Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/ynBFSrV8ZH9_wqVoAfnt_FjSrrU.roa
File:                     ynBFSrV8ZH9_wqVoAfnt_FjSrrU.roa (raw, json)
Hash identifier:          5p+YTYImMlKlaiHoiipBJ5nPHx1e+dUAQvrDcV9snYU=
Subject key identifier:   CA:70:45:4A:B5:7C:64:7F:7F:C2:A5:68:01:F9:ED:FC:58:D2:AE:B5
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       019E751B0B55443F6A3F6AF2F324D9EBB1EE
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/ynBFSrV8ZH9_wqVoAfnt_FjSrrU.roa
Signing time:             Fri 29 May 2026 18:59:26 +0000
ROA not before:           Fri 29 May 2026 18:59:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        89.44.240.0/24 maxlen: 24
                          89.44.241.0/24 maxlen: 24
                          89.44.242.0/24 maxlen: 24
                          185.3.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:75:1b:0b:55:44:3f:6a:3f:6a:f2:f3:24:d9:eb:b1:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: May 29 18:59:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca70454ab57c647f7fc2a56801f9edfc58d2aeb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:1b:ba:6d:c1:73:b9:be:43:7d:59:f6:4a:32:
                    12:a1:d1:8c:ea:00:22:27:a5:8a:da:19:3a:37:43:
                    ba:8b:c6:99:18:61:8d:76:a4:77:a0:f7:e1:98:86:
                    d1:28:56:69:e9:4c:e9:4f:80:e2:46:4b:23:a5:f6:
                    56:02:42:f4:ed:13:87:a6:c4:79:f5:16:6e:ad:84:
                    dc:9d:6b:af:ca:d9:63:8f:13:27:e5:fe:66:4d:1d:
                    95:32:55:60:87:0d:9f:06:13:30:c3:6d:23:07:98:
                    ae:90:41:68:8a:c9:84:83:b5:47:b4:51:47:96:f0:
                    7f:07:77:77:f9:be:8c:09:4b:a0:b0:5e:9c:45:f5:
                    f2:9b:97:1a:a0:72:d1:25:81:0c:68:02:44:34:21:
                    42:8f:c1:3f:b2:85:31:0b:82:d6:fd:39:cf:62:4f:
                    58:6d:6f:86:be:26:86:1c:97:71:f0:87:d8:b7:6a:
                    be:d0:f2:74:c8:aa:98:3a:98:3e:e6:ec:e8:f8:c5:
                    36:4d:e1:20:ec:5f:53:1b:d9:c5:8b:e7:25:ae:3d:
                    47:54:15:0b:67:bd:f1:a9:a3:71:ec:1d:86:c2:61:
                    a5:91:de:ae:5d:d4:a1:5c:7d:7c:4e:c7:e6:19:84:
                    fe:ee:6d:b6:b4:02:51:a6:bd:ec:50:90:a2:95:21:
                    f6:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:70:45:4A:B5:7C:64:7F:7F:C2:A5:68:01:F9:ED:FC:58:D2:AE:B5
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/ynBFSrV8ZH9_wqVoAfnt_FjSrrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.240.0-89.44.242.255
                  185.3.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:06:d3:ed:cd:4d:ac:cc:18:ca:27:14:ba:7f:29:07:5b:77:
         c8:eb:f7:44:50:ff:7b:9b:17:e5:c8:88:63:61:1c:1a:b7:b6:
         d2:9b:45:9b:99:ae:6b:fd:a8:95:73:bc:10:ee:08:cd:88:d5:
         d6:4c:57:f3:de:54:8d:30:b0:74:10:9a:ff:7f:e3:5d:b2:8f:
         fb:e6:ca:20:d6:95:7e:26:e9:32:0b:33:93:ab:34:dc:97:15:
         4c:d6:d5:ba:b6:42:e3:81:a1:fc:eb:55:90:a7:00:7d:33:80:
         57:31:87:80:f3:ed:b8:3c:15:92:6c:2d:70:62:63:72:41:82:
         58:46:87:81:a2:53:e6:86:45:fb:de:7a:c0:79:5b:c1:b1:2e:
         e2:35:e8:8f:a3:3e:2f:ca:c6:a9:5e:97:fa:ee:f9:85:8f:a6:
         43:d9:f2:a3:99:4d:db:67:aa:b3:79:7b:e2:6d:1d:c2:0a:99:
         05:1c:e7:5e:12:be:1f:4e:5c:4f:10:0c:c1:cc:7f:ad:f5:41:
         39:4f:2a:3f:b0:c6:f6:33:c3:75:b8:5e:35:80:01:8e:e8:f4:
         46:ae:3d:93:b5:62:a0:12:64:a4:88:ce:27:30:75:3e:e7:df:
         45:82:8c:14:65:64:73:cb:8f:a6:0e:b2:09:0d:1f:89:9f:f3:
         6a:37:0f:44
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ51GwtVRD9qP2ry8yTZ67HuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjYwNTI5MTg1OTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTcwNDU0YWI1N2M2NDdmN2ZjMmE1NjgwMWY5ZWRmYzU4ZDJhZWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthu6bcFzub5DfVn2SjISodGM6gAi
J6WK2hk6N0O6i8aZGGGNdqR3oPfhmIbRKFZp6UzpT4DiRksjpfZWAkL07ROHpsR5
9RZurYTcnWuvytljjxMn5f5mTR2VMlVghw2fBhMww20jB5iukEFoismEg7VHtFFH
lvB/B3d3+b6MCUugsF6cRfXym5caoHLRJYEMaAJENCFCj8E/soUxC4LW/TnPYk9Y
bW+GviaGHJdx8IfYt2q+0PJ0yKqYOpg+5uzo+MU2TeEg7F9TG9nFi+clrj1HVBUL
Z73xqaNx7B2GwmGlkd6uXdShXH18TsfmGYT+7m22tAJRpr3sUJCilSH2mQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFMpwRUq1fGR/f8KlaAH57fxY0q61MB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEveW5CRlNyVjhaSDlfd3FWb0FmbnRfRmpTcnJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBARZLPAD
BABZLPIDBAC5A8gwDQYJKoZIhvcNAQELBQADggEBAJwG0+3NTazMGMonFLp/KQdb
d8jr90RQ/3ubF+XIiGNhHBq3ttKbRZuZrmv9qJVzvBDuCM2I1dZMV/PeVI0wsHQQ
mv9/412yj/vmyiDWlX4m6TILM5OrNNyXFUzW1bq2QuOBofzrVZCnAH0zgFcxh4Dz
7bg8FZJsLXBiY3JBglhGh4GiU+aGRfveesB5W8GxLuI16I+jPi/Kxqlel/ru+YWP
pkPZ8qOZTdtnqrN5e+JtHcIKmQUc514Svh9OXE8QDMHMf631QTlPKj+wxvYzw3W4
XjWAAY7o9EauPZO1YqASZKSIzicwdT7n30WCjBRlZHPLj6YOsgkNH4mf82o3D0Q=
-----END CERTIFICATE-----