Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/Yv6iY-b8r0qcncLdSx4bNEGOCeg.roa
File:                     Yv6iY-b8r0qcncLdSx4bNEGOCeg.roa (raw, json)
Hash identifier:          jV0OuD9lXBQCyjPNvP2wo5u7FC8Nmu7GxaSpYq+7W2Y=
Subject key identifier:   62:FE:A2:63:E6:FC:AF:4A:9C:9D:C2:DD:4B:1E:1B:34:41:8E:09:E8
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B62960AE66C920DB5A4FC1C8B348C7
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/Yv6iY-b8r0qcncLdSx4bNEGOCeg.roa
Signing time:             Mon 14 Jul 2025 16:13:09 +0000
ROA not before:           Mon 14 Jul 2025 16:13:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211641
IP address blocks:        185.109.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b6:29:60:ae:66:c9:20:db:5a:4f:c1:c8:b3:48:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:13:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=62fea263e6fcaf4a9c9dc2dd4b1e1b34418e09e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:06:08:db:90:26:1c:37:69:69:57:07:db:33:
                    75:e5:2c:54:fd:0c:90:25:f1:2f:c2:33:38:fe:f5:
                    d1:c1:38:7b:1f:9c:f3:35:27:fa:94:4e:32:b2:8a:
                    4a:d9:96:e8:a0:ec:8d:d3:c6:df:69:e7:82:92:72:
                    53:4f:7f:85:88:b9:b9:eb:74:90:0a:fe:11:b7:2c:
                    cd:73:85:cf:e4:50:e7:d7:a8:5c:2b:c3:fd:41:dd:
                    e7:16:2c:12:a5:0c:05:e4:6c:3c:9f:f6:8d:50:4c:
                    32:b4:a1:dd:e6:e4:c7:c1:fc:13:c9:c1:21:0c:f3:
                    ff:a3:69:44:e9:34:35:95:dc:57:c6:99:d3:b6:09:
                    71:9f:d8:7a:80:17:3d:3b:d2:c8:09:9d:71:ed:10:
                    a7:fa:4c:f6:78:09:69:ec:74:41:65:38:46:05:2e:
                    1c:c1:8a:e0:4f:97:77:1d:8d:6d:82:4a:d1:cb:f6:
                    07:3c:49:1c:83:79:96:9e:1e:15:2e:f5:9f:50:1a:
                    a3:10:9a:53:95:9b:46:d9:b3:c0:63:09:a8:bf:4d:
                    90:25:a2:2b:d8:69:2d:fb:0f:81:72:4f:33:4d:cc:
                    a8:de:08:eb:d5:8b:2b:c3:52:4c:a9:38:c6:9b:24:
                    be:b2:92:13:93:3b:be:08:d4:d8:3d:c4:30:da:c7:
                    af:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:FE:A2:63:E6:FC:AF:4A:9C:9D:C2:DD:4B:1E:1B:34:41:8E:09:E8
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/Yv6iY-b8r0qcncLdSx4bNEGOCeg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.109.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:03:e1:ca:63:f0:3a:d4:bc:63:87:cd:78:7c:cf:3b:1f:f0:
         96:ea:7d:b9:82:99:2d:e1:02:a0:4a:4a:a1:35:d2:1b:1d:9e:
         48:3b:8c:cd:9c:fb:83:11:2b:5f:3a:84:43:3a:39:31:12:7d:
         9b:74:eb:9c:f0:e7:65:50:ab:cc:9b:3a:01:bc:1f:63:ed:18:
         11:48:67:9e:4e:7a:bb:0f:fc:72:1b:2f:98:d3:e1:d9:a9:ed:
         5d:d3:10:ee:6b:09:8b:72:03:6b:4a:a5:31:28:c7:cf:45:25:
         40:74:46:ed:1a:fa:1e:63:34:b3:ce:fa:97:2f:48:20:00:a4:
         9f:63:eb:b9:c9:b6:7b:5f:6a:e8:92:22:07:e2:70:4c:63:48:
         df:44:4d:87:75:f2:eb:c3:fa:4a:c5:bc:8d:0d:62:f9:bc:b1:
         ef:3f:70:18:67:7d:94:de:44:a8:03:11:41:d1:c3:9a:fe:34:
         f3:13:4f:b0:e8:ec:0a:7b:ac:02:ad:b1:f2:27:41:29:4d:03:
         1a:37:bc:62:04:7d:0f:af:f2:0f:ca:a6:10:63:30:c6:8b:ab:
         2f:92:56:c5:c5:7a:24:9d:f4:0d:a7:7d:8e:15:a5:01:69:81:
         4e:02:c7:0a:7a:1e:8c:27:82:60:29:a3:9d:c0:c9:a5:89:d1:
         ad:5e:61:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgJtilgrmbJINtaT8HIs0jHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYxMzA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmZlYTI2M2U2ZmNhZjRhOWM5ZGMyZGQ0YjFlMWIzNDQxOGUwOWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkgYI25AmHDdpaVcH2zN15SxU/QyQ
JfEvwjM4/vXRwTh7H5zzNSf6lE4ysopK2ZbooOyN08bfaeeCknJTT3+FiLm563SQ
Cv4RtyzNc4XP5FDn16hcK8P9Qd3nFiwSpQwF5Gw8n/aNUEwytKHd5uTHwfwTycEh
DPP/o2lE6TQ1ldxXxpnTtglxn9h6gBc9O9LICZ1x7RCn+kz2eAlp7HRBZThGBS4c
wYrgT5d3HY1tgkrRy/YHPEkcg3mWnh4VLvWfUBqjEJpTlZtG2bPAYwmov02QJaIr
2Gkt+w+Bck8zTcyo3gjr1Ysrw1JMqTjGmyS+spITkzu+CNTYPcQw2sevkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGL+omPm/K9KnJ3C3UseGzRBjgnoMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvWXY2aVktYjhyMHFjbmNMZFN4NGJORUdPQ2VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuW0UMA0G
CSqGSIb3DQEBCwUAA4IBAQCQA+HKY/A61Lxjh814fM87H/CW6n25gpkt4QKgSkqh
NdIbHZ5IO4zNnPuDEStfOoRDOjkxEn2bdOuc8OdlUKvMmzoBvB9j7RgRSGeeTnq7
D/xyGy+Y0+HZqe1d0xDuawmLcgNrSqUxKMfPRSVAdEbtGvoeYzSzzvqXL0ggAKSf
Y+u5ybZ7X2rokiIH4nBMY0jfRE2HdfLrw/pKxbyNDWL5vLHvP3AYZ32U3kSoAxFB
0cOa/jTzE0+w6OwKe6wCrbHyJ0EpTQMaN7xiBH0Pr/IPyqYQYzDGi6svklbFxXok
nfQNp32OFaUBaYFOAscKeh6MJ4JgKaOdwMmlidGtXmE+
-----END CERTIFICATE-----