Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/YlxA0Q-VURUu45wYWi9PrJBbFqQ.roa
File:                     YlxA0Q-VURUu45wYWi9PrJBbFqQ.roa (raw, json)
Hash identifier:          0qOL2u6kgHDYQ5bN7MYpb3uZWaPAYWqCNMDX1bwrEkI=
Subject key identifier:   62:5C:40:D1:0F:95:51:15:2E:E3:9C:18:5A:2F:4F:AC:90:5B:16:A4
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019E83B266D22C88C34025FF0D21DF8BD0CF
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/YlxA0Q-VURUu45wYWi9PrJBbFqQ.roa
Signing time:             Mon 01 Jun 2026 14:59:27 +0000
ROA not before:           Mon 01 Jun 2026 14:59:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     153168
IP address blocks:        216.236.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 23:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:83:b2:66:d2:2c:88:c3:40:25:ff:0d:21:df:8b:d0:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Jun  1 14:59:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=625c40d10f9551152ee39c185a2f4fac905b16a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:3f:80:cf:f0:99:2d:99:7a:52:16:b9:76:e1:
                    95:26:49:4f:24:4b:d9:52:43:53:2e:be:3b:5b:19:
                    a8:8f:fc:34:06:62:6b:92:a2:71:c1:25:92:2b:a4:
                    6d:df:56:9c:48:5c:e1:e4:72:bb:d8:60:1b:bd:80:
                    2e:02:79:bd:e3:6b:5c:f6:95:98:eb:25:68:ee:63:
                    0a:e8:23:26:0c:15:e4:ef:99:42:48:7b:20:fe:95:
                    fa:1d:2d:1c:2a:dd:f6:e5:31:e0:c2:d9:94:e4:2c:
                    c8:76:56:f1:d7:e1:eb:55:22:97:a7:13:b9:4e:65:
                    3b:0e:d3:89:25:04:27:52:4c:13:f4:50:c3:92:51:
                    6c:d5:3e:8d:a0:bf:04:7e:00:3c:7c:79:b0:07:d6:
                    16:ed:93:d5:56:32:03:be:59:fd:13:e8:c9:22:e8:
                    a5:24:04:15:bb:2d:71:c1:26:ac:14:aa:f1:40:81:
                    53:18:86:64:22:99:cc:f6:05:37:79:4b:ae:a8:2b:
                    fc:40:e7:94:c0:be:76:b5:d6:0d:ee:77:00:90:d9:
                    e2:e1:ff:99:cd:ec:a1:13:c8:83:c1:25:f6:7e:68:
                    15:4d:be:4e:37:28:a9:07:d9:88:45:e5:13:f3:e7:
                    09:6a:9d:38:a8:8b:d5:ec:e2:fa:de:72:f5:f2:75:
                    d7:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:5C:40:D1:0F:95:51:15:2E:E3:9C:18:5A:2F:4F:AC:90:5B:16:A4
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/YlxA0Q-VURUu45wYWi9PrJBbFqQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.236.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:86:32:ce:b2:6a:0b:42:c3:f0:9e:b4:18:66:41:1b:e3:fe:
         1e:ea:bc:11:c9:d3:54:ce:00:c4:7b:a7:5f:cc:a5:39:a9:47:
         96:6a:4b:d6:6d:ad:79:45:f3:63:de:97:31:df:6e:97:5e:9e:
         7b:9a:9b:af:af:a5:00:b9:54:4b:0f:86:98:8f:52:5d:58:fa:
         1f:cb:b3:d6:d7:19:c2:a3:03:a7:53:1a:40:ce:f8:8d:df:e2:
         50:8a:fd:0b:39:b6:e4:2e:95:4a:ad:af:72:84:7d:2b:a3:19:
         dc:bf:1a:03:ed:d0:64:ea:49:b0:0a:ef:b4:ed:c6:7d:2f:c7:
         dc:46:8f:92:3f:37:5d:ee:77:16:52:e0:2f:06:b8:86:8b:06:
         de:c2:29:74:89:cb:65:49:74:65:c3:9a:fd:72:87:1e:48:6e:
         eb:1f:dc:d3:5b:6d:d5:ea:82:1c:a2:75:13:60:41:10:a8:ad:
         eb:57:12:4b:ab:24:1f:a7:90:5c:73:92:58:e7:2f:fd:45:6f:
         82:13:7e:79:08:0c:91:da:cf:8b:c6:ed:ab:0c:77:c6:8f:53:
         6a:89:9e:eb:2c:6d:16:25:22:79:cc:da:a5:88:46:b4:a2:ef:
         65:1e:c0:7b:b5:92:88:70:c9:fa:ce:c1:c3:c2:e0:82:4e:59:
         ef:aa:8e:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6DsmbSLIjDQCX/DSHfi9DPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwNjAxMTQ1OTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjVjNDBkMTBmOTU1MTE1MmVlMzljMTg1YTJmNGZhYzkwNWIxNmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2j+Az/CZLZl6Uha5duGVJklPJEvZ
UkNTLr47Wxmoj/w0BmJrkqJxwSWSK6Rt31acSFzh5HK72GAbvYAuAnm942tc9pWY
6yVo7mMK6CMmDBXk75lCSHsg/pX6HS0cKt325THgwtmU5CzIdlbx1+HrVSKXpxO5
TmU7DtOJJQQnUkwT9FDDklFs1T6NoL8EfgA8fHmwB9YW7ZPVVjIDvln9E+jJIuil
JAQVuy1xwSasFKrxQIFTGIZkIpnM9gU3eUuuqCv8QOeUwL52tdYN7ncAkNni4f+Z
zeyhE8iDwSX2fmgVTb5ONyipB9mIReUT8+cJap04qIvV7OL63nL18nXX9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGJcQNEPlVEVLuOcGFovT6yQWxakMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvWWx4QTBRLVZVUlV1NDV3WVdpOVBySkJiRnFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2OwyMA0G
CSqGSIb3DQEBCwUAA4IBAQCphjLOsmoLQsPwnrQYZkEb4/4e6rwRydNUzgDEe6df
zKU5qUeWakvWba15RfNj3pcx326XXp57mpuvr6UAuVRLD4aYj1JdWPofy7PW1xnC
owOnUxpAzviN3+JQiv0LObbkLpVKra9yhH0roxncvxoD7dBk6kmwCu+07cZ9L8fc
Ro+SPzdd7ncWUuAvBriGiwbewil0ictlSXRlw5r9coceSG7rH9zTW23V6oIconUT
YEEQqK3rVxJLqyQfp5Bcc5JY5y/9RW+CE355CAyR2s+Lxu2rDHfGj1NqiZ7rLG0W
JSJ5zNqliEa0ou9lHsB7tZKIcMn6zsHDwuCCTlnvqo7+
-----END CERTIFICATE-----