Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/yrov4nRRPV6igRLek02mtd5vkyo.roa
File:                     yrov4nRRPV6igRLek02mtd5vkyo.roa (raw, json)
Hash identifier:          fVJ8c6Gp53OnwJoltMCj9bY6PdUFlMpjDKBBauJMoGw=
Subject key identifier:   CA:BA:2F:E2:74:51:3D:5E:A2:81:12:DE:93:4D:A6:B5:DE:6F:93:2A
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019DD30CD5B73977FCBA4FE87629568AAF77
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/yrov4nRRPV6igRLek02mtd5vkyo.roa
Signing time:             Tue 28 Apr 2026 07:45:26 +0000
ROA not before:           Tue 28 Apr 2026 07:45:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216096
IP address blocks:        85.189.84.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:04:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d3:0c:d5:b7:39:77:fc:ba:4f:e8:76:29:56:8a:af:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Apr 28 07:45:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=caba2fe274513d5ea28112de934da6b5de6f932a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:f6:1b:77:8f:77:fb:b4:68:3c:74:a3:37:7b:
                    c8:02:f2:24:c0:3d:8e:70:c5:2b:90:18:77:1c:43:
                    1e:ae:b5:1a:c3:3a:0e:7d:9a:df:e8:15:ed:1f:05:
                    7a:6c:05:28:5b:9b:39:47:32:aa:cd:e8:38:2c:e0:
                    e8:54:3f:cb:76:65:ac:02:a6:28:73:bf:2f:d4:6d:
                    b5:e4:a2:1b:c2:43:31:6c:ee:e3:c8:03:1e:ae:b3:
                    cc:15:a3:e6:dd:39:cf:d6:ce:bd:53:28:79:3f:56:
                    64:90:2a:8c:c3:45:82:98:ca:31:11:5f:67:7a:47:
                    57:77:fb:ab:8a:ba:15:ee:63:39:eb:3f:bf:ed:4e:
                    ed:d5:ee:43:1b:70:3d:8b:7d:59:34:05:05:e7:6e:
                    0a:51:98:e6:61:0d:13:13:48:21:ea:06:10:a4:53:
                    aa:d3:fd:38:fc:82:73:c4:ea:f4:a6:a6:72:e6:06:
                    8f:c7:f8:37:83:a4:2f:fe:39:7a:0e:41:89:56:75:
                    0b:3a:66:6f:72:17:fb:1a:15:4f:80:4a:5d:1f:f2:
                    b0:d3:21:fd:6b:e7:1f:79:af:15:d7:b9:01:66:e9:
                    fc:62:c7:44:15:b6:08:8d:d6:22:29:c1:67:1d:35:
                    bf:2a:b7:1b:97:c0:53:e4:ec:eb:fe:78:92:df:72:
                    f8:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:BA:2F:E2:74:51:3D:5E:A2:81:12:DE:93:4D:A6:B5:DE:6F:93:2A
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/yrov4nRRPV6igRLek02mtd5vkyo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.189.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         78:41:5a:48:d0:89:04:09:84:17:0e:61:d1:4c:dd:6d:ab:6b:
         d5:96:0a:8a:34:e7:aa:80:10:9b:ce:8d:b0:6e:5a:81:86:0b:
         e4:b9:9c:0a:fa:5f:85:a5:77:cd:59:c6:c8:60:df:87:1d:1c:
         dd:ed:dd:5c:c9:58:3e:9e:e1:a2:f8:be:0b:cf:88:f8:1e:b4:
         9e:6c:b1:81:d5:45:9e:24:46:d8:b6:d1:f2:cd:88:69:0b:f3:
         f7:7b:d0:36:f1:49:b3:70:99:37:84:bf:73:4c:9b:67:6e:99:
         ff:7e:a4:ba:7f:11:e2:67:14:07:da:1d:ed:4c:ad:28:62:2f:
         af:9d:95:bd:04:c1:bf:68:d4:03:8e:b5:19:c4:1c:57:6c:36:
         3a:9b:c8:db:4d:a2:84:49:ff:0d:5d:0b:24:94:ca:fa:8e:4a:
         1f:81:0f:70:f9:94:a9:d5:01:31:fb:60:83:6a:32:15:5a:70:
         9f:9a:5e:74:86:b2:46:e8:bb:02:5c:c8:f3:e4:a5:cb:41:1a:
         01:c2:7d:dc:1c:41:fd:1a:a4:7d:df:40:d5:60:5b:c3:df:ed:
         32:bb:4e:4e:13:4d:6b:6e:0f:63:de:ac:dc:e9:b4:67:3d:20:
         f4:88:59:26:df:3a:4c:b2:d0:1c:30:62:d2:8b:cd:69:2f:11:
         90:4c:88:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3TDNW3OXf8uk/odilWiq93MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNDI4MDc0NTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWJhMmZlMjc0NTEzZDVlYTI4MTEyZGU5MzRkYTZiNWRlNmY5MzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvYbd493+7RoPHSjN3vIAvIkwD2O
cMUrkBh3HEMerrUawzoOfZrf6BXtHwV6bAUoW5s5RzKqzeg4LODoVD/LdmWsAqYo
c78v1G215KIbwkMxbO7jyAMerrPMFaPm3TnP1s69Uyh5P1ZkkCqMw0WCmMoxEV9n
ekdXd/uriroV7mM56z+/7U7t1e5DG3A9i31ZNAUF524KUZjmYQ0TE0gh6gYQpFOq
0/04/IJzxOr0pqZy5gaPx/g3g6Qv/jl6DkGJVnULOmZvchf7GhVPgEpdH/Kw0yH9
a+cfea8V17kBZun8YsdEFbYIjdYiKcFnHTW/Krcbl8BT5Ozr/niS33L46QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMq6L+J0UT1eooES3pNNprXeb5MqMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEveXJvdjRuUlJQVjZpZ1JMZWswMm10ZDV2a3lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVb1UMA0G
CSqGSIb3DQEBCwUAA4IBAQB4QVpI0IkECYQXDmHRTN1tq2vVlgqKNOeqgBCbzo2w
blqBhgvkuZwK+l+FpXfNWcbIYN+HHRzd7d1cyVg+nuGi+L4Lz4j4HrSebLGB1UWe
JEbYttHyzYhpC/P3e9A28UmzcJk3hL9zTJtnbpn/fqS6fxHiZxQH2h3tTK0oYi+v
nZW9BMG/aNQDjrUZxBxXbDY6m8jbTaKESf8NXQsklMr6jkofgQ9w+ZSp1QEx+2CD
ajIVWnCfml50hrJG6LsCXMjz5KXLQRoBwn3cHEH9GqR930DVYFvD3+0yu05OE01r
bg9j3qzc6bRnPSD0iFkm3zpMstAcMGLSi81pLxGQTIiZ
-----END CERTIFICATE-----