Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/yohNPkzrer8cwQiW8iZGKozuH7c.roa
File:                     yohNPkzrer8cwQiW8iZGKozuH7c.roa (raw, json)
Hash identifier:          iIaRAmzYlr2QGsoZOINgrGoBmvYvUs+m15y7kNeedas=
Subject key identifier:   CA:88:4D:3E:4C:EB:7A:BF:1C:C1:08:96:F2:26:46:2A:8C:EE:1F:B7
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       019CF1F3C1EC8F3FF14FCEAC332063A47CA7
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/yohNPkzrer8cwQiW8iZGKozuH7c.roa
Signing time:             Sun 15 Mar 2026 14:43:29 +0000
ROA not before:           Sun 15 Mar 2026 14:43:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     398465
IP address blocks:        84.55.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 21:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f1:f3:c1:ec:8f:3f:f1:4f:ce:ac:33:20:63:a4:7c:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Mar 15 14:43:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca884d3e4ceb7abf1cc10896f226462a8cee1fb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:6c:c8:d3:2a:8b:1e:55:49:b6:50:c0:00:77:
                    69:b3:32:06:58:82:44:b8:e0:64:5f:43:a5:97:a7:
                    6a:91:1a:73:42:db:d6:5a:18:c0:19:b8:e3:90:65:
                    6e:75:74:86:ca:fc:96:eb:f3:0a:3c:10:cc:c5:50:
                    2d:d0:81:e3:cb:63:f5:dd:49:d1:17:60:d6:79:8c:
                    f4:f0:38:19:69:0b:99:a7:6f:69:11:b0:54:29:f4:
                    77:a4:02:2f:b4:e7:e0:31:51:5b:9e:87:b3:cc:a8:
                    06:20:f8:7a:33:ef:f4:f9:05:88:39:19:43:6a:14:
                    ac:6b:4c:fc:74:2d:27:de:f8:2a:49:1d:64:de:ea:
                    34:38:27:54:3f:e3:10:06:a7:c1:eb:9d:29:8c:46:
                    57:05:26:ab:99:65:38:19:b7:94:63:42:c6:fc:f4:
                    50:d4:eb:39:46:db:b4:36:06:be:00:72:a9:22:e7:
                    8f:20:72:c9:de:c5:84:e3:30:9c:79:2f:b3:34:d1:
                    2e:0e:da:3e:0d:7c:6a:8f:d4:2a:e4:2a:2c:ec:9a:
                    f9:80:b5:ab:e6:5d:78:a5:a4:db:63:d7:ed:7a:ef:
                    91:54:87:d3:f8:5e:a8:4b:e1:2f:1a:b5:a6:25:21:
                    73:d2:d7:67:5c:aa:69:6c:1e:c6:76:fa:59:9e:21:
                    4c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:88:4D:3E:4C:EB:7A:BF:1C:C1:08:96:F2:26:46:2A:8C:EE:1F:B7
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/yohNPkzrer8cwQiW8iZGKozuH7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.55.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:2d:7c:30:82:db:a4:26:c7:01:58:ba:66:a1:b6:19:90:79:
         e3:88:e5:1c:20:9e:24:e6:ab:15:99:0b:75:8d:63:af:3a:d4:
         09:67:6c:e5:ef:d2:7d:f2:f5:28:c4:83:18:04:cd:7f:1d:56:
         64:3d:46:59:74:36:3a:0f:de:89:7d:a1:95:92:c2:53:c3:cf:
         6d:99:c0:02:49:00:ef:56:11:de:e6:4f:48:14:fd:fe:aa:69:
         b6:21:a8:20:fb:49:bd:f3:48:40:18:38:e6:84:49:b5:a8:cf:
         8e:28:c4:f2:24:e0:65:9a:a8:ad:9b:38:e4:0e:f1:32:71:fa:
         de:76:a2:03:1a:82:bb:68:64:74:e3:f2:64:40:42:a8:f8:c8:
         d4:f5:69:95:6f:8e:8e:10:ac:50:73:29:cb:98:81:f8:41:1d:
         9d:69:2b:a3:e6:69:96:ff:3d:00:cd:1c:80:f3:0c:8b:43:f2:
         00:e4:17:6d:0c:4f:cf:4e:4a:9d:94:a3:c4:09:9e:0f:37:6c:
         a5:c7:fb:34:d4:29:f9:bc:b2:b6:0e:c1:6c:0d:7f:c4:46:d9:
         24:60:cd:fd:02:e6:21:9e:3e:70:c4:ef:92:ad:5a:70:c3:d6:
         c0:ba:f1:55:c2:0a:8e:aa:34:a1:6d:65:94:a7:4d:29:2b:b7:
         07:b7:89:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzx88Hsjz/xT86sMyBjpHynMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjYwMzE1MTQ0MzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTg4NGQzZTRjZWI3YWJmMWNjMTA4OTZmMjI2NDYyYThjZWUxZmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGzI0yqLHlVJtlDAAHdpszIGWIJE
uOBkX0Oll6dqkRpzQtvWWhjAGbjjkGVudXSGyvyW6/MKPBDMxVAt0IHjy2P13UnR
F2DWeYz08DgZaQuZp29pEbBUKfR3pAIvtOfgMVFbnoezzKgGIPh6M+/0+QWIORlD
ahSsa0z8dC0n3vgqSR1k3uo0OCdUP+MQBqfB650pjEZXBSarmWU4GbeUY0LG/PRQ
1Os5Rtu0Nga+AHKpIuePIHLJ3sWE4zCceS+zNNEuDto+DXxqj9Qq5Cos7Jr5gLWr
5l14paTbY9fteu+RVIfT+F6oS+EvGrWmJSFz0tdnXKppbB7GdvpZniFMyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMqITT5M63q/HMEIlvImRiqM7h+3MB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEveW9oTlBrenJlcjhjd1FpVzhpWkdLb3p1SDdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVDcLMA0G
CSqGSIb3DQEBCwUAA4IBAQCOLXwwgtukJscBWLpmobYZkHnjiOUcIJ4k5qsVmQt1
jWOvOtQJZ2zl79J98vUoxIMYBM1/HVZkPUZZdDY6D96JfaGVksJTw89tmcACSQDv
VhHe5k9IFP3+qmm2Iagg+0m980hAGDjmhEm1qM+OKMTyJOBlmqitmzjkDvEycfre
dqIDGoK7aGR04/JkQEKo+MjU9WmVb46OEKxQcynLmIH4QR2daSuj5mmW/z0AzRyA
8wyLQ/IA5BdtDE/PTkqdlKPECZ4PN2ylx/s01Cn5vLK2DsFsDX/ERtkkYM39AuYh
nj5wxO+SrVpww9bAuvFVwgqOqjShbWWUp00pK7cHt4lM
-----END CERTIFICATE-----