Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/ba7fd6-b3a8-4931-ac05-ab4887c63ea5/1/YH99c0q_olNEfAaRzhJ9pz57sG4.roa
File:                     YH99c0q_olNEfAaRzhJ9pz57sG4.roa (raw, json)
Hash identifier:          OOfjz24iJ1ROiHG1nf6s+ocWKHslkCgE1Kj76TfUgiM=
Subject key identifier:   60:7F:7D:73:4A:BF:A2:53:44:7C:06:91:CE:12:7D:A7:3E:7B:B0:6E
Certificate issuer:       /CN=2ae2d17fd5bb9d7611113c586a410802c785edf2
Certificate serial:       019830CB492F976DAF2CA689D34FC0F191D2
Authority key identifier: 2A:E2:D1:7F:D5:BB:9D:76:11:11:3C:58:6A:41:08:02:C7:85:ED:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KuLRf9W7nXYRETxYakEIAseF7fI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/ba7fd6-b3a8-4931-ac05-ab4887c63ea5/1/YH99c0q_olNEfAaRzhJ9pz57sG4.roa
Signing time:             Tue 22 Jul 2025 06:21:25 +0000
ROA not before:           Tue 22 Jul 2025 06:21:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200509
IP address blocks:        185.66.56.0/22 maxlen: 22
                          185.66.56.0/24 maxlen: 24
                          185.66.57.0/24 maxlen: 24
                          185.66.58.0/24 maxlen: 24
                          185.66.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/ba7fd6-b3a8-4931-ac05-ab4887c63ea5/1/KuLRf9W7nXYRETxYakEIAseF7fI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/ba7fd6-b3a8-4931-ac05-ab4887c63ea5/1/KuLRf9W7nXYRETxYakEIAseF7fI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KuLRf9W7nXYRETxYakEIAseF7fI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 09:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:30:cb:49:2f:97:6d:af:2c:a6:89:d3:4f:c0:f1:91:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ae2d17fd5bb9d7611113c586a410802c785edf2
        Validity
            Not Before: Jul 22 06:21:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=607f7d734abfa253447c0691ce127da73e7bb06e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:9a:ef:1f:ba:24:e4:c5:01:46:9e:5d:fe:ad:
                    9d:8e:1b:d7:66:60:74:18:dd:7e:5d:a3:5b:34:f0:
                    ae:f4:ae:69:89:67:9c:9d:ce:a3:bd:0d:ad:f1:8a:
                    64:45:f3:41:ee:e0:bc:44:1f:6b:99:b1:b0:4f:fc:
                    70:c0:57:b2:8b:eb:3a:84:1d:0f:2f:95:bb:48:4f:
                    54:65:7e:5c:6d:a5:24:b8:b7:fa:0d:6c:a5:cd:88:
                    4a:63:f9:9f:3d:e1:d6:41:53:83:f0:dc:b1:ed:08:
                    bc:1f:a4:41:ed:cc:55:0f:d0:f1:64:eb:60:84:08:
                    6f:7b:d9:23:25:01:2f:61:0c:12:01:37:99:31:f3:
                    a6:ef:3c:8a:29:f7:6a:ad:bc:41:ec:2e:e6:92:32:
                    59:7f:c7:6d:6e:49:22:b0:57:c3:9d:91:2f:10:02:
                    90:ec:71:fc:8b:b9:7a:de:2c:c5:03:51:9f:99:87:
                    00:47:31:b0:ec:b5:d5:31:66:61:33:e5:05:99:f7:
                    b3:9d:e1:c0:a8:81:5f:4c:8d:42:6b:97:61:87:1a:
                    8b:8b:5b:f4:a7:4c:63:96:9e:b2:ab:df:78:75:ec:
                    1a:29:e4:81:d1:00:93:91:88:2a:03:0c:6e:7c:22:
                    0c:ec:ff:07:bb:4e:a2:41:23:ee:26:61:4f:c7:f0:
                    81:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:7F:7D:73:4A:BF:A2:53:44:7C:06:91:CE:12:7D:A7:3E:7B:B0:6E
            X509v3 Authority Key Identifier:
                keyid:2A:E2:D1:7F:D5:BB:9D:76:11:11:3C:58:6A:41:08:02:C7:85:ED:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KuLRf9W7nXYRETxYakEIAseF7fI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/ba7fd6-b3a8-4931-ac05-ab4887c63ea5/1/YH99c0q_olNEfAaRzhJ9pz57sG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/ba7fd6-b3a8-4931-ac05-ab4887c63ea5/1/KuLRf9W7nXYRETxYakEIAseF7fI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.66.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:c4:05:a7:c9:23:a0:4d:09:d8:7d:8f:0e:80:61:2f:ce:de:
         36:73:e4:3f:a6:0f:41:2f:0e:7b:03:e4:f0:f7:46:c7:f3:79:
         5f:44:e8:05:2e:e1:4c:20:ad:56:d0:45:8b:dc:c5:c4:cd:da:
         3c:6d:02:6a:5c:61:dc:5b:4a:2b:6e:3e:4d:a5:a7:37:2e:b5:
         51:62:29:21:53:22:80:79:5b:f7:5c:db:ce:e0:ad:d3:19:98:
         e2:8d:64:4e:d5:f1:1d:6d:21:87:8c:7e:12:41:b4:21:dc:62:
         2b:ff:65:23:6e:54:56:54:45:0e:db:60:99:93:b2:ae:21:a5:
         aa:cd:75:5e:69:16:4c:a5:a1:c4:52:d3:59:9c:c9:a8:cf:4a:
         d7:ba:6a:62:f0:ff:b8:e2:be:a0:b8:57:f8:4d:27:4e:bb:d7:
         90:01:ef:d3:1e:70:f0:3b:f6:e5:19:a6:36:7e:03:83:49:62:
         46:39:50:6b:dc:ed:3a:90:fa:1e:f9:21:33:da:32:4a:ab:f1:
         38:10:b5:d3:34:53:e3:43:20:10:0f:b7:69:f2:c0:58:d9:4a:
         23:ac:39:14:59:5e:35:79:01:38:30:d7:f1:d9:5d:7b:c9:a2:
         76:90:ad:43:73:bc:43:15:ad:c3:8e:39:9b:20:72:8b:7a:b4:
         dd:55:dc:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgwy0kvl22vLKaJ00/A8ZHSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhZTJkMTdmZDViYjlkNzYxMTExM2M1ODZhNDEwODAyYzc4
NWVkZjIwHhcNMjUwNzIyMDYyMTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDdmN2Q3MzRhYmZhMjUzNDQ3YzA2OTFjZTEyN2RhNzNlN2JiMDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1JrvH7ok5MUBRp5d/q2djhvXZmB0
GN1+XaNbNPCu9K5piWecnc6jvQ2t8YpkRfNB7uC8RB9rmbGwT/xwwFeyi+s6hB0P
L5W7SE9UZX5cbaUkuLf6DWylzYhKY/mfPeHWQVOD8Nyx7Qi8H6RB7cxVD9DxZOtg
hAhve9kjJQEvYQwSATeZMfOm7zyKKfdqrbxB7C7mkjJZf8dtbkkisFfDnZEvEAKQ
7HH8i7l63izFA1GfmYcARzGw7LXVMWZhM+UFmfezneHAqIFfTI1Ca5dhhxqLi1v0
p0xjlp6yq994dewaKeSB0QCTkYgqAwxufCIM7P8Hu06iQSPuJmFPx/CBMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGB/fXNKv6JTRHwGkc4Sfac+e7BuMB8GA1UdIwQY
MBaAFCri0X/Vu512ERE8WGpBCALHhe3yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3VMUmY5VzduWFlSRVR4WWFrRUlBc2VGN2ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9iYTdmZDYtYjNhOC00OTMxLWFjMDUt
YWI0ODg3YzYzZWE1LzEvWUg5OWMwcV9vbE5FZkFhUnpoSjlwejU3c0c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9iYTdmZDYtYjNhOC00OTMxLWFjMDUtYWI0ODg3YzYzZWE1
LzEvS3VMUmY5VzduWFlSRVR4WWFrRUlBc2VGN2ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUI4MA0G
CSqGSIb3DQEBCwUAA4IBAQBmxAWnySOgTQnYfY8OgGEvzt42c+Q/pg9BLw57A+Tw
90bH83lfROgFLuFMIK1W0EWL3MXEzdo8bQJqXGHcW0orbj5Npac3LrVRYikhUyKA
eVv3XNvO4K3TGZjijWRO1fEdbSGHjH4SQbQh3GIr/2UjblRWVEUO22CZk7KuIaWq
zXVeaRZMpaHEUtNZnMmoz0rXumpi8P+44r6guFf4TSdOu9eQAe/THnDwO/blGaY2
fgODSWJGOVBr3O06kPoe+SEz2jJKq/E4ELXTNFPjQyAQD7dp8sBY2UojrDkUWV41
eQE4MNfx2V17yaJ2kK1Dc7xDFa3DjjmbIHKLerTdVdx5
-----END CERTIFICATE-----