Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/854e31-7faf-40fc-b2aa-7e52c37052bf/1/yBuaNUDtkZX5BM5UVm4FRpLBl4A.roa
File:                     yBuaNUDtkZX5BM5UVm4FRpLBl4A.roa (raw, json)
Hash identifier:          IGGEjHe9Mqw+ubMvARqgA6TVzk7zSt3+AzhRVYNBFSM=
Subject key identifier:   C8:1B:9A:35:40:ED:91:95:F9:04:CE:54:56:6E:05:46:92:C1:97:80
Certificate issuer:       /CN=59a9cb4e8066c4b7df04b4fd0d712016b5586051
Certificate serial:       019DFD71C15441F4E4D71F4D7775610E0378
Authority key identifier: 59:A9:CB:4E:80:66:C4:B7:DF:04:B4:FD:0D:71:20:16:B5:58:60:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WanLToBmxLffBLT9DXEgFrVYYFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/854e31-7faf-40fc-b2aa-7e52c37052bf/1/yBuaNUDtkZX5BM5UVm4FRpLBl4A.roa
Signing time:             Wed 06 May 2026 13:19:43 +0000
ROA not before:           Wed 06 May 2026 13:19:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50420
IP address blocks:        193.104.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/854e31-7faf-40fc-b2aa-7e52c37052bf/1/WanLToBmxLffBLT9DXEgFrVYYFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/854e31-7faf-40fc-b2aa-7e52c37052bf/1/WanLToBmxLffBLT9DXEgFrVYYFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WanLToBmxLffBLT9DXEgFrVYYFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fd:71:c1:54:41:f4:e4:d7:1f:4d:77:75:61:0e:03:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59a9cb4e8066c4b7df04b4fd0d712016b5586051
        Validity
            Not Before: May  6 13:19:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c81b9a3540ed9195f904ce54566e054692c19780
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f0:a2:8f:8d:e9:f3:2e:93:31:d1:b3:de:0f:
                    47:9d:b1:76:5f:f2:ee:cf:b7:3b:12:1c:b9:c9:60:
                    82:4f:f6:17:b2:b5:c8:c4:99:8b:25:51:66:73:a6:
                    af:a1:2c:1a:4a:60:91:c1:b5:c7:be:ab:75:7f:6d:
                    53:b7:1b:6c:c9:98:bd:78:a0:59:ad:3d:df:58:35:
                    b8:50:dc:97:9a:af:6e:0d:21:2a:c3:19:b0:7f:a1:
                    2f:c4:e2:15:4d:54:b4:84:12:8b:7b:05:2f:a9:c5:
                    51:7c:59:2a:cf:23:5b:21:c2:e8:a7:6c:cc:34:28:
                    21:c2:d3:07:5f:8d:36:46:80:b2:81:05:de:19:6b:
                    d2:41:6f:44:ae:3e:1e:14:97:db:33:06:db:43:94:
                    02:ae:9f:12:f9:0d:15:46:86:d7:17:0d:60:a7:7b:
                    60:94:ff:ab:61:5f:ad:94:2a:7b:4e:d3:b2:48:0f:
                    d3:19:75:09:78:77:dc:7e:1f:ce:6f:32:f1:36:a3:
                    44:3c:17:f8:6e:91:74:09:00:b5:96:af:7c:08:87:
                    7a:f9:08:46:9c:f2:0b:40:e1:f9:23:ae:32:c4:e2:
                    58:e7:bc:f3:be:94:be:34:1a:a3:70:47:02:73:3f:
                    93:58:eb:2a:cf:8f:65:ab:8a:1b:ab:2f:79:16:cb:
                    e3:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:1B:9A:35:40:ED:91:95:F9:04:CE:54:56:6E:05:46:92:C1:97:80
            X509v3 Authority Key Identifier:
                keyid:59:A9:CB:4E:80:66:C4:B7:DF:04:B4:FD:0D:71:20:16:B5:58:60:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WanLToBmxLffBLT9DXEgFrVYYFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/854e31-7faf-40fc-b2aa-7e52c37052bf/1/yBuaNUDtkZX5BM5UVm4FRpLBl4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/854e31-7faf-40fc-b2aa-7e52c37052bf/1/WanLToBmxLffBLT9DXEgFrVYYFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:75:bf:c3:e8:3d:46:e4:36:83:7a:36:f8:91:d0:76:de:5d:
         91:d4:f2:a6:e1:87:cd:66:3a:42:47:1c:31:13:03:b6:5d:95:
         76:9b:2f:91:f4:79:17:d7:22:d2:bf:2e:d9:b2:62:c3:57:06:
         1e:e9:eb:31:f5:46:36:50:20:b9:a1:50:dd:c3:17:6c:ae:9f:
         79:39:d3:66:98:76:f6:9a:ff:66:0e:c7:2a:9d:0e:cc:56:b6:
         7e:d0:aa:89:fd:8a:82:25:0f:13:b7:be:3b:ac:3a:d2:7b:c2:
         cd:2e:ea:cb:48:bf:a8:95:4f:96:96:a3:dc:3f:b4:36:6a:3c:
         ee:ab:bd:6f:16:93:e7:aa:2e:9d:2e:96:dd:fc:03:01:93:4b:
         e0:50:38:9a:75:61:fe:ff:a9:9b:e8:07:02:f4:14:18:8e:62:
         7e:8b:8f:b4:fa:be:b4:27:31:fb:a3:fc:da:d0:52:dd:37:ca:
         6f:57:9b:ac:a1:83:b2:7b:ab:4c:90:3d:ef:30:b7:f1:1e:a8:
         57:ef:2b:b7:1f:6a:a0:47:86:44:54:5f:d1:6b:75:fa:01:6e:
         28:47:a0:63:35:bd:80:f8:05:9f:39:bc:b6:1b:5a:14:48:ef:
         37:0b:c4:99:a5:02:56:db:3e:c6:b6:e0:09:0d:c9:cf:70:2f:
         30:9e:c2:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ39ccFUQfTk1x9Nd3VhDgN4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5YTljYjRlODA2NmM0YjdkZjA0YjRmZDBkNzEyMDE2YjU1
ODYwNTEwHhcNMjYwNTA2MTMxOTQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODFiOWEzNTQwZWQ5MTk1ZjkwNGNlNTQ1NjZlMDU0NjkyYzE5NzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPCij43p8y6TMdGz3g9HnbF2X/Lu
z7c7Ehy5yWCCT/YXsrXIxJmLJVFmc6avoSwaSmCRwbXHvqt1f21TtxtsyZi9eKBZ
rT3fWDW4UNyXmq9uDSEqwxmwf6EvxOIVTVS0hBKLewUvqcVRfFkqzyNbIcLop2zM
NCghwtMHX402RoCygQXeGWvSQW9Erj4eFJfbMwbbQ5QCrp8S+Q0VRobXFw1gp3tg
lP+rYV+tlCp7TtOySA/TGXUJeHfcfh/ObzLxNqNEPBf4bpF0CQC1lq98CId6+QhG
nPILQOH5I64yxOJY57zzvpS+NBqjcEcCcz+TWOsqz49lq4obqy95Fsvj3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMgbmjVA7ZGV+QTOVFZuBUaSwZeAMB8GA1UdIwQY
MBaAFFmpy06AZsS33wS0/Q1xIBa1WGBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2FuTFRvQm14TGZmQkxUOURYRWdGclZZWUZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS84NTRlMzEtN2ZhZi00MGZjLWIyYWEt
N2U1MmMzNzA1MmJmLzEveUJ1YU5VRHRrWlg1Qk01VVZtNEZScExCbDRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS84NTRlMzEtN2ZhZi00MGZjLWIyYWEtN2U1MmMzNzA1MmJm
LzEvV2FuTFRvQm14TGZmQkxUOURYRWdGclZZWUZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWjZMA0G
CSqGSIb3DQEBCwUAA4IBAQAzdb/D6D1G5DaDejb4kdB23l2R1PKm4YfNZjpCRxwx
EwO2XZV2my+R9HkX1yLSvy7ZsmLDVwYe6esx9UY2UCC5oVDdwxdsrp95OdNmmHb2
mv9mDscqnQ7MVrZ+0KqJ/YqCJQ8Tt747rDrSe8LNLurLSL+olU+WlqPcP7Q2ajzu
q71vFpPnqi6dLpbd/AMBk0vgUDiadWH+/6mb6AcC9BQYjmJ+i4+0+r60JzH7o/za
0FLdN8pvV5usoYOye6tMkD3vMLfxHqhX7yu3H2qgR4ZEVF/Ra3X6AW4oR6BjNb2A
+AWfOby2G1oUSO83C8SZpQJW2z7GtuAJDcnPcC8wnsI4
-----END CERTIFICATE-----