Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/nY-W_Uyn86zKqY_J_YOQIxAgtNE.roa
File:                     nY-W_Uyn86zKqY_J_YOQIxAgtNE.roa (raw, json)
Hash identifier:          k35GnID7ajqzYuEKCVytB12oO6zUFVpF6vTYpaCjtEQ=
Subject key identifier:   9D:8F:96:FD:4C:A7:F3:AC:CA:A9:8F:C9:FD:83:90:23:10:20:B4:D1
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       019CE16579C2B709779500E512C9667A8086
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/nY-W_Uyn86zKqY_J_YOQIxAgtNE.roa
Signing time:             Thu 12 Mar 2026 09:34:09 +0000
ROA not before:           Thu 12 Mar 2026 09:34:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205489
IP address blocks:        80.71.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 15:04:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e1:65:79:c2:b7:09:77:95:00:e5:12:c9:66:7a:80:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Mar 12 09:34:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d8f96fd4ca7f3accaa98fc9fd8390231020b4d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:5e:91:eb:75:f9:1c:df:ef:25:81:f7:40:3a:
                    a4:ff:ca:06:53:7f:b9:cc:66:6a:94:3e:92:10:6e:
                    10:74:aa:9a:7c:30:f8:a6:4a:1a:dd:51:37:2b:f3:
                    a2:61:b8:31:f9:50:ae:8f:b1:93:d4:71:3e:5d:0a:
                    1b:37:39:93:0e:ea:e3:7c:a9:9d:f6:59:40:19:06:
                    b5:83:49:ab:59:13:85:d6:d6:01:3a:a3:9b:1a:72:
                    62:90:69:76:1c:1b:d0:a7:0c:3e:ca:82:8e:60:2f:
                    f6:c7:ac:d0:c5:24:26:53:99:e1:ce:37:a0:72:fd:
                    fc:2c:fb:d5:0b:f2:fc:2c:d3:97:73:0a:b9:ec:84:
                    8c:73:5e:75:4a:d0:4a:0b:c7:8f:5c:21:20:4f:77:
                    ad:50:46:20:02:0b:95:e6:05:99:04:77:76:b2:82:
                    65:ac:23:15:8f:98:0d:ed:f7:f0:ac:11:d9:d9:ef:
                    59:48:f8:7d:ee:da:68:d8:78:d9:70:b7:76:6e:87:
                    27:a8:f1:cd:3e:a0:11:ee:4f:7e:09:1f:51:66:22:
                    b0:d6:97:8c:cf:37:7a:05:59:4f:56:79:c6:c6:b9:
                    02:63:9e:39:dd:67:8d:0c:8f:24:58:02:93:c0:09:
                    06:77:7c:c8:89:6c:73:4c:e1:39:10:96:6f:bc:c8:
                    3a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:8F:96:FD:4C:A7:F3:AC:CA:A9:8F:C9:FD:83:90:23:10:20:B4:D1
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/nY-W_Uyn86zKqY_J_YOQIxAgtNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.71.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:1b:6e:01:5d:b1:02:2c:0c:ff:68:32:18:2f:c8:4d:c9:37:
         21:fc:42:8f:38:b2:74:53:97:16:d2:eb:04:c6:a7:2b:b2:68:
         08:8f:0c:3c:a7:b8:b3:d8:f2:82:b1:1d:9f:57:7e:f5:dd:4a:
         ba:9e:34:4a:ff:eb:e9:d0:95:b5:8b:a3:97:1f:49:4d:0e:61:
         2b:2e:47:e3:44:53:30:ed:d6:78:73:ad:91:ee:ae:38:ff:0a:
         89:1e:8d:c1:c7:01:fa:45:56:c5:10:d3:41:d3:c8:c6:ca:c3:
         c9:a3:97:52:e9:2a:e9:97:11:3d:16:0e:30:41:b6:66:2e:49:
         79:f1:fc:9f:24:94:ba:49:02:d1:e6:33:1e:93:f4:da:da:6a:
         a4:e1:19:61:03:0b:36:58:f8:50:df:4e:75:91:6f:05:9b:7e:
         21:96:21:89:51:57:46:f5:f0:1f:b2:27:78:f4:0d:8c:9c:4e:
         52:04:8b:78:c5:ad:76:7e:e4:2f:b3:6f:3c:e0:a7:c3:fd:ec:
         38:d7:9f:d8:f8:99:d8:cf:18:b6:19:f9:bb:a8:f2:e0:1e:56:
         74:18:72:6f:cf:c8:6b:34:8c:53:ba:8d:c8:73:44:1d:ba:71:
         20:a6:05:1d:b1:83:95:e2:ad:95:3f:c1:fa:38:cc:cc:93:94:
         cf:b7:e0:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzhZXnCtwl3lQDlEslmeoCGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjYwMzEyMDkzNDA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDhmOTZmZDRjYTdmM2FjY2FhOThmYzlmZDgzOTAyMzEwMjBiNGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA916R63X5HN/vJYH3QDqk/8oGU3+5
zGZqlD6SEG4QdKqafDD4pkoa3VE3K/OiYbgx+VCuj7GT1HE+XQobNzmTDurjfKmd
9llAGQa1g0mrWROF1tYBOqObGnJikGl2HBvQpww+yoKOYC/2x6zQxSQmU5nhzjeg
cv38LPvVC/L8LNOXcwq57ISMc151StBKC8ePXCEgT3etUEYgAguV5gWZBHd2soJl
rCMVj5gN7ffwrBHZ2e9ZSPh97tpo2HjZcLd2bocnqPHNPqAR7k9+CR9RZiKw1peM
zzd6BVlPVnnGxrkCY5453WeNDI8kWAKTwAkGd3zIiWxzTOE5EJZvvMg6WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ2Plv1Mp/OsyqmPyf2DkCMQILTRMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvblktV19VeW44NnpLcVlfSl9ZT1FJeEFndE5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEfsMA0G
CSqGSIb3DQEBCwUAA4IBAQCGG24BXbECLAz/aDIYL8hNyTch/EKPOLJ0U5cW0usE
xqcrsmgIjww8p7iz2PKCsR2fV3713Uq6njRK/+vp0JW1i6OXH0lNDmErLkfjRFMw
7dZ4c62R7q44/wqJHo3BxwH6RVbFENNB08jGysPJo5dS6SrplxE9Fg4wQbZmLkl5
8fyfJJS6SQLR5jMek/Ta2mqk4RlhAws2WPhQ3051kW8Fm34hliGJUVdG9fAfsid4
9A2MnE5SBIt4xa12fuQvs2884KfD/ew415/Y+JnYzxi2Gfm7qPLgHlZ0GHJvz8hr
NIxTuo3Ic0QdunEgpgUdsYOV4q2VP8H6OMzMk5TPt+C4
-----END CERTIFICATE-----