Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/YjTpXYu9NyrNBICY01OHLKH6j3c.roa
File:                     YjTpXYu9NyrNBICY01OHLKH6j3c.roa (raw, json)
Hash identifier:          L0BG0GvSHQmxeE9rdU6fttHmYduY9CqbE/eTXrcQHRQ=
Subject key identifier:   62:34:E9:5D:8B:BD:37:2A:CD:04:80:98:D3:53:87:2C:A1:FA:8F:77
Certificate issuer:       /CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
Certificate serial:       019D9FE6DDB2DDBD35F04DE37F19C8FF0C6C
Authority key identifier: 0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/YjTpXYu9NyrNBICY01OHLKH6j3c.roa
Signing time:             Sat 18 Apr 2026 09:23:20 +0000
ROA not before:           Sat 18 Apr 2026 09:23:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34702
IP address blocks:        114.129.9.0/24 maxlen: 24
                          185.114.116.0/24 maxlen: 24
                          185.200.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 Apr 2026 19:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9f:e6:dd:b2:dd:bd:35:f0:4d:e3:7f:19:c8:ff:0c:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
        Validity
            Not Before: Apr 18 09:23:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6234e95d8bbd372acd048098d353872ca1fa8f77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:bb:76:7d:87:c7:f1:aa:81:43:4c:c7:71:04:
                    57:c6:eb:6f:a2:c3:83:c2:06:10:41:1a:03:b3:94:
                    e7:a3:80:a5:24:ab:05:7c:94:4d:b2:38:e6:34:40:
                    b1:a5:bb:99:f2:2d:43:11:77:1a:02:8d:4e:13:2c:
                    a4:d2:f2:e3:a8:b6:a8:73:78:40:25:81:5f:c7:e8:
                    aa:8f:2b:e0:95:c0:b2:c0:8c:d3:81:dd:51:47:28:
                    8d:08:d6:3f:3c:d5:e3:af:1a:9e:91:c2:8f:be:a3:
                    78:28:c5:32:14:4f:9f:96:b9:de:63:6c:96:3f:35:
                    78:70:16:dd:09:79:0e:51:02:89:bc:83:86:7f:74:
                    33:4b:a0:5e:c0:77:5a:0b:4b:9d:4d:d7:e6:1b:af:
                    e1:85:89:0b:c5:ce:12:d6:ae:42:b3:fc:d7:ad:d3:
                    16:98:19:0a:0d:b4:d4:ba:ed:03:bc:54:ed:91:40:
                    57:4e:b5:ec:1b:d4:c1:80:b9:b8:70:5f:b3:bf:ef:
                    a3:c6:33:e3:da:e6:3f:74:bf:a1:0e:05:95:18:d8:
                    53:71:d4:f7:d5:51:0e:3a:58:bf:d8:8c:8b:14:f0:
                    19:69:e3:99:c0:f2:fc:bb:0d:b2:25:05:5d:85:ad:
                    e9:67:9a:2c:e6:7e:0a:aa:4f:a9:c7:71:14:d3:9f:
                    7e:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:34:E9:5D:8B:BD:37:2A:CD:04:80:98:D3:53:87:2C:A1:FA:8F:77
            X509v3 Authority Key Identifier:
                keyid:0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/YjTpXYu9NyrNBICY01OHLKH6j3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  114.129.9.0/24
                  185.114.116.0/24
                  185.200.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:e2:c1:03:f4:17:68:f0:9a:21:61:30:58:22:eb:8c:a0:41:
         ae:3e:7f:09:bc:0b:79:a1:cd:fe:0d:9d:1c:d7:87:4f:7e:da:
         35:ab:f8:f4:96:ee:ff:f3:0d:9c:58:19:00:ac:77:ef:b0:99:
         07:d7:3c:6e:c1:7b:d0:9f:5c:5f:6b:54:59:48:7f:0e:f3:ed:
         ce:2a:26:0d:8e:fd:d0:64:4e:26:c8:34:1c:25:28:be:c2:60:
         f6:c3:08:96:7c:95:a5:2b:85:da:8f:a0:12:0f:69:ac:7e:4e:
         bd:df:c9:07:66:cc:b0:4f:19:92:e6:77:42:a1:d5:44:46:0e:
         fb:77:ad:91:7b:07:cb:6e:d3:bc:53:62:73:2c:35:f1:44:6a:
         62:06:8f:42:8c:2e:2c:68:4c:01:b1:ca:60:77:bc:ee:0c:eb:
         de:f5:b0:e0:2c:a4:15:e2:bb:9f:48:79:37:e1:40:8e:9c:65:
         44:bb:b7:52:07:b6:7e:6d:a1:82:94:dc:7a:7c:a6:fb:bc:c7:
         93:0c:7f:f0:a5:78:52:19:3f:ec:83:73:5e:73:c3:e1:25:18:
         c5:69:ec:42:66:7e:b1:4d:cd:50:8b:18:5a:6a:95:d4:9f:ea:
         87:af:ec:ff:f1:d2:89:62:cc:f8:1f:27:de:32:07:27:22:9f:
         f9:c8:72:44
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ2f5t2y3b018E3jfxnI/wxsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjVjYjJmNTkwZDA0MTY1NGY0ZGZkYjYwYTI4ZjlhMTU0
NGY0NDQwHhcNMjYwNDE4MDkyMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjM0ZTk1ZDhiYmQzNzJhY2QwNDgwOThkMzUzODcyY2ExZmE4Zjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLt2fYfH8aqBQ0zHcQRXxutvosOD
wgYQQRoDs5Tno4ClJKsFfJRNsjjmNECxpbuZ8i1DEXcaAo1OEyyk0vLjqLaoc3hA
JYFfx+iqjyvglcCywIzTgd1RRyiNCNY/PNXjrxqekcKPvqN4KMUyFE+flrneY2yW
PzV4cBbdCXkOUQKJvIOGf3QzS6BewHdaC0udTdfmG6/hhYkLxc4S1q5Cs/zXrdMW
mBkKDbTUuu0DvFTtkUBXTrXsG9TBgLm4cF+zv++jxjPj2uY/dL+hDgWVGNhTcdT3
1VEOOli/2IyLFPAZaeOZwPL8uw2yJQVdha3pZ5os5n4Kqk+px3EU059+xQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGI06V2LvTcqzQSAmNNThyyh+o93MB8GA1UdIwQY
MBaAFA71yy9ZDQQWVPTf22Cij5oVRPREMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmIt
ZWU0MzVkM2NkNTg1LzEvWWpUcFhZdTlOeXJOQklDWTAxT0hMS0g2ajNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmItZWU0MzVkM2NkNTg1
LzEvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAcoEJAwQA
uXJ0AwQAucjEMA0GCSqGSIb3DQEBCwUAA4IBAQA/4sED9Bdo8JohYTBYIuuMoEGu
Pn8JvAt5oc3+DZ0c14dPfto1q/j0lu7/8w2cWBkArHfvsJkH1zxuwXvQn1xfa1RZ
SH8O8+3OKiYNjv3QZE4myDQcJSi+wmD2wwiWfJWlK4Xaj6ASD2msfk6938kHZsyw
TxmS5ndCodVERg77d62RewfLbtO8U2JzLDXxRGpiBo9CjC4saEwBscpgd7zuDOve
9bDgLKQV4rufSHk34UCOnGVEu7dSB7Z+baGClNx6fKb7vMeTDH/wpXhSGT/sg3Ne
c8PhJRjFaexCZn6xTc1QixhaapXUn+qHr+z/8dKJYsz4HyfeMgcnIp/5yHJE
-----END CERTIFICATE-----