Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/fb7a7d-0655-4587-8af9-7700e25ff769/1/yRURA_ME4G4HnmjS22RzxWlBmrg.roa
File:                     yRURA_ME4G4HnmjS22RzxWlBmrg.roa (raw, json)
Hash identifier:          Bbk1x9eZaB94lGJyLOYQomUSMw9B6/AIocIUkwMP9Pc=
Subject key identifier:   C9:15:11:03:F3:04:E0:6E:07:9E:68:D2:DB:64:73:C5:69:41:9A:B8
Certificate issuer:       /CN=aa44eb091b3a33a87beb8e004ab15ef178fbaa00
Certificate serial:       019DD89A3484F8E46A3BAC8A5F051DFFA62F
Authority key identifier: AA:44:EB:09:1B:3A:33:A8:7B:EB:8E:00:4A:B1:5E:F1:78:FB:AA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qkTrCRs6M6h7644ASrFe8Xj7qgA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/fb7a7d-0655-4587-8af9-7700e25ff769/1/yRURA_ME4G4HnmjS22RzxWlBmrg.roa
Signing time:             Wed 29 Apr 2026 09:37:57 +0000
ROA not before:           Wed 29 Apr 2026 09:37:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208456
IP address blocks:        45.95.56.0/23 maxlen: 23
                          45.95.58.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/fb7a7d-0655-4587-8af9-7700e25ff769/1/qkTrCRs6M6h7644ASrFe8Xj7qgA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/fb7a7d-0655-4587-8af9-7700e25ff769/1/qkTrCRs6M6h7644ASrFe8Xj7qgA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qkTrCRs6M6h7644ASrFe8Xj7qgA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 13:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d8:9a:34:84:f8:e4:6a:3b:ac:8a:5f:05:1d:ff:a6:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa44eb091b3a33a87beb8e004ab15ef178fbaa00
        Validity
            Not Before: Apr 29 09:37:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c9151103f304e06e079e68d2db6473c569419ab8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:c1:b0:98:72:54:a8:a9:23:7f:f3:86:ba:24:
                    d8:20:1a:95:d2:2e:70:97:44:c3:1a:92:58:fe:49:
                    4d:6b:df:d0:b6:0b:34:43:e0:81:0a:75:62:46:de:
                    fd:d2:1a:a2:50:af:cd:9e:e4:e5:dd:e8:fc:ed:7d:
                    b3:2c:8b:b1:ef:c2:d1:4e:d7:3a:f0:f1:63:c1:31:
                    c0:b3:57:b3:76:e1:41:c3:c2:8d:1f:b5:fa:c5:04:
                    3d:0d:07:e9:c7:9f:b2:2f:65:49:21:bf:16:c4:c5:
                    f9:29:c6:d1:34:ee:66:6b:fd:a5:e2:28:2b:96:a9:
                    8c:c0:6c:28:b7:f6:e7:03:7d:89:47:fc:fd:91:dd:
                    25:d0:a8:3b:e3:f5:ad:16:92:3d:1d:80:12:e0:04:
                    e5:b4:3c:0f:0d:cb:d1:0d:81:b6:03:1e:2e:ca:af:
                    53:95:48:05:b1:78:04:db:40:36:4f:72:93:d7:cb:
                    c3:27:ff:b1:44:57:c1:5e:d7:ee:05:64:0a:24:a7:
                    cf:d2:6c:dc:17:a1:45:3f:40:dc:ac:79:a9:77:24:
                    2a:d0:4c:d1:80:16:28:0e:8e:fc:14:51:ed:7e:98:
                    dc:63:23:cd:b6:64:c9:7e:7d:3f:ca:9c:f8:34:c7:
                    bf:a5:79:73:b5:17:8d:e6:a1:6f:4b:5d:70:60:f7:
                    12:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:15:11:03:F3:04:E0:6E:07:9E:68:D2:DB:64:73:C5:69:41:9A:B8
            X509v3 Authority Key Identifier:
                keyid:AA:44:EB:09:1B:3A:33:A8:7B:EB:8E:00:4A:B1:5E:F1:78:FB:AA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qkTrCRs6M6h7644ASrFe8Xj7qgA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/fb7a7d-0655-4587-8af9-7700e25ff769/1/yRURA_ME4G4HnmjS22RzxWlBmrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/fb7a7d-0655-4587-8af9-7700e25ff769/1/qkTrCRs6M6h7644ASrFe8Xj7qgA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         55:25:0c:d4:83:71:0a:68:90:69:e8:e5:43:f0:ac:bc:05:09:
         16:01:54:cc:6d:a6:7b:c7:d5:f5:3b:10:30:10:95:2b:aa:66:
         61:1b:86:94:12:3a:20:92:af:cc:cb:d8:07:3d:8d:09:5d:e6:
         61:a8:00:0e:fe:46:9f:1f:b7:7f:c9:4b:5a:4b:d6:cb:e9:c8:
         41:f6:9b:a1:ff:47:00:e2:b3:3a:c3:0f:ac:14:c2:3e:f1:25:
         bd:93:b6:30:f3:f9:1d:a1:3f:a3:bf:39:4c:bf:01:7c:0b:0b:
         6d:b9:f6:5c:85:82:4a:93:34:c8:86:3f:30:90:10:39:ed:11:
         4f:02:f1:4f:8b:dd:fa:e4:1f:2e:b8:c0:34:2a:cf:74:ad:7b:
         19:b1:b3:76:6f:14:cc:3d:2c:5b:e9:9d:a6:8e:7c:7f:bc:f7:
         7c:d9:c8:4c:e0:f6:45:bb:56:a1:4b:c4:c4:ff:10:88:a8:45:
         20:7a:bf:0d:88:89:f0:1b:5d:3f:ad:b7:92:23:18:f9:77:3f:
         e2:2b:cb:d4:2c:35:06:56:7d:b0:e4:3d:0b:df:b7:74:c8:68:
         28:3b:4c:0e:33:bc:b0:8f:87:2c:0e:46:f9:cb:ca:da:8c:b8:
         5a:56:14:d7:d0:a8:53:bb:13:ac:00:22:13:94:77:72:3f:66:
         c1:ea:02:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3YmjSE+ORqO6yKXwUd/6YvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNDRlYjA5MWIzYTMzYTg3YmViOGUwMDRhYjE1ZWYxNzhm
YmFhMDAwHhcNMjYwNDI5MDkzNzU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTE1MTEwM2YzMDRlMDZlMDc5ZTY4ZDJkYjY0NzNjNTY5NDE5YWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAycGwmHJUqKkjf/OGuiTYIBqV0i5w
l0TDGpJY/klNa9/Qtgs0Q+CBCnViRt790hqiUK/NnuTl3ej87X2zLIux78LRTtc6
8PFjwTHAs1ezduFBw8KNH7X6xQQ9DQfpx5+yL2VJIb8WxMX5KcbRNO5ma/2l4igr
lqmMwGwot/bnA32JR/z9kd0l0Kg74/WtFpI9HYAS4ATltDwPDcvRDYG2Ax4uyq9T
lUgFsXgE20A2T3KT18vDJ/+xRFfBXtfuBWQKJKfP0mzcF6FFP0DcrHmpdyQq0EzR
gBYoDo78FFHtfpjcYyPNtmTJfn0/ypz4NMe/pXlztReN5qFvS11wYPcSJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMkVEQPzBOBuB55o0ttkc8VpQZq4MB8GA1UdIwQY
MBaAFKpE6wkbOjOoe+uOAEqxXvF4+6oAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWtUckNSczZNNmg3NjQ0QVNyRmU4WGo3cWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mYjdhN2QtMDY1NS00NTg3LThhZjkt
NzcwMGUyNWZmNzY5LzEveVJVUkFfTUU0RzRIbm1qUzIyUnp4V2xCbXJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mYjdhN2QtMDY1NS00NTg3LThhZjktNzcwMGUyNWZmNzY5
LzEvcWtUckNSczZNNmg3NjQ0QVNyRmU4WGo3cWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLV84MA0G
CSqGSIb3DQEBCwUAA4IBAQBVJQzUg3EKaJBp6OVD8Ky8BQkWAVTMbaZ7x9X1OxAw
EJUrqmZhG4aUEjogkq/My9gHPY0JXeZhqAAO/kafH7d/yUtaS9bL6chB9puh/0cA
4rM6ww+sFMI+8SW9k7Yw8/kdoT+jvzlMvwF8CwttufZchYJKkzTIhj8wkBA57RFP
AvFPi9365B8uuMA0Ks90rXsZsbN2bxTMPSxb6Z2mjnx/vPd82chM4PZFu1ahS8TE
/xCIqEUger8NiInwG10/rbeSIxj5dz/iK8vULDUGVn2w5D0L37d0yGgoO0wOM7yw
j4csDkb5y8rajLhaVhTX0KhTuxOsACITlHdyP2bB6gL3
-----END CERTIFICATE-----