Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/yUTvxSoxh0P1X3qi3W3GEmQmupg.roa
File:                     yUTvxSoxh0P1X3qi3W3GEmQmupg.roa (raw, json)
Hash identifier:          YggGVCBvHEr/or8wxjiqlTzxSxsrR2x9hxdT1duIBFM=
Subject key identifier:   C9:44:EF:C5:2A:31:87:43:F5:5F:7A:A2:DD:6D:C6:12:64:26:BA:98
Certificate issuer:       /CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
Certificate serial:       019CE1C2E0D94BF2BE9B8E647C7BA1D36D53
Authority key identifier: F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/yUTvxSoxh0P1X3qi3W3GEmQmupg.roa
Signing time:             Thu 12 Mar 2026 11:16:11 +0000
ROA not before:           Thu 12 Mar 2026 11:16:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200203
IP address blocks:        212.119.44.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e1:c2:e0:d9:4b:f2:be:9b:8e:64:7c:7b:a1:d3:6d:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
        Validity
            Not Before: Mar 12 11:16:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c944efc52a318743f55f7aa2dd6dc6126426ba98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:94:51:6b:97:4e:b0:ea:a4:5f:31:3b:92:ff:
                    37:9d:1d:10:09:23:37:69:a0:4b:0b:02:f4:91:8f:
                    e9:00:dd:c8:cf:47:d8:73:cf:26:0f:ec:bb:0b:8a:
                    6d:2c:a6:cc:bb:5b:94:a5:be:84:ec:62:a1:24:36:
                    cf:63:a4:79:c0:12:1d:87:fe:ee:a1:9d:57:84:22:
                    ac:9b:b6:dd:68:de:9e:1c:9b:55:5f:a9:fd:9f:33:
                    83:41:98:2f:74:7a:b2:df:63:75:72:aa:e2:ba:a9:
                    e7:67:86:bc:b1:cb:a5:74:b4:06:9a:fa:1d:e6:60:
                    06:4f:2b:e5:65:81:b1:74:e6:73:ba:7f:de:3a:a7:
                    1c:d4:3d:7d:5c:97:43:d9:0e:56:08:b5:5e:51:63:
                    75:e4:ab:6d:14:1b:33:ce:94:e4:c6:52:b6:4b:5d:
                    9d:2b:18:08:4c:96:f5:1e:99:9f:79:30:c6:5d:7f:
                    63:61:ed:d6:a5:16:25:f7:f0:fb:cd:3b:ea:51:c0:
                    80:b0:7b:53:32:3c:b3:1b:a4:5b:7c:1c:bb:2e:3f:
                    99:b9:cc:73:27:25:b4:e1:e6:75:55:6d:29:a4:28:
                    bd:7c:5c:b4:13:e6:25:d0:68:c0:54:be:5d:8c:39:
                    35:28:fc:68:b3:31:d7:84:04:73:d0:a1:09:01:f8:
                    00:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:44:EF:C5:2A:31:87:43:F5:5F:7A:A2:DD:6D:C6:12:64:26:BA:98
            X509v3 Authority Key Identifier:
                keyid:F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/yUTvxSoxh0P1X3qi3W3GEmQmupg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.119.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         30:8f:21:d5:9d:14:b0:10:e1:bf:89:0d:bc:8f:0a:ec:b8:b0:
         bc:72:99:69:de:26:b5:bc:7a:25:39:66:13:d1:63:27:dc:b9:
         06:dc:e7:14:6c:57:71:c5:bb:d5:52:de:64:06:fc:67:06:b7:
         29:b3:fb:0a:22:eb:44:d7:9d:3e:5d:6c:b4:79:50:d2:4e:ea:
         eb:d7:d4:03:09:4b:c0:95:a8:c2:15:21:29:a2:cc:f4:e4:22:
         f3:8e:58:ec:ec:3d:72:b8:94:f4:04:54:6e:fa:04:1e:17:e6:
         1d:ba:d6:d1:ef:49:d0:4f:2b:8b:99:16:c0:5c:90:dc:44:cf:
         f0:cf:7c:90:17:11:7a:f6:9b:6b:97:bb:ae:ad:09:5e:9a:4b:
         9a:28:ac:c6:37:b3:c3:b6:a7:35:35:dc:ac:69:a0:20:23:2d:
         6c:e8:9f:74:79:2b:18:ee:e7:df:2e:43:3a:ca:ab:04:c5:9a:
         15:c3:29:ab:f4:cd:a2:4f:97:0a:31:d3:56:9e:a1:78:5a:50:
         69:5d:f8:9e:b9:58:9a:68:d7:ac:94:fa:b3:d7:5d:f3:03:29:
         74:55:7e:e6:3a:46:6e:a5:9a:b8:9a:86:81:b4:85:2e:b5:89:
         8f:4f:f3:c8:67:12:02:6d:12:65:e0:a5:32:09:0f:a7:8e:a1:
         6b:60:d2:e0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZzhwuDZS/K+m45kfHuh021TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NjUxYjExOTRmMTJlOThlNzBkM2RhNzhlZmU0ZGQyNDY3
Y2Q0MjMwHhcNMjYwMzEyMTExNjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTQ0ZWZjNTJhMzE4NzQzZjU1ZjdhYTJkZDZkYzYxMjY0MjZiYTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZRRa5dOsOqkXzE7kv83nR0QCSM3
aaBLCwL0kY/pAN3Iz0fYc88mD+y7C4ptLKbMu1uUpb6E7GKhJDbPY6R5wBIdh/7u
oZ1XhCKsm7bdaN6eHJtVX6n9nzODQZgvdHqy32N1cqriuqnnZ4a8sculdLQGmvod
5mAGTyvlZYGxdOZzun/eOqcc1D19XJdD2Q5WCLVeUWN15KttFBszzpTkxlK2S12d
KxgITJb1HpmfeTDGXX9jYe3WpRYl9/D7zTvqUcCAsHtTMjyzG6RbfBy7Lj+Zucxz
JyW04eZ1VW0ppCi9fFy0E+Yl0GjAVL5djDk1KPxoszHXhARz0KEJAfgAsQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMlE78UqMYdD9V96ot1txhJkJrqYMB8GA1UdIwQY
MBaAFPhlGxGU8S6Y5w09p47+TdJGfNQjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1HVWJFWlR4THBqbkRUMm5qdjVOMGtaODFDTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjli
LWExYjdjZWVmYTE2Yy8xL3lVVHZ4U294aDBQMVgzcWkzVzNHRW1RbXVwZy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjliLWExYjdjZWVmYTE2
Yy8xLzEtR1ViRVpUeExwam5EVDJuanY1TjBrWjgxQ00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHUdyww
DQYJKoZIhvcNAQELBQADggEBADCPIdWdFLAQ4b+JDbyPCuy4sLxymWneJrW8eiU5
ZhPRYyfcuQbc5xRsV3HFu9VS3mQG/GcGtymz+woi60TXnT5dbLR5UNJO6uvX1AMJ
S8CVqMIVISmizPTkIvOOWOzsPXK4lPQEVG76BB4X5h261tHvSdBPK4uZFsBckNxE
z/DPfJAXEXr2m2uXu66tCV6aS5oorMY3s8O2pzU13KxpoCAjLWzon3R5Kxju598u
QzrKqwTFmhXDKav0zaJPlwox01aeoXhaUGld+J65WJpo16yU+rPXXfMDKXRVfuY6
Rm6lmriahoG0hS61iY9P88hnEgJtEmXgpTIJD6eOoWtg0uA=
-----END CERTIFICATE-----