Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/d300de-c4ea-409f-a7a2-241e84c9a5d9/1/yJ1HWDzaQf8_v_QIkEVeJhHUsNs.roa
File:                     yJ1HWDzaQf8_v_QIkEVeJhHUsNs.roa (raw, json)
Hash identifier:          uRF7ZuSGISVIOWjvLjFgvjfyhiciNwgKOFC9/lRcs/w=
Subject key identifier:   C8:9D:47:58:3C:DA:41:FF:3F:BF:F4:08:90:45:5E:26:11:D4:B0:DB
Certificate issuer:       /CN=6278cb60f357d61cb98b4c7ca915a12818ef2c77
Certificate serial:       0197F99174797EC9C706E520294119CD7A16
Authority key identifier: 62:78:CB:60:F3:57:D6:1C:B9:8B:4C:7C:A9:15:A1:28:18:EF:2C:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YnjLYPNX1hy5i0x8qRWhKBjvLHc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/d300de-c4ea-409f-a7a2-241e84c9a5d9/1/yJ1HWDzaQf8_v_QIkEVeJhHUsNs.roa
Signing time:             Fri 11 Jul 2025 12:59:08 +0000
ROA not before:           Fri 11 Jul 2025 12:59:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6848
IP address blocks:        2001:67c:1901::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/d300de-c4ea-409f-a7a2-241e84c9a5d9/1/YnjLYPNX1hy5i0x8qRWhKBjvLHc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/d300de-c4ea-409f-a7a2-241e84c9a5d9/1/YnjLYPNX1hy5i0x8qRWhKBjvLHc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YnjLYPNX1hy5i0x8qRWhKBjvLHc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f9:91:74:79:7e:c9:c7:06:e5:20:29:41:19:cd:7a:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6278cb60f357d61cb98b4c7ca915a12818ef2c77
        Validity
            Not Before: Jul 11 12:59:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c89d47583cda41ff3fbff40890455e2611d4b0db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:8a:99:3a:b2:06:f1:fc:87:5f:53:3e:0a:0a:
                    de:93:aa:05:37:e7:60:76:a9:42:43:d0:6f:b7:be:
                    d2:a6:43:3a:db:77:08:8e:c9:25:2b:82:6a:df:a3:
                    f8:0a:dd:9d:21:ed:0f:e6:79:b4:ad:43:51:f6:c5:
                    75:3e:c9:3e:aa:4d:4a:c2:c0:bc:cc:5f:23:81:0d:
                    d5:fa:0a:9b:e8:54:15:1d:fa:7f:9c:f8:9a:ff:09:
                    60:f1:2b:80:53:31:9d:70:b2:cb:47:7d:96:a4:71:
                    28:41:4a:84:b5:20:41:f0:f3:c1:8f:4b:fe:b3:4b:
                    8e:d6:98:de:2c:4a:e1:f7:ab:35:1b:9d:c7:18:cc:
                    58:9c:39:00:44:67:ae:d2:d7:c1:e9:99:b4:cf:8e:
                    7c:b8:08:e7:3a:2a:61:d9:a0:a5:f8:8e:dd:cb:a0:
                    e6:ef:42:6c:d9:20:43:e2:14:ab:c8:b6:95:32:0d:
                    16:5c:44:5d:02:e2:55:ac:88:c5:f0:a0:71:6c:07:
                    c6:d6:ad:65:2c:e8:18:8f:0e:12:bb:2d:b9:8a:f8:
                    92:e5:e3:e3:77:fb:c3:81:9e:f2:04:1b:42:2c:95:
                    c8:cb:fe:27:08:50:1a:3b:9a:4b:c5:d0:d9:3c:ae:
                    10:57:65:b1:5b:cf:cc:9c:86:a1:46:54:d2:2b:fa:
                    53:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:9D:47:58:3C:DA:41:FF:3F:BF:F4:08:90:45:5E:26:11:D4:B0:DB
            X509v3 Authority Key Identifier:
                keyid:62:78:CB:60:F3:57:D6:1C:B9:8B:4C:7C:A9:15:A1:28:18:EF:2C:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YnjLYPNX1hy5i0x8qRWhKBjvLHc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/d300de-c4ea-409f-a7a2-241e84c9a5d9/1/yJ1HWDzaQf8_v_QIkEVeJhHUsNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/d300de-c4ea-409f-a7a2-241e84c9a5d9/1/YnjLYPNX1hy5i0x8qRWhKBjvLHc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1901::/48

    Signature Algorithm: sha256WithRSAEncryption
         75:7c:22:04:73:f1:ea:55:d2:0a:ca:ff:ff:f4:f4:06:81:fe:
         df:b5:f7:d9:47:4a:2f:af:df:21:04:b9:e3:e7:23:39:77:f6:
         d4:b6:cd:30:61:e5:92:a0:e7:ac:a7:2f:ca:3f:c0:e5:32:58:
         8a:96:8a:df:a6:6a:fa:d8:81:b9:da:bd:fc:12:cf:cb:1b:99:
         fd:1b:18:12:0b:e4:70:12:f9:3b:53:70:6c:c8:af:c8:2e:96:
         a4:44:43:d5:f1:ce:9d:b4:0c:76:8b:c8:ef:08:e7:2c:77:8a:
         0a:34:08:6e:56:ae:d0:e9:09:a8:b9:7c:f4:47:65:6d:13:d9:
         c6:b8:eb:a2:e4:79:a7:5e:aa:7c:90:76:69:0e:4d:19:1d:17:
         b1:9f:c4:02:91:d7:97:ca:0b:d8:9a:60:a4:8d:31:51:95:16:
         8d:ed:28:0a:61:7f:40:e9:36:b2:0a:6c:2a:5a:2a:33:d0:f9:
         bd:87:ca:16:1a:c1:d0:b3:ca:85:43:05:92:73:23:75:a9:e2:
         3e:28:75:bf:04:4c:54:86:d1:44:50:b4:c4:dc:9b:94:cc:b3:
         89:73:e0:55:93:bd:8d:d4:7f:d0:83:99:ff:90:16:40:16:de:
         ba:d0:dc:de:7c:8a:39:79:3c:13:a4:61:9c:a0:27:03:a9:06:
         a0:d9:45:72
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZf5kXR5fsnHBuUgKUEZzXoWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNzhjYjYwZjM1N2Q2MWNiOThiNGM3Y2E5MTVhMTI4MThl
ZjJjNzcwHhcNMjUwNzExMTI1OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODlkNDc1ODNjZGE0MWZmM2ZiZmY0MDg5MDQ1NWUyNjExZDRiMGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwoqZOrIG8fyHX1M+Cgrek6oFN+dg
dqlCQ9Bvt77SpkM623cIjsklK4Jq36P4Ct2dIe0P5nm0rUNR9sV1Psk+qk1KwsC8
zF8jgQ3V+gqb6FQVHfp/nPia/wlg8SuAUzGdcLLLR32WpHEoQUqEtSBB8PPBj0v+
s0uO1pjeLErh96s1G53HGMxYnDkARGeu0tfB6Zm0z458uAjnOiph2aCl+I7dy6Dm
70Js2SBD4hSryLaVMg0WXERdAuJVrIjF8KBxbAfG1q1lLOgYjw4Suy25iviS5ePj
d/vDgZ7yBBtCLJXIy/4nCFAaO5pLxdDZPK4QV2WxW8/MnIahRlTSK/pTlwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMidR1g82kH/P7/0CJBFXiYR1LDbMB8GA1UdIwQY
MBaAFGJ4y2DzV9YcuYtMfKkVoSgY7yx3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5qTFlQTlgxaHk1aTB4OHFSV2hLQmp2TEhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9kMzAwZGUtYzRlYS00MDlmLWE3YTIt
MjQxZTg0YzlhNWQ5LzEveUoxSFdEemFRZjhfdl9RSWtFVmVKaEhVc05zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9kMzAwZGUtYzRlYS00MDlmLWE3YTItMjQxZTg0YzlhNWQ5
LzEvWW5qTFlQTlgxaHk1aTB4OHFSV2hLQmp2TEhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBkB
MA0GCSqGSIb3DQEBCwUAA4IBAQB1fCIEc/HqVdIKyv//9PQGgf7ftffZR0ovr98h
BLnj5yM5d/bUts0wYeWSoOespy/KP8DlMliKlorfpmr62IG52r38Es/LG5n9GxgS
C+RwEvk7U3BsyK/ILpakREPV8c6dtAx2i8jvCOcsd4oKNAhuVq7Q6QmouXz0R2Vt
E9nGuOui5HmnXqp8kHZpDk0ZHRexn8QCkdeXygvYmmCkjTFRlRaN7SgKYX9A6Tay
CmwqWioz0Pm9h8oWGsHQs8qFQwWScyN1qeI+KHW/BExUhtFEULTE3JuUzLOJc+BV
k72N1H/Qg5n/kBZAFt660NzefIo5eTwTpGGcoCcDqQag2UVy
-----END CERTIFICATE-----