Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/YCvvCpYmm06YfynuB8DZGPha7UI.roa
File:                     YCvvCpYmm06YfynuB8DZGPha7UI.roa (raw, json)
Hash identifier:          x1btegkqRS0K+nzozPDPSPQmrg4H61HdadirIeIaPZg=
Subject key identifier:   60:2B:EF:0A:96:26:9B:4E:98:7F:29:EE:07:C0:D9:18:F8:5A:ED:42
Certificate issuer:       /CN=81c8b73ab7bdeb76ff48b2ca099616edbe71c426
Certificate serial:       019E8ED26AF07F223E6C9782F0323F36E3AA
Authority key identifier: 81:C8:B7:3A:B7:BD:EB:76:FF:48:B2:CA:09:96:16:ED:BE:71:C4:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gci3Ore963b_SLLKCZYW7b5xxCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/YCvvCpYmm06YfynuB8DZGPha7UI.roa
Signing time:             Wed 03 Jun 2026 18:50:15 +0000
ROA not before:           Wed 03 Jun 2026 18:50:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48539
IP address blocks:        45.81.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/gci3Ore963b_SLLKCZYW7b5xxCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/gci3Ore963b_SLLKCZYW7b5xxCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gci3Ore963b_SLLKCZYW7b5xxCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 00:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8e:d2:6a:f0:7f:22:3e:6c:97:82:f0:32:3f:36:e3:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81c8b73ab7bdeb76ff48b2ca099616edbe71c426
        Validity
            Not Before: Jun  3 18:50:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=602bef0a96269b4e987f29ee07c0d918f85aed42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:6d:a6:f2:01:18:e5:40:99:92:ca:f6:40:13:
                    17:60:cb:5b:9e:af:ba:21:23:3f:f8:4c:81:43:c6:
                    7f:e3:bd:e0:4f:47:ec:be:b9:a8:96:78:14:5b:79:
                    d9:26:bb:cc:f9:a3:05:8c:0b:07:0f:3a:cb:b3:7b:
                    2c:06:1c:86:04:11:0b:5f:f2:05:7d:a8:26:cd:41:
                    2b:ef:d5:10:4c:6f:d1:6f:9e:f5:c7:5b:56:46:3d:
                    cc:6c:d9:a0:1e:bf:27:28:6e:88:19:a8:8b:e4:f0:
                    04:2f:bf:56:0e:f8:6e:da:a3:7b:5a:a6:d3:55:88:
                    54:c9:20:2c:e6:bc:78:52:78:2c:9b:6f:79:8e:1b:
                    0b:04:20:f8:ae:1d:5a:24:65:40:84:1f:0d:91:a1:
                    91:2a:56:e8:c7:b0:df:bb:d3:7f:a3:e7:f1:6e:c2:
                    e7:42:ba:f7:2c:dc:2f:9b:8e:c9:eb:dd:51:58:1a:
                    2b:f1:da:c7:8b:7b:53:76:03:3a:67:12:c1:54:67:
                    cb:fe:87:7f:ef:c2:48:71:57:37:e5:9a:47:34:92:
                    8d:a1:5c:d4:bf:c6:c0:1f:e4:e4:b2:8c:04:7c:43:
                    60:a0:58:ec:d9:06:4c:07:39:de:c4:95:68:a2:a2:
                    12:06:fc:93:8b:85:ff:b7:73:29:29:f3:98:a2:12:
                    4f:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:2B:EF:0A:96:26:9B:4E:98:7F:29:EE:07:C0:D9:18:F8:5A:ED:42
            X509v3 Authority Key Identifier:
                keyid:81:C8:B7:3A:B7:BD:EB:76:FF:48:B2:CA:09:96:16:ED:BE:71:C4:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gci3Ore963b_SLLKCZYW7b5xxCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/YCvvCpYmm06YfynuB8DZGPha7UI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/gci3Ore963b_SLLKCZYW7b5xxCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:39:d3:56:d3:3c:1c:1c:b4:f6:4c:1b:03:15:f1:70:07:7d:
         41:db:f7:b6:11:a2:f2:f2:5d:26:46:39:ea:20:56:9f:a4:72:
         e8:37:30:9d:6c:89:d0:a5:60:34:b8:09:cf:a2:67:f2:23:f8:
         f0:92:77:42:62:19:40:93:5e:0b:b2:53:f4:e0:6b:c1:ef:63:
         fd:df:e9:2c:e5:81:ea:7c:41:20:ca:93:29:1e:89:7f:a8:76:
         c8:15:1f:c1:c6:90:ad:82:8b:c0:6b:e2:f6:12:4d:83:ca:13:
         e0:90:55:cf:8f:86:f0:e2:57:08:20:4c:9c:a1:45:d9:f2:a5:
         32:07:e8:43:3b:26:e4:75:0d:43:e3:29:66:56:21:50:eb:3c:
         e5:ae:3d:59:50:8e:17:26:18:58:3a:41:b8:03:33:b3:7c:36:
         13:e3:fd:c5:7f:bf:d8:09:f4:27:1d:e0:f8:10:12:65:19:64:
         46:75:63:16:8a:11:d4:67:f3:27:f7:48:38:05:65:8d:ae:1b:
         c4:3f:91:d7:8b:d9:e3:09:ae:6e:e3:50:5e:d0:48:40:f8:3b:
         92:f9:81:31:9b:7b:7d:4c:59:3e:68:ab:4c:df:09:5d:94:0f:
         b5:ec:e7:e7:6f:ac:6b:e1:ff:21:c3:53:51:f2:09:54:3d:09:
         58:de:25:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6O0mrwfyI+bJeC8DI/NuOqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYzhiNzNhYjdiZGViNzZmZjQ4YjJjYTA5OTYxNmVkYmU3
MWM0MjYwHhcNMjYwNjAzMTg1MDE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDJiZWYwYTk2MjY5YjRlOTg3ZjI5ZWUwN2MwZDkxOGY4NWFlZDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1W2m8gEY5UCZksr2QBMXYMtbnq+6
ISM/+EyBQ8Z/473gT0fsvrmolngUW3nZJrvM+aMFjAsHDzrLs3ssBhyGBBELX/IF
fagmzUEr79UQTG/Rb571x1tWRj3MbNmgHr8nKG6IGaiL5PAEL79WDvhu2qN7WqbT
VYhUySAs5rx4Ungsm295jhsLBCD4rh1aJGVAhB8NkaGRKlbox7Dfu9N/o+fxbsLn
Qrr3LNwvm47J691RWBor8drHi3tTdgM6ZxLBVGfL/od/78JIcVc35ZpHNJKNoVzU
v8bAH+TksowEfENgoFjs2QZMBznexJVooqISBvyTi4X/t3MpKfOYohJPRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGAr7wqWJptOmH8p7gfA2Rj4Wu1CMB8GA1UdIwQY
MBaAFIHItzq3vet2/0iyygmWFu2+ccQmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2NpM09yZTk2M2JfU0xMS0NaWVc3YjV4eENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8yMDc5MzQtOWVkYy00YTg5LTgyMGUt
ZDg0ODhiM2FiNDJmLzEvWUN2dkNwWW1tMDZZZnludUI4RFpHUGhhN1VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8yMDc5MzQtOWVkYy00YTg5LTgyMGUtZDg0ODhiM2FiNDJm
LzEvZ2NpM09yZTk2M2JfU0xMS0NaWVc3YjV4eENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVGXMA0G
CSqGSIb3DQEBCwUAA4IBAQBuOdNW0zwcHLT2TBsDFfFwB31B2/e2EaLy8l0mRjnq
IFafpHLoNzCdbInQpWA0uAnPomfyI/jwkndCYhlAk14LslP04GvB72P93+ks5YHq
fEEgypMpHol/qHbIFR/BxpCtgovAa+L2Ek2DyhPgkFXPj4bw4lcIIEycoUXZ8qUy
B+hDOybkdQ1D4ylmViFQ6zzlrj1ZUI4XJhhYOkG4AzOzfDYT4/3Ff7/YCfQnHeD4
EBJlGWRGdWMWihHUZ/Mn90g4BWWNrhvEP5HXi9njCa5u41Be0EhA+DuS+YExm3t9
TFk+aKtM3wldlA+17Ofnb6xr4f8hw1NR8glUPQlY3iUE
-----END CERTIFICATE-----