Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/yldi1ISWbs-YbbxJ18dsVApSfzg.roa
File:                     yldi1ISWbs-YbbxJ18dsVApSfzg.roa (raw, json)
Hash identifier:          Km33NuCuiVxZd4bSaa96g5VxS2fHeNjLFGHlEFJWcVM=
Subject key identifier:   CA:57:62:D4:84:96:6E:CF:98:6D:BC:49:D7:C7:6C:54:0A:52:7F:38
Certificate issuer:       /CN=f8f73c5c0f3a106a8ba7dff3e35c816d1078dc71
Certificate serial:       019DDD170F0A56F3070C79EFDCF78042637F
Authority key identifier: F8:F7:3C:5C:0F:3A:10:6A:8B:A7:DF:F3:E3:5C:81:6D:10:78:DC:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-Pc8XA86EGqLp9_z41yBbRB43HE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/yldi1ISWbs-YbbxJ18dsVApSfzg.roa
Signing time:             Thu 30 Apr 2026 06:32:49 +0000
ROA not before:           Thu 30 Apr 2026 06:32:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     137409
IP address blocks:        31.14.72.0/24 maxlen: 24
                          31.14.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/1-Pc8XA86EGqLp9_z41yBbRB43HE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/1-Pc8XA86EGqLp9_z41yBbRB43HE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-Pc8XA86EGqLp9_z41yBbRB43HE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 18:48:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:dd:17:0f:0a:56:f3:07:0c:79:ef:dc:f7:80:42:63:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8f73c5c0f3a106a8ba7dff3e35c816d1078dc71
        Validity
            Not Before: Apr 30 06:32:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca5762d484966ecf986dbc49d7c76c540a527f38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:1b:dc:34:39:6d:56:d3:16:44:88:62:9d:37:
                    c2:0c:55:e9:52:2c:b4:be:5b:f0:39:4b:31:ab:c2:
                    10:2d:eb:e6:23:80:06:fb:a9:6c:08:1f:c0:96:dc:
                    a2:22:82:5a:d5:3c:40:aa:02:0d:99:a0:49:77:85:
                    3f:d2:f7:ee:40:df:d2:06:4a:30:89:ae:d9:bb:e9:
                    fe:81:65:62:59:2b:88:62:a9:05:c2:08:2d:a3:77:
                    cf:65:29:15:a8:e2:d0:90:56:6c:c7:08:05:ab:06:
                    27:66:e7:53:35:b2:ca:25:ee:8e:14:e4:75:b4:be:
                    a7:16:3d:3d:7d:87:49:83:05:9c:56:03:0c:d5:9e:
                    5e:91:5a:60:3c:b3:1c:64:26:ef:d8:5e:b1:fd:86:
                    b3:a5:1b:7f:bd:b6:c0:f9:65:2d:4d:af:7d:a1:49:
                    73:04:75:94:35:69:fb:5b:3f:dd:20:f1:30:3d:12:
                    07:db:09:6f:fa:46:d5:a2:bd:78:e7:e0:18:bd:90:
                    3f:f4:82:b8:17:3e:19:5a:9b:8e:47:7b:04:07:b6:
                    ea:3f:24:2d:48:ab:1a:33:b0:52:9a:7b:2e:37:28:
                    4f:1b:04:cd:4f:61:4f:42:37:62:b3:6d:d6:66:a8:
                    a9:02:db:fe:fa:b1:eb:ee:93:9c:13:62:1b:51:0b:
                    fc:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:57:62:D4:84:96:6E:CF:98:6D:BC:49:D7:C7:6C:54:0A:52:7F:38
            X509v3 Authority Key Identifier:
                keyid:F8:F7:3C:5C:0F:3A:10:6A:8B:A7:DF:F3:E3:5C:81:6D:10:78:DC:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-Pc8XA86EGqLp9_z41yBbRB43HE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/yldi1ISWbs-YbbxJ18dsVApSfzg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/1-Pc8XA86EGqLp9_z41yBbRB43HE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.72.0/24
                  31.14.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:5e:d4:ad:3a:ce:ca:28:d7:81:e5:44:41:bd:18:87:00:d9:
         b8:41:fc:bc:a8:f9:64:e9:d4:20:aa:f1:54:cc:eb:43:6f:9c:
         c2:6b:07:cf:6d:11:cf:ae:a2:9f:a3:46:5e:b7:4c:25:28:cc:
         f8:ca:a5:24:c6:9e:ba:8b:da:dc:e8:dd:8d:96:aa:e4:04:44:
         54:a8:29:e8:29:0c:50:52:5f:43:e9:1a:45:01:df:3c:5b:d0:
         8d:c4:1f:94:04:3b:f8:7b:dc:f2:15:0c:67:cf:e0:f0:f2:c2:
         b0:0e:0b:8f:b0:ea:31:01:4e:28:49:32:e3:93:3a:ed:fa:71:
         ba:d8:e7:44:cd:9c:49:56:84:e4:db:39:bc:ce:70:58:f7:22:
         8a:08:51:c8:ae:2e:65:31:cc:17:fd:3b:8a:80:61:e5:d0:38:
         c3:e5:2d:8e:a0:7f:39:71:c7:93:88:80:44:e3:bd:34:9d:01:
         91:b0:ba:db:8a:32:52:ec:15:86:9e:8e:02:a6:c5:3b:da:ac:
         9f:4f:ce:37:0e:6c:6e:25:10:a9:f3:69:07:96:85:dc:65:df:
         be:fe:30:d7:4a:ba:c4:7e:e4:3d:4d:c8:8b:7b:21:a3:c6:db:
         9c:d9:83:54:74:e6:5a:5f:f4:c2:ca:de:a7:97:50:5b:56:f3:
         3c:30:22:2d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ3dFw8KVvMHDHnv3PeAQmN/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZjczYzVjMGYzYTEwNmE4YmE3ZGZmM2UzNWM4MTZkMTA3
OGRjNzEwHhcNMjYwNDMwMDYzMjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTU3NjJkNDg0OTY2ZWNmOTg2ZGJjNDlkN2M3NmM1NDBhNTI3ZjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBvcNDltVtMWRIhinTfCDFXpUiy0
vlvwOUsxq8IQLevmI4AG+6lsCB/AltyiIoJa1TxAqgINmaBJd4U/0vfuQN/SBkow
ia7Zu+n+gWViWSuIYqkFwggto3fPZSkVqOLQkFZsxwgFqwYnZudTNbLKJe6OFOR1
tL6nFj09fYdJgwWcVgMM1Z5ekVpgPLMcZCbv2F6x/YazpRt/vbbA+WUtTa99oUlz
BHWUNWn7Wz/dIPEwPRIH2wlv+kbVor145+AYvZA/9IK4Fz4ZWpuOR3sEB7bqPyQt
SKsaM7BSmnsuNyhPGwTNT2FPQjdis23WZqipAtv++rHr7pOcE2IbUQv8oQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMpXYtSElm7PmG28SdfHbFQKUn84MB8GA1UdIwQY
MBaAFPj3PFwPOhBqi6ff8+NcgW0QeNxxMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1QYzhYQTg2RUdxTHA5X3o0MXlCYlJCNDNIRS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjYvMDNjY2UzLWU2MjAtNDQ4My1iMDhi
LTZkOGZkMzMwZTlhYS8xL3lsZGkxSVNXYnMtWWJieEoxOGRzVkFwU2Z6Zy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjYvMDNjY2UzLWU2MjAtNDQ4My1iMDhiLTZkOGZkMzMwZTlh
YS8xLzEtUGM4WEE4NkVHcUxwOV96NDF5QmJSQjQzSEUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAfDkgD
BAAfDkswDQYJKoZIhvcNAQELBQADggEBAHRe1K06zsoo14HlREG9GIcA2bhB/Lyo
+WTp1CCq8VTM60NvnMJrB89tEc+uop+jRl63TCUozPjKpSTGnrqL2tzo3Y2WquQE
RFSoKegpDFBSX0PpGkUB3zxb0I3EH5QEO/h73PIVDGfP4PDywrAOC4+w6jEBTihJ
MuOTOu36cbrY50TNnElWhOTbObzOcFj3IooIUciuLmUxzBf9O4qAYeXQOMPlLY6g
fzlxx5OIgETjvTSdAZGwutuKMlLsFYaejgKmxTvarJ9PzjcObG4lEKnzaQeWhdxl
377+MNdKusR+5D1NyIt7IaPG25zZg1R05lpf9MLK3qeXUFtW8zwwIi0=
-----END CERTIFICATE-----