Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/yktv0Xi13607zbB79UOBO0C8Xr0.roa
File:                     yktv0Xi13607zbB79UOBO0C8Xr0.roa (raw, json)
Hash identifier:          o4SPqyfSL2KDaE/SCDUkeRqmxHgrZ5bBM4G5FCrhT08=
Subject key identifier:   CA:4B:6F:D1:78:B5:DF:AD:3B:CD:B0:7B:F5:43:81:3B:40:BC:5E:BD
Certificate issuer:       /CN=e4c86da3f483246518d368034bc86113906a55a3
Certificate serial:       019E32A41D5B91068354294F3EF6989E1EE4
Authority key identifier: E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/yktv0Xi13607zbB79UOBO0C8Xr0.roa
Signing time:             Sat 16 May 2026 21:14:36 +0000
ROA not before:           Sat 16 May 2026 21:14:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     4766
IP address blocks:        94.231.232.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 May 2026 21:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:32:a4:1d:5b:91:06:83:54:29:4f:3e:f6:98:9e:1e:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4c86da3f483246518d368034bc86113906a55a3
        Validity
            Not Before: May 16 21:14:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca4b6fd178b5dfad3bcdb07bf543813b40bc5ebd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:dd:68:09:bc:72:33:fc:af:59:a4:0a:fc:59:
                    d0:94:b9:4f:8e:2e:8e:21:b3:78:61:4a:7b:6a:14:
                    3d:9f:9c:59:d9:37:4f:fc:0d:e7:0d:72:d5:c4:d2:
                    03:99:53:98:61:34:67:aa:2e:47:5b:8f:8c:57:9a:
                    30:f3:3c:ae:26:e4:49:78:8c:d5:c3:82:72:5e:d1:
                    85:a6:33:a2:37:50:bb:f5:60:a9:37:3a:80:3e:60:
                    a9:8b:66:86:f5:62:14:d3:83:ba:f3:d1:86:88:a2:
                    39:7e:f7:98:91:98:13:8f:6c:86:72:28:6e:23:6d:
                    3c:08:84:e4:f8:87:63:7a:08:c5:a7:bf:2e:13:b9:
                    fd:41:70:d2:02:49:ff:fc:51:db:31:bd:72:5e:ac:
                    48:e2:b2:51:ab:3a:65:5b:de:c6:44:1b:1a:ae:00:
                    d2:cb:4b:17:de:08:8b:36:ef:34:29:81:ce:5f:9a:
                    a2:b0:36:97:e9:67:44:4d:f0:3d:e8:ee:be:cd:57:
                    6d:5f:f4:25:60:0d:23:0c:cc:5a:6a:84:ed:58:fe:
                    0a:10:45:99:68:22:60:16:d5:47:7f:5d:ed:32:20:
                    be:d1:06:27:c8:04:ac:e5:43:d9:1f:d3:30:3f:89:
                    29:eb:95:62:88:be:8b:76:22:8c:3f:cf:dc:3e:12:
                    78:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:4B:6F:D1:78:B5:DF:AD:3B:CD:B0:7B:F5:43:81:3B:40:BC:5E:BD
            X509v3 Authority Key Identifier:
                keyid:E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/yktv0Xi13607zbB79UOBO0C8Xr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.231.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a2:92:a4:e7:0d:71:80:4c:68:d7:f8:2d:36:74:37:20:bc:36:
         ee:0c:f9:95:5c:17:20:9a:c0:c6:bf:06:47:df:c6:ff:5f:d5:
         02:91:0d:9e:6a:6c:2c:91:c6:09:9e:7b:a2:04:24:ad:77:a9:
         f6:6d:4e:d9:b9:73:63:a8:e1:2e:b5:a6:8d:3c:90:70:ea:19:
         3e:60:12:7f:f8:b6:d1:57:93:8c:cd:71:97:38:da:72:7f:6c:
         9d:8b:ed:b4:c6:f9:e8:27:0e:16:25:07:5c:17:46:45:16:4d:
         cd:73:79:9e:ef:25:07:50:66:92:52:73:93:a8:f9:3a:a5:54:
         7c:3a:4e:93:e1:f4:b9:4e:bf:71:f1:ad:ef:13:0c:bd:73:f7:
         1e:6b:fd:c1:e3:c4:16:a9:0d:f1:51:5b:fd:31:2d:60:56:c2:
         7c:32:8c:11:5d:5d:fa:6d:1e:cb:84:e3:d3:fe:94:2f:c6:e0:
         25:53:60:50:59:03:4a:6d:a0:98:c4:33:c1:8b:88:f1:01:fc:
         b8:4f:c2:d7:20:22:75:dc:6a:02:db:41:8b:6e:f3:07:a7:e9:
         d2:f5:b2:9a:47:d1:c5:80:48:37:47:bc:36:2d:91:1a:39:28:
         fc:1e:84:1a:39:7d:33:34:f4:5d:0c:47:ef:f7:06:cb:fc:99:
         7d:d9:28:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4ypB1bkQaDVClPPvaYnh7kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0Yzg2ZGEzZjQ4MzI0NjUxOGQzNjgwMzRiYzg2MTEzOTA2
YTU1YTMwHhcNMjYwNTE2MjExNDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTRiNmZkMTc4YjVkZmFkM2JjZGIwN2JmNTQzODEzYjQwYmM1ZWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj91oCbxyM/yvWaQK/FnQlLlPji6O
IbN4YUp7ahQ9n5xZ2TdP/A3nDXLVxNIDmVOYYTRnqi5HW4+MV5ow8zyuJuRJeIzV
w4JyXtGFpjOiN1C79WCpNzqAPmCpi2aG9WIU04O689GGiKI5fveYkZgTj2yGcihu
I208CITk+IdjegjFp78uE7n9QXDSAkn//FHbMb1yXqxI4rJRqzplW97GRBsargDS
y0sX3giLNu80KYHOX5qisDaX6WdETfA96O6+zVdtX/QlYA0jDMxaaoTtWP4KEEWZ
aCJgFtVHf13tMiC+0QYnyASs5UPZH9MwP4kp65ViiL6LdiKMP8/cPhJ45wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMpLb9F4td+tO82we/VDgTtAvF69MB8GA1UdIwQY
MBaAFOTIbaP0gyRlGNNoA0vIYROQalWjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTct
YzUxMWEzZTkxMmI2LzEveWt0djBYaTEzNjA3emJCNzlVT0JPMEM4WHIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTctYzUxMWEzZTkxMmI2
LzEvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXufoMA0G
CSqGSIb3DQEBCwUAA4IBAQCikqTnDXGATGjX+C02dDcgvDbuDPmVXBcgmsDGvwZH
38b/X9UCkQ2eamwskcYJnnuiBCStd6n2bU7ZuXNjqOEutaaNPJBw6hk+YBJ/+LbR
V5OMzXGXONpyf2ydi+20xvnoJw4WJQdcF0ZFFk3Nc3me7yUHUGaSUnOTqPk6pVR8
Ok6T4fS5Tr9x8a3vEwy9c/cea/3B48QWqQ3xUVv9MS1gVsJ8MowRXV36bR7LhOPT
/pQvxuAlU2BQWQNKbaCYxDPBi4jxAfy4T8LXICJ13GoC20GLbvMHp+nS9bKaR9HF
gEg3R7w2LZEaOSj8HoQaOX0zNPRdDEfv9wbL/Jl92SiH
-----END CERTIFICATE-----