Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/cb6661-171c-406f-b313-a637cd846cf6/1/Yym9LqiS2yuZrqFo_UGleLSuzEM.roa
File:                     Yym9LqiS2yuZrqFo_UGleLSuzEM.roa (raw, json)
Hash identifier:          O9elXlPbHLSvuSvYJaB627u2fBp9xUyJ47vwypII/gQ=
Subject key identifier:   63:29:BD:2E:A8:92:DB:2B:99:AE:A1:68:FD:41:A5:78:B4:AE:CC:43
Certificate issuer:       /CN=92477860477a5354b5a86965dd399e98987e590e
Certificate serial:       019E63949EC862F33C999E654CCB01DEF533
Authority key identifier: 92:47:78:60:47:7A:53:54:B5:A8:69:65:DD:39:9E:98:98:7E:59:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kkd4YEd6U1S1qGll3TmemJh-WQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/cb6661-171c-406f-b313-a637cd846cf6/1/Yym9LqiS2yuZrqFo_UGleLSuzEM.roa
Signing time:             Tue 26 May 2026 09:19:04 +0000
ROA not before:           Tue 26 May 2026 09:19:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31898
IP address blocks:        81.126.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/cb6661-171c-406f-b313-a637cd846cf6/1/kkd4YEd6U1S1qGll3TmemJh-WQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/cb6661-171c-406f-b313-a637cd846cf6/1/kkd4YEd6U1S1qGll3TmemJh-WQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kkd4YEd6U1S1qGll3TmemJh-WQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 May 2026 06:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:63:94:9e:c8:62:f3:3c:99:9e:65:4c:cb:01:de:f5:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92477860477a5354b5a86965dd399e98987e590e
        Validity
            Not Before: May 26 09:19:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6329bd2ea892db2b99aea168fd41a578b4aecc43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:17:1c:45:60:a3:3e:f7:6b:7d:80:83:91:70:
                    f4:ca:97:bc:02:b5:a0:d4:b6:f8:ff:38:c0:41:00:
                    6e:ea:72:0c:07:62:a9:3f:9f:fd:73:be:e3:86:fa:
                    f8:86:66:31:2c:e1:1f:69:48:d9:77:ca:83:d8:ea:
                    86:ab:dd:42:dc:66:b3:30:1b:0d:d2:76:53:f4:e7:
                    39:a5:fc:4e:c5:eb:2a:32:dc:0e:d5:2f:35:92:b9:
                    5b:26:af:f1:20:5b:f1:03:02:24:af:97:d0:f5:18:
                    92:bd:26:5d:c2:02:39:c9:8e:98:6f:90:00:50:a6:
                    60:4b:46:68:d7:b8:1c:f1:59:ef:72:cd:8b:1f:32:
                    7d:a2:b4:01:17:df:2e:39:84:0c:e2:8f:c1:25:37:
                    bf:03:30:c6:0f:c6:a1:d2:92:88:7e:c9:69:d3:f1:
                    2d:7d:19:b9:3d:b1:60:91:6f:a5:55:5d:e9:15:52:
                    f2:de:b7:de:7b:f1:62:f7:f5:b4:f8:83:60:5d:72:
                    a7:b3:ac:7a:81:b5:4a:88:35:23:66:60:78:ac:7d:
                    72:4c:06:73:47:f0:13:3a:16:79:5c:7c:9e:b4:d6:
                    d4:21:98:c7:ca:af:5d:71:13:41:fa:c8:78:09:30:
                    84:e7:bf:08:fc:c6:5f:f9:b6:b3:5c:1e:b4:ce:e4:
                    41:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:29:BD:2E:A8:92:DB:2B:99:AE:A1:68:FD:41:A5:78:B4:AE:CC:43
            X509v3 Authority Key Identifier:
                keyid:92:47:78:60:47:7A:53:54:B5:A8:69:65:DD:39:9E:98:98:7E:59:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kkd4YEd6U1S1qGll3TmemJh-WQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/cb6661-171c-406f-b313-a637cd846cf6/1/Yym9LqiS2yuZrqFo_UGleLSuzEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/cb6661-171c-406f-b313-a637cd846cf6/1/kkd4YEd6U1S1qGll3TmemJh-WQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.126.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:a9:32:f1:b4:f6:24:d0:8d:09:bc:b9:51:c6:bd:70:b5:7f:
         d5:17:51:e4:42:16:ff:3b:2d:80:29:a4:22:02:0d:a0:c2:87:
         da:86:38:ac:43:d0:93:8b:e9:3b:9b:f0:e8:b5:5f:c4:a2:51:
         5b:29:43:84:1f:3e:6b:db:e1:1a:e8:f8:0d:1b:ad:b6:d2:d3:
         80:56:e3:f8:75:ce:02:8e:a7:33:d0:36:45:7e:d6:9c:12:c6:
         b5:ca:7f:28:5d:53:ef:e4:7f:f6:08:33:fe:3f:a8:b0:9e:a9:
         3a:bd:4c:a6:36:8c:22:13:25:8c:dc:36:87:db:5e:0f:d0:fe:
         53:f5:c3:27:20:fe:3c:6c:7b:59:56:23:09:9a:45:25:df:89:
         94:69:8c:e5:d6:21:a3:22:eb:c6:22:97:6b:6e:db:99:2e:d9:
         00:fd:1d:67:b4:a6:90:f2:52:4a:0e:c0:46:8f:af:87:af:0f:
         84:e6:d3:fe:da:68:4a:3a:bf:b1:53:56:0f:d2:f9:e7:99:e2:
         fa:e6:8f:02:b9:fd:f3:3a:d8:6f:b7:ff:a1:27:12:8c:d7:4e:
         37:e0:2f:eb:c4:b8:25:54:2c:62:45:8d:d2:a4:5d:f3:27:0a:
         f5:3e:ad:5a:4e:19:6e:be:20:7c:cd:b0:1d:be:99:c3:bb:14:
         02:b5:40:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5jlJ7IYvM8mZ5lTMsB3vUzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNDc3ODYwNDc3YTUzNTRiNWE4Njk2NWRkMzk5ZTk4OTg3
ZTU5MGUwHhcNMjYwNTI2MDkxOTA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzI5YmQyZWE4OTJkYjJiOTlhZWExNjhmZDQxYTU3OGI0YWVjYzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhccRWCjPvdrfYCDkXD0ype8ArWg
1Lb4/zjAQQBu6nIMB2KpP5/9c77jhvr4hmYxLOEfaUjZd8qD2OqGq91C3GazMBsN
0nZT9Oc5pfxOxesqMtwO1S81krlbJq/xIFvxAwIkr5fQ9RiSvSZdwgI5yY6Yb5AA
UKZgS0Zo17gc8Vnvcs2LHzJ9orQBF98uOYQM4o/BJTe/AzDGD8ah0pKIfslp0/Et
fRm5PbFgkW+lVV3pFVLy3rfee/Fi9/W0+INgXXKns6x6gbVKiDUjZmB4rH1yTAZz
R/ATOhZ5XHyetNbUIZjHyq9dcRNB+sh4CTCE578I/MZf+bazXB60zuRBMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGMpvS6oktsrma6haP1BpXi0rsxDMB8GA1UdIwQY
MBaAFJJHeGBHelNUtahpZd05npiYflkOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2tkNFlFZDZVMVMxcUdsbDNUbWVtSmgtV1E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9jYjY2NjEtMTcxYy00MDZmLWIzMTMt
YTYzN2NkODQ2Y2Y2LzEvWXltOUxxaVMyeXVacnFGb19VR2xlTFN1ekVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9jYjY2NjEtMTcxYy00MDZmLWIzMTMtYTYzN2NkODQ2Y2Y2
LzEva2tkNFlFZDZVMVMxcUdsbDNUbWVtSmgtV1E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUX6RMA0G
CSqGSIb3DQEBCwUAA4IBAQBrqTLxtPYk0I0JvLlRxr1wtX/VF1HkQhb/Oy2AKaQi
Ag2gwofahjisQ9CTi+k7m/DotV/EolFbKUOEHz5r2+Ea6PgNG6220tOAVuP4dc4C
jqcz0DZFftacEsa1yn8oXVPv5H/2CDP+P6iwnqk6vUymNowiEyWM3DaH214P0P5T
9cMnIP48bHtZViMJmkUl34mUaYzl1iGjIuvGIpdrbtuZLtkA/R1ntKaQ8lJKDsBG
j6+Hrw+E5tP+2mhKOr+xU1YP0vnnmeL65o8Cuf3zOthvt/+hJxKM10434C/rxLgl
VCxiRY3SpF3zJwr1Pq1aThluviB8zbAdvpnDuxQCtUD/
-----END CERTIFICATE-----