Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/YLj5Jdh6CRy1sG4-XtftMbKGQcY.roa
File:                     YLj5Jdh6CRy1sG4-XtftMbKGQcY.roa (raw, json)
Hash identifier:          zxSODbCPvV3AfiVp/+Ox9B0BhGsupiazAO+yi0J9Rfo=
Subject key identifier:   60:B8:F9:25:D8:7A:09:1C:B5:B0:6E:3E:5E:D7:ED:31:B2:86:41:C6
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       0197E1DB1F6147589E2A6E6C9A244029973A
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/YLj5Jdh6CRy1sG4-XtftMbKGQcY.roa
Signing time:             Sun 06 Jul 2025 22:28:43 +0000
ROA not before:           Sun 06 Jul 2025 22:28:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214614
IP address blocks:        193.124.186.0/23 maxlen: 23
                          193.124.186.0/24 maxlen: 24
                          193.124.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e1:db:1f:61:47:58:9e:2a:6e:6c:9a:24:40:29:97:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul  6 22:28:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=60b8f925d87a091cb5b06e3e5ed7ed31b28641c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:6a:1d:4d:cb:e2:7b:8a:56:fd:32:6b:f5:4a:
                    15:b3:da:c4:0a:ba:e9:58:fb:b5:0c:65:4c:90:74:
                    e2:10:3d:9b:55:8a:42:55:59:04:20:46:c6:36:a3:
                    9b:65:95:79:30:04:4f:1f:61:c3:7a:51:fb:ee:2c:
                    55:56:ba:43:83:e3:7a:48:4c:70:6e:02:79:25:bb:
                    2c:af:2e:83:85:07:f8:88:2b:76:3f:3f:9a:ab:21:
                    43:76:72:d5:36:f7:34:6a:37:7a:1d:ab:5f:be:7a:
                    ea:99:4e:19:45:a8:00:9c:7c:76:68:1f:f8:f4:ec:
                    e5:33:09:a7:ac:ae:6a:38:8c:91:05:c8:17:af:24:
                    97:cb:b0:db:30:c5:8b:45:9d:27:fd:07:9a:8d:08:
                    d1:ff:18:a7:1b:e6:ca:26:70:6b:e2:6d:37:a3:23:
                    b7:95:7f:f9:6b:1d:86:e3:8e:5b:64:14:93:57:7c:
                    69:31:a5:4c:7b:5e:35:7b:b2:46:18:26:7a:ce:e5:
                    71:b7:38:7e:71:17:1c:0d:39:89:77:8b:e2:5b:be:
                    7e:d9:f8:ae:ec:f4:14:e3:02:d9:f6:c0:bf:4c:34:
                    9a:ab:ca:94:9c:67:2d:13:c1:39:ff:1e:3a:c9:b4:
                    6c:77:4f:36:d2:63:d7:4e:9b:c3:71:55:7d:00:b5:
                    bd:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:B8:F9:25:D8:7A:09:1C:B5:B0:6E:3E:5E:D7:ED:31:B2:86:41:C6
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/YLj5Jdh6CRy1sG4-XtftMbKGQcY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         08:c2:24:83:30:1d:2f:19:01:90:d6:65:4d:a2:c1:26:9e:52:
         40:c8:3b:76:98:90:73:16:5d:84:1b:2d:38:4b:8f:b9:09:80:
         eb:57:47:89:14:31:5b:45:04:93:84:e7:92:8f:0e:e1:8a:79:
         ac:db:36:52:48:78:f6:da:64:89:3e:7b:f8:a9:55:72:0b:ed:
         cb:ff:b2:89:b1:f1:87:77:d3:76:16:cb:1e:e9:2a:61:db:b2:
         ef:64:5d:fb:7e:4f:60:86:5d:88:3b:53:1b:16:5e:8c:b0:1d:
         01:2d:bf:9e:14:f0:ce:ab:9c:83:dc:06:c2:48:55:9e:6e:f4:
         99:e2:d6:47:47:39:7a:1a:02:78:c9:7a:41:48:4b:e8:3d:e1:
         62:a7:fb:f3:9c:ed:d6:e2:33:43:44:ec:6b:94:5e:bd:a9:45:
         bc:9a:36:bf:d1:7c:d4:6b:d5:f2:e3:e5:f4:cf:93:35:55:72:
         22:ab:1c:b8:5d:73:6c:c3:ad:41:36:e9:0e:a3:75:7c:12:11:
         b3:df:da:9b:72:06:ac:47:31:f6:4d:ad:52:a3:78:e8:dc:5a:
         d4:b5:45:26:9a:ae:13:ce:3d:48:40:23:70:db:f7:23:cc:8f:
         73:be:ff:a5:a2:91:10:be:d9:33:47:70:35:9e:d3:47:a7:c7:
         db:4c:11:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfh2x9hR1ieKm5smiRAKZc6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzA2MjIyODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGI4ZjkyNWQ4N2EwOTFjYjViMDZlM2U1ZWQ3ZWQzMWIyODY0MWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5modTcvie4pW/TJr9UoVs9rECrrp
WPu1DGVMkHTiED2bVYpCVVkEIEbGNqObZZV5MARPH2HDelH77ixVVrpDg+N6SExw
bgJ5Jbssry6DhQf4iCt2Pz+aqyFDdnLVNvc0ajd6HatfvnrqmU4ZRagAnHx2aB/4
9OzlMwmnrK5qOIyRBcgXrySXy7DbMMWLRZ0n/QeajQjR/xinG+bKJnBr4m03oyO3
lX/5ax2G445bZBSTV3xpMaVMe141e7JGGCZ6zuVxtzh+cRccDTmJd4viW75+2fiu
7PQU4wLZ9sC/TDSaq8qUnGctE8E5/x46ybRsd0820mPXTpvDcVV9ALW9uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGC4+SXYegkctbBuPl7X7TGyhkHGMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvWUxqNUpkaDZDUnkxc0c0LVh0ZnRNYktHUWNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwXy6MA0G
CSqGSIb3DQEBCwUAA4IBAQAIwiSDMB0vGQGQ1mVNosEmnlJAyDt2mJBzFl2EGy04
S4+5CYDrV0eJFDFbRQSThOeSjw7hinms2zZSSHj22mSJPnv4qVVyC+3L/7KJsfGH
d9N2Fsse6Sph27LvZF37fk9ghl2IO1MbFl6MsB0BLb+eFPDOq5yD3AbCSFWebvSZ
4tZHRzl6GgJ4yXpBSEvoPeFip/vznO3W4jNDROxrlF69qUW8mja/0XzUa9Xy4+X0
z5M1VXIiqxy4XXNsw61BNukOo3V8EhGz39qbcgasRzH2Ta1So3jo3FrUtUUmmq4T
zj1IQCNw2/cjzI9zvv+lopEQvtkzR3A1ntNHp8fbTBEg
-----END CERTIFICATE-----