Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/92a128-c5b2-42f7-8928-630557f7fc6e/1/YPt-dHjNBE3OqW-bVt7EKdFMZsQ.roa
File:                     YPt-dHjNBE3OqW-bVt7EKdFMZsQ.roa (raw, json)
Hash identifier:          iVX85Zb3iLd8AnDmD5uCyZr3V0K28Ja3+wsxvcGoNJ8=
Subject key identifier:   60:FB:7E:74:78:CD:04:4D:CE:A9:6F:9B:56:DE:C4:29:D1:4C:66:C4
Certificate issuer:       /CN=4626b2ea5d3aa32607abd18d6221456b4ccdb388
Certificate serial:       019C99046134BE3E8E0D2BD7431C5B1600DD
Authority key identifier: 46:26:B2:EA:5D:3A:A3:26:07:AB:D1:8D:62:21:45:6B:4C:CD:B3:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Riay6l06oyYHq9GNYiFFa0zNs4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/92a128-c5b2-42f7-8928-630557f7fc6e/1/YPt-dHjNBE3OqW-bVt7EKdFMZsQ.roa
Signing time:             Thu 26 Feb 2026 08:15:26 +0000
ROA not before:           Thu 26 Feb 2026 08:15:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197875
IP address blocks:        91.231.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/92a128-c5b2-42f7-8928-630557f7fc6e/1/Riay6l06oyYHq9GNYiFFa0zNs4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/92a128-c5b2-42f7-8928-630557f7fc6e/1/Riay6l06oyYHq9GNYiFFa0zNs4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Riay6l06oyYHq9GNYiFFa0zNs4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:99:04:61:34:be:3e:8e:0d:2b:d7:43:1c:5b:16:00:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4626b2ea5d3aa32607abd18d6221456b4ccdb388
        Validity
            Not Before: Feb 26 08:15:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=60fb7e7478cd044dcea96f9b56dec429d14c66c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:b7:ca:02:98:04:86:f5:a9:4b:b8:2d:ab:cb:
                    11:23:07:0d:d1:ef:a2:c0:ad:bd:ca:d8:12:a3:4b:
                    1f:9d:6e:eb:c8:61:52:20:cb:2f:0f:13:cc:b6:0b:
                    a1:a9:aa:c9:de:e9:26:1e:18:27:24:5c:19:93:05:
                    f9:51:a1:4d:31:d1:8e:27:a3:81:ec:83:4b:a4:ba:
                    1b:6d:8a:af:07:31:20:df:a7:28:5b:a7:bc:49:7b:
                    5b:1e:4e:e7:3a:47:e3:85:fd:9f:38:4e:65:49:6f:
                    3e:3a:21:42:2a:98:91:b6:23:58:a5:c8:80:93:73:
                    bf:8d:7a:a1:dc:4c:19:a0:c4:6b:72:cd:0d:10:91:
                    e0:21:a5:4a:4c:c0:83:b0:e1:24:17:f9:c0:80:2d:
                    e3:3d:16:08:79:86:89:7b:55:d3:21:c7:99:1a:e9:
                    3d:a3:d6:d1:38:b7:1c:e2:32:47:73:a4:af:ab:0e:
                    ee:cf:f5:90:f3:93:8b:cd:f3:df:42:41:86:40:7a:
                    a0:87:bb:3e:0a:f9:58:bc:a7:b6:b3:c6:d6:12:0b:
                    10:43:d6:bb:88:e9:b5:47:8f:6f:42:99:f5:34:2f:
                    c3:24:3f:26:ac:db:39:e1:17:5f:cf:ab:64:78:70:
                    72:1f:e0:0f:6e:b2:9c:66:47:65:5b:06:b5:b0:b8:
                    90:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:FB:7E:74:78:CD:04:4D:CE:A9:6F:9B:56:DE:C4:29:D1:4C:66:C4
            X509v3 Authority Key Identifier:
                keyid:46:26:B2:EA:5D:3A:A3:26:07:AB:D1:8D:62:21:45:6B:4C:CD:B3:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Riay6l06oyYHq9GNYiFFa0zNs4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/92a128-c5b2-42f7-8928-630557f7fc6e/1/YPt-dHjNBE3OqW-bVt7EKdFMZsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/92a128-c5b2-42f7-8928-630557f7fc6e/1/Riay6l06oyYHq9GNYiFFa0zNs4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:24:06:34:c2:c8:b3:cd:c2:70:20:f1:1d:e8:4f:66:4d:02:
         35:82:1b:e9:d6:64:54:1f:61:b7:53:55:d9:fa:6e:0c:d9:11:
         f2:aa:90:e6:bb:6d:4e:33:f1:6f:c4:98:d6:31:50:e6:5c:bd:
         d8:b9:9f:f0:aa:e5:41:7f:51:20:ef:2b:1e:9e:26:98:d3:3a:
         f5:18:bb:4a:d7:7d:56:81:a9:04:55:c4:81:03:c0:f7:e7:2f:
         dc:eb:4d:ac:a6:46:8c:a2:4a:3b:de:1a:a2:a0:d9:92:97:21:
         2a:a1:ba:d8:d6:1d:1b:b4:80:3f:60:ae:9b:21:3a:4c:e7:e9:
         0d:30:4f:31:7c:8f:bc:60:a3:cd:70:c6:51:56:c9:8b:4a:88:
         51:d8:64:9b:51:bd:ad:d3:76:cb:c9:8c:9a:cb:12:5a:a7:a2:
         73:39:9d:02:a9:8c:ac:e6:6d:8b:ea:56:af:0d:2d:67:e8:58:
         90:90:21:11:c3:5d:23:d1:7e:75:79:23:e7:99:b2:91:c9:0a:
         f7:19:b1:c9:2c:0d:ea:9f:6c:9c:8a:8c:4b:a3:4d:cb:42:18:
         73:0a:70:60:bb:88:a4:f3:e3:cc:af:c3:2a:84:57:d4:9b:a9:
         ca:5e:cf:32:31:3e:af:62:16:6c:c8:0f:1c:4e:71:6c:2b:0f:
         15:5f:94:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyZBGE0vj6ODSvXQxxbFgDdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2MjZiMmVhNWQzYWEzMjYwN2FiZDE4ZDYyMjE0NTZiNGNj
ZGIzODgwHhcNMjYwMjI2MDgxNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGZiN2U3NDc4Y2QwNDRkY2VhOTZmOWI1NmRlYzQyOWQxNGM2NmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprfKApgEhvWpS7gtq8sRIwcN0e+i
wK29ytgSo0sfnW7ryGFSIMsvDxPMtguhqarJ3ukmHhgnJFwZkwX5UaFNMdGOJ6OB
7INLpLobbYqvBzEg36coW6e8SXtbHk7nOkfjhf2fOE5lSW8+OiFCKpiRtiNYpciA
k3O/jXqh3EwZoMRrcs0NEJHgIaVKTMCDsOEkF/nAgC3jPRYIeYaJe1XTIceZGuk9
o9bROLcc4jJHc6Svqw7uz/WQ85OLzfPfQkGGQHqgh7s+CvlYvKe2s8bWEgsQQ9a7
iOm1R49vQpn1NC/DJD8mrNs54Rdfz6tkeHByH+APbrKcZkdlWwa1sLiQYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGD7fnR4zQRNzqlvm1bexCnRTGbEMB8GA1UdIwQY
MBaAFEYmsupdOqMmB6vRjWIhRWtMzbOIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmlheTZsMDZveVlIcTlHTllpRkZhMHpOczRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy85MmExMjgtYzViMi00MmY3LTg5Mjgt
NjMwNTU3ZjdmYzZlLzEvWVB0LWRIak5CRTNPcVctYlZ0N0VLZEZNWnNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy85MmExMjgtYzViMi00MmY3LTg5MjgtNjMwNTU3ZjdmYzZl
LzEvUmlheTZsMDZveVlIcTlHTllpRkZhMHpOczRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+erMA0G
CSqGSIb3DQEBCwUAA4IBAQBlJAY0wsizzcJwIPEd6E9mTQI1ghvp1mRUH2G3U1XZ
+m4M2RHyqpDmu21OM/FvxJjWMVDmXL3YuZ/wquVBf1Eg7yseniaY0zr1GLtK131W
gakEVcSBA8D35y/c602spkaMoko73hqioNmSlyEqobrY1h0btIA/YK6bITpM5+kN
ME8xfI+8YKPNcMZRVsmLSohR2GSbUb2t03bLyYyayxJap6JzOZ0CqYys5m2L6lav
DS1n6FiQkCERw10j0X51eSPnmbKRyQr3GbHJLA3qn2ycioxLo03LQhhzCnBgu4ik
8+PMr8MqhFfUm6nKXs8yMT6vYhZsyA8cTnFsKw8VX5QR
-----END CERTIFICATE-----