Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/YiMxkXxlu-smkG3yhgUKoP4uUsE.roa
File:                     YiMxkXxlu-smkG3yhgUKoP4uUsE.roa (raw, json)
Hash identifier:          IK19x7sVb/tmtyUZELx+HLhOT8l28m9/UfSxNs2tR+g=
Subject key identifier:   62:23:31:91:7C:65:BB:EB:26:90:6D:F2:86:05:0A:A0:FE:2E:52:C1
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019EA72045791F003170B2FE74968D58C9C0
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/YiMxkXxlu-smkG3yhgUKoP4uUsE.roa
Signing time:             Mon 08 Jun 2026 12:06:10 +0000
ROA not before:           Mon 08 Jun 2026 12:06:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202952
IP address blocks:        185.212.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a7:20:45:79:1f:00:31:70:b2:fe:74:96:8d:58:c9:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jun  8 12:06:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=622331917c65bbeb26906df286050aa0fe2e52c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f7:62:e5:aa:92:88:e3:e3:c7:0d:f4:5e:64:
                    53:13:91:1b:f8:dc:00:4a:d3:e6:ab:08:ed:d7:66:
                    99:9d:1f:4c:12:0f:16:00:88:68:43:fa:d4:2e:a9:
                    c4:27:5b:bf:88:e2:38:52:1f:e4:e5:7f:0b:bd:e9:
                    52:91:a0:6d:8e:01:26:72:c4:cd:28:31:8e:cc:9c:
                    6c:c5:a1:e0:a9:fa:fb:99:38:cb:55:5e:b5:62:5c:
                    61:ac:b1:b2:f0:5d:4f:18:55:fe:ad:da:07:f1:73:
                    44:34:d9:62:29:f7:1c:e0:ca:67:f0:ec:7f:c7:02:
                    ed:ed:5b:4a:46:0a:49:28:b3:00:8a:41:cf:4c:eb:
                    b9:d2:47:0c:87:e7:a3:58:de:2d:50:ff:27:a5:7c:
                    39:74:7b:4d:c1:d5:e1:83:e4:ec:2f:87:70:a4:5e:
                    40:7f:5a:df:01:4e:ed:e5:b3:83:d3:f5:d4:04:ce:
                    30:1e:1e:54:eb:1d:cb:bf:a2:61:ae:dd:b9:5c:68:
                    08:c4:4b:f1:b7:d5:d3:83:c3:53:a5:19:70:9a:68:
                    2a:3e:8e:23:1e:68:ce:c9:7d:d9:0b:3f:1b:aa:f3:
                    6b:97:b3:93:2c:a0:82:89:34:04:87:22:04:19:92:
                    48:d1:de:01:ce:c4:84:61:0c:8c:e3:fa:5e:fb:56:
                    41:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:23:31:91:7C:65:BB:EB:26:90:6D:F2:86:05:0A:A0:FE:2E:52:C1
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/YiMxkXxlu-smkG3yhgUKoP4uUsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:d4:8d:9a:a4:bd:5b:32:d4:c0:65:a2:8f:c1:d0:d3:ec:28:
         0b:b8:17:71:57:19:86:57:99:35:2d:d6:3b:d9:c1:91:04:f1:
         7c:d1:1a:f9:d6:a9:af:b1:8b:c7:2a:5c:0d:bb:2d:14:70:95:
         bd:ce:dd:94:11:f3:3f:a5:b3:1b:06:f7:40:f9:03:2a:fd:c4:
         d5:8e:57:fc:12:b9:2f:d9:21:e1:5c:53:62:22:96:19:5f:8a:
         59:92:ec:d9:b9:b9:7e:a3:1b:a3:1e:dc:bf:81:9c:3a:21:9f:
         76:ce:fc:2c:b8:ad:38:c0:71:ec:8e:77:e7:30:d3:5a:61:07:
         93:2b:59:b4:ed:dc:78:50:fd:b2:ad:37:06:cf:e4:8b:69:0c:
         df:6d:4e:f3:2c:c5:d7:5a:bc:fa:ef:f7:13:86:6f:7c:b0:d8:
         27:59:34:ca:10:e0:e7:d9:30:b5:43:b6:87:f7:65:4c:3d:58:
         42:ec:9b:54:12:03:78:41:4f:72:5a:62:16:b0:01:07:93:6a:
         c9:c7:d0:b6:23:ed:63:e8:ae:c2:a9:2f:ce:e0:9a:05:4b:31:
         ef:5b:26:20:60:33:e6:91:a7:1d:15:50:8e:3d:6e:7e:ed:34:
         d7:01:eb:34:42:e8:42:df:e4:c2:bf:6f:90:18:8d:46:4c:ac:
         72:4a:b3:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6nIEV5HwAxcLL+dJaNWMnAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjYwNjA4MTIwNjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjIzMzE5MTdjNjViYmViMjY5MDZkZjI4NjA1MGFhMGZlMmU1MmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfdi5aqSiOPjxw30XmRTE5Eb+NwA
StPmqwjt12aZnR9MEg8WAIhoQ/rULqnEJ1u/iOI4Uh/k5X8LvelSkaBtjgEmcsTN
KDGOzJxsxaHgqfr7mTjLVV61YlxhrLGy8F1PGFX+rdoH8XNENNliKfcc4Mpn8Ox/
xwLt7VtKRgpJKLMAikHPTOu50kcMh+ejWN4tUP8npXw5dHtNwdXhg+TsL4dwpF5A
f1rfAU7t5bOD0/XUBM4wHh5U6x3Lv6Jhrt25XGgIxEvxt9XTg8NTpRlwmmgqPo4j
HmjOyX3ZCz8bqvNrl7OTLKCCiTQEhyIEGZJI0d4BzsSEYQyM4/pe+1ZBSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGIjMZF8ZbvrJpBt8oYFCqD+LlLBMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvWWlNeGtYeGx1LXNta0czeWhnVUtvUDR1VXNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudSWMA0G
CSqGSIb3DQEBCwUAA4IBAQB81I2apL1bMtTAZaKPwdDT7CgLuBdxVxmGV5k1LdY7
2cGRBPF80Rr51qmvsYvHKlwNuy0UcJW9zt2UEfM/pbMbBvdA+QMq/cTVjlf8Erkv
2SHhXFNiIpYZX4pZkuzZubl+oxujHty/gZw6IZ92zvwsuK04wHHsjnfnMNNaYQeT
K1m07dx4UP2yrTcGz+SLaQzfbU7zLMXXWrz67/cThm98sNgnWTTKEODn2TC1Q7aH
92VMPVhC7JtUEgN4QU9yWmIWsAEHk2rJx9C2I+1j6K7CqS/O4JoFSzHvWyYgYDPm
kacdFVCOPW5+7TTXAes0QuhC3+TCv2+QGI1GTKxySrOV
-----END CERTIFICATE-----