Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/207da3-8a9e-4c1c-93c9-8eb854c9fc8d/1/Yv4GaEJIAdTbY-p5QqYedKqtIAM.roa
File:                     Yv4GaEJIAdTbY-p5QqYedKqtIAM.roa (raw, json)
Hash identifier:          tNr0fHXdSpSBz2ryPJ1QU5+Ji6Ji73iPqme/JR8I6kE=
Subject key identifier:   62:FE:06:68:42:48:01:D4:DB:63:EA:79:42:A6:1E:74:AA:AD:20:03
Certificate issuer:       /CN=3dc79c7c07d435fa00f2c7ca0b1e50664da04d48
Certificate serial:       019CF5CCDC9B27A3FB3E5E598BF7779E17C4
Authority key identifier: 3D:C7:9C:7C:07:D4:35:FA:00:F2:C7:CA:0B:1E:50:66:4D:A0:4D:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PcecfAfUNfoA8sfKCx5QZk2gTUg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/207da3-8a9e-4c1c-93c9-8eb854c9fc8d/1/Yv4GaEJIAdTbY-p5QqYedKqtIAM.roa
Signing time:             Mon 16 Mar 2026 08:39:29 +0000
ROA not before:           Mon 16 Mar 2026 08:39:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44867
IP address blocks:        195.66.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/207da3-8a9e-4c1c-93c9-8eb854c9fc8d/1/PcecfAfUNfoA8sfKCx5QZk2gTUg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/207da3-8a9e-4c1c-93c9-8eb854c9fc8d/1/PcecfAfUNfoA8sfKCx5QZk2gTUg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PcecfAfUNfoA8sfKCx5QZk2gTUg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f5:cc:dc:9b:27:a3:fb:3e:5e:59:8b:f7:77:9e:17:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3dc79c7c07d435fa00f2c7ca0b1e50664da04d48
        Validity
            Not Before: Mar 16 08:39:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=62fe0668424801d4db63ea7942a61e74aaad2003
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:8c:21:b0:b6:3d:60:2d:d0:f5:fe:9f:fb:77:
                    a2:0e:c3:86:9f:10:ef:b6:1c:63:41:c9:98:f5:4a:
                    a2:dc:5a:b1:03:ee:7c:2f:a6:0e:30:74:3f:65:8c:
                    2e:d0:e3:61:78:cc:fe:25:c4:b8:9b:0e:3f:89:b2:
                    6e:d6:4b:a5:73:75:1f:64:e7:91:3a:ff:37:1c:e0:
                    8d:39:02:f2:95:9c:16:0b:d5:e3:90:93:a5:81:ac:
                    bb:5b:9f:94:cf:ed:ed:d6:68:5f:50:f2:dc:61:0f:
                    8f:e0:d4:75:25:d4:b1:39:1a:6f:84:aa:f4:f4:b6:
                    fa:fe:50:7b:75:ab:ee:72:92:4c:9b:40:66:de:a3:
                    cc:c7:1e:ff:b1:bf:48:f6:65:45:5f:04:af:85:b9:
                    46:fa:10:88:21:7b:fe:ca:a0:a3:3e:82:d5:85:c9:
                    4c:19:9a:ea:33:5d:49:d7:62:30:55:cf:01:78:5d:
                    01:28:a2:b8:35:5a:80:5e:d7:2e:e1:2a:23:e3:9f:
                    a1:03:ce:58:37:65:10:1a:ed:c7:3d:e7:00:a2:be:
                    4b:9d:20:c1:41:85:66:80:4e:48:f9:aa:88:7f:c5:
                    1b:8c:03:e5:d8:2d:40:76:39:a6:91:ee:1d:50:19:
                    a1:d3:4f:7f:2b:af:a9:03:cf:bf:07:19:8a:e6:1b:
                    ee:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:FE:06:68:42:48:01:D4:DB:63:EA:79:42:A6:1E:74:AA:AD:20:03
            X509v3 Authority Key Identifier:
                keyid:3D:C7:9C:7C:07:D4:35:FA:00:F2:C7:CA:0B:1E:50:66:4D:A0:4D:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PcecfAfUNfoA8sfKCx5QZk2gTUg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/207da3-8a9e-4c1c-93c9-8eb854c9fc8d/1/Yv4GaEJIAdTbY-p5QqYedKqtIAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/207da3-8a9e-4c1c-93c9-8eb854c9fc8d/1/PcecfAfUNfoA8sfKCx5QZk2gTUg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.66.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:fe:cf:70:1d:b0:43:62:64:a6:5e:9a:23:0c:d4:84:8c:fe:
         f2:c1:e3:9c:4d:19:3e:e5:8f:02:05:e2:af:6f:29:a4:82:cc:
         c6:dc:81:ab:bf:57:03:a4:d4:25:19:70:60:51:1a:61:17:16:
         75:25:5e:1d:06:4d:87:12:7e:5a:85:25:e9:ac:95:76:65:10:
         c3:42:9a:33:56:42:9f:5d:2d:a0:17:8e:b1:00:8d:a1:d9:c7:
         10:4b:a7:5e:46:4e:93:3d:ca:25:aa:28:07:28:9b:a2:e9:db:
         b6:e5:22:0b:5b:6a:34:28:34:c3:0c:29:d1:8a:2d:d4:71:06:
         d3:f7:62:be:de:ca:81:a5:48:3c:8f:55:cf:6d:e2:5f:be:23:
         ef:da:b8:32:80:e9:fc:7e:a2:9e:cc:95:bf:18:e4:c2:ca:5d:
         f6:91:6b:d7:2a:73:77:da:42:38:40:97:da:00:4f:41:8e:72:
         3b:a5:92:19:36:37:99:0a:23:43:8a:8f:3b:30:72:62:1e:f7:
         4a:c9:52:0b:17:1f:1b:a4:d8:af:ed:55:80:c4:ae:e6:ba:ae:
         1d:83:5e:08:93:72:1a:e5:b0:ac:1a:56:a8:a4:84:80:09:ff:
         a5:1a:33:fd:e3:57:24:b2:1b:7c:c0:1b:9a:0b:35:53:15:7f:
         e8:90:39:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz1zNybJ6P7Pl5Zi/d3nhfEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkYzc5YzdjMDdkNDM1ZmEwMGYyYzdjYTBiMWU1MDY2NGRh
MDRkNDgwHhcNMjYwMzE2MDgzOTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmZlMDY2ODQyNDgwMWQ0ZGI2M2VhNzk0MmE2MWU3NGFhYWQyMDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1IwhsLY9YC3Q9f6f+3eiDsOGnxDv
thxjQcmY9Uqi3FqxA+58L6YOMHQ/ZYwu0ONheMz+JcS4mw4/ibJu1kulc3UfZOeR
Ov83HOCNOQLylZwWC9XjkJOlgay7W5+Uz+3t1mhfUPLcYQ+P4NR1JdSxORpvhKr0
9Lb6/lB7davucpJMm0Bm3qPMxx7/sb9I9mVFXwSvhblG+hCIIXv+yqCjPoLVhclM
GZrqM11J12IwVc8BeF0BKKK4NVqAXtcu4Soj45+hA85YN2UQGu3HPecAor5LnSDB
QYVmgE5I+aqIf8UbjAPl2C1Adjmmke4dUBmh009/K6+pA8+/BxmK5hvu6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGL+BmhCSAHU22PqeUKmHnSqrSADMB8GA1UdIwQY
MBaAFD3HnHwH1DX6APLHygseUGZNoE1IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGNlY2ZBZlVOZm9BOHNmS0N4NVFaazJnVFVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8yMDdkYTMtOGE5ZS00YzFjLTkzYzkt
OGViODU0YzlmYzhkLzEvWXY0R2FFSklBZFRiWS1wNVFxWWVkS3F0SUFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8yMDdkYTMtOGE5ZS00YzFjLTkzYzktOGViODU0YzlmYzhk
LzEvUGNlY2ZBZlVOZm9BOHNmS0N4NVFaazJnVFVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0JxMA0G
CSqGSIb3DQEBCwUAA4IBAQAh/s9wHbBDYmSmXpojDNSEjP7yweOcTRk+5Y8CBeKv
bymkgszG3IGrv1cDpNQlGXBgURphFxZ1JV4dBk2HEn5ahSXprJV2ZRDDQpozVkKf
XS2gF46xAI2h2ccQS6deRk6TPcolqigHKJui6du25SILW2o0KDTDDCnRii3UcQbT
92K+3sqBpUg8j1XPbeJfviPv2rgygOn8fqKezJW/GOTCyl32kWvXKnN32kI4QJfa
AE9BjnI7pZIZNjeZCiNDio87MHJiHvdKyVILFx8bpNiv7VWAxK7muq4dg14Ik3Ia
5bCsGlaopISACf+lGjP941cksht8wBuaCzVTFX/okDnx
-----END CERTIFICATE-----