Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/51ce27-8a27-44f2-bdcf-a8604b95ee09/1/yqtWtEUaxX89PgbuPar-rKJDYu8.roa
File:                     yqtWtEUaxX89PgbuPar-rKJDYu8.roa (raw, json)
Hash identifier:          W8NPWWhZT4bESWb+Y/iGCFmQoNAAFU7562ycHtHQDvM=
Subject key identifier:   CA:AB:56:B4:45:1A:C5:7F:3D:3E:06:EE:3D:AA:FE:AC:A2:43:62:EF
Certificate issuer:       /CN=5bc453e4b4891f5547c477a081dcc0742c79d75e
Certificate serial:       019CB32A0A901E63175644A8BD13A59CCC1B
Authority key identifier: 5B:C4:53:E4:B4:89:1F:55:47:C4:77:A0:81:DC:C0:74:2C:79:D7:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W8RT5LSJH1VHxHeggdzAdCx5114.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/51ce27-8a27-44f2-bdcf-a8604b95ee09/1/yqtWtEUaxX89PgbuPar-rKJDYu8.roa
Signing time:             Tue 03 Mar 2026 10:06:42 +0000
ROA not before:           Tue 03 Mar 2026 10:06:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24961
IP address blocks:        185.177.84.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/51ce27-8a27-44f2-bdcf-a8604b95ee09/1/W8RT5LSJH1VHxHeggdzAdCx5114.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/51ce27-8a27-44f2-bdcf-a8604b95ee09/1/W8RT5LSJH1VHxHeggdzAdCx5114.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W8RT5LSJH1VHxHeggdzAdCx5114.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Mar 2026 10:49:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b3:2a:0a:90:1e:63:17:56:44:a8:bd:13:a5:9c:cc:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bc453e4b4891f5547c477a081dcc0742c79d75e
        Validity
            Not Before: Mar  3 10:06:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=caab56b4451ac57f3d3e06ee3daafeaca24362ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:41:82:66:ee:9e:83:d5:e1:15:22:1e:a6:18:
                    10:7e:21:b6:c1:0a:76:d5:ab:c6:1b:4b:35:0e:ad:
                    43:8a:45:c3:c2:2f:8b:ae:46:22:65:a8:f4:0a:75:
                    2b:a4:10:c5:5e:39:d3:3e:5e:ee:3a:52:6d:a1:da:
                    f1:cf:0e:0f:ad:08:51:43:27:c3:03:fb:15:df:21:
                    98:da:8b:be:2b:96:aa:33:41:ca:d0:f3:cf:ce:3c:
                    7b:08:1a:89:1c:e0:63:78:9e:77:e6:5a:fd:38:a2:
                    ab:7a:ea:86:c9:9a:79:e5:83:58:87:27:00:75:c7:
                    9c:67:54:6d:3a:0c:40:38:80:b1:ad:46:92:b7:6f:
                    ce:63:11:88:eb:8e:04:06:a9:36:58:da:84:2d:f9:
                    fc:b0:33:57:4b:fe:e5:24:50:6a:59:c7:02:56:66:
                    60:7c:3b:2d:2b:83:39:58:2d:b5:bc:0f:95:5d:8c:
                    1e:d8:05:8e:cf:76:12:9e:48:c3:3c:f6:20:1b:35:
                    6c:b3:43:70:47:81:61:f9:50:76:9b:4b:a8:4a:1b:
                    39:8d:dd:8f:96:93:82:87:62:1a:30:74:fa:86:b7:
                    d3:16:68:3a:c0:0e:2a:e7:fb:15:66:e1:77:3e:ac:
                    4a:21:a4:7e:68:4e:ac:1d:d5:b8:7e:7a:55:17:f1:
                    cf:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:AB:56:B4:45:1A:C5:7F:3D:3E:06:EE:3D:AA:FE:AC:A2:43:62:EF
            X509v3 Authority Key Identifier:
                keyid:5B:C4:53:E4:B4:89:1F:55:47:C4:77:A0:81:DC:C0:74:2C:79:D7:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W8RT5LSJH1VHxHeggdzAdCx5114.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/51ce27-8a27-44f2-bdcf-a8604b95ee09/1/yqtWtEUaxX89PgbuPar-rKJDYu8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/51ce27-8a27-44f2-bdcf-a8604b95ee09/1/W8RT5LSJH1VHxHeggdzAdCx5114.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.177.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:3a:fa:d7:34:e5:ee:15:1f:b4:53:e0:1a:9e:3d:9a:d2:06:
         c2:2a:99:c5:7b:4c:62:bb:3c:e3:3b:c7:ca:70:45:6c:30:5f:
         d7:48:ea:c0:d3:1f:c6:2b:cb:e3:12:ab:b3:b0:d0:15:d2:cb:
         73:c5:b1:7f:df:a3:3f:07:83:8c:f0:7d:f1:49:02:9f:19:03:
         7b:d7:bf:83:47:d1:ba:12:3a:c5:19:b9:71:54:1c:0c:ff:f8:
         24:1b:83:8c:84:e1:f0:e3:75:44:fb:a8:52:3d:ea:ec:44:a5:
         d9:d6:db:25:f3:5f:74:68:71:ba:b6:f9:72:d7:5e:36:8f:45:
         c9:33:15:5d:fb:c3:50:dd:a4:30:0c:8e:b1:4c:2d:bf:2a:9d:
         84:fe:92:6e:c3:6e:9f:d9:7d:a4:41:17:27:84:62:52:87:2a:
         f2:11:56:ca:d0:63:e8:60:99:eb:21:bc:26:a7:9e:fa:93:d9:
         68:23:e0:3a:b0:90:23:8e:ed:5c:aa:43:cd:b1:a8:78:99:34:
         bc:9f:49:05:2c:0d:a8:02:99:0b:c3:81:7f:98:57:18:21:6a:
         f9:45:28:d0:d2:90:bb:aa:49:52:1f:df:70:b7:19:68:e4:4d:
         72:2b:05:83:ad:98:ac:1b:d9:95:15:68:06:32:ad:dd:d7:32:
         98:25:03:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyzKgqQHmMXVkSovROlnMwbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViYzQ1M2U0YjQ4OTFmNTU0N2M0NzdhMDgxZGNjMDc0MmM3
OWQ3NWUwHhcNMjYwMzAzMTAwNjQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWFiNTZiNDQ1MWFjNTdmM2QzZTA2ZWUzZGFhZmVhY2EyNDM2MmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUGCZu6eg9XhFSIephgQfiG2wQp2
1avGG0s1Dq1DikXDwi+LrkYiZaj0CnUrpBDFXjnTPl7uOlJtodrxzw4PrQhRQyfD
A/sV3yGY2ou+K5aqM0HK0PPPzjx7CBqJHOBjeJ535lr9OKKreuqGyZp55YNYhycA
dcecZ1RtOgxAOICxrUaSt2/OYxGI644EBqk2WNqELfn8sDNXS/7lJFBqWccCVmZg
fDstK4M5WC21vA+VXYwe2AWOz3YSnkjDPPYgGzVss0NwR4Fh+VB2m0uoShs5jd2P
lpOCh2IaMHT6hrfTFmg6wA4q5/sVZuF3PqxKIaR+aE6sHdW4fnpVF/HPHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMqrVrRFGsV/PT4G7j2q/qyiQ2LvMB8GA1UdIwQY
MBaAFFvEU+S0iR9VR8R3oIHcwHQseddeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzhSVDVMU0pIMVZIeEhlZ2dkekFkQ3g1MTE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS81MWNlMjctOGEyNy00NGYyLWJkY2Yt
YTg2MDRiOTVlZTA5LzEveXF0V3RFVWF4WDg5UGdidVBhci1yS0pEWXU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS81MWNlMjctOGEyNy00NGYyLWJkY2YtYTg2MDRiOTVlZTA5
LzEvVzhSVDVMU0pIMVZIeEhlZ2dkekFkQ3g1MTE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubFUMA0G
CSqGSIb3DQEBCwUAA4IBAQB3OvrXNOXuFR+0U+Aanj2a0gbCKpnFe0xiuzzjO8fK
cEVsMF/XSOrA0x/GK8vjEquzsNAV0stzxbF/36M/B4OM8H3xSQKfGQN717+DR9G6
EjrFGblxVBwM//gkG4OMhOHw43VE+6hSPersRKXZ1tsl8190aHG6tvly1142j0XJ
MxVd+8NQ3aQwDI6xTC2/Kp2E/pJuw26f2X2kQRcnhGJShyryEVbK0GPoYJnrIbwm
p576k9loI+A6sJAjju1cqkPNsah4mTS8n0kFLA2oApkLw4F/mFcYIWr5RSjQ0pC7
qklSH99wtxlo5E1yKwWDrZisG9mVFWgGMq3d1zKYJQMq
-----END CERTIFICATE-----