Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/bfdd19-6bba-4dc9-afc6-97be426a2334/1/YOp__Ry-NGpngn9AjDGoHEbjeCg.roa
File:                     YOp__Ry-NGpngn9AjDGoHEbjeCg.roa (raw, json)
Hash identifier:          ON5r8fZJQGVj6wPi39Ya/7ATYu3d/0MWZ+FMIC4DzPw=
Subject key identifier:   60:EA:7F:FD:1C:BE:34:6A:67:82:7F:40:8C:31:A8:1C:46:E3:78:28
Certificate issuer:       /CN=d04687a3ee6322b757de81e7f53c5d32eebe33a6
Certificate serial:       019CAF353A1A56BF1BA6E4D223DF134AD201
Authority key identifier: D0:46:87:A3:EE:63:22:B7:57:DE:81:E7:F5:3C:5D:32:EE:BE:33:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0EaHo-5jIrdX3oHn9TxdMu6-M6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/bfdd19-6bba-4dc9-afc6-97be426a2334/1/YOp__Ry-NGpngn9AjDGoHEbjeCg.roa
Signing time:             Mon 02 Mar 2026 15:40:26 +0000
ROA not before:           Mon 02 Mar 2026 15:40:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12779
IP address blocks:        185.128.76.0/23 maxlen: 24
                          185.128.77.0/24 maxlen: 24
                          185.128.78.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/bfdd19-6bba-4dc9-afc6-97be426a2334/1/0EaHo-5jIrdX3oHn9TxdMu6-M6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/bfdd19-6bba-4dc9-afc6-97be426a2334/1/0EaHo-5jIrdX3oHn9TxdMu6-M6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0EaHo-5jIrdX3oHn9TxdMu6-M6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 06:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:af:35:3a:1a:56:bf:1b:a6:e4:d2:23:df:13:4a:d2:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d04687a3ee6322b757de81e7f53c5d32eebe33a6
        Validity
            Not Before: Mar  2 15:40:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=60ea7ffd1cbe346a67827f408c31a81c46e37828
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:0c:fb:38:35:af:eb:a8:d0:b4:99:8b:94:c3:
                    c7:42:29:dc:fc:6e:4d:58:b1:42:05:8f:e5:39:f7:
                    0d:b1:3c:34:be:7f:e3:73:9a:ec:f4:52:a7:08:ba:
                    4a:97:be:6b:af:7b:5b:df:fc:5e:41:05:32:d8:9f:
                    3f:a1:5e:c5:17:28:79:8b:f1:bd:c8:c7:d1:6e:85:
                    fb:8e:42:a6:e1:ca:c5:1a:ed:5c:51:30:e2:4d:a6:
                    03:cd:9b:97:57:75:c6:6e:03:40:d7:a7:e0:a0:15:
                    ab:9a:c1:15:c5:63:f3:db:ed:c9:a2:c5:d7:09:2a:
                    15:33:1c:8f:52:43:2c:1e:db:0d:df:49:c0:a6:56:
                    10:3c:75:0c:95:f2:d6:3a:34:e6:d8:57:b8:82:5d:
                    43:dd:cc:a7:fe:3d:47:a9:a6:0f:0c:67:69:01:33:
                    b3:e6:e7:1a:30:16:eb:4a:31:16:8c:61:cc:19:e1:
                    55:6d:05:c7:7e:98:53:4b:4c:ae:25:d0:ec:87:61:
                    6b:ba:a4:9e:d3:81:af:64:87:bd:aa:98:d3:68:12:
                    e2:a0:6a:32:3c:4e:5b:0e:fb:29:d5:9c:cc:c5:bd:
                    5e:a1:40:31:69:46:4b:e1:c6:92:e9:bc:95:f9:01:
                    22:2d:a8:23:a0:23:92:48:53:c6:18:25:54:7b:23:
                    0c:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:EA:7F:FD:1C:BE:34:6A:67:82:7F:40:8C:31:A8:1C:46:E3:78:28
            X509v3 Authority Key Identifier:
                keyid:D0:46:87:A3:EE:63:22:B7:57:DE:81:E7:F5:3C:5D:32:EE:BE:33:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0EaHo-5jIrdX3oHn9TxdMu6-M6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/bfdd19-6bba-4dc9-afc6-97be426a2334/1/YOp__Ry-NGpngn9AjDGoHEbjeCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/bfdd19-6bba-4dc9-afc6-97be426a2334/1/0EaHo-5jIrdX3oHn9TxdMu6-M6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:76:6f:7a:7e:b2:8b:2c:45:ff:e8:d8:80:bd:77:28:0d:83:
         07:98:55:b7:7c:bb:bf:f8:8d:bc:1c:19:66:05:1b:5e:23:c7:
         6f:3d:28:41:3f:a6:f3:bc:ee:62:ce:b5:ba:d1:05:9c:11:fa:
         49:dd:a3:4d:6a:56:90:22:ec:71:18:d9:12:ce:be:ba:0a:35:
         a2:ea:e3:f6:56:f4:78:18:23:d4:ba:b3:47:6d:5b:84:bf:39:
         67:cf:bd:58:25:a3:4e:9a:4c:65:70:8b:5b:e9:8f:68:e2:d4:
         83:90:1f:e1:ac:1d:53:37:b0:26:be:2b:ea:b5:d7:b1:41:cd:
         82:dc:f3:f7:54:32:f9:7d:4e:58:bc:bc:3d:ba:62:a3:f3:4d:
         0a:d6:4c:1e:eb:e4:ee:4a:3b:7e:7f:04:09:e1:59:55:f5:70:
         a7:c8:ab:84:31:43:ca:48:59:14:d1:93:d8:24:cb:8f:cd:39:
         a7:6b:14:a3:eb:a3:9b:77:41:a4:d6:d6:c8:1a:4d:c2:26:28:
         44:28:fb:6f:2d:9f:e6:96:9d:8c:94:0a:2c:05:48:79:e4:e0:
         5c:e7:10:da:a8:14:59:d9:e6:1c:9e:2c:68:04:8c:04:d7:1c:
         78:75:e0:d3:13:18:9a:08:90:5a:3e:19:dc:94:72:1a:61:74:
         e5:be:55:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyvNToaVr8bpuTSI98TStIBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwNDY4N2EzZWU2MzIyYjc1N2RlODFlN2Y1M2M1ZDMyZWVi
ZTMzYTYwHhcNMjYwMzAyMTU0MDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGVhN2ZmZDFjYmUzNDZhNjc4MjdmNDA4YzMxYTgxYzQ2ZTM3ODI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Qz7ODWv66jQtJmLlMPHQinc/G5N
WLFCBY/lOfcNsTw0vn/jc5rs9FKnCLpKl75rr3tb3/xeQQUy2J8/oV7FFyh5i/G9
yMfRboX7jkKm4crFGu1cUTDiTaYDzZuXV3XGbgNA16fgoBWrmsEVxWPz2+3JosXX
CSoVMxyPUkMsHtsN30nAplYQPHUMlfLWOjTm2Fe4gl1D3cyn/j1HqaYPDGdpATOz
5ucaMBbrSjEWjGHMGeFVbQXHfphTS0yuJdDsh2FruqSe04GvZIe9qpjTaBLioGoy
PE5bDvsp1ZzMxb1eoUAxaUZL4caS6byV+QEiLagjoCOSSFPGGCVUeyMMOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGDqf/0cvjRqZ4J/QIwxqBxG43goMB8GA1UdIwQY
MBaAFNBGh6PuYyK3V96B5/U8XTLuvjOmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEVhSG8tNWpJcmRYM29IbjlUeGRNdTYtTTZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9iZmRkMTktNmJiYS00ZGM5LWFmYzYt
OTdiZTQyNmEyMzM0LzEvWU9wX19SeS1OR3BuZ245QWpER29IRWJqZUNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9iZmRkMTktNmJiYS00ZGM5LWFmYzYtOTdiZTQyNmEyMzM0
LzEvMEVhSG8tNWpJcmRYM29IbjlUeGRNdTYtTTZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYBMMA0G
CSqGSIb3DQEBCwUAA4IBAQAPdm96frKLLEX/6NiAvXcoDYMHmFW3fLu/+I28HBlm
BRteI8dvPShBP6bzvO5izrW60QWcEfpJ3aNNalaQIuxxGNkSzr66CjWi6uP2VvR4
GCPUurNHbVuEvzlnz71YJaNOmkxlcItb6Y9o4tSDkB/hrB1TN7AmvivqtdexQc2C
3PP3VDL5fU5YvLw9umKj800K1kwe6+TuSjt+fwQJ4VlV9XCnyKuEMUPKSFkU0ZPY
JMuPzTmnaxSj66Obd0Gk1tbIGk3CJihEKPtvLZ/mlp2MlAosBUh55OBc5xDaqBRZ
2eYcnixoBIwE1xx4deDTExiaCJBaPhnclHIaYXTlvlX+
-----END CERTIFICATE-----