Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/36703a-122b-4116-b317-ca5fccbf7a8c/1/y8107xFwU5xNTZHiPZVC-6uA80E.roa
File:                     y8107xFwU5xNTZHiPZVC-6uA80E.roa (raw, json)
Hash identifier:          VzBljyrPOFT8EeSOV+zQI6XF+CUR92IpElZIDzHyEnM=
Subject key identifier:   CB:CD:74:EF:11:70:53:9C:4D:4D:91:E2:3D:95:42:FB:AB:80:F3:41
Certificate issuer:       /CN=193743467b4da41c6295e9351153309586ba2399
Certificate serial:       019DAB0AD37FCF1EC3E221E7FE6F4667515B
Authority key identifier: 19:37:43:46:7B:4D:A4:1C:62:95:E9:35:11:53:30:95:86:BA:23:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GTdDRntNpBxilek1EVMwlYa6I5k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/36703a-122b-4116-b317-ca5fccbf7a8c/1/y8107xFwU5xNTZHiPZVC-6uA80E.roa
Signing time:             Mon 20 Apr 2026 13:18:26 +0000
ROA not before:           Mon 20 Apr 2026 13:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198783
IP address blocks:        213.149.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/36703a-122b-4116-b317-ca5fccbf7a8c/1/GTdDRntNpBxilek1EVMwlYa6I5k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/36703a-122b-4116-b317-ca5fccbf7a8c/1/GTdDRntNpBxilek1EVMwlYa6I5k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GTdDRntNpBxilek1EVMwlYa6I5k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 07:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ab:0a:d3:7f:cf:1e:c3:e2:21:e7:fe:6f:46:67:51:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=193743467b4da41c6295e9351153309586ba2399
        Validity
            Not Before: Apr 20 13:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cbcd74ef1170539c4d4d91e23d9542fbab80f341
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:0b:bf:40:e1:5b:f6:66:2b:fc:dc:d0:7c:ed:
                    0b:d8:97:25:83:d8:8b:e1:03:16:af:09:9e:a8:f3:
                    9c:a9:11:32:51:e0:48:21:ac:5c:85:f5:e8:bd:80:
                    13:c6:56:45:c9:32:7c:19:82:71:37:6b:1f:c9:5e:
                    d2:87:67:d5:99:81:1a:cd:47:8c:f2:0d:20:0f:7b:
                    a1:00:e4:12:86:61:59:0c:9d:84:b0:a9:9c:0a:e6:
                    f9:cc:42:75:4d:70:8c:7e:58:c3:d6:26:e0:ba:f0:
                    79:06:6a:70:db:05:03:1a:6c:5e:f9:6b:a6:fd:fb:
                    86:07:2a:24:3f:25:38:1e:bf:3a:00:7c:0b:e0:18:
                    2b:d9:7d:2f:d5:06:29:7c:06:c9:55:84:a4:6d:13:
                    50:a1:d9:9e:66:c8:cd:b6:1c:67:92:90:9c:f2:44:
                    ef:63:f1:33:a1:6f:9f:c3:c7:0d:d2:d8:1a:32:cb:
                    9e:b4:9e:f4:73:09:23:62:a8:0f:51:2a:09:2e:60:
                    e9:fa:d0:de:26:98:d2:a2:bc:c6:05:43:bc:aa:f8:
                    47:f3:07:8b:3f:5c:cc:a2:ef:10:25:7c:08:4a:a4:
                    b1:67:52:f1:33:a2:a7:3c:b3:7d:dc:15:e0:bc:0c:
                    ca:8b:60:8d:3a:f7:14:8c:d7:91:72:b9:ce:17:dc:
                    80:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:CD:74:EF:11:70:53:9C:4D:4D:91:E2:3D:95:42:FB:AB:80:F3:41
            X509v3 Authority Key Identifier:
                keyid:19:37:43:46:7B:4D:A4:1C:62:95:E9:35:11:53:30:95:86:BA:23:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GTdDRntNpBxilek1EVMwlYa6I5k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/36703a-122b-4116-b317-ca5fccbf7a8c/1/y8107xFwU5xNTZHiPZVC-6uA80E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/36703a-122b-4116-b317-ca5fccbf7a8c/1/GTdDRntNpBxilek1EVMwlYa6I5k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.149.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:ba:49:36:50:56:38:6a:c3:a7:13:e0:29:79:e3:62:af:24:
         b2:e9:44:d2:af:a9:bf:f8:4f:5b:6c:25:d0:6d:d7:8f:ba:36:
         2b:d5:b0:de:97:ff:88:4c:43:ea:1f:6d:cd:1d:43:36:85:8a:
         59:da:aa:5d:76:1e:d5:7a:40:64:7f:9a:17:c8:ba:45:a3:ec:
         62:d1:4e:da:e9:49:66:f8:78:6f:05:ab:ad:d1:04:89:29:cb:
         d8:c7:32:f7:1b:4c:35:12:0b:37:a0:0d:f4:db:21:27:f8:1e:
         16:a0:64:1a:17:ed:89:45:85:83:55:c0:05:ab:0d:5d:98:b6:
         92:7f:35:5d:ec:ee:4b:28:6c:48:9f:57:34:fe:ed:5b:9b:e7:
         19:03:65:c4:f1:07:fc:aa:22:56:87:e3:21:39:ed:f6:02:aa:
         af:05:51:1c:c2:4b:eb:8a:0c:bd:0d:91:cf:e4:06:f2:a6:a9:
         d3:e4:ab:be:c1:6c:f2:0a:33:3d:5c:e7:5d:09:99:96:24:53:
         6b:08:05:63:f0:19:8d:b7:94:30:f8:72:9e:1a:bd:d2:dc:6c:
         91:a1:f8:c7:99:4a:5d:6f:38:75:46:d1:7e:24:b0:98:68:75:
         c3:1d:8f:65:d5:a8:69:1f:d7:b6:8d:92:7b:56:fd:79:75:73:
         d4:7f:44:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2rCtN/zx7D4iHn/m9GZ1FbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5Mzc0MzQ2N2I0ZGE0MWM2Mjk1ZTkzNTExNTMzMDk1ODZi
YTIzOTkwHhcNMjYwNDIwMTMxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmNkNzRlZjExNzA1MzljNGQ0ZDkxZTIzZDk1NDJmYmFiODBmMzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgu/QOFb9mYr/NzQfO0L2Jclg9iL
4QMWrwmeqPOcqREyUeBIIaxchfXovYATxlZFyTJ8GYJxN2sfyV7Sh2fVmYEazUeM
8g0gD3uhAOQShmFZDJ2EsKmcCub5zEJ1TXCMfljD1ibguvB5Bmpw2wUDGmxe+Wum
/fuGByokPyU4Hr86AHwL4Bgr2X0v1QYpfAbJVYSkbRNQodmeZsjNthxnkpCc8kTv
Y/EzoW+fw8cN0tgaMsuetJ70cwkjYqgPUSoJLmDp+tDeJpjSorzGBUO8qvhH8weL
P1zMou8QJXwISqSxZ1LxM6KnPLN93BXgvAzKi2CNOvcUjNeRcrnOF9yA/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMvNdO8RcFOcTU2R4j2VQvurgPNBMB8GA1UdIwQY
MBaAFBk3Q0Z7TaQcYpXpNRFTMJWGuiOZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1RkRFJudE5wQnhpbGVrMUVWTXdsWWE2STVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8zNjcwM2EtMTIyYi00MTE2LWIzMTct
Y2E1ZmNjYmY3YThjLzEveTgxMDd4RndVNXhOVFpIaVBaVkMtNnVBODBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8zNjcwM2EtMTIyYi00MTE2LWIzMTctY2E1ZmNjYmY3YThj
LzEvR1RkRFJudE5wQnhpbGVrMUVWTXdsWWE2STVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZWRMA0G
CSqGSIb3DQEBCwUAA4IBAQC4ukk2UFY4asOnE+ApeeNirySy6UTSr6m/+E9bbCXQ
bdePujYr1bDel/+ITEPqH23NHUM2hYpZ2qpddh7VekBkf5oXyLpFo+xi0U7a6Ulm
+HhvBaut0QSJKcvYxzL3G0w1Egs3oA302yEn+B4WoGQaF+2JRYWDVcAFqw1dmLaS
fzVd7O5LKGxIn1c0/u1bm+cZA2XE8Qf8qiJWh+MhOe32AqqvBVEcwkvrigy9DZHP
5AbypqnT5Ku+wWzyCjM9XOddCZmWJFNrCAVj8BmNt5Qw+HKeGr3S3GyRofjHmUpd
bzh1RtF+JLCYaHXDHY9l1ahpH9e2jZJ7Vv15dXPUf0Sa
-----END CERTIFICATE-----