Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/yp98x6yYYIuBZUC3bnf7MHgKEns.roa
File:                     yp98x6yYYIuBZUC3bnf7MHgKEns.roa (raw, json)
Hash identifier:          NAmEGNUz0k+oLVO5wpaWE9rr2iEdVjVHoP1KlrmllwU=
Subject key identifier:   CA:9F:7C:C7:AC:98:60:8B:81:65:40:B7:6E:77:FB:30:78:0A:12:7B
Certificate issuer:       /CN=3622fc2f8ad8b008357dbe6f0195960c9de61bd5
Certificate serial:       019E4F4D700D1574574F7537AB1F82BD865D
Authority key identifier: 36:22:FC:2F:8A:D8:B0:08:35:7D:BE:6F:01:95:96:0C:9D:E6:1B:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/yp98x6yYYIuBZUC3bnf7MHgKEns.roa
Signing time:             Fri 22 May 2026 10:48:55 +0000
ROA not before:           Fri 22 May 2026 10:48:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401293
IP address blocks:        151.123.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 17:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4f:4d:70:0d:15:74:57:4f:75:37:ab:1f:82:bd:86:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3622fc2f8ad8b008357dbe6f0195960c9de61bd5
        Validity
            Not Before: May 22 10:48:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca9f7cc7ac98608b816540b76e77fb30780a127b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:aa:e2:9e:60:86:77:73:6a:26:7d:e0:55:e5:
                    b8:62:ea:4f:0a:31:4f:f8:c8:d0:a4:bd:2e:ff:ae:
                    95:a2:79:63:70:e6:3d:4f:59:42:b8:8b:24:a7:71:
                    c6:1e:44:47:2c:3a:2b:18:5f:f1:d1:71:63:f9:53:
                    fb:e1:8b:26:f6:45:7e:4f:eb:04:d3:86:98:cf:3b:
                    2b:b0:c5:ca:10:f8:f2:f3:48:10:19:e6:c3:b8:f0:
                    5b:e5:e1:97:e8:dd:38:2d:85:8c:a7:eb:47:c0:34:
                    c4:b7:d2:98:cd:2b:a6:15:c1:28:63:46:c9:b2:a1:
                    1d:b9:21:a8:e3:02:d3:3b:f6:12:05:a1:75:06:c0:
                    d1:3b:b1:f0:f5:f9:da:15:7e:0f:68:db:81:39:f2:
                    0f:a9:55:89:59:fa:1a:6a:a0:86:33:36:f4:f1:37:
                    81:f8:78:54:59:a8:c1:b1:6f:af:c4:8a:4f:20:c6:
                    b9:d3:24:62:02:3e:25:bc:3e:29:99:1c:47:bf:0b:
                    ac:f8:ca:2f:a7:bd:cd:7f:70:36:c3:e1:6c:97:3a:
                    c9:b3:6d:8b:f8:b4:b1:61:00:11:af:da:ed:7b:d1:
                    11:40:39:0b:31:d5:1f:6d:76:6f:73:ba:31:d3:38:
                    ca:d2:db:3c:0d:fe:c2:c1:7a:d3:c5:0d:08:52:d8:
                    55:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:9F:7C:C7:AC:98:60:8B:81:65:40:B7:6E:77:FB:30:78:0A:12:7B
            X509v3 Authority Key Identifier:
                keyid:36:22:FC:2F:8A:D8:B0:08:35:7D:BE:6F:01:95:96:0C:9D:E6:1B:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/yp98x6yYYIuBZUC3bnf7MHgKEns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.123.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:f6:f1:f8:54:e9:c8:af:26:6d:df:1b:ff:4f:39:4a:cd:82:
         da:5b:ca:0f:cc:b9:63:eb:32:73:27:00:2f:57:8f:42:0d:64:
         f5:22:62:a8:f0:fa:fc:b1:26:7a:57:a1:05:d2:92:69:66:dd:
         dc:21:93:be:2e:4c:62:cb:43:7d:93:61:37:4e:b9:fe:d4:98:
         3f:35:a6:ae:c3:41:5e:e7:2e:63:08:b4:77:9b:65:9a:e0:d4:
         94:3a:ee:7a:50:9e:b0:b7:e9:9b:73:61:8b:85:8b:4d:39:79:
         0e:5b:7a:93:2f:40:b8:b3:2a:a1:7c:99:21:8f:e1:4a:81:b8:
         0b:cb:4a:cc:45:dd:ea:ff:70:2a:b7:95:3b:cf:cb:de:37:db:
         a6:02:70:38:55:01:57:0a:f0:b9:f8:0c:51:70:a0:92:98:62:
         f5:52:c5:e6:6f:57:64:26:43:91:eb:3a:0a:b2:c3:4a:1e:c2:
         c7:48:ab:25:9f:a4:f3:75:c7:9c:f2:71:92:1c:2a:ed:81:3f:
         bd:f3:07:8e:91:e5:4b:72:2e:e6:62:83:88:89:4e:10:b1:65:
         b1:d5:9c:32:cf:cd:95:96:f3:43:92:8e:4b:70:b4:44:d1:c2:
         f3:07:c3:66:fe:9e:24:b9:4b:ad:af:c4:c5:76:c5:22:16:d2:
         3f:cc:3f:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5PTXANFXRXT3U3qx+CvYZdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MjJmYzJmOGFkOGIwMDgzNTdkYmU2ZjAxOTU5NjBjOWRl
NjFiZDUwHhcNMjYwNTIyMTA0ODU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTlmN2NjN2FjOTg2MDhiODE2NTQwYjc2ZTc3ZmIzMDc4MGExMjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqrinmCGd3NqJn3gVeW4YupPCjFP
+MjQpL0u/66VonljcOY9T1lCuIskp3HGHkRHLDorGF/x0XFj+VP74Ysm9kV+T+sE
04aYzzsrsMXKEPjy80gQGebDuPBb5eGX6N04LYWMp+tHwDTEt9KYzSumFcEoY0bJ
sqEduSGo4wLTO/YSBaF1BsDRO7Hw9fnaFX4PaNuBOfIPqVWJWfoaaqCGMzb08TeB
+HhUWajBsW+vxIpPIMa50yRiAj4lvD4pmRxHvwus+Movp73Nf3A2w+FslzrJs22L
+LSxYQARr9rte9ERQDkLMdUfbXZvc7ox0zjK0ts8Df7CwXrTxQ0IUthVgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMqffMesmGCLgWVAt253+zB4ChJ7MB8GA1UdIwQY
MBaAFDYi/C+K2LAINX2+bwGVlgyd5hvVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmlMOEw0cllzQWcxZmI1dkFaV1dESjNtRzlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9mNjNlNTgtOWVmYy00MDgyLTgyYmIt
MDg4MzVkZmY2YzRmLzEveXA5OHg2eVlZSXVCWlVDM2JuZjdNSGdLRW5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9mNjNlNTgtOWVmYy00MDgyLTgyYmItMDg4MzVkZmY2YzRm
LzEvTmlMOEw0cllzQWcxZmI1dkFaV1dESjNtRzlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl3u0MA0G
CSqGSIb3DQEBCwUAA4IBAQCu9vH4VOnIryZt3xv/TzlKzYLaW8oPzLlj6zJzJwAv
V49CDWT1ImKo8Pr8sSZ6V6EF0pJpZt3cIZO+Lkxiy0N9k2E3Trn+1Jg/Naauw0Fe
5y5jCLR3m2Wa4NSUOu56UJ6wt+mbc2GLhYtNOXkOW3qTL0C4syqhfJkhj+FKgbgL
y0rMRd3q/3Aqt5U7z8veN9umAnA4VQFXCvC5+AxRcKCSmGL1UsXmb1dkJkOR6zoK
ssNKHsLHSKsln6Tzdcec8nGSHCrtgT+98weOkeVLci7mYoOIiU4QsWWx1Zwyz82V
lvNDko5LcLRE0cLzB8Nm/p4kuUutr8TFdsUiFtI/zD+p
-----END CERTIFICATE-----