Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/YzwOIeVAtXSNiBOGbuHVjv-Z00A.roa
File:                     YzwOIeVAtXSNiBOGbuHVjv-Z00A.roa (raw, json)
Hash identifier:          rjM/sxaHECFx4uRH5Ip2V0MqEukfOOn8nZ4SXfxW5CA=
Subject key identifier:   63:3C:0E:21:E5:40:B5:74:8D:88:13:86:6E:E1:D5:8E:FF:99:D3:40
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019DDA000C6E8CE013BC3F60A79A049096C8
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/YzwOIeVAtXSNiBOGbuHVjv-Z00A.roa
Signing time:             Wed 29 Apr 2026 16:08:49 +0000
ROA not before:           Wed 29 Apr 2026 16:08:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198486
IP address blocks:        109.122.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 18:48:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:da:00:0c:6e:8c:e0:13:bc:3f:60:a7:9a:04:90:96:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Apr 29 16:08:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=633c0e21e540b5748d8813866ee1d58eff99d340
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:94:f3:76:16:f3:d8:bd:63:db:03:4e:ce:82:
                    0d:e9:b4:93:17:d9:32:34:02:f2:2f:32:99:1a:7e:
                    f5:b2:d3:51:48:cb:bc:19:50:8d:d0:3e:d2:23:95:
                    89:90:7a:ca:92:7d:6d:fb:30:79:19:e9:ad:45:db:
                    45:3c:3d:7b:c4:f5:ab:95:bb:6f:fd:34:08:65:57:
                    ad:01:23:66:d3:33:23:dc:9d:90:86:78:70:6d:50:
                    e8:ee:bb:5e:a8:b9:98:42:e4:88:d0:b6:a3:98:32:
                    c6:1e:00:a1:c3:04:e7:d0:62:0a:7d:79:c8:bc:fe:
                    28:83:f2:3d:d5:5e:b0:36:fa:f6:f5:aa:63:00:bf:
                    0d:2e:66:50:24:34:80:1a:bb:46:6c:fa:b9:14:1f:
                    d5:54:ae:c2:99:3f:80:25:9b:e3:0c:d6:57:b2:df:
                    9c:15:cf:ba:4c:98:cd:1c:2e:45:e2:c9:a2:e1:91:
                    33:fe:b2:97:b9:dc:66:50:ac:7f:f1:43:37:6d:7d:
                    e4:08:2d:75:92:bd:82:a7:b3:18:f2:bc:a4:91:4a:
                    af:84:71:53:cd:4f:30:ec:5b:89:b5:a2:25:36:68:
                    eb:c6:99:d3:2c:90:d2:bd:78:b7:45:14:1a:8a:89:
                    b8:d8:ca:1c:c0:d4:cb:ea:ad:6a:ad:36:d8:b7:c6:
                    92:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:3C:0E:21:E5:40:B5:74:8D:88:13:86:6E:E1:D5:8E:FF:99:D3:40
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/YzwOIeVAtXSNiBOGbuHVjv-Z00A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:a2:11:0e:fa:42:03:4b:d5:cd:aa:b1:e1:3f:8e:e7:e4:ac:
         8d:bb:f7:43:ae:07:a5:94:2c:bc:98:aa:f9:6f:e0:97:b0:63:
         d6:7a:ee:56:25:ea:31:a3:81:a7:12:c8:d9:3a:92:b3:1a:5e:
         60:7b:59:c2:6f:c7:6e:ad:a0:89:3a:4b:72:9c:c4:fd:98:ef:
         1c:64:ef:2c:ad:2b:34:2d:92:0d:22:d1:f6:ca:ca:55:e9:80:
         f4:d5:80:45:12:e1:39:8e:a1:f3:4e:fb:09:f7:0e:14:f9:a8:
         fd:b9:91:c3:5b:a8:00:2e:57:66:4e:61:04:af:52:49:45:49:
         89:3d:a1:27:60:9a:98:03:a7:1f:18:3a:e0:5b:69:96:e1:ee:
         de:2c:53:9b:b2:36:e5:4b:83:3f:30:22:b3:fa:a1:ef:71:f1:
         c0:f1:1f:18:eb:97:f7:12:17:1e:cf:57:63:4f:cc:cc:d7:5b:
         9e:28:0e:31:03:ab:41:48:51:2f:6c:63:63:17:ff:34:d8:c0:
         00:ea:ea:aa:2d:3e:46:44:07:67:f3:2e:1b:fe:7e:13:5a:48:
         b0:a5:a7:4b:4e:1f:f3:85:4f:83:35:fc:f3:17:2d:70:1b:38:
         57:bc:1a:40:0c:b3:ef:98:a5:1f:6f:3f:12:6e:35:f6:d0:cc:
         81:dd:85:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3aAAxujOATvD9gp5oEkJbIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwNDI5MTYwODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzNjMGUyMWU1NDBiNTc0OGQ4ODEzODY2ZWUxZDU4ZWZmOTlkMzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5Tzdhbz2L1j2wNOzoIN6bSTF9ky
NALyLzKZGn71stNRSMu8GVCN0D7SI5WJkHrKkn1t+zB5GemtRdtFPD17xPWrlbtv
/TQIZVetASNm0zMj3J2QhnhwbVDo7rteqLmYQuSI0LajmDLGHgChwwTn0GIKfXnI
vP4og/I91V6wNvr29apjAL8NLmZQJDSAGrtGbPq5FB/VVK7CmT+AJZvjDNZXst+c
Fc+6TJjNHC5F4smi4ZEz/rKXudxmUKx/8UM3bX3kCC11kr2Cp7MY8rykkUqvhHFT
zU8w7FuJtaIlNmjrxpnTLJDSvXi3RRQaiom42MocwNTL6q1qrTbYt8aSEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGM8DiHlQLV0jYgThm7h1Y7/mdNAMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvWXp3T0llVkF0WFNOaUJPR2J1SFZqdi1aMDBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXofMA0G
CSqGSIb3DQEBCwUAA4IBAQB5ohEO+kIDS9XNqrHhP47n5KyNu/dDrgellCy8mKr5
b+CXsGPWeu5WJeoxo4GnEsjZOpKzGl5ge1nCb8duraCJOktynMT9mO8cZO8srSs0
LZINItH2yspV6YD01YBFEuE5jqHzTvsJ9w4U+aj9uZHDW6gALldmTmEEr1JJRUmJ
PaEnYJqYA6cfGDrgW2mW4e7eLFObsjblS4M/MCKz+qHvcfHA8R8Y65f3Ehcez1dj
T8zM11ueKA4xA6tBSFEvbGNjF/802MAA6uqqLT5GRAdn8y4b/n4TWkiwpadLTh/z
hU+DNfzzFy1wGzhXvBpADLPvmKUfbz8SbjX20MyB3YUn
-----END CERTIFICATE-----