Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/910716-f266-47f0-9bad-c22390e8d9a6/1/Y3r7CEh5aL2SRHK5_Bv74e5VAAI.roa
File:                     Y3r7CEh5aL2SRHK5_Bv74e5VAAI.roa (raw, json)
Hash identifier:          9yGZM+BEtiR6+wmG7TUOlG2+4+YKGP86s3nOCHLEsnk=
Subject key identifier:   63:7A:FB:08:48:79:68:BD:92:44:72:B9:FC:1B:FB:E1:EE:55:00:02
Certificate issuer:       /CN=de87d35bdcab123affc1a91d1736867969709a23
Certificate serial:       019CB92BE1F6719C0D58B7C3FA992DD7BB92
Authority key identifier: DE:87:D3:5B:DC:AB:12:3A:FF:C1:A9:1D:17:36:86:79:69:70:9A:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3ofTW9yrEjr_wakdFzaGeWlwmiM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/910716-f266-47f0-9bad-c22390e8d9a6/1/Y3r7CEh5aL2SRHK5_Bv74e5VAAI.roa
Signing time:             Wed 04 Mar 2026 14:06:26 +0000
ROA not before:           Wed 04 Mar 2026 14:06:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     28712
IP address blocks:        217.14.16.0/23 maxlen: 23
                          217.14.16.0/24 maxlen: 24
                          217.14.17.0/24 maxlen: 24
                          217.14.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/910716-f266-47f0-9bad-c22390e8d9a6/1/3ofTW9yrEjr_wakdFzaGeWlwmiM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/910716-f266-47f0-9bad-c22390e8d9a6/1/3ofTW9yrEjr_wakdFzaGeWlwmiM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3ofTW9yrEjr_wakdFzaGeWlwmiM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b9:2b:e1:f6:71:9c:0d:58:b7:c3:fa:99:2d:d7:bb:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de87d35bdcab123affc1a91d1736867969709a23
        Validity
            Not Before: Mar  4 14:06:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=637afb08487968bd924472b9fc1bfbe1ee550002
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:6a:f6:80:83:3f:db:9b:08:1a:60:13:90:1f:
                    5a:f7:8a:cd:3b:9c:86:33:69:80:9e:9d:e5:d0:48:
                    95:3d:ea:fe:a9:bd:03:c0:3e:88:c2:e0:a4:3e:46:
                    80:52:7a:f0:26:97:83:39:f7:f7:a9:a9:f0:8b:15:
                    b1:2c:ba:34:b2:a1:ee:8f:d1:a4:4b:fb:f9:02:5c:
                    ff:fd:7f:f3:e5:f7:de:0c:1d:45:da:c0:c8:97:9f:
                    20:36:39:8b:7e:0f:67:10:bb:13:8b:37:7d:2b:60:
                    a9:95:55:95:25:b0:0e:ce:8d:f3:54:86:b0:f0:dd:
                    12:e9:d0:2d:7b:99:51:a0:35:81:87:af:0d:9e:08:
                    91:00:24:f7:79:1d:3d:10:a8:9e:de:c3:8d:22:f7:
                    6b:f7:b7:73:de:dd:87:a9:b6:ab:77:18:ba:6e:65:
                    1d:cc:32:01:53:82:1a:b8:eb:6a:54:6e:06:9b:ae:
                    3c:78:7d:50:e1:46:ec:1b:b6:f0:73:2e:0b:f3:83:
                    d4:5f:ca:73:c8:e4:7e:34:ec:9a:22:ab:42:62:fb:
                    f0:ba:b3:1b:eb:35:ba:34:a0:1c:46:84:e7:1c:54:
                    8b:66:cc:41:84:5a:16:bc:0c:8e:32:5d:9e:15:d6:
                    ff:08:44:ee:9b:c5:e4:3b:81:cc:65:13:a8:85:57:
                    74:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:7A:FB:08:48:79:68:BD:92:44:72:B9:FC:1B:FB:E1:EE:55:00:02
            X509v3 Authority Key Identifier:
                keyid:DE:87:D3:5B:DC:AB:12:3A:FF:C1:A9:1D:17:36:86:79:69:70:9A:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ofTW9yrEjr_wakdFzaGeWlwmiM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/910716-f266-47f0-9bad-c22390e8d9a6/1/Y3r7CEh5aL2SRHK5_Bv74e5VAAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/910716-f266-47f0-9bad-c22390e8d9a6/1/3ofTW9yrEjr_wakdFzaGeWlwmiM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.14.16.0-217.14.18.255

    Signature Algorithm: sha256WithRSAEncryption
         77:23:a6:24:3b:7f:c6:f5:da:c9:83:5d:f9:5f:8a:04:20:b2:
         89:69:35:9a:80:be:b3:7c:42:d7:16:f3:98:eb:29:80:8b:1b:
         01:87:41:cd:07:55:bd:c5:3d:86:b8:54:48:a6:f3:89:ff:e5:
         ec:b1:30:11:54:a3:2e:a2:ae:ee:96:b5:15:78:9b:65:35:c1:
         93:6c:81:3e:24:73:aa:3b:e9:f5:a2:eb:9c:3d:29:e5:9f:68:
         31:c3:e1:bf:6b:36:97:b1:0b:39:0d:4e:33:5f:2d:34:e8:de:
         6c:42:e3:44:6b:76:83:5f:ba:06:1d:29:35:01:2f:45:9c:16:
         5e:a3:7b:26:43:b1:b4:8c:8e:ac:b1:64:28:c6:22:ba:ea:a6:
         82:dd:cd:4b:81:f9:9a:9a:ab:5c:d7:3f:df:31:8b:59:40:b0:
         1f:6d:ce:69:66:99:09:65:0b:c5:c0:9d:f9:bf:55:76:d1:55:
         ea:f3:73:74:c7:83:34:68:84:dd:94:fd:4c:53:26:dc:d2:67:
         04:11:21:22:74:8a:bd:9a:b2:18:4b:b2:8b:54:f8:2e:61:e5:
         ae:4f:a5:ac:30:ee:60:69:33:47:50:6f:7b:4f:2c:b2:35:80:
         aa:25:9d:92:a7:7f:c5:2a:82:88:18:2a:a3:cd:21:e0:e6:d8:
         ad:f3:98:64
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZy5K+H2cZwNWLfD+pkt17uSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlODdkMzViZGNhYjEyM2FmZmMxYTkxZDE3MzY4Njc5Njk3
MDlhMjMwHhcNMjYwMzA0MTQwNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzdhZmIwODQ4Nzk2OGJkOTI0NDcyYjlmYzFiZmJlMWVlNTUwMDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Gr2gIM/25sIGmATkB9a94rNO5yG
M2mAnp3l0EiVPer+qb0DwD6IwuCkPkaAUnrwJpeDOff3qanwixWxLLo0sqHuj9Gk
S/v5Alz//X/z5ffeDB1F2sDIl58gNjmLfg9nELsTizd9K2CplVWVJbAOzo3zVIaw
8N0S6dAte5lRoDWBh68NngiRACT3eR09EKie3sONIvdr97dz3t2Hqbardxi6bmUd
zDIBU4IauOtqVG4Gm648eH1Q4UbsG7bwcy4L84PUX8pzyOR+NOyaIqtCYvvwurMb
6zW6NKAcRoTnHFSLZsxBhFoWvAyOMl2eFdb/CETum8XkO4HMZROohVd0yQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGN6+whIeWi9kkRyufwb++HuVQACMB8GA1UdIwQY
MBaAFN6H01vcqxI6/8GpHRc2hnlpcJojMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM29mVFc5eXJFanJfd2FrZEZ6YUdlV2x3bWlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS85MTA3MTYtZjI2Ni00N2YwLTliYWQt
YzIyMzkwZThkOWE2LzEvWTNyN0NFaDVhTDJTUkhLNV9Cdjc0ZTVWQUFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS85MTA3MTYtZjI2Ni00N2YwLTliYWQtYzIyMzkwZThkOWE2
LzEvM29mVFc5eXJFanJfd2FrZEZ6YUdlV2x3bWlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBATZDhAD
BADZDhIwDQYJKoZIhvcNAQELBQADggEBAHcjpiQ7f8b12smDXflfigQgsolpNZqA
vrN8QtcW85jrKYCLGwGHQc0HVb3FPYa4VEim84n/5eyxMBFUoy6iru6WtRV4m2U1
wZNsgT4kc6o76fWi65w9KeWfaDHD4b9rNpexCzkNTjNfLTTo3mxC40RrdoNfugYd
KTUBL0WcFl6jeyZDsbSMjqyxZCjGIrrqpoLdzUuB+Zqaq1zXP98xi1lAsB9tzmlm
mQllC8XAnfm/VXbRVerzc3THgzRohN2U/UxTJtzSZwQRISJ0ir2ashhLsotU+C5h
5a5Ppaww7mBpM0dQb3tPLLI1gKolnZKnf8UqgogYKqPNIeDm2K3zmGQ=
-----END CERTIFICATE-----