Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/73316f-b0ea-4728-86ca-44bf8deb85bc/1/ypii_wNcb-AwsNun99iVhbi3Qn8.roa
File:                     ypii_wNcb-AwsNun99iVhbi3Qn8.roa (raw, json)
Hash identifier:          8vPnAsYHQ7w1UcsG/vmQIGbDPUOOaSicezwJeTgu3gQ=
Subject key identifier:   CA:98:A2:FF:03:5C:6F:E0:30:B0:DB:A7:F7:D8:95:85:B8:B7:42:7F
Certificate issuer:       /CN=59afa0c3f28113ac67a1e8192080cde1c35830f0
Certificate serial:       019D24B07A9B48519ABDD78E34517EADC41E
Authority key identifier: 59:AF:A0:C3:F2:81:13:AC:67:A1:E8:19:20:80:CD:E1:C3:58:30:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wa-gw_KBE6xnoegZIIDN4cNYMPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/73316f-b0ea-4728-86ca-44bf8deb85bc/1/ypii_wNcb-AwsNun99iVhbi3Qn8.roa
Signing time:             Wed 25 Mar 2026 11:10:38 +0000
ROA not before:           Wed 25 Mar 2026 11:10:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205275
IP address blocks:        91.212.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/73316f-b0ea-4728-86ca-44bf8deb85bc/1/Wa-gw_KBE6xnoegZIIDN4cNYMPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/73316f-b0ea-4728-86ca-44bf8deb85bc/1/Wa-gw_KBE6xnoegZIIDN4cNYMPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wa-gw_KBE6xnoegZIIDN4cNYMPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:b0:7a:9b:48:51:9a:bd:d7:8e:34:51:7e:ad:c4:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59afa0c3f28113ac67a1e8192080cde1c35830f0
        Validity
            Not Before: Mar 25 11:10:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca98a2ff035c6fe030b0dba7f7d89585b8b7427f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:44:9c:11:9a:dc:8c:55:9a:c0:99:23:b9:21:
                    cb:d7:b9:da:05:90:b8:2f:72:dc:8a:1c:20:98:1e:
                    48:f7:4a:12:16:01:28:fb:14:16:d2:fd:99:24:50:
                    dd:e5:84:19:95:5c:0e:99:04:3c:10:d3:1e:79:c5:
                    72:96:9d:f6:47:a8:16:3e:cf:5d:44:60:5c:ad:84:
                    3e:9c:18:02:04:49:74:7b:d6:b3:52:24:c6:5d:73:
                    69:f7:35:99:21:21:fc:8c:c5:63:0a:6d:39:b5:0b:
                    dc:f4:ff:34:36:9a:6f:94:d4:93:2d:db:10:3c:3c:
                    9e:d8:79:94:09:ab:43:5a:c7:b4:9c:ed:eb:4f:ba:
                    79:bc:1f:fd:1e:f9:f1:b0:db:47:7e:15:00:a6:54:
                    3b:69:53:b3:07:77:3d:1e:2a:91:bf:82:61:0b:84:
                    1a:67:c6:0d:e4:f7:0e:92:4d:23:93:71:01:2d:c0:
                    35:f7:44:bf:2d:16:a9:a8:e0:bf:67:e2:8a:60:cd:
                    b5:75:7e:59:f6:ec:68:1a:30:c6:b8:dc:2c:c7:79:
                    7e:cc:c8:4c:41:b8:73:da:a0:0c:28:c0:cc:ad:18:
                    3a:3c:88:31:87:a2:a3:e7:d0:e9:bd:3a:90:bf:ae:
                    48:ca:2e:08:4d:86:4d:95:32:d5:f5:c7:58:72:51:
                    34:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:98:A2:FF:03:5C:6F:E0:30:B0:DB:A7:F7:D8:95:85:B8:B7:42:7F
            X509v3 Authority Key Identifier:
                keyid:59:AF:A0:C3:F2:81:13:AC:67:A1:E8:19:20:80:CD:E1:C3:58:30:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wa-gw_KBE6xnoegZIIDN4cNYMPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/73316f-b0ea-4728-86ca-44bf8deb85bc/1/ypii_wNcb-AwsNun99iVhbi3Qn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/73316f-b0ea-4728-86ca-44bf8deb85bc/1/Wa-gw_KBE6xnoegZIIDN4cNYMPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:ef:11:5a:eb:98:c4:8a:56:d0:02:e8:9a:91:24:9a:11:ca:
         54:1e:a7:e7:47:ba:f1:fc:d4:c3:25:22:b0:da:16:db:99:0a:
         dd:16:2f:a0:91:3e:2f:92:6c:27:d4:b9:40:63:68:7a:4b:89:
         a6:14:d0:01:ba:3e:0e:94:0e:aa:6c:67:0a:2e:bc:37:9c:b8:
         0d:25:1e:e8:3d:bf:97:63:13:11:1a:7c:ba:21:25:3e:25:ff:
         aa:5d:3f:3d:fe:01:15:06:de:c7:29:30:ca:98:e1:6e:4b:d7:
         88:0f:6c:8a:95:a2:37:d0:dc:14:a8:37:ff:c4:0a:3c:61:89:
         cb:aa:a5:37:7b:19:4c:8f:6d:ed:24:2b:f7:8f:fa:37:67:61:
         b3:e9:9c:df:27:31:80:80:41:29:9d:a4:8d:85:c7:8f:65:5c:
         19:ab:0f:36:c9:0c:51:c4:81:43:29:8d:fc:2e:29:a1:b2:a1:
         b0:9f:d4:34:22:ad:d4:0a:17:8c:ca:7e:49:5c:53:72:7f:2a:
         58:50:66:0c:eb:94:aa:a2:83:94:11:8d:c8:42:73:6f:a0:51:
         3f:e1:da:3d:24:40:89:2d:d6:7f:79:95:67:4d:0f:d6:11:39:
         62:4a:98:55:c4:d3:83:b3:fe:ac:f3:4a:a6:6c:0d:93:0e:c5:
         b1:12:db:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0ksHqbSFGavdeONFF+rcQeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5YWZhMGMzZjI4MTEzYWM2N2ExZTgxOTIwODBjZGUxYzM1
ODMwZjAwHhcNMjYwMzI1MTExMDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTk4YTJmZjAzNWM2ZmUwMzBiMGRiYTdmN2Q4OTU4NWI4Yjc0MjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkScEZrcjFWawJkjuSHL17naBZC4
L3LcihwgmB5I90oSFgEo+xQW0v2ZJFDd5YQZlVwOmQQ8ENMeecVylp32R6gWPs9d
RGBcrYQ+nBgCBEl0e9azUiTGXXNp9zWZISH8jMVjCm05tQvc9P80NppvlNSTLdsQ
PDye2HmUCatDWse0nO3rT7p5vB/9HvnxsNtHfhUAplQ7aVOzB3c9HiqRv4JhC4Qa
Z8YN5PcOkk0jk3EBLcA190S/LRapqOC/Z+KKYM21dX5Z9uxoGjDGuNwsx3l+zMhM
Qbhz2qAMKMDMrRg6PIgxh6Kj59DpvTqQv65Iyi4ITYZNlTLV9cdYclE07QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMqYov8DXG/gMLDbp/fYlYW4t0J/MB8GA1UdIwQY
MBaAFFmvoMPygROsZ6HoGSCAzeHDWDDwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2EtZ3dfS0JFNnhub2VnWklJRE40Y05ZTVBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy83MzMxNmYtYjBlYS00NzI4LTg2Y2Et
NDRiZjhkZWI4NWJjLzEveXBpaV93TmNiLUF3c051bjk5aVZoYmkzUW44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy83MzMxNmYtYjBlYS00NzI4LTg2Y2EtNDRiZjhkZWI4NWJj
LzEvV2EtZ3dfS0JFNnhub2VnWklJRE40Y05ZTVBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9S+MA0G
CSqGSIb3DQEBCwUAA4IBAQBA7xFa65jEilbQAuiakSSaEcpUHqfnR7rx/NTDJSKw
2hbbmQrdFi+gkT4vkmwn1LlAY2h6S4mmFNABuj4OlA6qbGcKLrw3nLgNJR7oPb+X
YxMRGny6ISU+Jf+qXT89/gEVBt7HKTDKmOFuS9eID2yKlaI30NwUqDf/xAo8YYnL
qqU3exlMj23tJCv3j/o3Z2Gz6ZzfJzGAgEEpnaSNhcePZVwZqw82yQxRxIFDKY38
LimhsqGwn9Q0Iq3UCheMyn5JXFNyfypYUGYM65SqooOUEY3IQnNvoFE/4do9JECJ
LdZ/eZVnTQ/WETliSphVxNODs/6s80qmbA2TDsWxEtuU
-----END CERTIFICATE-----