Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/yWjq8tMegtSp646tNouua0rKzbg.roa
File:                     yWjq8tMegtSp646tNouua0rKzbg.roa (raw, json)
Hash identifier:          dzGbAHT2B+kr637o2+fV8atD4a06Lybf+LGMSMU8Kl4=
Subject key identifier:   C9:68:EA:F2:D3:1E:82:D4:A9:EB:8E:AD:36:8B:AE:6B:4A:CA:CD:B8
Certificate issuer:       /CN=60c44dff71879863ea71442023b7f354dc3dad7c
Certificate serial:       019D00D45902B176D67B68D7D90D699980BB
Authority key identifier: 60:C4:4D:FF:71:87:98:63:EA:71:44:20:23:B7:F3:54:DC:3D:AD:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YMRN_3GHmGPqcUQgI7fzVNw9rXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/yWjq8tMegtSp646tNouua0rKzbg.roa
Signing time:             Wed 18 Mar 2026 12:03:29 +0000
ROA not before:           Wed 18 Mar 2026 12:03:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        185.88.184.0/24 maxlen: 24
                          185.88.185.0/24 maxlen: 24
                          185.88.186.0/24 maxlen: 24
                          185.88.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/YMRN_3GHmGPqcUQgI7fzVNw9rXw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/YMRN_3GHmGPqcUQgI7fzVNw9rXw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YMRN_3GHmGPqcUQgI7fzVNw9rXw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Mar 2026 06:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:d4:59:02:b1:76:d6:7b:68:d7:d9:0d:69:99:80:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60c44dff71879863ea71442023b7f354dc3dad7c
        Validity
            Not Before: Mar 18 12:03:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c968eaf2d31e82d4a9eb8ead368bae6b4acacdb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:1c:b6:9e:8f:a7:a6:ea:78:80:31:75:ff:0f:
                    5d:cf:17:f0:4b:5a:79:01:28:f2:00:ec:da:8b:eb:
                    1e:f5:64:6e:3d:b7:8b:37:73:6b:24:10:1b:e6:b8:
                    ed:66:7b:8b:c3:3f:70:76:56:75:e5:c7:df:ad:af:
                    c4:6b:fd:bb:91:02:4d:49:8f:93:f0:62:90:26:e3:
                    81:da:cd:4e:3c:48:0c:dd:92:f1:ac:e7:a3:33:e8:
                    25:d6:f6:e6:c9:b8:8b:92:de:b8:28:80:69:89:e9:
                    7b:d5:3d:f0:ba:cf:89:3b:be:bd:62:1e:6a:06:8f:
                    2f:14:1b:e0:86:71:93:93:77:81:55:a8:fb:91:44:
                    67:d3:20:cd:3b:ce:ed:58:dd:2c:21:f0:f7:0b:a1:
                    c1:4f:9b:ec:d3:5c:95:1b:7f:95:53:31:10:88:55:
                    6d:24:e6:65:5b:32:90:2f:b5:71:28:fc:2d:27:14:
                    66:eb:a6:a4:8a:26:2f:85:4b:ee:9e:d5:72:52:54:
                    36:57:06:e2:75:81:50:ee:a8:c9:e4:d7:2a:92:39:
                    64:6a:5a:07:c6:b2:1a:63:ee:b0:49:6c:6f:5f:49:
                    0a:22:33:53:47:06:87:92:a3:42:5c:88:10:52:f2:
                    c2:0e:d7:bd:6d:c7:b1:f6:95:b0:7e:13:4f:61:a1:
                    39:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:68:EA:F2:D3:1E:82:D4:A9:EB:8E:AD:36:8B:AE:6B:4A:CA:CD:B8
            X509v3 Authority Key Identifier:
                keyid:60:C4:4D:FF:71:87:98:63:EA:71:44:20:23:B7:F3:54:DC:3D:AD:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YMRN_3GHmGPqcUQgI7fzVNw9rXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/yWjq8tMegtSp646tNouua0rKzbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/YMRN_3GHmGPqcUQgI7fzVNw9rXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b2:28:5f:86:0d:fd:ca:f6:73:c5:88:1e:98:86:c4:2e:4c:b8:
         38:83:89:ac:6e:bc:f2:83:48:b1:96:72:30:4d:aa:19:6f:43:
         7e:69:2b:14:64:bb:5f:35:d4:a9:7b:ef:39:da:76:b0:e9:16:
         ad:66:96:1e:9c:cd:82:e8:8f:f1:4e:a7:df:a4:b2:45:ba:76:
         de:aa:0a:01:65:4f:4c:1e:2a:16:28:41:9e:44:bf:74:54:99:
         ce:73:67:66:d2:58:71:a9:35:b6:07:ee:91:9a:3e:8a:a1:3b:
         c1:59:31:0c:60:c1:83:c6:79:cd:5f:32:a3:d8:25:65:d1:a9:
         b9:5d:5e:a9:40:26:55:15:7a:e5:34:ea:02:41:f0:5c:66:8f:
         d8:f1:e7:e1:63:84:be:79:a8:3f:94:ad:dd:d6:76:27:76:62:
         ef:f7:76:7c:da:3c:91:10:0e:76:85:0e:d1:55:7a:ec:07:1a:
         74:86:ff:35:d9:57:63:f0:f6:04:b8:40:28:f5:c2:53:05:46:
         77:5c:a1:2d:0e:3c:b3:c9:19:df:7f:91:dc:9d:66:c0:78:af:
         ab:40:d4:fc:ed:93:15:f9:34:8c:52:ea:fd:e4:ad:62:f0:99:
         4b:6a:0a:11:94:15:2f:7b:08:b5:1f:17:90:9f:4c:d8:5e:40:
         be:de:03:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0A1FkCsXbWe2jX2Q1pmYC7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYzQ0ZGZmNzE4Nzk4NjNlYTcxNDQyMDIzYjdmMzU0ZGMz
ZGFkN2MwHhcNMjYwMzE4MTIwMzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTY4ZWFmMmQzMWU4MmQ0YTllYjhlYWQzNjhiYWU2YjRhY2FjZGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxy2no+npup4gDF1/w9dzxfwS1p5
ASjyAOzai+se9WRuPbeLN3NrJBAb5rjtZnuLwz9wdlZ15cffra/Ea/27kQJNSY+T
8GKQJuOB2s1OPEgM3ZLxrOejM+gl1vbmybiLkt64KIBpiel71T3wus+JO769Yh5q
Bo8vFBvghnGTk3eBVaj7kURn0yDNO87tWN0sIfD3C6HBT5vs01yVG3+VUzEQiFVt
JOZlWzKQL7VxKPwtJxRm66akiiYvhUvuntVyUlQ2VwbidYFQ7qjJ5NcqkjlkaloH
xrIaY+6wSWxvX0kKIjNTRwaHkqNCXIgQUvLCDte9bcex9pWwfhNPYaE5rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMlo6vLTHoLUqeuOrTaLrmtKys24MB8GA1UdIwQY
MBaAFGDETf9xh5hj6nFEICO381TcPa18MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU1STl8zR0htR1BxY1VRZ0k3ZnpWTnc5clh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC82Y2U5OTQtOGU5OS00MGY5LWE0ZWIt
YjJkNzM2Nzg3MjdiLzEveVdqcTh0TWVndFNwNjQ2dE5vdXVhMHJLemJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC82Y2U5OTQtOGU5OS00MGY5LWE0ZWItYjJkNzM2Nzg3Mjdi
LzEvWU1STl8zR0htR1BxY1VRZ0k3ZnpWTnc5clh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVi4MA0G
CSqGSIb3DQEBCwUAA4IBAQCyKF+GDf3K9nPFiB6YhsQuTLg4g4msbrzyg0ixlnIw
TaoZb0N+aSsUZLtfNdSpe+852naw6RatZpYenM2C6I/xTqffpLJFunbeqgoBZU9M
HioWKEGeRL90VJnOc2dm0lhxqTW2B+6Rmj6KoTvBWTEMYMGDxnnNXzKj2CVl0am5
XV6pQCZVFXrlNOoCQfBcZo/Y8efhY4S+eag/lK3d1nYndmLv93Z82jyREA52hQ7R
VXrsBxp0hv812Vdj8PYEuEAo9cJTBUZ3XKEtDjyzyRnff5HcnWbAeK+rQNT87ZMV
+TSMUur95K1i8JlLagoRlBUvewi1HxeQn0zYXkC+3gPJ
-----END CERTIFICATE-----