Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/Y_GHkAp82jqBBiSBNey6vpfYg2M.roa
File:                     Y_GHkAp82jqBBiSBNey6vpfYg2M.roa (raw, json)
Hash identifier:          rieZmIQkiqzO4zQnxDbOiSTKXoVKlxrX2gJPf9DTQjU=
Subject key identifier:   63:F1:87:90:0A:7C:DA:3A:81:06:24:81:35:EC:BA:BE:97:D8:83:63
Certificate issuer:       /CN=1c4e6a1d3cc1e4f3dc01ab96c94196b9c49d2916
Certificate serial:       019DB3FED41E0BF08446E8CBE0B242D6FA47
Authority key identifier: 1C:4E:6A:1D:3C:C1:E4:F3:DC:01:AB:96:C9:41:96:B9:C4:9D:29:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HE5qHTzB5PPcAauWyUGWucSdKRY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/Y_GHkAp82jqBBiSBNey6vpfYg2M.roa
Signing time:             Wed 22 Apr 2026 07:01:55 +0000
ROA not before:           Wed 22 Apr 2026 07:01:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208185
IP address blocks:        194.88.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/HE5qHTzB5PPcAauWyUGWucSdKRY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/HE5qHTzB5PPcAauWyUGWucSdKRY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HE5qHTzB5PPcAauWyUGWucSdKRY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 18:48:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b3:fe:d4:1e:0b:f0:84:46:e8:cb:e0:b2:42:d6:fa:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c4e6a1d3cc1e4f3dc01ab96c94196b9c49d2916
        Validity
            Not Before: Apr 22 07:01:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=63f187900a7cda3a8106248135ecbabe97d88363
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:5b:89:87:db:b1:33:4a:7c:46:71:fe:cc:02:
                    d5:58:d9:45:44:c8:cb:58:c9:0d:71:37:03:d5:54:
                    b8:97:6e:f2:4b:23:98:09:bc:af:16:20:de:97:61:
                    77:4f:09:37:22:23:12:00:61:6f:48:ce:59:eb:ac:
                    d7:c1:ed:41:c7:78:57:3a:26:08:eb:f0:0a:51:56:
                    ad:8f:b0:5a:70:e5:89:af:fa:ef:d1:fd:81:84:5b:
                    a5:a2:25:8a:3b:6e:d7:65:43:74:dc:35:77:73:e2:
                    76:11:61:a0:cf:4c:6f:bd:32:ff:cc:2a:89:9a:6c:
                    d2:cd:d4:b0:05:68:a4:30:6b:82:1e:90:12:20:ea:
                    0e:a0:98:b4:40:2e:41:19:89:b4:22:2a:fc:de:78:
                    c1:e2:a6:11:e3:5c:1d:af:0a:3e:82:32:42:26:c9:
                    29:05:56:d6:87:ca:6c:a4:e0:77:b6:5d:8a:f7:78:
                    fd:bc:8c:d3:84:f4:8b:74:32:03:1c:a8:41:84:12:
                    53:30:0b:4f:be:79:5b:98:83:f1:0a:c1:30:39:fa:
                    8b:1e:ee:27:0a:68:a7:24:24:8d:5d:d9:52:c2:6f:
                    a2:03:30:aa:f7:a5:ff:40:7f:50:d5:10:36:3c:40:
                    3a:d7:31:fa:ac:ed:b0:01:76:ed:58:4f:1d:6c:aa:
                    5a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:F1:87:90:0A:7C:DA:3A:81:06:24:81:35:EC:BA:BE:97:D8:83:63
            X509v3 Authority Key Identifier:
                keyid:1C:4E:6A:1D:3C:C1:E4:F3:DC:01:AB:96:C9:41:96:B9:C4:9D:29:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HE5qHTzB5PPcAauWyUGWucSdKRY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/Y_GHkAp82jqBBiSBNey6vpfYg2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/HE5qHTzB5PPcAauWyUGWucSdKRY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.88.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:42:0d:07:04:d3:64:d4:3f:a2:a6:ca:e9:bf:6a:0e:79:b4:
         81:79:a1:7c:1a:c5:81:4e:61:56:6f:8b:d9:ea:57:cc:a4:be:
         52:c2:ea:67:a3:29:c3:73:04:e4:44:f6:41:e3:5d:97:1e:cc:
         c3:0d:88:e5:17:04:1c:b9:e1:0f:d8:6f:97:f3:6e:ce:24:49:
         5f:2c:43:2a:69:e2:fe:6f:12:bd:1a:fc:92:3b:5f:be:fd:5f:
         04:8c:8a:7f:cc:80:4f:9b:70:f3:37:7c:a5:81:a0:88:36:2d:
         18:75:27:ef:e4:f9:76:55:79:05:8d:df:ca:3c:78:c5:20:68:
         0b:c4:1f:6a:a7:9a:a0:65:98:d3:e1:85:12:f0:2d:ed:d9:a1:
         13:cf:b3:32:f0:4c:3a:01:b1:2c:6e:ed:cd:86:d5:82:83:8e:
         99:34:4d:58:36:75:24:eb:c1:ac:9e:3c:a2:06:63:04:07:fe:
         5a:b4:5f:3c:c2:31:bd:9a:0b:4b:4f:81:a5:74:c4:18:c6:13:
         68:50:fc:2a:e0:b2:08:77:33:0d:74:70:e1:3c:c5:79:ff:86:
         a8:f1:2d:a3:1b:bb:b5:19:bd:63:09:a4:4f:7f:d6:f4:ee:35:
         16:7f:97:69:08:ac:fd:9b:fe:bd:ab:e1:d0:f9:55:59:cd:30:
         07:47:8d:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2z/tQeC/CERujL4LJC1vpHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNGU2YTFkM2NjMWU0ZjNkYzAxYWI5NmM5NDE5NmI5YzQ5
ZDI5MTYwHhcNMjYwNDIyMDcwMTU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2YxODc5MDBhN2NkYTNhODEwNjI0ODEzNWVjYmFiZTk3ZDg4MzYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzVuJh9uxM0p8RnH+zALVWNlFRMjL
WMkNcTcD1VS4l27ySyOYCbyvFiDel2F3Twk3IiMSAGFvSM5Z66zXwe1Bx3hXOiYI
6/AKUVatj7BacOWJr/rv0f2BhFuloiWKO27XZUN03DV3c+J2EWGgz0xvvTL/zCqJ
mmzSzdSwBWikMGuCHpASIOoOoJi0QC5BGYm0Iir83njB4qYR41wdrwo+gjJCJskp
BVbWh8pspOB3tl2K93j9vIzThPSLdDIDHKhBhBJTMAtPvnlbmIPxCsEwOfqLHu4n
CminJCSNXdlSwm+iAzCq96X/QH9Q1RA2PEA61zH6rO2wAXbtWE8dbKpaEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGPxh5AKfNo6gQYkgTXsur6X2INjMB8GA1UdIwQY
MBaAFBxOah08weTz3AGrlslBlrnEnSkWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEU1cUhUekI1UFBjQWF1V3lVR1d1Y1NkS1JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi85NmIxMTctZmQzYi00Zjc0LWIzYmYt
MWE0MmY2MzJjMzA3LzEvWV9HSGtBcDgyanFCQmlTQk5leTZ2cGZZZzJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi85NmIxMTctZmQzYi00Zjc0LWIzYmYtMWE0MmY2MzJjMzA3
LzEvSEU1cUhUekI1UFBjQWF1V3lVR1d1Y1NkS1JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwljoMA0G
CSqGSIb3DQEBCwUAA4IBAQAxQg0HBNNk1D+ipsrpv2oOebSBeaF8GsWBTmFWb4vZ
6lfMpL5SwupnoynDcwTkRPZB412XHszDDYjlFwQcueEP2G+X827OJElfLEMqaeL+
bxK9GvySO1++/V8EjIp/zIBPm3DzN3ylgaCINi0YdSfv5Pl2VXkFjd/KPHjFIGgL
xB9qp5qgZZjT4YUS8C3t2aETz7My8Ew6AbEsbu3NhtWCg46ZNE1YNnUk68Gsnjyi
BmMEB/5atF88wjG9mgtLT4GldMQYxhNoUPwq4LIIdzMNdHDhPMV5/4ao8S2jG7u1
Gb1jCaRPf9b07jUWf5dpCKz9m/69q+HQ+VVZzTAHR41y
-----END CERTIFICATE-----