Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/YirzWdKN_U3AavaC2kp3c2rUSss.roa
File:                     YirzWdKN_U3AavaC2kp3c2rUSss.roa (raw, json)
Hash identifier:          TR/7M0fKT6FtF8D4wstKMvagF/Hr5cuvjm/5nxydRy8=
Subject key identifier:   62:2A:F3:59:D2:8D:FD:4D:C0:6A:F6:82:DA:4A:77:73:6A:D4:4A:CB
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       019E113FD638C941B07821085E242C5B8419
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/YirzWdKN_U3AavaC2kp3c2rUSss.roa
Signing time:             Sun 10 May 2026 09:37:36 +0000
ROA not before:           Sun 10 May 2026 09:37:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        89.28.200.0/24 maxlen: 24
                          89.28.201.0/24 maxlen: 24
                          89.28.206.0/24 maxlen: 24
                          89.28.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:11:3f:d6:38:c9:41:b0:78:21:08:5e:24:2c:5b:84:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: May 10 09:37:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=622af359d28dfd4dc06af682da4a77736ad44acb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:8a:75:1f:5f:5c:c1:96:3f:79:ff:00:08:0e:
                    67:49:61:3b:4e:3b:b8:82:d0:63:9a:7e:b1:27:07:
                    9d:02:42:d9:82:41:60:66:f7:2d:f4:5f:c6:2a:25:
                    8c:ac:b1:17:28:1f:2b:25:0c:e6:5c:4c:c0:6b:fe:
                    e6:e0:e1:52:0b:ec:81:d7:2b:a9:1a:1e:6c:04:80:
                    22:c5:96:46:77:2e:a5:3d:86:c3:33:76:df:8c:89:
                    fc:0c:af:33:fd:7d:db:75:cf:a9:7e:3e:40:83:2f:
                    94:4a:47:97:1c:de:9c:e4:bc:fb:ed:80:38:f1:1d:
                    8f:d9:86:e9:8b:ad:a3:1f:8d:51:d9:21:a4:f9:b2:
                    dc:20:13:46:96:b3:00:52:6e:23:c9:3e:b4:f5:e5:
                    e6:a1:33:3e:0e:05:6a:49:5b:5c:5f:c0:13:ef:72:
                    7c:17:6b:ed:97:3e:03:4b:b9:7f:f9:4b:b5:95:14:
                    73:6d:4b:26:6e:c5:c2:65:c2:d1:1a:40:9f:ac:45:
                    51:b1:9a:07:0a:b2:a8:94:23:46:83:c5:41:57:1d:
                    7a:f7:d5:9a:19:9f:e5:7f:1c:18:03:0e:8a:5f:74:
                    b6:57:68:8a:1a:22:a6:43:3f:df:5e:6e:f5:ee:93:
                    8b:b7:4a:3a:80:4f:e4:56:e7:39:a3:db:a5:48:cb:
                    f9:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:2A:F3:59:D2:8D:FD:4D:C0:6A:F6:82:DA:4A:77:73:6A:D4:4A:CB
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/YirzWdKN_U3AavaC2kp3c2rUSss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.28.200.0/23
                  89.28.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:52:31:1b:eb:f7:bb:c2:05:b3:d7:b2:44:27:83:78:cc:03:
         a6:8f:44:d9:94:3b:8e:fb:3e:c7:50:96:ba:d8:80:c1:49:ff:
         2e:d5:3f:e5:63:16:41:bd:eb:4e:b8:25:c8:c4:95:26:a7:2f:
         ab:b5:8c:94:0e:e9:f3:d8:ca:c9:55:de:61:96:a2:41:8a:c0:
         35:75:0d:ab:7a:bb:be:04:19:4c:05:7f:5b:6f:25:6d:73:72:
         43:55:3f:27:db:aa:48:d2:76:8d:82:30:a8:c3:3d:0a:86:ed:
         76:cd:83:8b:4a:84:f0:14:23:33:3e:85:61:30:da:d3:9d:63:
         fd:d0:db:a9:a7:27:d5:5a:0f:00:10:40:81:56:43:a6:bc:a1:
         ec:04:76:cf:f6:3a:16:2b:ce:26:5f:f9:e2:b3:ad:9c:59:18:
         ab:a7:3e:38:2f:c1:b3:50:9e:bf:08:41:92:aa:ab:ec:0e:6d:
         0d:e9:cb:21:9c:11:98:05:b1:a2:40:4c:a4:cc:05:1f:9d:48:
         9b:d6:31:97:5b:bf:ed:88:a9:63:2a:78:8a:fd:1b:35:f5:18:
         ee:76:8c:77:32:8a:fc:c0:59:4d:b4:ed:7a:99:69:e7:8b:a3:
         7f:ac:92:ef:32:93:82:8e:9d:96:1b:d9:a3:65:4b:4c:26:4c:
         93:76:ee:b0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4RP9Y4yUGweCEIXiQsW4QZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjYwNTEwMDkzNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjJhZjM1OWQyOGRmZDRkYzA2YWY2ODJkYTRhNzc3MzZhZDQ0YWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIp1H19cwZY/ef8ACA5nSWE7Tju4
gtBjmn6xJwedAkLZgkFgZvct9F/GKiWMrLEXKB8rJQzmXEzAa/7m4OFSC+yB1yup
Gh5sBIAixZZGdy6lPYbDM3bfjIn8DK8z/X3bdc+pfj5Agy+USkeXHN6c5Lz77YA4
8R2P2Ybpi62jH41R2SGk+bLcIBNGlrMAUm4jyT609eXmoTM+DgVqSVtcX8AT73J8
F2vtlz4DS7l/+Uu1lRRzbUsmbsXCZcLRGkCfrEVRsZoHCrKolCNGg8VBVx1699Wa
GZ/lfxwYAw6KX3S2V2iKGiKmQz/fXm717pOLt0o6gE/kVuc5o9ulSMv5+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGIq81nSjf1NwGr2gtpKd3Nq1ErLMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvWWlyeldkS05fVTNBYXZhQzJrcDNjMnJVU3NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBWRzIAwQB
WRzOMA0GCSqGSIb3DQEBCwUAA4IBAQBeUjEb6/e7wgWz17JEJ4N4zAOmj0TZlDuO
+z7HUJa62IDBSf8u1T/lYxZBvetOuCXIxJUmpy+rtYyUDunz2MrJVd5hlqJBisA1
dQ2reru+BBlMBX9bbyVtc3JDVT8n26pI0naNgjCowz0Khu12zYOLSoTwFCMzPoVh
MNrTnWP90NuppyfVWg8AEECBVkOmvKHsBHbP9joWK84mX/nis62cWRirpz44L8Gz
UJ6/CEGSqqvsDm0N6cshnBGYBbGiQEykzAUfnUib1jGXW7/tiKljKniK/Rs19Rju
dox3Mor8wFlNtO16mWnni6N/rJLvMpOCjp2WG9mjZUtMJkyTdu6w
-----END CERTIFICATE-----