Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/c9db0e-903e-485e-b67f-2c7a2a746279/1/ykl9L1ieIhGIofGi7fpGhZ_4q9o.roa
File:                     ykl9L1ieIhGIofGi7fpGhZ_4q9o.roa (raw, json)
Hash identifier:          SVH2fs99Ob8T2U4b3+XfOBMnnh8VK7bnsIv441zI1CI=
Subject key identifier:   CA:49:7D:2F:58:9E:22:11:88:A1:F1:A2:ED:FA:46:85:9F:F8:AB:DA
Certificate issuer:       /CN=5376467ef0921c51190e2ea60f2abb3bd6e9c19f
Certificate serial:       019DAFEC861CAC08E1928562C91D35EA11D3
Authority key identifier: 53:76:46:7E:F0:92:1C:51:19:0E:2E:A6:0F:2A:BB:3B:D6:E9:C1:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U3ZGfvCSHFEZDi6mDyq7O9bpwZ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/c9db0e-903e-485e-b67f-2c7a2a746279/1/ykl9L1ieIhGIofGi7fpGhZ_4q9o.roa
Signing time:             Tue 21 Apr 2026 12:03:26 +0000
ROA not before:           Tue 21 Apr 2026 12:03:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12792
IP address blocks:        2a0b:487::/32 maxlen: 32
                          2a12:300::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/c9db0e-903e-485e-b67f-2c7a2a746279/1/U3ZGfvCSHFEZDi6mDyq7O9bpwZ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/c9db0e-903e-485e-b67f-2c7a2a746279/1/U3ZGfvCSHFEZDi6mDyq7O9bpwZ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U3ZGfvCSHFEZDi6mDyq7O9bpwZ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:af:ec:86:1c:ac:08:e1:92:85:62:c9:1d:35:ea:11:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5376467ef0921c51190e2ea60f2abb3bd6e9c19f
        Validity
            Not Before: Apr 21 12:03:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca497d2f589e221188a1f1a2edfa46859ff8abda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:22:62:79:55:bd:7c:e6:f3:dd:0f:90:e3:9a:
                    ca:c2:f1:5f:12:1f:79:46:39:7b:b2:5c:f2:9a:b1:
                    d2:0a:17:8e:bd:57:3e:a9:71:1e:39:a0:53:e7:bb:
                    2c:1c:56:c8:23:d7:4a:cc:0d:5a:ef:f5:74:18:b1:
                    8d:e4:78:a0:b7:be:e7:b4:5b:58:5e:10:14:78:6e:
                    dc:1f:e4:be:3e:af:49:81:67:bc:bb:29:ba:56:de:
                    4a:33:7e:c6:b9:39:c6:33:6f:dd:c1:80:00:26:f2:
                    b8:94:74:14:fd:db:a6:73:0f:30:a3:3c:c1:d2:44:
                    5e:1d:3a:64:99:b6:5e:8e:d5:3d:f9:69:dd:06:63:
                    f4:75:e9:e9:bd:10:08:93:e9:c2:a7:48:d2:22:db:
                    6c:10:fb:6e:3d:9d:d0:19:6f:31:b7:74:ec:bf:e2:
                    bb:5f:35:ed:2c:80:07:66:5f:08:4a:e6:b3:61:10:
                    bb:73:31:a1:06:60:ee:12:99:3e:0f:14:79:73:a5:
                    4c:85:b8:57:bc:d8:51:80:cb:93:76:73:93:7d:2a:
                    3f:a6:9a:97:32:36:8d:5d:fb:e0:f9:d8:88:e8:34:
                    db:a8:44:21:64:bc:c8:df:cb:26:c0:c0:72:85:4b:
                    1a:13:bd:02:fb:7c:3d:15:01:61:76:08:41:7b:e6:
                    45:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:49:7D:2F:58:9E:22:11:88:A1:F1:A2:ED:FA:46:85:9F:F8:AB:DA
            X509v3 Authority Key Identifier:
                keyid:53:76:46:7E:F0:92:1C:51:19:0E:2E:A6:0F:2A:BB:3B:D6:E9:C1:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U3ZGfvCSHFEZDi6mDyq7O9bpwZ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/c9db0e-903e-485e-b67f-2c7a2a746279/1/ykl9L1ieIhGIofGi7fpGhZ_4q9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/c9db0e-903e-485e-b67f-2c7a2a746279/1/U3ZGfvCSHFEZDi6mDyq7O9bpwZ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:487::/32
                  2a12:300::/29

    Signature Algorithm: sha256WithRSAEncryption
         8d:72:66:2f:8e:86:e5:bb:8a:e7:a3:8c:ea:e7:35:ea:ac:49:
         4a:4f:ec:9b:77:85:e8:fd:f9:0d:c3:70:63:14:a1:b3:be:24:
         7b:02:44:b0:e1:88:ac:75:a4:91:5b:52:91:11:63:e7:c7:c2:
         19:72:f3:b9:33:8a:44:b1:85:ce:b1:c4:a6:fd:6c:f0:cf:37:
         d4:86:e4:25:a9:95:96:58:fd:df:9f:66:0a:b9:ef:16:be:ba:
         eb:94:d7:c9:fa:99:ce:d2:74:c9:ef:ed:27:ca:a0:85:11:27:
         f9:41:8f:d1:0d:78:4c:be:2e:ed:77:24:c4:a9:13:28:84:b9:
         83:ab:c8:0f:03:89:5f:fb:e4:ba:f8:89:a0:fd:cc:2c:f1:29:
         74:d5:07:c6:e5:54:34:9b:45:dc:2b:97:cd:4f:77:7a:44:af:
         76:c6:62:53:2e:f2:82:f4:34:db:94:cd:aa:bf:13:6a:48:3b:
         da:51:19:cf:60:01:1f:9c:27:d6:bd:ac:7f:06:23:73:fc:99:
         38:8d:62:6e:c0:65:aa:0e:f7:7a:77:6b:2b:57:c1:99:f0:db:
         78:09:f4:f1:40:87:8c:a8:9a:b3:f7:15:e1:84:3c:30:3a:a1:
         c6:8a:e4:eb:5b:38:07:2c:c9:10:94:c5:b2:31:c8:a2:77:c5:
         51:e4:e4:ed
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ2v7IYcrAjhkoViyR016hHTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNzY0NjdlZjA5MjFjNTExOTBlMmVhNjBmMmFiYjNiZDZl
OWMxOWYwHhcNMjYwNDIxMTIwMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTQ5N2QyZjU4OWUyMjExODhhMWYxYTJlZGZhNDY4NTlmZjhhYmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCJieVW9fObz3Q+Q45rKwvFfEh95
Rjl7slzymrHSCheOvVc+qXEeOaBT57ssHFbII9dKzA1a7/V0GLGN5Higt77ntFtY
XhAUeG7cH+S+Pq9JgWe8uym6Vt5KM37GuTnGM2/dwYAAJvK4lHQU/dumcw8wozzB
0kReHTpkmbZejtU9+WndBmP0denpvRAIk+nCp0jSIttsEPtuPZ3QGW8xt3Tsv+K7
XzXtLIAHZl8ISuazYRC7czGhBmDuEpk+DxR5c6VMhbhXvNhRgMuTdnOTfSo/ppqX
MjaNXfvg+diI6DTbqEQhZLzI38smwMByhUsaE70C+3w9FQFhdghBe+ZFbwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMpJfS9YniIRiKHxou36RoWf+KvaMB8GA1UdIwQY
MBaAFFN2Rn7wkhxRGQ4upg8quzvW6cGfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTNaR2Z2Q1NIRkVaRGk2bUR5cTdPOWJwd1o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9jOWRiMGUtOTAzZS00ODVlLWI2N2Yt
MmM3YTJhNzQ2Mjc5LzEveWtsOUwxaWVJaEdJb2ZHaTdmcEdoWl80cTlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9jOWRiMGUtOTAzZS00ODVlLWI2N2YtMmM3YTJhNzQ2Mjc5
LzEvVTNaR2Z2Q1NIRkVaRGk2bUR5cTdPOWJwd1o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgsEhwMF
AyoSAwAwDQYJKoZIhvcNAQELBQADggEBAI1yZi+OhuW7iuejjOrnNeqsSUpP7Jt3
hej9+Q3DcGMUobO+JHsCRLDhiKx1pJFbUpERY+fHwhly87kzikSxhc6xxKb9bPDP
N9SG5CWplZZY/d+fZgq57xa+uuuU18n6mc7SdMnv7SfKoIURJ/lBj9ENeEy+Lu13
JMSpEyiEuYOryA8DiV/75Lr4iaD9zCzxKXTVB8blVDSbRdwrl81Pd3pEr3bGYlMu
8oL0NNuUzaq/E2pIO9pRGc9gAR+cJ9a9rH8GI3P8mTiNYm7AZaoO93p3aytXwZnw
23gJ9PFAh4yomrP3FeGEPDA6ocaK5OtbOAcsyRCUxbIxyKJ3xVHk5O0=
-----END CERTIFICATE-----