Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/yhFaGf2_vHhBZgwwXE8xm1OTXQE.roa
File:                     yhFaGf2_vHhBZgwwXE8xm1OTXQE.roa (raw, json)
Hash identifier:          3+krivSCZ6wgsfWjmVU3sW4pnSZcLq6UgbbbbMppVNI=
Subject key identifier:   CA:11:5A:19:FD:BF:BC:78:41:66:0C:30:5C:4F:31:9B:53:93:5D:01
Certificate issuer:       /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial:       019E733FE2BB09419EF2DBC89069149449C0
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/yhFaGf2_vHhBZgwwXE8xm1OTXQE.roa
Signing time:             Fri 29 May 2026 10:20:27 +0000
ROA not before:           Fri 29 May 2026 10:20:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        213.137.82.0/24 maxlen: 24
                          213.137.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:73:3f:e2:bb:09:41:9e:f2:db:c8:90:69:14:94:49:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
        Validity
            Not Before: May 29 10:20:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca115a19fdbfbc7841660c305c4f319b53935d01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:65:71:17:e6:35:c1:d2:38:26:cd:f1:74:c6:
                    5b:3b:24:87:d0:37:98:97:48:b8:61:81:09:8a:f2:
                    23:91:b6:cb:7f:d4:dd:9d:e6:ad:3d:20:a9:c8:13:
                    b0:40:50:be:b0:3b:47:44:03:56:a0:2d:66:eb:e5:
                    09:fe:44:6c:bc:a4:e5:0e:25:f8:d2:99:4b:44:8d:
                    8a:ae:3b:4c:63:5d:e1:6b:5f:f5:e0:de:fa:61:ab:
                    ae:c8:f9:51:01:f6:b6:bc:71:f1:ab:4d:e1:e4:83:
                    99:5f:34:2b:89:29:b2:75:d8:fc:cd:b8:02:b7:6e:
                    f6:51:b2:d4:b2:05:b4:d5:ee:cb:97:35:2e:02:b9:
                    9d:61:d6:02:b6:64:5c:9f:48:2e:3a:06:70:26:10:
                    b2:8b:22:ec:36:39:7e:77:08:86:8e:59:82:7f:ea:
                    08:6d:2a:44:5c:23:2d:9c:ae:30:03:9b:91:61:62:
                    1a:94:de:81:4d:47:94:65:06:27:ab:ff:f1:96:c7:
                    95:c2:95:56:cc:16:f6:2f:e1:67:0b:96:e1:be:ce:
                    54:99:e1:00:5f:76:06:4d:d1:af:5d:27:b8:5f:13:
                    ed:1c:e6:9f:9f:59:79:c8:f3:68:ae:98:f6:f6:a2:
                    9b:ef:d3:64:84:02:27:23:37:c6:f4:68:c9:54:a9:
                    e4:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:11:5A:19:FD:BF:BC:78:41:66:0C:30:5C:4F:31:9B:53:93:5D:01
            X509v3 Authority Key Identifier:
                keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/yhFaGf2_vHhBZgwwXE8xm1OTXQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.137.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a8:31:6f:94:6f:a8:43:0d:b7:d1:24:d5:48:dd:88:f7:3c:1a:
         3d:40:47:ad:60:63:64:aa:0d:7e:c2:93:dc:e3:9b:b9:d9:0d:
         90:8d:d3:da:02:c0:dd:7d:ff:fa:8e:42:d0:92:39:ad:03:cd:
         cb:4f:aa:51:c9:05:8a:ca:55:f7:de:2b:de:c4:5a:a3:f6:0d:
         11:80:d5:a1:c0:09:1a:36:c4:f4:61:83:90:af:0f:10:5e:7d:
         a1:a9:9a:5a:97:95:fb:4e:dd:82:f6:cd:4a:75:7d:0b:f3:d7:
         46:f8:09:2d:ce:15:e0:77:7a:c7:0b:67:a5:f1:3f:db:62:e8:
         95:0d:b6:5f:d0:67:9b:12:d6:33:2f:06:cf:60:af:62:5c:a1:
         36:34:20:02:45:b5:a1:dd:9f:31:b7:a6:36:0c:6b:9f:70:ad:
         9e:34:d4:8e:73:8f:5f:3e:d5:b4:ac:d0:5b:8a:cb:aa:e4:37:
         87:dc:15:77:36:b5:31:3d:9a:48:da:89:02:13:48:5b:02:a8:
         47:3c:10:7f:02:9d:92:b5:28:55:78:23:e7:91:1a:e6:e0:5b:
         8c:27:7d:87:79:83:9e:6b:d8:4a:fb:8c:3e:70:c9:7c:f9:42:
         51:bd:b2:e6:c4:4e:40:5e:b8:7b:ba:7b:13:b4:76:c2:b2:36:
         6f:e8:76:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5zP+K7CUGe8tvIkGkUlEnAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjYwNTI5MTAyMDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTExNWExOWZkYmZiYzc4NDE2NjBjMzA1YzRmMzE5YjUzOTM1ZDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5mVxF+Y1wdI4Js3xdMZbOySH0DeY
l0i4YYEJivIjkbbLf9TdneatPSCpyBOwQFC+sDtHRANWoC1m6+UJ/kRsvKTlDiX4
0plLRI2KrjtMY13ha1/14N76YauuyPlRAfa2vHHxq03h5IOZXzQriSmyddj8zbgC
t272UbLUsgW01e7LlzUuArmdYdYCtmRcn0guOgZwJhCyiyLsNjl+dwiGjlmCf+oI
bSpEXCMtnK4wA5uRYWIalN6BTUeUZQYnq//xlseVwpVWzBb2L+FnC5bhvs5UmeEA
X3YGTdGvXSe4XxPtHOafn1l5yPNorpj29qKb79NkhAInIzfG9GjJVKnkoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMoRWhn9v7x4QWYMMFxPMZtTk10BMB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEveWhGYUdmMl92SGhCWmd3d1hFOHhtMU9UWFFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1YlSMA0G
CSqGSIb3DQEBCwUAA4IBAQCoMW+Ub6hDDbfRJNVI3Yj3PBo9QEetYGNkqg1+wpPc
45u52Q2QjdPaAsDdff/6jkLQkjmtA83LT6pRyQWKylX33ivexFqj9g0RgNWhwAka
NsT0YYOQrw8QXn2hqZpal5X7Tt2C9s1KdX0L89dG+AktzhXgd3rHC2el8T/bYuiV
DbZf0GebEtYzLwbPYK9iXKE2NCACRbWh3Z8xt6Y2DGufcK2eNNSOc49fPtW0rNBb
isuq5DeH3BV3NrUxPZpI2okCE0hbAqhHPBB/Ap2StShVeCPnkRrm4FuMJ32HeYOe
a9hK+4w+cMl8+UJRvbLmxE5AXrh7unsTtHbCsjZv6HbT
-----END CERTIFICATE-----