Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/76ad5a-d1fc-4c81-961e-9264012007ec/1/YZiBeQhaDTApi9u5EktWl2c3oHg.roa
File:                     YZiBeQhaDTApi9u5EktWl2c3oHg.roa (raw, json)
Hash identifier:          xfSLGjgMoN2yLQxqj9xzezqaktTvKdlJEWVhN7B/cxE=
Subject key identifier:   61:98:81:79:08:5A:0D:30:29:8B:DB:B9:12:4B:56:97:67:37:A0:78
Certificate issuer:       /CN=f3bfb88678d5888ec79ed4e0d7d8e89650670201
Certificate serial:       019DD4130404890977B0979882643A2138A1
Authority key identifier: F3:BF:B8:86:78:D5:88:8E:C7:9E:D4:E0:D7:D8:E8:96:50:67:02:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/87-4hnjViI7HntTg19jollBnAgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/76ad5a-d1fc-4c81-961e-9264012007ec/1/YZiBeQhaDTApi9u5EktWl2c3oHg.roa
Signing time:             Tue 28 Apr 2026 12:31:49 +0000
ROA not before:           Tue 28 Apr 2026 12:31:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     4637
IP address blocks:        185.91.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/76ad5a-d1fc-4c81-961e-9264012007ec/1/87-4hnjViI7HntTg19jollBnAgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/76ad5a-d1fc-4c81-961e-9264012007ec/1/87-4hnjViI7HntTg19jollBnAgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/87-4hnjViI7HntTg19jollBnAgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 15:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d4:13:04:04:89:09:77:b0:97:98:82:64:3a:21:38:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3bfb88678d5888ec79ed4e0d7d8e89650670201
        Validity
            Not Before: Apr 28 12:31:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=61988179085a0d30298bdbb9124b56976737a078
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:9f:53:54:0b:ec:cf:e1:3b:d9:43:df:17:d8:
                    24:b8:16:0a:3f:c1:36:80:ed:05:ad:ca:68:f6:21:
                    9b:b4:b7:b6:2f:d3:56:78:72:72:50:c5:18:56:fe:
                    60:fb:53:ec:39:4c:dc:ea:34:33:21:dd:d4:97:65:
                    83:e2:32:35:6b:2b:ea:08:c1:b1:19:49:6c:4e:1e:
                    16:4d:d0:8f:d2:37:3c:f4:f3:95:b9:cf:05:72:ef:
                    02:2a:66:c3:24:0b:d9:11:23:65:5b:8c:0d:84:8e:
                    fe:7b:bb:22:62:5a:58:14:d9:17:fc:24:67:30:36:
                    ed:fc:f3:dd:50:e1:a2:01:0e:63:4d:d1:c7:fa:74:
                    d6:fd:e3:3e:00:d6:70:ba:dd:ca:a3:ae:69:82:44:
                    08:5f:44:47:a0:ee:16:ad:c4:73:7c:76:7a:99:bd:
                    d3:02:90:73:5f:bf:9c:b1:6b:ce:9c:81:d6:33:79:
                    b1:e0:a2:c3:aa:3c:a2:3d:8d:5c:f8:7a:92:ec:d8:
                    06:1a:a8:e2:51:46:b8:aa:da:3d:2b:75:62:fd:b3:
                    c2:de:ca:fd:76:8c:37:7d:a3:3c:df:9b:a9:bb:ea:
                    f6:25:63:08:7a:e9:d3:9a:cd:ca:9d:51:07:e6:28:
                    ad:ef:43:76:97:a6:02:df:48:78:c7:6d:d4:9d:2f:
                    b6:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:98:81:79:08:5A:0D:30:29:8B:DB:B9:12:4B:56:97:67:37:A0:78
            X509v3 Authority Key Identifier:
                keyid:F3:BF:B8:86:78:D5:88:8E:C7:9E:D4:E0:D7:D8:E8:96:50:67:02:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/87-4hnjViI7HntTg19jollBnAgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/76ad5a-d1fc-4c81-961e-9264012007ec/1/YZiBeQhaDTApi9u5EktWl2c3oHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/76ad5a-d1fc-4c81-961e-9264012007ec/1/87-4hnjViI7HntTg19jollBnAgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:68:c2:9b:e7:dd:ee:dc:e2:47:b3:52:af:b2:d7:71:82:7f:
         73:31:f3:3d:b1:51:04:44:81:48:87:8a:c7:85:e1:32:cb:51:
         01:39:ec:0b:87:36:ed:cc:85:0c:67:bd:f4:ed:b6:1d:30:cc:
         67:f4:9e:d9:d3:de:32:ad:04:db:e4:ac:7c:f6:db:e6:f7:49:
         3a:08:5d:e0:b0:fe:c6:f9:bf:85:9c:65:0f:ea:f9:a0:60:65:
         b1:58:0c:9a:5b:75:85:a3:e5:06:38:58:7a:e6:78:7b:a0:a8:
         7f:a3:00:84:e2:f6:22:9a:e4:57:36:7f:a1:af:3a:67:81:96:
         2c:23:f5:a8:14:b0:4a:7f:63:c4:cf:e4:2b:18:44:76:86:8b:
         ee:d4:63:95:f3:77:fc:27:50:50:d5:7b:d8:0e:84:5c:00:24:
         15:51:d5:7d:07:2b:9b:45:23:cf:01:65:e2:ac:cc:07:70:cb:
         47:cc:49:fc:14:66:7b:df:2a:a8:b8:54:74:9f:f3:2c:85:49:
         0d:ed:41:dd:a1:3a:98:7d:14:dd:3f:a8:39:6e:2b:02:57:a4:
         de:e1:de:0f:e4:42:9e:f6:6c:5a:92:1e:ed:21:53:26:19:bc:
         65:50:22:53:7b:d2:85:1a:2f:be:43:2d:2a:4d:dc:cd:bc:ff:
         2e:8c:4b:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3UEwQEiQl3sJeYgmQ6ITihMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzYmZiODg2NzhkNTg4OGVjNzllZDRlMGQ3ZDhlODk2NTA2
NzAyMDEwHhcNMjYwNDI4MTIzMTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTk4ODE3OTA4NWEwZDMwMjk4YmRiYjkxMjRiNTY5NzY3MzdhMDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAop9TVAvsz+E72UPfF9gkuBYKP8E2
gO0Frcpo9iGbtLe2L9NWeHJyUMUYVv5g+1PsOUzc6jQzId3Ul2WD4jI1ayvqCMGx
GUlsTh4WTdCP0jc89POVuc8Fcu8CKmbDJAvZESNlW4wNhI7+e7siYlpYFNkX/CRn
MDbt/PPdUOGiAQ5jTdHH+nTW/eM+ANZwut3Ko65pgkQIX0RHoO4WrcRzfHZ6mb3T
ApBzX7+csWvOnIHWM3mx4KLDqjyiPY1c+HqS7NgGGqjiUUa4qto9K3Vi/bPC3sr9
dow3faM835upu+r2JWMIeunTms3KnVEH5iit70N2l6YC30h4x23UnS+2cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGGYgXkIWg0wKYvbuRJLVpdnN6B4MB8GA1UdIwQY
MBaAFPO/uIZ41YiOx57U4NfY6JZQZwIBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODctNGhualZpSTdIbnRUZzE5am9sbEJuQWdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi83NmFkNWEtZDFmYy00YzgxLTk2MWUt
OTI2NDAxMjAwN2VjLzEvWVppQmVRaGFEVEFwaTl1NUVrdFdsMmMzb0hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi83NmFkNWEtZDFmYy00YzgxLTk2MWUtOTI2NDAxMjAwN2Vj
LzEvODctNGhualZpSTdIbnRUZzE5am9sbEJuQWdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVtzMA0G
CSqGSIb3DQEBCwUAA4IBAQBqaMKb593u3OJHs1Kvstdxgn9zMfM9sVEERIFIh4rH
heEyy1EBOewLhzbtzIUMZ7307bYdMMxn9J7Z094yrQTb5Kx89tvm90k6CF3gsP7G
+b+FnGUP6vmgYGWxWAyaW3WFo+UGOFh65nh7oKh/owCE4vYimuRXNn+hrzpngZYs
I/WoFLBKf2PEz+QrGER2hovu1GOV83f8J1BQ1XvYDoRcACQVUdV9ByubRSPPAWXi
rMwHcMtHzEn8FGZ73yqouFR0n/MshUkN7UHdoTqYfRTdP6g5bisCV6Te4d4P5EKe
9mxakh7tIVMmGbxlUCJTe9KFGi++Qy0qTdzNvP8ujEvq
-----END CERTIFICATE-----