Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/tyYR4im11cTUwkQD1s7szAlnrxI.roa
File:                     tyYR4im11cTUwkQD1s7szAlnrxI.roa (raw, json)
Hash identifier:          Amx4rDOfGdDwEzewB6mThDKb4p6uQKW635jb2RyMC4s=
Subject key identifier:   B7:26:11:E2:29:B5:D5:C4:D4:C2:44:03:D6:CE:EC:CC:09:67:AF:12
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019DB3FF5009512BA54C57B6FB39506BBE56
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/tyYR4im11cTUwkQD1s7szAlnrxI.roa
Signing time:             Wed 22 Apr 2026 07:02:27 +0000
ROA not before:           Wed 22 Apr 2026 07:02:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199301
IP address blocks:        178.253.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 06:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b3:ff:50:09:51:2b:a5:4c:57:b6:fb:39:50:6b:be:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Apr 22 07:02:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b72611e229b5d5c4d4c24403d6ceeccc0967af12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:3a:a9:9b:42:eb:08:ff:53:f9:c2:c9:d2:e0:
                    67:a8:07:ab:07:a1:85:ab:58:a3:c0:d0:43:66:16:
                    6b:b9:07:d7:ba:71:75:4e:56:9e:44:18:c9:5b:c9:
                    38:a6:12:cf:32:e4:40:b0:33:e8:b0:06:97:c6:8c:
                    d5:cc:03:d7:a4:c5:35:34:6f:38:e0:60:de:5e:44:
                    a5:0d:84:28:62:0f:14:a0:6b:ff:eb:3a:64:50:f4:
                    b8:f8:ab:49:ab:23:0f:e7:41:85:74:a9:15:0c:81:
                    5f:e7:d0:c8:63:89:57:c8:49:5f:5c:5d:21:03:8b:
                    a7:f3:2b:f5:ad:ec:23:1a:b9:d4:90:b5:10:a3:ef:
                    58:7e:77:b4:58:ea:f3:fd:5b:9d:50:56:eb:a9:f4:
                    57:61:ca:ec:95:07:cd:cb:f4:e9:b8:47:41:fe:07:
                    ad:fa:9b:10:b0:ec:3b:a0:67:08:7f:64:f0:b4:1a:
                    84:70:29:71:89:35:3c:0f:b6:7b:36:35:77:4d:17:
                    4a:73:b4:63:f9:4e:64:dd:8c:92:f5:0f:ee:2e:8b:
                    e0:95:f9:d3:ab:b2:d5:df:71:b6:f7:25:4a:eb:1b:
                    36:b0:19:50:0c:8a:bd:31:b1:47:23:33:48:35:ca:
                    49:aa:51:35:60:77:6c:d5:5e:33:99:c0:4c:4a:7f:
                    bd:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:26:11:E2:29:B5:D5:C4:D4:C2:44:03:D6:CE:EC:CC:09:67:AF:12
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/tyYR4im11cTUwkQD1s7szAlnrxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:15:c2:b2:fc:d8:41:77:b3:91:79:a4:22:34:97:03:7d:1a:
         a8:5d:b4:87:86:c7:04:40:73:ba:01:da:49:59:10:84:5d:0b:
         9d:9b:b3:a6:a7:e5:80:56:98:d6:43:5e:6e:56:ad:b4:f1:3b:
         0d:ad:0c:0b:01:ea:57:15:72:d1:24:82:f0:ea:ba:c2:24:6a:
         67:78:68:76:e8:15:c8:61:ee:03:30:fe:1a:da:c7:25:05:13:
         f8:0e:c9:8f:44:c2:79:85:bf:87:cd:dc:6a:84:c2:a7:a5:02:
         68:4e:d6:6e:b2:11:8f:c5:86:5a:34:e8:51:9e:74:8e:49:9c:
         30:a1:44:ce:33:86:7d:45:3b:bf:90:98:dd:ff:f9:73:4c:c8:
         09:7c:33:22:fc:a7:55:71:e5:1c:7e:9f:40:0b:8d:fa:59:a4:
         09:8d:6a:74:ea:24:36:2e:7d:bb:30:87:91:b0:dd:a3:b1:4a:
         3e:d0:3f:78:f5:35:c3:18:d3:5a:76:78:0b:ca:95:2d:ef:67:
         78:68:63:1a:42:17:1f:fe:16:51:92:49:2c:20:d3:bb:05:0c:
         8e:cf:36:51:bd:a0:91:4b:d8:e0:a6:07:8a:a9:bc:a9:49:1f:
         c5:4b:2c:3c:a3:b2:9e:c2:23:cb:bf:fe:46:0b:b6:f2:60:44:
         e6:08:0f:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2z/1AJUSulTFe2+zlQa75WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNDIyMDcwMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzI2MTFlMjI5YjVkNWM0ZDRjMjQ0MDNkNmNlZWNjYzA5NjdhZjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTqpm0LrCP9T+cLJ0uBnqAerB6GF
q1ijwNBDZhZruQfXunF1TlaeRBjJW8k4phLPMuRAsDPosAaXxozVzAPXpMU1NG84
4GDeXkSlDYQoYg8UoGv/6zpkUPS4+KtJqyMP50GFdKkVDIFf59DIY4lXyElfXF0h
A4un8yv1rewjGrnUkLUQo+9Yfne0WOrz/VudUFbrqfRXYcrslQfNy/TpuEdB/get
+psQsOw7oGcIf2TwtBqEcClxiTU8D7Z7NjV3TRdKc7Rj+U5k3YyS9Q/uLovglfnT
q7LV33G29yVK6xs2sBlQDIq9MbFHIzNINcpJqlE1YHds1V4zmcBMSn+9DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLcmEeIptdXE1MJEA9bO7MwJZ68SMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvdHlZUjRpbTExY1RVd2tRRDFzN3N6QWxucnhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv3dMA0G
CSqGSIb3DQEBCwUAA4IBAQAYFcKy/NhBd7OReaQiNJcDfRqoXbSHhscEQHO6AdpJ
WRCEXQudm7Omp+WAVpjWQ15uVq208TsNrQwLAepXFXLRJILw6rrCJGpneGh26BXI
Ye4DMP4a2sclBRP4DsmPRMJ5hb+HzdxqhMKnpQJoTtZushGPxYZaNOhRnnSOSZww
oUTOM4Z9RTu/kJjd//lzTMgJfDMi/KdVceUcfp9AC436WaQJjWp06iQ2Ln27MIeR
sN2jsUo+0D949TXDGNNadngLypUt72d4aGMaQhcf/hZRkkksINO7BQyOzzZRvaCR
S9jgpgeKqbypSR/FSyw8o7KewiPLv/5GC7byYETmCA+s
-----END CERTIFICATE-----