Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/yyWfsmvh8Jt4JXufZsjnXpoUQ3k.roa
File:                     yyWfsmvh8Jt4JXufZsjnXpoUQ3k.roa (raw, json)
Hash identifier:          N3wiJ0eaYZUQRz5A0bfAdbir/LiyJpdrbnxqvsu++rU=
Subject key identifier:   CB:25:9F:B2:6B:E1:F0:9B:78:25:7B:9F:66:C8:E7:5E:9A:14:43:79
Certificate issuer:       /CN=2330e26060913c758137488bfd7ab1bfe9e10ae2
Certificate serial:       019D1F1E18F1E78E12E2F4C1E9D2284DFB00
Authority key identifier: 23:30:E2:60:60:91:3C:75:81:37:48:8B:FD:7A:B1:BF:E9:E1:0A:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/yyWfsmvh8Jt4JXufZsjnXpoUQ3k.roa
Signing time:             Tue 24 Mar 2026 09:12:39 +0000
ROA not before:           Tue 24 Mar 2026 09:12:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31027
IP address blocks:        185.203.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1f:1e:18:f1:e7:8e:12:e2:f4:c1:e9:d2:28:4d:fb:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2330e26060913c758137488bfd7ab1bfe9e10ae2
        Validity
            Not Before: Mar 24 09:12:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cb259fb26be1f09b78257b9f66c8e75e9a144379
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:23:10:89:3b:88:ea:5d:52:09:9f:37:a0:f9:
                    a4:e3:40:ea:81:41:f2:a8:ee:67:8d:24:27:57:69:
                    01:e5:f4:8f:aa:09:95:58:c0:ad:dd:dc:3e:17:dd:
                    6a:a6:5f:75:6a:4a:c3:59:33:43:a4:57:c9:ef:9d:
                    5f:8f:52:2b:1f:54:c8:36:01:0b:a1:de:6d:c9:a8:
                    b2:ef:e4:92:c3:ae:3d:2e:79:43:bd:e7:b6:e0:cf:
                    29:17:14:a8:82:ba:a7:de:eb:ab:f7:11:86:50:fc:
                    16:a0:e6:e1:2f:42:74:f1:46:b4:da:d2:f9:ee:5b:
                    dd:d2:b8:4a:b5:11:f5:b0:05:41:35:da:04:ed:6e:
                    3f:31:0f:a6:0d:b0:d1:d2:50:b9:31:db:ab:6b:50:
                    06:79:33:01:3b:8e:ad:09:ea:f0:28:19:92:ac:6c:
                    a5:b4:b4:f8:24:51:8f:6f:71:8c:94:44:81:52:00:
                    e7:51:8e:b9:c7:c1:ed:48:f0:08:63:1e:a1:4e:e3:
                    47:87:d5:bf:a6:da:6d:8f:6e:59:8f:2a:83:1f:fb:
                    f5:9e:f6:2c:8f:65:7d:7f:f1:e0:9b:27:ac:3c:f5:
                    f0:27:8f:ff:d5:04:0e:ad:ec:8d:08:0f:4d:88:35:
                    91:89:ac:c2:e7:2a:a7:9b:73:c7:e6:d0:d8:8d:80:
                    2c:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:25:9F:B2:6B:E1:F0:9B:78:25:7B:9F:66:C8:E7:5E:9A:14:43:79
            X509v3 Authority Key Identifier:
                keyid:23:30:E2:60:60:91:3C:75:81:37:48:8B:FD:7A:B1:BF:E9:E1:0A:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/yyWfsmvh8Jt4JXufZsjnXpoUQ3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:cc:a9:79:93:40:45:d8:35:f0:38:94:0f:6a:57:52:8c:ad:
         df:f6:fd:09:84:39:b7:50:44:5f:6d:0e:ba:b1:8b:76:c1:13:
         31:f3:b9:bb:c3:2a:f5:78:1f:a6:92:d6:f6:3a:df:0f:76:00:
         10:7b:e3:59:81:61:28:42:0a:16:4c:66:0d:7f:7d:b6:72:a5:
         bc:ae:2e:23:3e:96:a1:79:13:dc:f2:cb:a6:0f:5f:dd:f9:14:
         56:e2:28:f1:1b:e7:15:b3:ef:e9:45:a9:b6:a0:ce:ef:7b:b0:
         4c:66:6d:37:e1:a6:16:c2:b0:3f:18:13:8f:c9:88:78:37:a1:
         6a:37:e5:c8:3a:0e:8f:66:87:c1:81:d5:62:b7:f6:ea:0b:3b:
         55:68:a8:33:bf:57:71:1c:6e:7c:f7:5b:09:6a:6b:b8:ff:c4:
         09:46:06:8e:af:60:9f:13:5c:6e:66:23:8f:d9:ba:2a:c3:78:
         fc:78:a5:3b:ec:f1:d5:55:ee:b3:5e:e7:fe:72:39:a4:71:5e:
         e2:95:26:b7:89:01:91:9e:25:57:1c:d4:a6:b0:0d:d9:22:0f:
         4e:77:85:15:d5:0d:4e:5c:58:f5:60:73:cf:4c:b1:44:f8:94:
         ac:7f:3d:95:58:fa:e7:13:0f:80:e5:8c:4a:bf:29:07:3a:6f:
         cd:e5:d1:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0fHhjx544S4vTB6dIoTfsAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMzBlMjYwNjA5MTNjNzU4MTM3NDg4YmZkN2FiMWJmZTll
MTBhZTIwHhcNMjYwMzI0MDkxMjM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjI1OWZiMjZiZTFmMDliNzgyNTdiOWY2NmM4ZTc1ZTlhMTQ0Mzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiMQiTuI6l1SCZ83oPmk40DqgUHy
qO5njSQnV2kB5fSPqgmVWMCt3dw+F91qpl91akrDWTNDpFfJ751fj1IrH1TINgEL
od5tyaiy7+SSw649LnlDvee24M8pFxSogrqn3uur9xGGUPwWoObhL0J08Ua02tL5
7lvd0rhKtRH1sAVBNdoE7W4/MQ+mDbDR0lC5Mdura1AGeTMBO46tCerwKBmSrGyl
tLT4JFGPb3GMlESBUgDnUY65x8HtSPAIYx6hTuNHh9W/ptptj25ZjyqDH/v1nvYs
j2V9f/HgmyesPPXwJ4//1QQOreyNCA9NiDWRiazC5yqnm3PH5tDYjYAszQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMsln7Jr4fCbeCV7n2bI516aFEN5MB8GA1UdIwQY
MBaAFCMw4mBgkTx1gTdIi/16sb/p4QriMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXpEaVlHQ1JQSFdCTjBpTF9YcXh2LW5oQ3VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS80NjkwYzAtMGI5MS00MzIyLTk0Yjkt
NzA2NzgyY2ZhMDNiLzEveXlXZnNtdmg4SnQ0Slh1Zlpzam5YcG9VUTNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS80NjkwYzAtMGI5MS00MzIyLTk0YjktNzA2NzgyY2ZhMDNi
LzEvSXpEaVlHQ1JQSFdCTjBpTF9YcXh2LW5oQ3VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucvpMA0G
CSqGSIb3DQEBCwUAA4IBAQAwzKl5k0BF2DXwOJQPaldSjK3f9v0JhDm3UERfbQ66
sYt2wRMx87m7wyr1eB+mktb2Ot8PdgAQe+NZgWEoQgoWTGYNf322cqW8ri4jPpah
eRPc8sumD1/d+RRW4ijxG+cVs+/pRam2oM7ve7BMZm034aYWwrA/GBOPyYh4N6Fq
N+XIOg6PZofBgdVit/bqCztVaKgzv1dxHG5891sJamu4/8QJRgaOr2CfE1xuZiOP
2boqw3j8eKU77PHVVe6zXuf+cjmkcV7ilSa3iQGRniVXHNSmsA3ZIg9Od4UV1Q1O
XFj1YHPPTLFE+JSsfz2VWPrnEw+A5YxKvykHOm/N5dGe
-----END CERTIFICATE-----