Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/yvaGOInzvs_4CAqNb3HGPxfbkeM.roa
File:                     yvaGOInzvs_4CAqNb3HGPxfbkeM.roa (raw, json)
Hash identifier:          72X78jrEd3P7Wm2iZrDHAJIx0Gy7kHeFqupGxzOk0BE=
Subject key identifier:   CA:F6:86:38:89:F3:BE:CF:F8:08:0A:8D:6F:71:C6:3F:17:DB:91:E3
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       019985F754986FAFCBBDC336C13AD5F16057
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/yvaGOInzvs_4CAqNb3HGPxfbkeM.roa
Signing time:             Fri 26 Sep 2025 12:20:02 +0000
ROA not before:           Fri 26 Sep 2025 12:20:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        188.191.100.0/24 maxlen: 24
                          188.191.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:85:f7:54:98:6f:af:cb:bd:c3:36:c1:3a:d5:f1:60:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Sep 26 12:20:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=caf6863889f3becff8080a8d6f71c63f17db91e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:19:4c:ab:57:75:0f:3a:b2:d1:8d:21:b8:4e:
                    dd:59:ac:de:69:06:5b:8c:11:69:b2:87:c1:0b:47:
                    6b:3c:87:03:e3:08:1b:95:30:1b:1e:74:6a:fc:29:
                    60:bf:52:9d:8b:8a:3a:70:96:77:80:54:03:1d:16:
                    d9:d2:6f:c8:08:0b:c1:f4:b2:15:b5:70:26:9c:3e:
                    19:76:cb:cb:c0:3c:3e:41:9b:19:a1:ab:bf:d5:66:
                    43:cc:38:20:8c:62:9f:02:d6:8a:2b:23:27:b2:28:
                    14:22:5c:eb:7f:4c:0b:26:7e:df:19:11:59:4c:f9:
                    4a:5d:33:f1:2c:2e:9e:b9:e4:20:d0:8b:3a:04:7a:
                    76:a2:f0:7d:78:f8:c1:b2:a6:82:3a:57:87:51:8a:
                    91:a4:d3:64:ce:8d:41:5b:35:56:d4:df:ad:d4:79:
                    8a:e1:6a:cd:5d:3d:86:89:48:18:04:25:b0:d4:e3:
                    2e:d6:e7:1c:19:49:95:e0:33:96:dd:5e:87:ce:f5:
                    32:08:60:53:97:59:63:09:f1:dc:25:b0:cf:1e:24:
                    f6:99:43:fc:b7:57:63:ae:ba:90:8c:fd:43:0e:a1:
                    a7:20:0e:1b:19:01:a3:f4:20:60:cd:cd:80:df:bc:
                    1a:57:08:f0:14:d7:5f:2d:4b:73:eb:3b:31:36:24:
                    2a:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:F6:86:38:89:F3:BE:CF:F8:08:0A:8D:6F:71:C6:3F:17:DB:91:E3
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/yvaGOInzvs_4CAqNb3HGPxfbkeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.191.100.0/24
                  188.191.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:6b:11:e9:81:35:9e:d6:bd:58:44:8f:30:b1:0f:35:4c:72:
         4b:76:34:dc:35:6a:8f:f9:f5:6b:4b:99:fd:76:8f:40:66:43:
         97:27:8c:7c:e1:ec:ef:11:9e:65:b2:b2:81:06:1b:18:3c:68:
         4f:67:c2:db:f2:2c:99:d2:7d:28:51:74:3a:f4:a3:e9:a0:e2:
         78:69:28:81:43:ba:e4:04:b5:f3:72:c2:46:bf:6e:5a:25:72:
         fb:3c:b1:f9:f3:30:73:ec:d5:6a:f5:89:f6:0f:0d:da:4d:eb:
         c3:db:de:dc:cf:f3:37:1b:67:11:a6:75:dd:92:be:fa:e4:f9:
         78:97:90:19:a0:9b:0d:52:a1:03:ab:40:7f:4e:ce:23:af:b4:
         65:22:1b:9a:11:c7:72:a4:0e:70:e2:70:89:cd:1d:85:44:e0:
         32:ed:a4:37:2d:b7:dc:3b:4f:95:16:3c:9e:13:26:2d:64:4f:
         dc:29:a0:d7:f9:c8:b2:9a:42:c2:32:27:11:28:ad:f6:c3:e6:
         3a:1a:fa:c8:5e:e6:bc:b6:0a:6b:02:c1:19:6f:a0:1e:70:27:
         2b:e4:89:44:8d:5d:08:10:9d:1f:20:cb:60:89:f1:1e:5c:cc:
         01:70:3a:43:d4:b2:0e:0c:fa:10:37:f1:62:28:31:9f:63:13:
         f6:d3:b4:2d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmF91SYb6/LvcM2wTrV8WBXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjUwOTI2MTIyMDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWY2ODYzODg5ZjNiZWNmZjgwODBhOGQ2ZjcxYzYzZjE3ZGI5MWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRlMq1d1Dzqy0Y0huE7dWazeaQZb
jBFpsofBC0drPIcD4wgblTAbHnRq/Clgv1Kdi4o6cJZ3gFQDHRbZ0m/ICAvB9LIV
tXAmnD4ZdsvLwDw+QZsZoau/1WZDzDggjGKfAtaKKyMnsigUIlzrf0wLJn7fGRFZ
TPlKXTPxLC6eueQg0Is6BHp2ovB9ePjBsqaCOleHUYqRpNNkzo1BWzVW1N+t1HmK
4WrNXT2GiUgYBCWw1OMu1uccGUmV4DOW3V6HzvUyCGBTl1ljCfHcJbDPHiT2mUP8
t1djrrqQjP1DDqGnIA4bGQGj9CBgzc2A37waVwjwFNdfLUtz6zsxNiQqxQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMr2hjiJ877P+AgKjW9xxj8X25HjMB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEveXZhR09Jbnp2c180Q0FxTmIzSEdQeGZia2VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvL9kAwQA
vL9qMA0GCSqGSIb3DQEBCwUAA4IBAQAuaxHpgTWe1r1YRI8wsQ81THJLdjTcNWqP
+fVrS5n9do9AZkOXJ4x84ezvEZ5lsrKBBhsYPGhPZ8Lb8iyZ0n0oUXQ69KPpoOJ4
aSiBQ7rkBLXzcsJGv25aJXL7PLH58zBz7NVq9Yn2Dw3aTevD297cz/M3G2cRpnXd
kr765Pl4l5AZoJsNUqEDq0B/Ts4jr7RlIhuaEcdypA5w4nCJzR2FROAy7aQ3Lbfc
O0+VFjyeEyYtZE/cKaDX+ciymkLCMicRKK32w+Y6GvrIXua8tgprAsEZb6AecCcr
5IlEjV0IEJ0fIMtgifEeXMwBcDpD1LIODPoQN/FiKDGfYxP207Qt
-----END CERTIFICATE-----