Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/YR5NHny-H5eU5tgqNNy6P-03Z9Q.roa
File:                     YR5NHny-H5eU5tgqNNy6P-03Z9Q.roa (raw, json)
Hash identifier:          XN+oOCB4Fs/+me/Qvw4xaRoHKMmthIb2bcNRuvZmhx4=
Subject key identifier:   61:1E:4D:1E:7C:BE:1F:97:94:E6:D8:2A:34:DC:BA:3F:ED:37:67:D4
Certificate issuer:       /CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
Certificate serial:       019E934E6A3169CA7C67AA5A1D277D7CCD75
Authority key identifier: 5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/YR5NHny-H5eU5tgqNNy6P-03Z9Q.roa
Signing time:             Thu 04 Jun 2026 15:44:10 +0000
ROA not before:           Thu 04 Jun 2026 15:44:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214557
IP address blocks:        87.232.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 09:13:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:93:4e:6a:31:69:ca:7c:67:aa:5a:1d:27:7d:7c:cd:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
        Validity
            Not Before: Jun  4 15:44:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=611e4d1e7cbe1f9794e6d82a34dcba3fed3767d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:85:7c:21:29:4d:a1:ca:36:5e:27:76:a0:fb:
                    d6:73:5e:86:ca:7e:fd:03:44:c6:32:76:81:23:67:
                    c5:64:64:64:61:1e:38:83:4d:f5:90:fb:9a:a2:3b:
                    7c:a1:60:19:e8:19:d5:ba:d5:76:8e:7b:73:fc:c6:
                    9b:08:8e:58:28:25:00:15:53:f6:6e:8e:88:18:77:
                    c1:39:80:36:96:2c:9e:02:39:15:c0:69:ee:b5:03:
                    9a:39:f2:dc:27:ad:70:d0:5d:01:75:3f:54:e9:59:
                    9f:65:a4:fd:ab:5c:eb:6f:17:d3:cd:89:2b:ec:ed:
                    1a:4a:c9:06:61:ab:02:7a:4c:80:c5:52:af:04:a8:
                    8f:f3:02:e7:1c:f9:e7:1b:42:af:cd:7e:26:95:73:
                    10:c0:41:83:38:ba:ab:b1:e5:bb:52:72:33:00:bf:
                    3c:eb:0e:88:73:30:84:13:43:53:b0:f2:d8:56:75:
                    1b:46:ee:d0:4c:56:12:da:93:c0:8b:3c:2b:f1:4e:
                    90:f0:4f:9a:99:58:a0:56:1d:11:3e:9d:3d:4c:ca:
                    75:ba:36:dd:0a:3c:e8:55:9e:94:9f:75:b9:bc:4b:
                    41:03:bd:e1:28:9e:b2:eb:bf:d9:0c:54:4e:62:0f:
                    b0:b4:5e:b2:b6:67:b5:c8:40:bd:eb:a6:8b:21:79:
                    42:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:1E:4D:1E:7C:BE:1F:97:94:E6:D8:2A:34:DC:BA:3F:ED:37:67:D4
            X509v3 Authority Key Identifier:
                keyid:5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/YR5NHny-H5eU5tgqNNy6P-03Z9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:db:3a:05:06:25:31:30:10:de:28:33:b0:88:8b:fb:43:e2:
         38:c5:20:df:3f:b7:86:f7:42:4b:ec:e9:e6:c9:db:39:fa:15:
         f2:e0:54:e3:37:92:b0:c4:31:4b:77:e2:ba:8f:92:ce:c2:31:
         ad:09:3d:3c:53:44:6a:96:64:c1:27:d1:bc:44:59:e4:d4:79:
         19:2e:f2:c5:f2:ff:b5:bf:3a:a9:37:8d:e9:b0:34:6a:21:49:
         05:2b:80:a9:a1:20:6e:73:31:ea:f9:0f:e4:50:b7:68:44:b7:
         d2:72:a5:fa:ee:7b:d0:f2:14:ee:f9:fe:66:22:9d:14:d5:b6:
         9f:b3:84:91:39:80:ef:d5:b1:e8:85:c6:da:c6:8c:d6:09:37:
         57:9f:40:f9:b0:5d:87:69:5f:5f:35:9d:6f:f8:62:41:47:e4:
         85:01:4d:fb:1b:30:9c:9e:2c:ab:78:c5:2c:e1:49:8b:b2:0b:
         f9:de:68:0b:fd:5f:70:76:d7:89:bc:aa:41:87:11:4a:b0:ef:
         fe:dd:08:e3:e0:14:8f:88:f0:02:93:c3:9d:65:af:1b:ec:4d:
         80:11:77:f7:63:88:25:81:4c:0d:80:07:91:54:55:40:76:05:
         06:de:ff:b6:08:25:ad:8b:45:ce:fd:fa:4a:fb:6d:77:e2:fc:
         a3:cf:14:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6TTmoxacp8Z6paHSd9fM11MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmZTUzYzBiZmMzYzhmYjU2YjgxMTkxMzE3MTQ0NDQzZTBl
MjlkMjUwHhcNMjYwNjA0MTU0NDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTFlNGQxZTdjYmUxZjk3OTRlNmQ4MmEzNGRjYmEzZmVkMzc2N2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4V8ISlNoco2Xid2oPvWc16Gyn79
A0TGMnaBI2fFZGRkYR44g031kPuaojt8oWAZ6BnVutV2jntz/MabCI5YKCUAFVP2
bo6IGHfBOYA2liyeAjkVwGnutQOaOfLcJ61w0F0BdT9U6VmfZaT9q1zrbxfTzYkr
7O0aSskGYasCekyAxVKvBKiP8wLnHPnnG0KvzX4mlXMQwEGDOLqrseW7UnIzAL88
6w6IczCEE0NTsPLYVnUbRu7QTFYS2pPAizwr8U6Q8E+amVigVh0RPp09TMp1ujbd
CjzoVZ6Un3W5vEtBA73hKJ6y67/ZDFROYg+wtF6ytme1yEC966aLIXlCUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGEeTR58vh+XlObYKjTcuj/tN2fUMB8GA1UdIwQY
MBaAFF/lPAv8PI+1a4EZExcUREPg4p0lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDct
NWNmNTZlZTQzNWIzLzEvWVI1TkhueS1INWVVNXRncU5OeTZQLTAzWjlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDctNWNmNTZlZTQzNWIz
LzEvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+hUMA0G
CSqGSIb3DQEBCwUAA4IBAQBE2zoFBiUxMBDeKDOwiIv7Q+I4xSDfP7eG90JL7Onm
yds5+hXy4FTjN5KwxDFLd+K6j5LOwjGtCT08U0RqlmTBJ9G8RFnk1HkZLvLF8v+1
vzqpN43psDRqIUkFK4CpoSBuczHq+Q/kULdoRLfScqX67nvQ8hTu+f5mIp0U1baf
s4SROYDv1bHohcbaxozWCTdXn0D5sF2HaV9fNZ1v+GJBR+SFAU37GzCcniyreMUs
4UmLsgv53mgL/V9wdteJvKpBhxFKsO/+3Qjj4BSPiPACk8OdZa8b7E2AEXf3Y4gl
gUwNgAeRVFVAdgUG3v+2CCWti0XO/fpK+2134vyjzxT5
-----END CERTIFICATE-----