Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/YCiqlJZx8ls-ra-EOv4P7AJ-_KM.roa
File:                     YCiqlJZx8ls-ra-EOv4P7AJ-_KM.roa (raw, json)
Hash identifier:          KkeUroO2wHvrgPs7ugdaGG8nW4jE1j9zF2WTyKkWaQw=
Subject key identifier:   60:28:AA:94:96:71:F2:5B:3E:AD:AF:84:3A:FE:0F:EC:02:7E:FC:A3
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B36D436522F923C2FEE2698670B3A2
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/YCiqlJZx8ls-ra-EOv4P7AJ-_KM.roa
Signing time:             Mon 14 Jul 2025 16:10:10 +0000
ROA not before:           Mon 14 Jul 2025 16:10:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198920
IP address blocks:        5.252.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b3:6d:43:65:22:f9:23:c2:fe:e2:69:86:70:b3:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:10:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6028aa949671f25b3eadaf843afe0fec027efca3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:23:fd:9f:27:b0:e0:6c:b1:bb:58:cc:18:59:
                    c9:fd:b0:cb:09:a3:9e:ca:3e:68:0f:9c:50:94:06:
                    01:b1:7f:50:f4:a1:cb:45:52:25:3e:fe:6a:b7:9f:
                    b1:94:ce:e8:f6:d3:f8:c1:7f:f4:de:b1:34:54:9b:
                    23:46:25:b2:3c:a5:45:43:36:17:d6:87:e4:6b:d4:
                    c4:79:60:64:6a:38:12:cb:15:41:84:bb:92:08:1d:
                    29:75:c7:6b:1a:e9:9c:f6:9c:50:f9:4f:0e:fc:40:
                    97:90:d8:95:50:8b:d3:fb:f1:34:0d:4d:fa:b9:06:
                    be:1c:6d:65:0a:df:df:04:a3:1c:12:88:6d:f4:91:
                    49:f2:7b:03:e7:04:30:01:df:93:20:78:ff:c8:72:
                    f1:f6:f3:68:d7:83:5e:29:f5:bb:2b:f6:a1:53:2a:
                    63:23:4f:8a:ad:da:68:27:6c:eb:11:12:34:36:95:
                    71:e4:47:72:5d:6d:59:8b:13:e7:dc:e6:c6:5a:dd:
                    f1:b8:0d:aa:a7:21:33:df:66:70:c4:c4:aa:e0:46:
                    55:a2:a7:98:d3:5f:e6:df:96:00:a6:c1:c9:dc:10:
                    99:7c:74:fb:8e:93:f2:0b:1b:e8:0d:8e:e6:8f:75:
                    ea:bb:75:63:ea:6f:19:33:6b:3f:eb:e5:12:86:de:
                    0d:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:28:AA:94:96:71:F2:5B:3E:AD:AF:84:3A:FE:0F:EC:02:7E:FC:A3
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/YCiqlJZx8ls-ra-EOv4P7AJ-_KM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:b9:81:aa:c6:da:0d:37:15:ef:4f:f4:b5:5e:7a:45:04:d7:
         ef:17:04:3c:b1:ff:53:26:a2:1d:96:13:ba:f4:8e:b6:54:bc:
         11:6a:b1:6d:41:a7:64:e4:7f:aa:cd:89:ea:ac:a5:27:ac:85:
         89:fe:85:96:e5:5a:6a:fb:83:09:f1:e9:f3:11:09:71:97:2a:
         20:a9:d3:2b:b6:b1:f1:46:f1:10:4a:37:58:9c:64:78:a5:46:
         46:60:34:59:68:1f:99:d9:2c:8d:79:8b:94:6c:08:8a:6a:97:
         b1:83:9b:32:a9:0c:ac:50:eb:b9:19:28:dd:bc:bd:0d:ff:21:
         a5:f2:fb:60:aa:1d:be:e2:b9:bf:10:34:35:21:20:4f:3b:ed:
         41:22:e0:e5:72:f5:48:7b:ef:18:08:c9:38:2e:5c:95:7b:2c:
         69:f4:43:76:9d:2e:1f:e8:5d:c2:4f:89:20:9a:a1:aa:48:2a:
         34:b6:54:07:3b:3d:1e:de:e1:e8:61:0a:da:30:37:55:a0:c9:
         9f:8b:9b:dc:e4:ab:57:cd:a1:aa:60:54:32:0d:3a:03:7c:d5:
         72:48:03:9a:49:8d:53:85:b8:4b:47:12:d1:90:d0:04:c7:c2:
         1a:c7:d9:24:fc:5b:14:a5:f2:96:58:b7:70:bc:c7:1a:f9:81:
         c4:2a:ad:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgJs21DZSL5I8L+4mmGcLOiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYxMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDI4YWE5NDk2NzFmMjViM2VhZGFmODQzYWZlMGZlYzAyN2VmY2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriP9nyew4Gyxu1jMGFnJ/bDLCaOe
yj5oD5xQlAYBsX9Q9KHLRVIlPv5qt5+xlM7o9tP4wX/03rE0VJsjRiWyPKVFQzYX
1ofka9TEeWBkajgSyxVBhLuSCB0pdcdrGumc9pxQ+U8O/ECXkNiVUIvT+/E0DU36
uQa+HG1lCt/fBKMcEoht9JFJ8nsD5wQwAd+TIHj/yHLx9vNo14NeKfW7K/ahUypj
I0+KrdpoJ2zrERI0NpVx5EdyXW1ZixPn3ObGWt3xuA2qpyEz32ZwxMSq4EZVoqeY
01/m35YApsHJ3BCZfHT7jpPyCxvoDY7mj3Xqu3Vj6m8ZM2s/6+USht4NowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGAoqpSWcfJbPq2vhDr+D+wCfvyjMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvWUNpcWxKWng4bHMtcmEtRU92NFA3QUotX0tNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABfx3MA0G
CSqGSIb3DQEBCwUAA4IBAQDHuYGqxtoNNxXvT/S1XnpFBNfvFwQ8sf9TJqIdlhO6
9I62VLwRarFtQadk5H+qzYnqrKUnrIWJ/oWW5Vpq+4MJ8enzEQlxlyogqdMrtrHx
RvEQSjdYnGR4pUZGYDRZaB+Z2SyNeYuUbAiKapexg5syqQysUOu5GSjdvL0N/yGl
8vtgqh2+4rm/EDQ1ISBPO+1BIuDlcvVIe+8YCMk4LlyVeyxp9EN2nS4f6F3CT4kg
mqGqSCo0tlQHOz0e3uHoYQraMDdVoMmfi5vc5KtXzaGqYFQyDToDfNVySAOaSY1T
hbhLRxLRkNAEx8Iax9kk/FsUpfKWWLdwvMca+YHEKq3y
-----END CERTIFICATE-----