Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/YTidVoJ3o_e_tHyiulhdPBfY7Gk.roa
File:                     YTidVoJ3o_e_tHyiulhdPBfY7Gk.roa (raw, json)
Hash identifier:          M3PCGMQDK9b9yJ6Z4+VMcXEpqQGrsEFgiNapFNJuY8o=
Subject key identifier:   61:38:9D:56:82:77:A3:F7:BF:B4:7C:A2:BA:58:5D:3C:17:D8:EC:69
Certificate issuer:       /CN=7e3150f8c67063121027328954968d08d4cf329a
Certificate serial:       019EE02FD53D272746DB95E843FB97C639CD
Authority key identifier: 7E:31:50:F8:C6:70:63:12:10:27:32:89:54:96:8D:08:D4:CF:32:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/YTidVoJ3o_e_tHyiulhdPBfY7Gk.roa
Signing time:             Fri 19 Jun 2026 14:01:31 +0000
ROA not before:           Fri 19 Jun 2026 14:01:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212949
IP address blocks:        212.115.41.0/24 maxlen: 24
                          2a06:2c87:fe00::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 25 Jun 2026 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:e0:2f:d5:3d:27:27:46:db:95:e8:43:fb:97:c6:39:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e3150f8c67063121027328954968d08d4cf329a
        Validity
            Not Before: Jun 19 14:01:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=61389d568277a3f7bfb47ca2ba585d3c17d8ec69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:df:34:bb:7d:33:e1:64:3d:53:9b:5f:b0:79:
                    fa:03:e1:8b:8c:a1:b2:14:4d:c3:88:50:9e:1b:dc:
                    7c:a3:a3:da:59:86:65:a0:94:51:38:96:5e:ee:8f:
                    44:5d:3b:5c:c0:33:cb:25:a1:db:73:5a:5b:a7:cb:
                    99:15:fd:f0:67:83:cb:71:33:1b:e3:2f:43:9d:9c:
                    be:60:cf:c7:83:93:0c:ce:1e:81:e3:0c:c3:ab:71:
                    96:99:b4:cc:ca:cd:f9:c3:b1:02:24:fa:28:2b:cc:
                    bf:8f:3b:f4:63:8b:5f:2b:cd:a5:28:f1:3d:f4:b1:
                    97:2b:59:7d:ca:94:d9:49:77:8f:b1:1e:43:1f:b6:
                    ea:d7:96:26:c4:45:ed:67:34:84:f7:2a:1a:d1:3d:
                    f8:9f:fa:88:a2:02:e3:66:c9:c7:70:e2:d9:94:9b:
                    17:a9:21:79:c8:a7:1f:e1:84:54:73:1a:a2:5f:41:
                    d5:93:53:9d:e6:24:d4:4d:14:2d:3f:f1:a4:2c:1f:
                    13:54:36:b3:af:87:98:06:a4:f0:50:2b:38:99:f7:
                    27:ec:24:1c:b7:3b:36:3a:2f:c5:20:ba:4e:26:5d:
                    1e:38:f5:04:80:8b:93:e6:3c:c7:47:4d:29:89:89:
                    97:4d:1b:2d:27:44:b3:47:f1:89:ff:9c:3a:fe:fa:
                    68:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:38:9D:56:82:77:A3:F7:BF:B4:7C:A2:BA:58:5D:3C:17:D8:EC:69
            X509v3 Authority Key Identifier:
                keyid:7E:31:50:F8:C6:70:63:12:10:27:32:89:54:96:8D:08:D4:CF:32:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/YTidVoJ3o_e_tHyiulhdPBfY7Gk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.115.41.0/24
                IPv6:
                  2a06:2c87:fe00::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:67:bd:29:51:4f:df:d2:24:b2:52:30:52:0f:13:b4:26:10:
         d5:a7:c3:09:59:02:de:ed:e6:83:65:ff:39:41:a7:9d:b8:4b:
         f3:1c:2f:f4:34:f7:a3:ee:51:22:b6:19:20:d6:5f:35:51:97:
         af:ff:3b:5b:2f:b3:6d:40:6a:ee:fb:37:90:67:a0:4c:fc:6d:
         e7:65:23:8c:8f:94:b6:6b:9e:81:c0:cc:9f:05:4e:bb:b5:6d:
         21:69:49:c6:49:43:f1:9c:b4:cc:bd:11:d3:e3:46:90:12:9c:
         e8:81:b7:df:f0:57:1c:f5:ec:dd:d0:64:92:03:1c:b1:3f:f3:
         3b:4f:6c:34:e1:7e:c1:32:1d:ea:32:39:35:bd:19:8d:d1:92:
         30:62:27:26:ef:8f:d5:96:0f:b1:b0:c7:37:34:8c:0e:94:6e:
         27:7b:56:aa:0b:23:6d:aa:77:77:16:9d:f9:cb:09:c4:27:33:
         57:08:ea:95:87:2b:e8:80:86:82:2c:03:db:75:1c:94:8f:7e:
         38:62:b9:29:f5:15:8e:fc:51:91:73:fc:fc:ce:a2:17:98:70:
         76:f9:1d:d9:95:01:10:bc:6c:4f:dc:74:e3:c1:bc:dc:13:60:
         cc:d9:f0:7c:bf:a4:6c:f3:90:c6:2f:9c:2c:08:ba:3e:ab:4c:
         fb:00:5b:91
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ7gL9U9JydG25XoQ/uXxjnNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMzE1MGY4YzY3MDYzMTIxMDI3MzI4OTU0OTY4ZDA4ZDRj
ZjMyOWEwHhcNMjYwNjE5MTQwMTMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTM4OWQ1NjgyNzdhM2Y3YmZiNDdjYTJiYTU4NWQzYzE3ZDhlYzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvt80u30z4WQ9U5tfsHn6A+GLjKGy
FE3DiFCeG9x8o6PaWYZloJRROJZe7o9EXTtcwDPLJaHbc1pbp8uZFf3wZ4PLcTMb
4y9DnZy+YM/Hg5MMzh6B4wzDq3GWmbTMys35w7ECJPooK8y/jzv0Y4tfK82lKPE9
9LGXK1l9ypTZSXePsR5DH7bq15YmxEXtZzSE9yoa0T34n/qIogLjZsnHcOLZlJsX
qSF5yKcf4YRUcxqiX0HVk1Od5iTUTRQtP/GkLB8TVDazr4eYBqTwUCs4mfcn7CQc
tzs2Oi/FILpOJl0eOPUEgIuT5jzHR00piYmXTRstJ0SzR/GJ/5w6/vpo1QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGE4nVaCd6P3v7R8orpYXTwX2OxpMB8GA1UdIwQY
MBaAFH4xUPjGcGMSECcyiVSWjQjUzzKaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmpGUS1NWndZeElRSnpLSlZKYU5DTlRQTXBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi84YmNmZDctZjZkMy00MzJhLWI1ZjAt
OTM1ZTQxOGJkYmU3LzEvWVRpZFZvSjNvX2VfdEh5aXVsaGRQQmZZN0drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi84YmNmZDctZjZkMy00MzJhLWI1ZjAtOTM1ZTQxOGJkYmU3
LzEvZmpGUS1NWndZeElRSnpLSlZKYU5DTlRQTXBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA1HMpMA8E
AgACMAkDBwAqBiyH/gAwDQYJKoZIhvcNAQELBQADggEBAH5nvSlRT9/SJLJSMFIP
E7QmENWnwwlZAt7t5oNl/zlBp524S/McL/Q096PuUSK2GSDWXzVRl6//O1svs21A
au77N5BnoEz8bedlI4yPlLZrnoHAzJ8FTru1bSFpScZJQ/GctMy9EdPjRpASnOiB
t9/wVxz17N3QZJIDHLE/8ztPbDThfsEyHeoyOTW9GY3RkjBiJybvj9WWD7Gwxzc0
jA6Ubid7VqoLI22qd3cWnfnLCcQnM1cI6pWHK+iAhoIsA9t1HJSPfjhiuSn1FY78
UZFz/PzOoheYcHb5HdmVARC8bE/cdOPBvNwTYMzZ8Hy/pGzzkMYvnCwIuj6rTPsA
W5E=
-----END CERTIFICATE-----