4ZGFmYWU5OThiNTNkMzExYjg3YWU3MTFiNjYzOGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA50DWHCRePNmeymCXASbL8FTtvYSn
6rGv3k+4ssNeI3PO/fGVLKQHRuheXy/7Q3YpBlT0abX5nvMWQsEEOqIECIoJeawK
8SaNUNEPNyKPYetS1VxHIp9JJA4gr8VEk4y9p4W4FzJLarLnw50l306JGBnVMm7V
Q48SjkWKfKuzVEtSEzQL5DI4yDfD/zZokQyc0U4550FzRvaBGvUjs+dS8Lok7FW/
jDye2ucYAguck1tF7xCsxPlEK3Id3pM51eiDqDFduwBgMeARJ6pCSPqiwjxNGXSI
Kk87/zOR75jVElquuaUsSrL7ntgodiK8hiP+7bWZTrtUJdujEqz/PhEVFwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMpaU5542vrpmLU9MRuHrnEbZjjuMB8GA1UdIwQY
MBaAFBGjhkVYv0KJK/nlNZvbE/A7JSepMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFPR1JWaV9Rb2tyLWVVMW05c1Q4RHNsSjZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9hY2QzNGItMzU3Zi00MzA3LTgzYzAt
MDg1N2UzZWMwM2UwLzEveWxwVG5uamEtdW1ZdFQweEc0ZXVjUnRtT080LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9hY2QzNGItMzU3Zi00MzA3LTgzYzAtMDg1N2UzZWMwM2Uw
LzEvRWFPR1JWaV9Rb2tyLWVVMW05c1Q4RHNsSjZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBX4WIMA8E
AgACMAkDBwAgAQf4AXEwDQYJKoZIhvcNAQELBQADggEBABPhMuQ2k5iPLpJGGNAU
B4iweMVgJXQCmMh5v0kgo942t1QP30zPMXHmowjyai5jnMy7Wc3G8kjmnUvW4Im6
cAMelMx4S6kPr7n1xk1mE1wZJ5hCa1zx8L+wme39alrGgICKq7JZlBCnoIbGNoyR
+UViaD1sT+c4Ltg5DBn61i1F/q2Hz0TNFoExwOhuu80eCZKjIO6B1EEmP/BPygwI
csTkuSNxuroqUGo8C2pxPMlKhWVprEwRFG9eWrEYsJ2irA4xkmCRU11P4Vub7Dz2
knzD46nXVlyuLzXTfjuThodKsbrBX8AtWe9psdzQsPgETdl6Y2/T/zp3bh08tez4
LyA=
-----END CERTIFICATE-----