Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/YA4fEjE_xun0dxgPG0IoeyxqCQs.roa
File:                     YA4fEjE_xun0dxgPG0IoeyxqCQs.roa (raw, json)
Hash identifier:          UBRwhedQgfBpanBBEO/Fy8BrkVKho3ey/n+snFTA2Ls=
Subject key identifier:   60:0E:1F:12:31:3F:C6:E9:F4:77:18:0F:1B:42:28:7B:2C:6A:09:0B
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019E878BE0E4C0ECEDAE8D7A19651447259A
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/YA4fEjE_xun0dxgPG0IoeyxqCQs.roa
Signing time:             Tue 02 Jun 2026 08:55:51 +0000
ROA not before:           Tue 02 Jun 2026 08:55:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214266
IP address blocks:        2a09:c440::/29 maxlen: 29
                          2a10:fac0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:87:8b:e0:e4:c0:ec:ed:ae:8d:7a:19:65:14:47:25:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jun  2 08:55:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=600e1f12313fc6e9f477180f1b42287b2c6a090b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f0:f5:21:88:a5:1f:ac:07:af:1e:66:c9:33:
                    10:61:f7:bc:4d:bf:de:e1:50:c2:ec:3d:ef:a6:b9:
                    b9:e4:d2:9e:b9:dd:51:f4:24:87:c3:ab:c2:5d:32:
                    5d:d6:10:ad:6a:5c:a6:81:53:4f:57:e9:e3:89:8f:
                    e0:12:93:7b:8e:69:21:a2:ba:c3:69:6f:4e:25:65:
                    f4:11:aa:ed:a6:a1:88:67:4b:83:7c:41:53:e1:20:
                    ea:a4:a0:a1:88:10:f5:d3:b5:88:e3:4f:1b:12:8c:
                    75:e9:e0:e6:05:3f:2e:e9:c5:e1:8b:cb:31:a0:9b:
                    42:b0:fe:b8:b7:ab:f0:54:0e:05:f5:a8:cc:b8:0c:
                    ef:37:f9:28:4c:86:65:32:a1:33:91:7d:de:70:e3:
                    02:37:ad:4a:4f:5a:aa:ce:7e:05:eb:07:87:4f:cd:
                    3b:91:2b:70:62:22:c4:d7:3b:ad:9b:18:43:c5:d7:
                    09:60:8e:34:a1:16:52:86:d7:48:e2:bd:29:d9:a0:
                    1d:aa:ce:e2:8f:46:7e:a2:0b:f0:99:53:b7:d9:d9:
                    f7:8a:ff:b3:68:ca:90:a6:1f:8a:c8:5f:b1:21:09:
                    94:c2:d2:31:dd:26:c5:dc:76:a4:43:cd:ef:17:ff:
                    7e:16:cc:b3:ae:b0:20:8c:de:da:d4:0d:13:fd:6e:
                    6a:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:0E:1F:12:31:3F:C6:E9:F4:77:18:0F:1B:42:28:7B:2C:6A:09:0B
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/YA4fEjE_xun0dxgPG0IoeyxqCQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:c440::/29
                  2a10:fac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         b8:6c:3a:87:b3:f5:3f:f4:01:b0:a8:e3:d1:2c:b5:ad:41:98:
         72:52:17:11:36:c8:b0:92:9b:53:e0:c8:53:0b:c8:a3:a7:5e:
         df:11:71:2a:95:f6:08:4b:db:b4:d7:c3:4d:79:c9:4b:84:7a:
         de:52:37:58:c5:07:77:87:06:6b:a1:f7:52:49:7e:7d:c8:6e:
         be:b5:b9:04:b1:2e:b4:d8:c2:72:63:2a:57:a8:c9:01:6b:29:
         6d:59:5b:8d:9f:a9:57:e5:35:8c:d4:41:26:b8:1a:c7:a2:7c:
         b4:b8:40:c5:ef:06:20:32:f3:c4:2c:1f:3d:6f:65:af:80:77:
         ff:3f:be:ff:c8:4a:f8:42:2b:b3:43:24:59:c7:5e:a5:40:21:
         e6:89:98:79:20:62:d3:72:e8:cd:82:5b:e8:61:26:ee:0b:3c:
         e3:7b:cb:c5:18:c0:ff:d8:9e:be:20:61:f5:0b:26:b4:ea:25:
         54:41:65:8f:3c:90:7d:2c:61:9e:33:43:e3:d0:10:ee:d9:bd:
         7c:7d:5c:b7:a4:b9:41:e6:5b:42:43:4b:5f:30:81:e0:c6:40:
         5c:5f:b1:90:02:39:82:11:65:f1:87:99:d3:16:4e:ec:86:92:
         02:47:6d:bf:c5:37:11:7c:7f:34:82:72:41:c2:ea:a4:03:8c:
         c8:5c:aa:b5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ6Hi+DkwOztro16GWUURyWaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjYwNjAyMDg1NTUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDBlMWYxMjMxM2ZjNmU5ZjQ3NzE4MGYxYjQyMjg3YjJjNmEwOTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfD1IYilH6wHrx5myTMQYfe8Tb/e
4VDC7D3vprm55NKeud1R9CSHw6vCXTJd1hCtalymgVNPV+njiY/gEpN7jmkhorrD
aW9OJWX0EartpqGIZ0uDfEFT4SDqpKChiBD107WI408bEox16eDmBT8u6cXhi8sx
oJtCsP64t6vwVA4F9ajMuAzvN/koTIZlMqEzkX3ecOMCN61KT1qqzn4F6weHT807
kStwYiLE1zutmxhDxdcJYI40oRZShtdI4r0p2aAdqs7ij0Z+ogvwmVO32dn3iv+z
aMqQph+KyF+xIQmUwtIx3SbF3HakQ83vF/9+FsyzrrAgjN7a1A0T/W5qSwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGAOHxIxP8bp9HcYDxtCKHssagkLMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvWUE0ZkVqRV94dW4wZHhnUEcwSW9leXhxQ1FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgnEQAMF
AyoQ+sAwDQYJKoZIhvcNAQELBQADggEBALhsOoez9T/0AbCo49Esta1BmHJSFxE2
yLCSm1PgyFMLyKOnXt8RcSqV9ghL27TXw015yUuEet5SN1jFB3eHBmuh91JJfn3I
br61uQSxLrTYwnJjKleoyQFrKW1ZW42fqVflNYzUQSa4GseifLS4QMXvBiAy88Qs
Hz1vZa+Ad/8/vv/ISvhCK7NDJFnHXqVAIeaJmHkgYtNy6M2CW+hhJu4LPON7y8UY
wP/Ynr4gYfULJrTqJVRBZY88kH0sYZ4zQ+PQEO7ZvXx9XLekuUHmW0JDS18wgeDG
QFxfsZACOYIRZfGHmdMWTuyGkgJHbb/FNxF8fzSCckHC6qQDjMhcqrU=
-----END CERTIFICATE-----