Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/yNzBnOGrkspNCkA4l2fJj40JDyM.roa
File:                     yNzBnOGrkspNCkA4l2fJj40JDyM.roa (raw, json)
Hash identifier:          X4lO6aYlZpZYb4PwJtsFqoAvq06corc3bWC23qe6KEw=
Subject key identifier:   C8:DC:C1:9C:E1:AB:92:CA:4D:0A:40:38:97:67:C9:8F:8D:09:0F:23
Certificate issuer:       /CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
Certificate serial:       019CFABE1F5D58498500F4E53C93FEC49064
Authority key identifier: 29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/yNzBnOGrkspNCkA4l2fJj40JDyM.roa
Signing time:             Tue 17 Mar 2026 07:41:29 +0000
ROA not before:           Tue 17 Mar 2026 07:41:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205489
IP address blocks:        5.10.216.0/24 maxlen: 24
                          185.23.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 22:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fa:be:1f:5d:58:49:85:00:f4:e5:3c:93:fe:c4:90:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
        Validity
            Not Before: Mar 17 07:41:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c8dcc19ce1ab92ca4d0a40389767c98f8d090f23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c6:72:83:4c:5f:29:b7:b8:f1:41:86:60:b7:
                    10:c7:51:57:6b:74:97:8b:d1:24:a1:a1:ea:b3:63:
                    1f:40:48:52:56:25:d6:d7:94:9b:85:59:88:c2:e4:
                    7b:43:2b:04:01:10:bb:d4:2d:41:66:6e:f8:65:47:
                    31:7c:af:03:cc:d1:f8:c3:0d:67:18:0f:3d:e3:79:
                    fa:3a:f3:1f:d7:b3:2f:65:88:73:c0:ed:3b:a7:06:
                    47:b7:98:84:30:99:af:d1:3e:1c:30:1f:2a:8b:e8:
                    d7:55:58:44:91:97:2a:6d:2f:f2:a8:21:fd:3b:8f:
                    47:6d:3d:93:24:42:55:ef:44:7b:c0:60:e8:ad:e6:
                    42:28:9d:ea:48:20:ff:c1:ed:92:35:67:ec:3a:08:
                    90:f8:44:4b:9d:d7:f4:00:fa:5f:5a:82:ad:69:39:
                    82:68:01:b4:1b:dc:a4:6c:2d:fb:96:17:6e:c8:d9:
                    7b:3e:3e:ea:e0:5a:66:69:1a:49:71:fa:da:4b:11:
                    af:e4:45:73:59:88:44:39:17:68:9e:2d:97:50:2f:
                    d5:72:fe:5c:07:96:44:73:9d:bb:3c:56:0a:1f:7f:
                    6d:72:b9:48:d8:3e:bc:6e:91:cf:39:ff:89:4a:0d:
                    02:e3:81:4b:bf:b3:6c:91:d2:45:92:fb:83:8e:30:
                    fd:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:DC:C1:9C:E1:AB:92:CA:4D:0A:40:38:97:67:C9:8F:8D:09:0F:23
            X509v3 Authority Key Identifier:
                keyid:29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/yNzBnOGrkspNCkA4l2fJj40JDyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.216.0/24
                  185.23.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:dd:b9:4b:1f:10:8e:55:65:70:d1:ef:04:6c:9a:8b:c5:49:
         bc:db:88:e0:76:d4:55:57:7d:a3:52:f3:84:d3:bb:0a:b2:2d:
         25:50:25:b0:91:fa:00:20:01:ca:fc:90:83:af:cd:d0:9f:8a:
         7f:d4:91:87:80:f2:2a:e1:ad:94:21:cf:a8:ec:ce:b5:58:83:
         b7:33:b8:77:fb:f9:0c:e7:d2:27:ce:58:16:89:ca:70:f7:a5:
         87:f6:12:fb:26:32:8a:65:17:1b:94:97:b7:6e:5c:1b:16:d7:
         a6:08:d1:27:27:fe:0d:ae:ee:cc:9e:a2:42:79:05:ff:a0:3b:
         e0:7c:30:4c:49:67:f6:5d:5d:a5:34:e7:bf:2c:30:9a:30:c6:
         fc:e5:a9:a4:36:64:e3:21:a3:00:55:48:87:12:44:76:59:c4:
         af:42:7c:3c:cd:55:2d:df:fd:28:89:e8:2a:e3:d4:24:e2:b9:
         1b:87:0e:cb:cf:3c:fa:61:05:b0:06:7c:fb:c1:52:a2:00:37:
         96:95:47:bb:08:d2:a2:6b:9d:80:9e:66:6e:ed:ac:03:53:ff:
         bb:e5:81:a8:8f:04:ab:ff:00:9d:ef:fa:04:2f:5c:70:e7:8c:
         2b:27:64:94:d2:8e:38:12:d7:34:4e:40:5f:70:4a:e6:d8:ca:
         8e:3d:18:cd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZz6vh9dWEmFAPTlPJP+xJBkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2VmOWJlZmQxYTdlMjRjMGNjOTcyOTk4N2ZjMDY1ZDZi
NzEzMmYwHhcNMjYwMzE3MDc0MTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGRjYzE5Y2UxYWI5MmNhNGQwYTQwMzg5NzY3Yzk4ZjhkMDkwZjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8Zyg0xfKbe48UGGYLcQx1FXa3SX
i9EkoaHqs2MfQEhSViXW15SbhVmIwuR7QysEARC71C1BZm74ZUcxfK8DzNH4ww1n
GA8943n6OvMf17MvZYhzwO07pwZHt5iEMJmv0T4cMB8qi+jXVVhEkZcqbS/yqCH9
O49HbT2TJEJV70R7wGDoreZCKJ3qSCD/we2SNWfsOgiQ+ERLndf0APpfWoKtaTmC
aAG0G9ykbC37lhduyNl7Pj7q4FpmaRpJcfraSxGv5EVzWYhEORdoni2XUC/Vcv5c
B5ZEc527PFYKH39tcrlI2D68bpHPOf+JSg0C44FLv7NskdJFkvuDjjD9eQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMjcwZzhq5LKTQpAOJdnyY+NCQ8jMB8GA1UdIwQY
MBaAFCl++b79Gn4kwMyXKZh/wGXWtxMvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWIt
ZGVlNzY4NjAwMTNkLzEveU56Qm5PR3Jrc3BOQ2tBNGwyZkpqNDBKRHlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWItZGVlNzY4NjAwMTNk
LzEvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABQrYAwQA
uRftMA0GCSqGSIb3DQEBCwUAA4IBAQCw3blLHxCOVWVw0e8EbJqLxUm824jgdtRV
V32jUvOE07sKsi0lUCWwkfoAIAHK/JCDr83Qn4p/1JGHgPIq4a2UIc+o7M61WIO3
M7h3+/kM59InzlgWicpw96WH9hL7JjKKZRcblJe3blwbFtemCNEnJ/4Nru7MnqJC
eQX/oDvgfDBMSWf2XV2lNOe/LDCaMMb85amkNmTjIaMAVUiHEkR2WcSvQnw8zVUt
3/0oiegq49Qk4rkbhw7Lzzz6YQWwBnz7wVKiADeWlUe7CNKia52AnmZu7awDU/+7
5YGojwSr/wCd7/oEL1xw54wrJ2SU0o44Etc0TkBfcErm2MqOPRjN
-----END CERTIFICATE-----