Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YIdYrzPb53nAtFA377-1Purqdfs.roa
File:                     YIdYrzPb53nAtFA377-1Purqdfs.roa (raw, json)
Hash identifier:          6XTsdigiIGr46EMqP0xvHEoAFKNTh4+m093MGhXn/xM=
Subject key identifier:   60:87:58:AF:33:DB:E7:79:C0:B4:50:37:EF:BF:B5:3E:EA:EA:75:FB
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019D3E0C2BEA120B559096F881B308AF1796
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YIdYrzPb53nAtFA377-1Purqdfs.roa
Signing time:             Mon 30 Mar 2026 09:21:18 +0000
ROA not before:           Mon 30 Mar 2026 09:21:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216392
IP address blocks:        45.81.152.0/23 maxlen: 24
                          45.144.228.0/24 maxlen: 24
                          2a0b:da80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 Apr 2026 23:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3e:0c:2b:ea:12:0b:55:90:96:f8:81:b3:08:af:17:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Mar 30 09:21:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=608758af33dbe779c0b45037efbfb53eeaea75fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f6:48:09:86:1c:67:6d:55:c2:48:2c:3c:7b:
                    2a:b1:14:c4:4e:a7:b4:b6:9c:99:9d:af:15:2f:96:
                    7c:be:bf:a3:99:43:da:c0:84:3a:59:c4:30:c2:1b:
                    c7:21:bc:5e:f1:17:f3:55:52:94:b8:57:bf:40:cf:
                    83:32:11:9d:ed:de:4a:c3:77:dd:48:f3:0e:7a:e8:
                    e4:9d:2f:ab:c5:12:02:40:12:26:c6:4f:1f:3f:63:
                    d3:a6:10:65:55:7c:7e:2d:36:d4:cf:bf:93:e5:46:
                    e1:e2:31:fd:ee:bd:0b:cc:fa:e7:5a:09:df:79:ed:
                    bc:2c:6f:9d:ea:ab:f3:eb:d8:d8:b4:3c:7a:94:71:
                    86:18:6c:a9:bb:bc:da:f3:0b:35:19:8e:fa:0d:ad:
                    5e:bd:5d:37:a8:a4:11:39:41:41:d4:93:d6:df:a8:
                    5f:a2:af:0f:ad:a8:f5:6c:bc:7a:21:e7:8f:28:7e:
                    53:ba:81:e6:48:d0:b7:6a:4c:71:c8:93:c1:75:b9:
                    7f:26:0b:b2:6b:8f:43:ea:60:b0:b0:4e:16:13:58:
                    00:c3:b1:9a:6b:2d:46:43:20:8a:65:b0:3d:54:83:
                    1b:f2:34:f9:8c:63:c7:06:bb:7d:3b:bf:e2:54:87:
                    8a:74:24:6e:7e:aa:6f:4e:68:14:d3:b0:21:56:6c:
                    37:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:87:58:AF:33:DB:E7:79:C0:B4:50:37:EF:BF:B5:3E:EA:EA:75:FB
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YIdYrzPb53nAtFA377-1Purqdfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.152.0/23
                  45.144.228.0/24
                IPv6:
                  2a0b:da80::/32

    Signature Algorithm: sha256WithRSAEncryption
         48:4c:ea:76:9d:8e:a6:21:04:19:99:b7:ba:2a:22:ce:03:14:
         44:dd:e1:5e:96:ef:ef:32:ff:8b:ba:3f:85:87:55:54:e7:85:
         89:f6:37:8d:50:5b:cc:b0:be:73:96:92:09:27:7c:2d:96:92:
         22:c5:24:3a:3e:85:6d:f8:29:e4:cc:f3:14:ab:df:3e:ef:38:
         25:71:10:b1:d7:f4:19:b9:fd:1d:fc:d0:ce:2e:d6:f0:8f:d5:
         eb:65:60:4c:db:e1:40:d6:71:21:2e:9b:f3:78:18:9d:9e:09:
         ea:73:d2:07:0e:e2:7e:68:64:8b:27:61:86:3d:25:c6:55:30:
         62:fd:8f:99:1f:66:93:42:61:cf:cd:80:b2:29:3e:9c:9d:10:
         27:cb:80:9a:3d:10:e6:90:e3:50:47:d8:6a:94:d7:23:f0:39:
         e0:fe:ea:38:1d:14:48:84:da:6a:36:9a:02:1b:43:c9:a8:a4:
         16:bb:7c:53:3e:0e:37:f0:e7:ec:90:05:3c:d1:21:a8:e7:c9:
         23:c4:99:82:55:28:19:44:95:ac:0e:5b:ab:06:0b:13:45:b6:
         16:45:14:07:cb:60:27:33:f5:ea:9f:7b:15:cd:49:74:d7:7b:
         cf:97:e3:28:09:9f:a4:05:ae:91:1d:55:96:dd:b8:9d:29:67:
         e3:1f:de:65
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ0+DCvqEgtVkJb4gbMIrxeWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwMzMwMDkyMTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDg3NThhZjMzZGJlNzc5YzBiNDUwMzdlZmJmYjUzZWVhZWE3NWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/ZICYYcZ21VwkgsPHsqsRTETqe0
tpyZna8VL5Z8vr+jmUPawIQ6WcQwwhvHIbxe8RfzVVKUuFe/QM+DMhGd7d5Kw3fd
SPMOeujknS+rxRICQBImxk8fP2PTphBlVXx+LTbUz7+T5Ubh4jH97r0LzPrnWgnf
ee28LG+d6qvz69jYtDx6lHGGGGypu7za8ws1GY76Da1evV03qKQROUFB1JPW36hf
oq8Praj1bLx6IeePKH5TuoHmSNC3akxxyJPBdbl/Jguya49D6mCwsE4WE1gAw7Ga
ay1GQyCKZbA9VIMb8jT5jGPHBrt9O7/iVIeKdCRufqpvTmgU07AhVmw3+QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGCHWK8z2+d5wLRQN++/tT7q6nX7MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvWUlkWXJ6UGI1M25BdEZBMzc3LTFQdXJxZGZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBLVGYAwQA
LZDkMA0EAgACMAcDBQAqC9qAMA0GCSqGSIb3DQEBCwUAA4IBAQBITOp2nY6mIQQZ
mbe6KiLOAxRE3eFelu/vMv+Luj+Fh1VU54WJ9jeNUFvMsL5zlpIJJ3wtlpIixSQ6
PoVt+CnkzPMUq98+7zglcRCx1/QZuf0d/NDOLtbwj9XrZWBM2+FA1nEhLpvzeBid
ngnqc9IHDuJ+aGSLJ2GGPSXGVTBi/Y+ZH2aTQmHPzYCyKT6cnRAny4CaPRDmkONQ
R9hqlNcj8Dng/uo4HRRIhNpqNpoCG0PJqKQWu3xTPg438OfskAU80SGo58kjxJmC
VSgZRJWsDlurBgsTRbYWRRQHy2AnM/Xqn3sVzUl013vPl+MoCZ+kBa6RHVWW3bid
KWfjH95l
-----END CERTIFICATE-----