Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/206631-f12b-40e3-b818-0cc3b9b6f2e0/1/y_FNVbdikbBWzs5LhqoDeRQMNlA.roa
File:                     y_FNVbdikbBWzs5LhqoDeRQMNlA.roa (raw, json)
Hash identifier:          WWd5ILv5zYGPBJplTtrocqicsl6CMsf0eLm4LCFpsyQ=
Subject key identifier:   CB:F1:4D:55:B7:62:91:B0:56:CE:CE:4B:86:AA:03:79:14:0C:36:50
Certificate issuer:       /CN=f47e526458497c25d5dc3dc2f4a8374d4e44949d
Certificate serial:       019E20808F365E510837256C65359CA27ECF
Authority key identifier: F4:7E:52:64:58:49:7C:25:D5:DC:3D:C2:F4:A8:37:4D:4E:44:94:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9H5SZFhJfCXV3D3C9Kg3TU5ElJ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/206631-f12b-40e3-b818-0cc3b9b6f2e0/1/y_FNVbdikbBWzs5LhqoDeRQMNlA.roa
Signing time:             Wed 13 May 2026 08:42:36 +0000
ROA not before:           Wed 13 May 2026 08:42:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212554
IP address blocks:        84.252.88.0/24 maxlen: 24
                          84.252.89.0/24 maxlen: 24
                          84.252.90.0/24 maxlen: 24
                          84.252.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/206631-f12b-40e3-b818-0cc3b9b6f2e0/1/9H5SZFhJfCXV3D3C9Kg3TU5ElJ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/206631-f12b-40e3-b818-0cc3b9b6f2e0/1/9H5SZFhJfCXV3D3C9Kg3TU5ElJ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9H5SZFhJfCXV3D3C9Kg3TU5ElJ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:20:80:8f:36:5e:51:08:37:25:6c:65:35:9c:a2:7e:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f47e526458497c25d5dc3dc2f4a8374d4e44949d
        Validity
            Not Before: May 13 08:42:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cbf14d55b76291b056cece4b86aa0379140c3650
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d0:f8:2d:3e:73:bc:4f:80:94:07:12:c2:28:
                    4a:46:4b:7b:2a:da:4d:7c:c2:89:40:54:58:7e:6b:
                    4d:a7:82:2d:93:23:0c:93:d9:28:28:17:01:91:ed:
                    fd:8e:0f:62:5a:78:65:ec:b0:a7:eb:39:10:e5:69:
                    54:c8:8c:92:cd:3d:e4:79:41:80:55:b3:9c:2b:7a:
                    b2:91:e0:0d:8b:ca:31:bc:6f:3e:40:ce:e6:ef:ee:
                    66:cd:f5:a6:cb:d3:c9:f0:2f:42:d7:a8:be:76:0b:
                    bf:65:51:ea:67:85:74:05:af:ae:9d:6b:cc:51:36:
                    a3:92:be:a5:fa:eb:4d:a6:03:ac:fa:ae:75:29:7a:
                    19:86:75:6c:83:6c:98:6a:82:33:45:57:03:71:73:
                    4d:c3:19:90:7d:df:72:37:12:fa:29:83:23:bc:43:
                    2d:c5:c8:2c:31:07:f1:74:47:5e:d2:0b:0b:29:ad:
                    3d:35:ff:11:1b:0e:a5:d5:64:bb:f2:aa:dc:76:69:
                    5c:4d:d8:53:d3:ee:d8:4e:7b:17:ee:10:06:89:65:
                    0f:50:90:8b:ab:59:69:35:30:f6:d2:6c:ec:c2:ad:
                    eb:09:ff:e3:68:6c:bd:e7:78:ab:b4:fb:01:f9:17:
                    03:4c:82:9c:09:df:33:06:be:15:d1:48:29:6e:da:
                    7b:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:F1:4D:55:B7:62:91:B0:56:CE:CE:4B:86:AA:03:79:14:0C:36:50
            X509v3 Authority Key Identifier:
                keyid:F4:7E:52:64:58:49:7C:25:D5:DC:3D:C2:F4:A8:37:4D:4E:44:94:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9H5SZFhJfCXV3D3C9Kg3TU5ElJ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/206631-f12b-40e3-b818-0cc3b9b6f2e0/1/y_FNVbdikbBWzs5LhqoDeRQMNlA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/206631-f12b-40e3-b818-0cc3b9b6f2e0/1/9H5SZFhJfCXV3D3C9Kg3TU5ElJ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.252.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ac:97:23:ef:2e:44:19:65:e6:cb:44:a2:40:45:22:32:32:0e:
         1e:08:f9:11:0f:7e:99:9f:86:87:3b:e0:49:ad:05:97:7a:ac:
         26:c3:de:a5:51:60:c0:c6:ec:fc:9d:41:7e:65:8c:ab:e8:77:
         87:e5:e8:de:b8:c2:6b:f3:f8:3c:ee:ad:98:f6:d9:87:7b:d0:
         e8:d0:75:be:cd:6e:58:74:c6:66:dc:95:d0:9b:bd:8d:ea:ec:
         f9:ce:5d:26:98:52:42:9b:f4:35:24:5b:60:16:e7:f5:f8:9e:
         02:cb:7f:8e:38:73:6e:1d:99:83:d2:cb:aa:7f:57:b6:1d:0b:
         8c:f7:6e:18:1d:55:e4:25:15:8a:67:0b:7d:be:9c:5a:96:57:
         40:b7:90:3c:b7:6a:08:67:f8:66:82:96:5e:2e:c2:e7:d0:41:
         4f:e2:33:8b:01:f2:41:65:d8:2e:e4:f7:45:02:56:d9:c2:b0:
         87:98:ed:3b:b5:c2:bb:74:c9:d8:45:9c:84:25:42:78:c7:a2:
         65:48:90:34:f8:e6:99:d6:14:43:16:4c:aa:b7:dd:34:2e:9d:
         12:d5:6a:ec:97:db:43:2a:42:59:86:e3:4c:df:3e:de:15:89:
         6c:b5:e8:60:f1:2f:ea:71:a2:33:5d:7c:60:b9:95:fe:78:8a:
         f4:4a:5a:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4ggI82XlEINyVsZTWcon7PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0N2U1MjY0NTg0OTdjMjVkNWRjM2RjMmY0YTgzNzRkNGU0
NDk0OWQwHhcNMjYwNTEzMDg0MjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmYxNGQ1NWI3NjI5MWIwNTZjZWNlNGI4NmFhMDM3OTE0MGMzNjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnND4LT5zvE+AlAcSwihKRkt7KtpN
fMKJQFRYfmtNp4ItkyMMk9koKBcBke39jg9iWnhl7LCn6zkQ5WlUyIySzT3keUGA
VbOcK3qykeANi8oxvG8+QM7m7+5mzfWmy9PJ8C9C16i+dgu/ZVHqZ4V0Ba+unWvM
UTajkr6l+utNpgOs+q51KXoZhnVsg2yYaoIzRVcDcXNNwxmQfd9yNxL6KYMjvEMt
xcgsMQfxdEde0gsLKa09Nf8RGw6l1WS78qrcdmlcTdhT0+7YTnsX7hAGiWUPUJCL
q1lpNTD20mzswq3rCf/jaGy953irtPsB+RcDTIKcCd8zBr4V0Ugpbtp79QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMvxTVW3YpGwVs7OS4aqA3kUDDZQMB8GA1UdIwQY
MBaAFPR+UmRYSXwl1dw9wvSoN01ORJSdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUg1U1pGaEpmQ1hWM0QzQzlLZzNUVTVFbEowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8yMDY2MzEtZjEyYi00MGUzLWI4MTgt
MGNjM2I5YjZmMmUwLzEveV9GTlZiZGlrYkJXenM1TGhxb0RlUlFNTmxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8yMDY2MzEtZjEyYi00MGUzLWI4MTgtMGNjM2I5YjZmMmUw
LzEvOUg1U1pGaEpmQ1hWM0QzQzlLZzNUVTVFbEowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVPxYMA0G
CSqGSIb3DQEBCwUAA4IBAQCslyPvLkQZZebLRKJARSIyMg4eCPkRD36Zn4aHO+BJ
rQWXeqwmw96lUWDAxuz8nUF+ZYyr6HeH5ejeuMJr8/g87q2Y9tmHe9Do0HW+zW5Y
dMZm3JXQm72N6uz5zl0mmFJCm/Q1JFtgFuf1+J4Cy3+OOHNuHZmD0suqf1e2HQuM
924YHVXkJRWKZwt9vpxalldAt5A8t2oIZ/hmgpZeLsLn0EFP4jOLAfJBZdgu5PdF
AlbZwrCHmO07tcK7dMnYRZyEJUJ4x6JlSJA0+OaZ1hRDFkyqt900Lp0S1Wrsl9tD
KkJZhuNM3z7eFYlstehg8S/qcaIzXXxguZX+eIr0SlpL
-----END CERTIFICATE-----