Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/yMIYWBH7pKk9wMvovwJcVNv_gEs.roa
File:                     yMIYWBH7pKk9wMvovwJcVNv_gEs.roa (raw, json)
Hash identifier:          kdnEZ/dFgM2yablJdW6o1elprNZorqphut+mBZWj3Kc=
Subject key identifier:   C8:C2:18:58:11:FB:A4:A9:3D:C0:CB:E8:BF:02:5C:54:DB:FF:80:4B
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019F010ADC32DB664B334CB2E89E9BFB1E8D
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/yMIYWBH7pKk9wMvovwJcVNv_gEs.roa
Signing time:             Thu 25 Jun 2026 23:08:36 +0000
ROA not before:           Thu 25 Jun 2026 23:08:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198969
IP address blocks:        212.189.108.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 14:31:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:01:0a:dc:32:db:66:4b:33:4c:b2:e8:9e:9b:fb:1e:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jun 25 23:08:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c8c2185811fba4a93dc0cbe8bf025c54dbff804b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a8:ca:5e:00:81:2c:1d:68:52:0c:4f:7f:53:
                    5a:bd:16:8e:26:7a:05:53:f9:03:b9:96:33:56:ec:
                    13:b1:5b:de:db:f8:00:0e:89:ed:fb:22:d6:f7:f2:
                    ca:df:69:3e:16:25:2b:b6:2d:48:d6:a0:c8:66:42:
                    2c:46:25:57:e3:04:13:2b:6a:eb:a0:6e:fe:3d:01:
                    b7:1d:79:52:0c:37:de:09:9d:2e:3a:bc:ff:60:a7:
                    b0:89:a7:04:4e:2a:23:77:ea:e7:92:79:66:31:6a:
                    52:e5:9b:92:8d:f5:f0:1f:d5:78:5e:aa:9b:d9:53:
                    ac:31:0d:59:b2:66:97:09:0e:c6:0e:18:b8:85:42:
                    80:74:c9:eb:e3:6f:20:1f:cc:39:5d:e7:e1:5b:7d:
                    f4:f5:80:bf:e1:f4:57:f2:39:02:47:3c:80:2b:48:
                    da:6c:20:6c:ce:df:71:16:6e:73:ef:be:4a:a4:2c:
                    58:74:74:8b:c1:76:7b:a6:0a:75:2e:49:32:73:68:
                    b0:e9:91:ec:1c:1e:16:69:55:c8:c3:6b:16:15:9c:
                    e5:ac:33:9a:5a:5e:3b:de:e4:ec:6f:f1:8b:d3:92:
                    a6:bd:96:f1:18:73:bb:47:30:0e:35:25:12:f6:e2:
                    81:ca:8f:ae:52:91:d9:50:3e:d5:7a:94:6d:a2:92:
                    0e:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:C2:18:58:11:FB:A4:A9:3D:C0:CB:E8:BF:02:5C:54:DB:FF:80:4B
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/yMIYWBH7pKk9wMvovwJcVNv_gEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.189.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         43:c0:9f:9c:17:dc:d4:db:5f:a9:51:f7:63:df:71:89:1c:99:
         81:0b:5c:48:2b:81:ae:35:bc:b0:db:30:da:c3:7e:ad:4d:79:
         c7:c8:a8:7a:80:f8:5d:86:72:18:1a:6e:c0:74:a4:11:41:1c:
         a4:0c:0d:73:3f:e3:56:21:7e:f5:e3:ae:5d:7e:68:c5:e6:d3:
         33:1e:4f:5d:39:75:14:36:fd:45:79:06:ac:8b:25:e5:4d:71:
         83:df:5f:44:15:9a:cc:2d:79:af:d6:57:2c:47:33:8f:ad:e9:
         fb:46:05:41:5a:b0:2b:2a:87:e8:ff:10:22:d1:fb:ca:08:c1:
         c6:04:d5:4a:66:43:d6:cb:8e:39:47:9f:13:b7:18:14:1d:ec:
         50:a8:9b:3d:b4:81:50:33:93:5b:16:e2:f4:d3:c8:e6:96:4e:
         6f:3f:a1:9f:86:8d:3f:fb:ec:5d:4c:53:a3:e2:6d:e5:32:69:
         6a:77:4d:9c:2f:4d:19:01:3d:eb:c1:05:41:36:b3:d6:66:16:
         eb:46:7b:1d:bb:0c:8a:c6:80:56:22:cb:48:85:bc:85:18:82:
         ec:00:4f:08:85:44:da:53:da:cc:be:b4:68:96:45:7e:02:c8:
         d9:15:15:7a:0b:d0:0d:af:81:1b:73:41:a2:ac:c7:02:9d:38:
         08:2d:0f:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8BCtwy22ZLM0yy6J6b+x6NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNjI1MjMwODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGMyMTg1ODExZmJhNGE5M2RjMGNiZThiZjAyNWM1NGRiZmY4MDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsajKXgCBLB1oUgxPf1NavRaOJnoF
U/kDuZYzVuwTsVve2/gADont+yLW9/LK32k+FiUrti1I1qDIZkIsRiVX4wQTK2rr
oG7+PQG3HXlSDDfeCZ0uOrz/YKewiacETiojd+rnknlmMWpS5ZuSjfXwH9V4Xqqb
2VOsMQ1ZsmaXCQ7GDhi4hUKAdMnr428gH8w5XefhW3309YC/4fRX8jkCRzyAK0ja
bCBszt9xFm5z775KpCxYdHSLwXZ7pgp1Lkkyc2iw6ZHsHB4WaVXIw2sWFZzlrDOa
Wl473uTsb/GL05KmvZbxGHO7RzAONSUS9uKByo+uUpHZUD7VepRtopIOewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMjCGFgR+6SpPcDL6L8CXFTb/4BLMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEveU1JWVdCSDdwS2s5d012b3Z3SmNWTnZfZ0VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1L1sMA0G
CSqGSIb3DQEBCwUAA4IBAQBDwJ+cF9zU21+pUfdj33GJHJmBC1xIK4GuNbyw2zDa
w36tTXnHyKh6gPhdhnIYGm7AdKQRQRykDA1zP+NWIX71465dfmjF5tMzHk9dOXUU
Nv1FeQasiyXlTXGD319EFZrMLXmv1lcsRzOPren7RgVBWrArKofo/xAi0fvKCMHG
BNVKZkPWy445R58TtxgUHexQqJs9tIFQM5NbFuL008jmlk5vP6Gfho0/++xdTFOj
4m3lMmlqd02cL00ZAT3rwQVBNrPWZhbrRnsduwyKxoBWIstIhbyFGILsAE8IhUTa
U9rMvrRolkV+AsjZFRV6C9ANr4Ebc0GirMcCnTgILQ9K
-----END CERTIFICATE-----