Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/yFyItdIHta0s-3JsQE1g1bZaQmc.roa
File:                     yFyItdIHta0s-3JsQE1g1bZaQmc.roa (raw, json)
Hash identifier:          9FPQKZ4G6ZsztllhPuKJ42HA3kXP59Z/IFFv8SDa1x0=
Subject key identifier:   C8:5C:88:B5:D2:07:B5:AD:2C:FB:72:6C:40:4D:60:D5:B6:5A:42:67
Certificate issuer:       /CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
Certificate serial:       0199666CB2D31C2701EA237F14BB69293FB0
Authority key identifier: 46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/yFyItdIHta0s-3JsQE1g1bZaQmc.roa
Signing time:             Sat 20 Sep 2025 09:20:23 +0000
ROA not before:           Sat 20 Sep 2025 09:20:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33659
IP address blocks:        194.26.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:66:6c:b2:d3:1c:27:01:ea:23:7f:14:bb:69:29:3f:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
        Validity
            Not Before: Sep 20 09:20:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c85c88b5d207b5ad2cfb726c404d60d5b65a4267
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:67:0d:e6:2d:b1:47:84:1d:95:42:d0:ca:a2:
                    d7:a5:c0:f7:78:4e:94:17:c7:c8:fd:35:76:4c:d4:
                    ac:3c:dc:1a:45:d0:bc:26:f0:d9:85:40:74:aa:c7:
                    a6:ad:ad:2f:5e:2a:6f:7f:34:cd:79:4c:22:a6:d2:
                    73:24:3b:2b:fc:dd:06:b3:b4:ce:0e:b1:1a:e3:b5:
                    72:3a:58:00:97:6c:94:fb:ec:bd:de:22:bc:75:5e:
                    80:87:b0:7c:f8:84:1c:b6:ad:36:a4:99:db:e8:56:
                    df:c1:bb:6a:28:d8:0c:ef:db:c9:a6:4d:1e:ac:2d:
                    a2:36:44:a2:3c:23:bd:93:81:fe:fe:53:e1:be:5d:
                    66:ff:6a:d4:92:da:23:8c:56:9a:f9:08:33:af:88:
                    4d:10:28:90:65:04:19:64:a9:26:cc:e8:28:06:4f:
                    bb:50:67:3b:c1:20:5c:45:c1:66:50:16:36:b3:31:
                    f5:3e:6f:bb:d3:dd:1e:a2:6a:c7:ca:0e:91:67:a3:
                    74:c6:31:42:dc:80:e7:66:e7:1a:d3:ae:d1:ab:da:
                    92:f9:a7:8e:0d:89:ad:63:75:7c:1d:de:10:c4:0e:
                    5b:f9:1b:42:90:55:a8:9e:3f:57:42:17:be:93:0e:
                    ef:10:00:36:88:8c:49:e3:ca:47:9f:c3:ae:24:8f:
                    43:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:5C:88:B5:D2:07:B5:AD:2C:FB:72:6C:40:4D:60:D5:B6:5A:42:67
            X509v3 Authority Key Identifier:
                keyid:46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/yFyItdIHta0s-3JsQE1g1bZaQmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:0c:3a:c8:d4:79:27:89:f7:46:73:65:3e:cf:04:6c:e1:18:
         f6:f0:2f:c4:4c:e3:1d:d0:3f:d9:08:5f:1f:85:ef:fc:64:98:
         4a:b3:3e:1e:66:a3:7a:fa:d6:bf:77:65:9d:c3:4f:82:c2:ee:
         7f:0b:fe:34:db:9e:3e:1e:50:dc:04:ec:85:82:8b:9f:e8:c4:
         38:f1:6d:67:d9:6a:4b:84:3c:c2:55:4a:f3:66:9f:24:55:b0:
         eb:b8:94:f4:e0:fd:2a:ac:fd:b8:e4:71:92:e1:0d:10:b2:87:
         4f:ab:3c:5e:2b:7c:56:e6:00:15:1e:63:82:20:cf:df:6e:03:
         87:1a:ed:81:60:50:f4:83:18:bc:20:7d:cd:6f:cf:19:8f:64:
         79:60:9f:8b:00:f4:c2:e2:c1:93:85:11:f9:41:e9:01:75:6b:
         2f:cd:e3:28:c7:8c:f4:bd:91:13:a6:8a:f5:7c:d9:14:88:03:
         5b:fd:e7:50:28:71:9d:d1:29:a4:2f:36:31:b5:44:03:ef:37:
         6d:0b:b9:3d:6f:69:a0:af:78:7e:0a:65:13:d1:e5:20:b4:60:
         fa:63:07:03:eb:09:c4:be:8c:27:72:b9:bb:01:16:b0:77:e5:
         58:09:39:31:c0:f7:98:b9:7d:4e:e5:b2:16:78:ec:9b:5c:35:
         64:13:f1:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlmbLLTHCcB6iN/FLtpKT+wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2OGI1OTJmMzExMGJjNmMzNTI0OWE4MjcxYTBkYWMxYTlh
Y2IwY2UwHhcNMjUwOTIwMDkyMDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODVjODhiNWQyMDdiNWFkMmNmYjcyNmM0MDRkNjBkNWI2NWE0MjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2cN5i2xR4QdlULQyqLXpcD3eE6U
F8fI/TV2TNSsPNwaRdC8JvDZhUB0qsemra0vXipvfzTNeUwiptJzJDsr/N0Gs7TO
DrEa47VyOlgAl2yU++y93iK8dV6Ah7B8+IQctq02pJnb6FbfwbtqKNgM79vJpk0e
rC2iNkSiPCO9k4H+/lPhvl1m/2rUktojjFaa+Qgzr4hNECiQZQQZZKkmzOgoBk+7
UGc7wSBcRcFmUBY2szH1Pm+7090eomrHyg6RZ6N0xjFC3IDnZuca067Rq9qS+aeO
DYmtY3V8Hd4QxA5b+RtCkFWonj9XQhe+kw7vEAA2iIxJ48pHn8OuJI9D9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMhciLXSB7WtLPtybEBNYNW2WkJnMB8GA1UdIwQY
MBaAFEaLWS8xELxsNSSagnGg2sGprLDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTct
MDUwMzc0OWFkZWEwLzEveUZ5SXRkSUh0YTBzLTNKc1FFMWcxYlphUW1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTctMDUwMzc0OWFkZWEw
LzEvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhraMA0G
CSqGSIb3DQEBCwUAA4IBAQCGDDrI1HknifdGc2U+zwRs4Rj28C/ETOMd0D/ZCF8f
he/8ZJhKsz4eZqN6+ta/d2Wdw0+Cwu5/C/40254+HlDcBOyFgouf6MQ48W1n2WpL
hDzCVUrzZp8kVbDruJT04P0qrP245HGS4Q0QsodPqzxeK3xW5gAVHmOCIM/fbgOH
Gu2BYFD0gxi8IH3Nb88Zj2R5YJ+LAPTC4sGThRH5QekBdWsvzeMox4z0vZETpor1
fNkUiANb/edQKHGd0SmkLzYxtUQD7zdtC7k9b2mgr3h+CmUT0eUgtGD6YwcD6wnE
vowncrm7ARawd+VYCTkxwPeYuX1O5bIWeOybXDVkE/G4
-----END CERTIFICATE-----