Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/Y_UhOpV4adl1zf4z7-VNjoaV3T0.roa
File:                     Y_UhOpV4adl1zf4z7-VNjoaV3T0.roa (raw, json)
Hash identifier:          ST40cTBKDJAWguiP41jZB3jyYulxxBYIwRlwqDFF/pE=
Subject key identifier:   63:F5:21:3A:95:78:69:D9:75:CD:FE:33:EF:E5:4D:8E:86:95:DD:3D
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019E8D8919D7BCFE4819CC2EBC788125DABB
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/Y_UhOpV4adl1zf4z7-VNjoaV3T0.roa
Signing time:             Wed 03 Jun 2026 12:50:32 +0000
ROA not before:           Wed 03 Jun 2026 12:50:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     998
IP address blocks:        193.25.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8d:89:19:d7:bc:fe:48:19:cc:2e:bc:78:81:25:da:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jun  3 12:50:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=63f5213a957869d975cdfe33efe54d8e8695dd3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:df:ac:10:a3:4d:5e:71:53:a9:d5:d1:da:3a:
                    f1:73:8e:2b:ff:73:2f:93:78:b7:fa:bb:62:cc:d8:
                    33:5a:b7:35:25:e1:78:f0:62:8e:9e:f1:01:1c:42:
                    db:b2:1d:dc:41:3a:8f:2c:ba:84:f1:ff:cc:c4:9e:
                    c4:d3:f2:37:5e:82:e9:f2:7a:d9:a3:14:c1:0b:0a:
                    4b:9f:67:7c:d3:24:6f:36:e3:d7:40:f2:c2:1e:d7:
                    19:ed:6f:c4:2e:76:a7:c4:14:46:11:3f:f3:68:da:
                    86:03:c6:11:4e:0f:d8:e7:7c:1c:0f:a3:12:cf:a3:
                    74:b9:dd:e2:f7:47:88:47:ff:b2:ff:73:11:bb:30:
                    00:e8:f7:71:24:bf:7c:aa:c9:51:e3:22:3d:13:af:
                    f6:4a:df:f8:03:5d:85:7a:46:58:a8:40:cf:5f:b7:
                    42:95:a7:16:20:ee:bb:6f:ae:68:12:b2:5c:8a:f0:
                    d8:60:09:46:e4:67:96:fb:3e:d6:2a:b5:30:4f:78:
                    ae:f0:0f:46:a5:9e:62:4b:3c:a7:8b:5b:ef:f4:ac:
                    4f:0d:03:dc:b5:68:f9:2d:45:39:56:33:9b:0d:2c:
                    33:88:d2:9f:7c:44:46:d5:d7:48:52:48:a4:4d:82:
                    64:db:b6:85:0a:61:73:b4:9f:cb:19:95:a7:b3:4e:
                    7a:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:F5:21:3A:95:78:69:D9:75:CD:FE:33:EF:E5:4D:8E:86:95:DD:3D
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/Y_UhOpV4adl1zf4z7-VNjoaV3T0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:22:18:95:77:43:68:cb:de:dc:f7:8a:2f:54:ca:1b:ab:29:
         a4:8e:be:6d:9a:aa:04:be:b7:45:95:0b:b5:36:a9:a8:56:5e:
         bf:12:cf:81:44:f7:9c:71:b0:17:5b:11:95:ed:3a:8f:a6:06:
         d8:2d:4a:e2:0b:9e:51:6c:c6:90:b0:fd:e3:cb:28:b2:61:6e:
         17:e8:2c:03:ff:51:d9:3c:24:b7:09:e6:47:c6:40:6c:42:ac:
         15:5e:46:47:11:90:71:6d:17:3e:7a:3a:ef:02:ad:ab:c0:45:
         64:80:cc:72:90:b8:f8:f1:dd:ea:39:43:b3:8b:f4:c6:6c:c6:
         cd:04:7b:0a:57:ae:e3:89:fa:c3:30:d5:20:c7:15:7c:63:9b:
         20:33:71:5b:a3:be:0e:cc:c7:d4:04:ba:2a:31:a5:25:33:30:
         75:d3:e1:d6:36:29:7b:96:ed:1e:fa:03:97:23:85:96:8f:b2:
         3a:01:f8:7f:3a:66:5a:74:83:0d:1f:0a:31:2b:0e:dc:44:30:
         ad:b9:24:a7:04:04:0f:5f:19:f7:c9:b2:d2:c5:e0:1f:50:83:
         f9:c5:8b:de:59:49:5b:a4:41:54:83:6d:4a:46:47:ef:fc:8f:
         4c:50:30:19:27:33:23:30:8a:d8:1b:99:a5:ab:9f:a4:7e:ac:
         b0:24:d9:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6NiRnXvP5IGcwuvHiBJdq7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwNjAzMTI1MDMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2Y1MjEzYTk1Nzg2OWQ5NzVjZGZlMzNlZmU1NGQ4ZTg2OTVkZDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9+sEKNNXnFTqdXR2jrxc44r/3Mv
k3i3+rtizNgzWrc1JeF48GKOnvEBHELbsh3cQTqPLLqE8f/MxJ7E0/I3XoLp8nrZ
oxTBCwpLn2d80yRvNuPXQPLCHtcZ7W/ELnanxBRGET/zaNqGA8YRTg/Y53wcD6MS
z6N0ud3i90eIR/+y/3MRuzAA6PdxJL98qslR4yI9E6/2St/4A12FekZYqEDPX7dC
lacWIO67b65oErJcivDYYAlG5GeW+z7WKrUwT3iu8A9GpZ5iSzyni1vv9KxPDQPc
tWj5LUU5VjObDSwziNKffERG1ddIUkikTYJk27aFCmFztJ/LGZWns056swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGP1ITqVeGnZdc3+M+/lTY6Gld09MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvWV9VaE9wVjRhZGwxemY0ejctVk5qb2FWM1QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRmmMA0G
CSqGSIb3DQEBCwUAA4IBAQCMIhiVd0Noy97c94ovVMobqymkjr5tmqoEvrdFlQu1
NqmoVl6/Es+BRPeccbAXWxGV7TqPpgbYLUriC55RbMaQsP3jyyiyYW4X6CwD/1HZ
PCS3CeZHxkBsQqwVXkZHEZBxbRc+ejrvAq2rwEVkgMxykLj48d3qOUOzi/TGbMbN
BHsKV67jifrDMNUgxxV8Y5sgM3Fbo74OzMfUBLoqMaUlMzB10+HWNil7lu0e+gOX
I4WWj7I6Afh/OmZadIMNHwoxKw7cRDCtuSSnBAQPXxn3ybLSxeAfUIP5xYveWUlb
pEFUg21KRkfv/I9MUDAZJzMjMIrYG5mlq5+kfqywJNlI
-----END CERTIFICATE-----