Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/YZ_3-zsmahPKGV50EW_45H3Os4E.roa
File:                     YZ_3-zsmahPKGV50EW_45H3Os4E.roa (raw, json)
Hash identifier:          cA2MZUp0rMpwLMiRwAAN8Cgndzq6TMZSK0AGVpL/aP8=
Subject key identifier:   61:9F:F7:FB:3B:26:6A:13:CA:19:5E:74:11:6F:F8:E4:7D:CE:B3:81
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019DDA7193238876CC42CE573AB4B38F10DE
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/YZ_3-zsmahPKGV50EW_45H3Os4E.roa
Signing time:             Wed 29 Apr 2026 18:12:49 +0000
ROA not before:           Wed 29 Apr 2026 18:12:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29802
IP address blocks:        5.180.50.0/24 maxlen: 24
                          5.180.51.0/24 maxlen: 24
                          45.8.185.0/24 maxlen: 24
                          85.209.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 May 2026 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:da:71:93:23:88:76:cc:42:ce:57:3a:b4:b3:8f:10:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Apr 29 18:12:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=619ff7fb3b266a13ca195e74116ff8e47dceb381
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:40:7a:c6:a0:b1:0a:28:12:44:63:40:c2:e7:
                    6c:4b:d8:63:de:c1:f5:3b:4e:58:3a:51:c9:71:18:
                    8e:f7:0b:a6:c7:73:4d:83:96:72:e2:b0:29:a2:02:
                    19:69:9e:19:84:53:f8:b8:f9:ec:92:38:64:6c:08:
                    e2:71:74:19:44:e0:a2:1e:0f:22:35:97:91:83:82:
                    55:ea:bf:d8:25:d6:96:ee:6f:97:e7:eb:c4:c7:97:
                    86:37:96:78:36:91:d3:22:23:d4:3b:e9:15:ec:10:
                    54:7e:c9:1d:57:ba:ef:49:24:2c:29:19:e9:58:c3:
                    bc:28:31:5d:90:ee:5c:c7:77:ce:29:3c:18:b2:ee:
                    66:2d:7c:b8:9a:6a:21:fa:e8:a8:4b:72:c2:17:bc:
                    c8:ad:26:99:60:7b:f7:89:17:96:23:c7:5f:72:6a:
                    8a:41:9c:48:65:8b:31:81:0f:81:90:4c:02:02:1c:
                    3f:bf:52:40:cf:b5:01:69:31:78:78:e5:11:54:1b:
                    57:aa:bc:50:61:9c:1a:98:07:06:ba:33:2d:9c:7b:
                    0a:55:78:23:a6:2e:51:12:66:b1:83:8a:88:01:e1:
                    54:f7:a4:71:ec:5a:6f:5c:49:6f:24:92:d3:8b:e0:
                    43:c3:73:d3:01:86:f0:94:76:5d:41:2c:c4:88:0c:
                    b8:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:9F:F7:FB:3B:26:6A:13:CA:19:5E:74:11:6F:F8:E4:7D:CE:B3:81
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/YZ_3-zsmahPKGV50EW_45H3Os4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.50.0/23
                  45.8.185.0/24
                  85.209.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:78:f4:05:b4:4d:9b:11:e0:74:f0:3b:31:82:76:12:b1:50:
         01:6c:27:15:5f:30:ee:9b:fb:76:58:5b:48:26:02:96:90:f6:
         c9:90:20:96:f9:07:e7:69:51:8f:a2:a2:0f:ab:0c:fa:7b:2c:
         34:93:8c:12:81:23:d0:3e:1c:36:fc:70:e3:56:80:c4:c8:25:
         9d:19:37:af:e0:32:58:3e:b1:f2:79:dd:54:33:1a:c8:85:b2:
         0c:7f:6e:a1:89:10:98:61:c2:e1:8f:88:f9:65:96:7f:88:52:
         c0:b7:33:4e:46:83:a6:c1:b7:c6:10:2b:21:03:3b:d5:05:97:
         b1:6d:45:ec:4a:bf:9c:a9:3b:e6:9f:48:df:8f:9b:b4:35:fc:
         3a:24:dd:b4:3c:5e:df:e0:1a:14:9d:a5:50:c0:be:95:0d:eb:
         a8:2c:1c:da:60:97:94:4a:5a:e1:15:ca:9a:f4:27:51:75:4a:
         5f:fe:0a:f0:8e:29:00:75:14:be:9c:e8:d8:5b:4c:5a:d9:28:
         b1:32:3a:b6:00:71:3a:fe:05:aa:1a:c8:cc:ce:39:2c:33:51:
         9d:ee:b5:bc:b6:86:95:4c:78:f5:26:81:5b:df:d7:e7:23:e6:
         03:eb:97:6a:f1:42:7c:8e:6b:89:50:a0:19:cf:38:0c:84:be:
         98:62:da:ba
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ3acZMjiHbMQs5XOrSzjxDeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjYwNDI5MTgxMjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTlmZjdmYjNiMjY2YTEzY2ExOTVlNzQxMTZmZjhlNDdkY2ViMzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0B6xqCxCigSRGNAwudsS9hj3sH1
O05YOlHJcRiO9wumx3NNg5Zy4rApogIZaZ4ZhFP4uPnskjhkbAjicXQZROCiHg8i
NZeRg4JV6r/YJdaW7m+X5+vEx5eGN5Z4NpHTIiPUO+kV7BBUfskdV7rvSSQsKRnp
WMO8KDFdkO5cx3fOKTwYsu5mLXy4mmoh+uioS3LCF7zIrSaZYHv3iReWI8dfcmqK
QZxIZYsxgQ+BkEwCAhw/v1JAz7UBaTF4eOURVBtXqrxQYZwamAcGujMtnHsKVXgj
pi5REmaxg4qIAeFU96Rx7FpvXElvJJLTi+BDw3PTAYbwlHZdQSzEiAy4ZQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGGf9/s7JmoTyhledBFv+OR9zrOBMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvWVpfMy16c21haFBLR1Y1MEVXXzQ1SDNPczRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBBbQyAwQA
LQi5AwQAVdGiMA0GCSqGSIb3DQEBCwUAA4IBAQBdePQFtE2bEeB08DsxgnYSsVAB
bCcVXzDum/t2WFtIJgKWkPbJkCCW+QfnaVGPoqIPqwz6eyw0k4wSgSPQPhw2/HDj
VoDEyCWdGTev4DJYPrHyed1UMxrIhbIMf26hiRCYYcLhj4j5ZZZ/iFLAtzNORoOm
wbfGECshAzvVBZexbUXsSr+cqTvmn0jfj5u0Nfw6JN20PF7f4BoUnaVQwL6VDeuo
LBzaYJeUSlrhFcqa9CdRdUpf/grwjikAdRS+nOjYW0xa2SixMjq2AHE6/gWqGsjM
zjksM1Gd7rW8toaVTHj1JoFb39fnI+YD65dq8UJ8jmuJUKAZzzgMhL6YYtq6
-----END CERTIFICATE-----