Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/YKwVO6J1b4ExwyHVDQjGHs2Can4.roa
File:                     YKwVO6J1b4ExwyHVDQjGHs2Can4.roa (raw, json)
Hash identifier:          pl7+xJ/SzwIfSGpqx+/qXs74bUOk7Wmc4kuXYBvLLtg=
Subject key identifier:   60:AC:15:3B:A2:75:6F:81:31:C3:21:D5:0D:08:C6:1E:CD:82:6A:7E
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019E15CD4FE303230B82703CB37DFF463FFB
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/YKwVO6J1b4ExwyHVDQjGHs2Can4.roa
Signing time:             Mon 11 May 2026 06:50:37 +0000
ROA not before:           Mon 11 May 2026 06:50:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205960
IP address blocks:        45.128.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:15:cd:4f:e3:03:23:0b:82:70:3c:b3:7d:ff:46:3f:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: May 11 06:50:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=60ac153ba2756f8131c321d50d08c61ecd826a7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:d3:a3:6e:b5:26:f2:af:65:04:13:7f:c8:ff:
                    7f:b5:d2:5f:89:27:42:aa:9b:5a:e7:b9:08:96:5b:
                    63:65:fa:9d:c7:66:86:24:26:e2:c6:de:88:3f:e7:
                    fd:fc:12:ed:04:3d:40:43:1d:e9:62:79:d9:23:ad:
                    b8:b2:e3:4a:7e:b8:14:07:67:61:ea:96:17:29:82:
                    72:34:73:1c:cd:d6:17:1e:0f:15:62:88:d8:ee:c7:
                    ce:66:02:80:98:b9:86:7b:17:e0:ca:14:b2:04:73:
                    91:f3:89:5a:3a:92:65:2b:b3:50:87:a1:cc:01:d5:
                    51:6f:1c:c0:f0:21:62:79:cf:81:97:28:21:57:51:
                    e5:44:89:37:55:11:db:99:a3:9c:bd:ad:90:fb:48:
                    19:96:22:1f:cc:c3:2e:0c:6f:9c:dd:8c:18:26:bf:
                    9f:53:c4:d4:04:11:81:81:33:a0:90:11:9f:90:af:
                    fa:37:48:8b:45:1d:bd:07:7d:32:f6:20:df:f6:22:
                    df:ec:b2:b1:f9:bc:b5:43:2f:2f:44:9f:ba:9e:92:
                    a9:8b:85:25:e3:75:99:ea:28:67:20:a3:c0:ae:16:
                    33:8c:4a:12:0a:74:d9:c1:4b:b0:eb:93:ce:08:21:
                    d3:5f:11:7d:33:33:77:37:33:74:2b:fe:eb:a8:32:
                    65:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:AC:15:3B:A2:75:6F:81:31:C3:21:D5:0D:08:C6:1E:CD:82:6A:7E
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/YKwVO6J1b4ExwyHVDQjGHs2Can4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:72:dc:68:4b:84:00:ca:05:6b:41:a6:5d:6f:e0:6b:17:fe:
         7e:ef:78:d5:43:d5:82:76:df:5d:4c:7b:79:85:3a:5c:95:c3:
         41:af:79:10:cf:15:df:c3:27:9b:4d:f7:70:fd:d6:71:2c:28:
         d6:0a:4e:50:24:c8:6f:67:20:38:f4:62:ce:91:c5:c0:e1:d7:
         0c:62:67:19:02:49:6c:3f:18:c2:f8:d7:10:78:01:1a:58:c6:
         30:61:f7:0b:cf:53:0e:25:2b:5e:89:5e:0e:71:88:c7:06:3b:
         cb:e3:2c:56:72:db:70:b9:50:6c:c7:7b:52:95:13:5b:d7:b6:
         0f:82:8d:be:3c:47:25:78:b8:8a:6b:69:e6:e6:de:5d:8e:c6:
         96:be:57:06:d7:e0:11:cd:c1:44:a8:95:6c:58:27:9f:20:43:
         05:5d:54:fe:b4:91:50:d1:eb:8d:e2:b3:62:ee:53:9f:65:48:
         24:19:1b:05:6c:a0:f7:36:82:f8:62:a4:94:6d:8c:dc:5f:bd:
         44:08:79:df:77:bc:73:8d:22:0e:d6:ec:73:d3:1b:74:fa:68:
         8e:4b:a1:46:c3:89:e7:df:c9:e9:63:eb:ab:8a:a6:c6:4b:6f:
         1f:3b:43:a2:ea:a8:55:a3:1f:c3:d0:6e:6a:33:15:6c:3d:25:
         f5:a6:34:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4VzU/jAyMLgnA8s33/Rj/7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNTExMDY1MDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGFjMTUzYmEyNzU2ZjgxMzFjMzIxZDUwZDA4YzYxZWNkODI2YTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdOjbrUm8q9lBBN/yP9/tdJfiSdC
qpta57kIlltjZfqdx2aGJCbixt6IP+f9/BLtBD1AQx3pYnnZI624suNKfrgUB2dh
6pYXKYJyNHMczdYXHg8VYojY7sfOZgKAmLmGexfgyhSyBHOR84laOpJlK7NQh6HM
AdVRbxzA8CFiec+BlyghV1HlRIk3VRHbmaOcva2Q+0gZliIfzMMuDG+c3YwYJr+f
U8TUBBGBgTOgkBGfkK/6N0iLRR29B30y9iDf9iLf7LKx+by1Qy8vRJ+6npKpi4Ul
43WZ6ihnIKPArhYzjEoSCnTZwUuw65POCCHTXxF9MzN3NzN0K/7rqDJl1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCsFTuidW+BMcMh1Q0Ixh7Ngmp+MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvWUt3Vk82SjFiNEV4d3lIVkRRakdIczJDYW40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYBOMA0G
CSqGSIb3DQEBCwUAA4IBAQAFctxoS4QAygVrQaZdb+BrF/5+73jVQ9WCdt9dTHt5
hTpclcNBr3kQzxXfwyebTfdw/dZxLCjWCk5QJMhvZyA49GLOkcXA4dcMYmcZAkls
PxjC+NcQeAEaWMYwYfcLz1MOJSteiV4OcYjHBjvL4yxWcttwuVBsx3tSlRNb17YP
go2+PEcleLiKa2nm5t5djsaWvlcG1+ARzcFEqJVsWCefIEMFXVT+tJFQ0euN4rNi
7lOfZUgkGRsFbKD3NoL4YqSUbYzcX71ECHnfd7xzjSIO1uxz0xt0+miOS6FGw4nn
38npY+uriqbGS28fO0Oi6qhVox/D0G5qMxVsPSX1pjRg
-----END CERTIFICATE-----