Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/11d4e7-e978-4037-ab09-c09ff16fc34b/1/YkbGKc-LGqIQZMDerpDN8XDOTbw.roa
File:                     YkbGKc-LGqIQZMDerpDN8XDOTbw.roa (raw, json)
Hash identifier:          RY+DUa9ZajYzyfuzC6xFjBj7ICr29ESsVlrxpHdgeWw=
Subject key identifier:   62:46:C6:29:CF:8B:1A:A2:10:64:C0:DE:AE:90:CD:F1:70:CE:4D:BC
Certificate issuer:       /CN=883f7260650026b973a18a7f3e9958d321ece1db
Certificate serial:       01980D0E29DBEE133ABBF9D19B1E69649663
Authority key identifier: 88:3F:72:60:65:00:26:B9:73:A1:8A:7F:3E:99:58:D3:21:EC:E1:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iD9yYGUAJrlzoYp_PplY0yHs4ds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/11d4e7-e978-4037-ab09-c09ff16fc34b/1/YkbGKc-LGqIQZMDerpDN8XDOTbw.roa
Signing time:             Tue 15 Jul 2025 07:48:08 +0000
ROA not before:           Tue 15 Jul 2025 07:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62442
IP address blocks:        2a04:aa01::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/11d4e7-e978-4037-ab09-c09ff16fc34b/1/iD9yYGUAJrlzoYp_PplY0yHs4ds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/11d4e7-e978-4037-ab09-c09ff16fc34b/1/iD9yYGUAJrlzoYp_PplY0yHs4ds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iD9yYGUAJrlzoYp_PplY0yHs4ds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0d:0e:29:db:ee:13:3a:bb:f9:d1:9b:1e:69:64:96:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=883f7260650026b973a18a7f3e9958d321ece1db
        Validity
            Not Before: Jul 15 07:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6246c629cf8b1aa21064c0deae90cdf170ce4dbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:a1:8e:9e:3b:1f:7c:75:73:e9:f2:96:36:48:
                    e1:75:c8:0d:65:85:b7:78:17:2a:1c:b9:5f:3b:21:
                    94:bf:19:16:9a:1c:d1:21:02:ac:17:cd:b7:ff:ba:
                    0d:d5:2d:d8:ce:43:f0:0f:71:d6:e3:f5:5a:aa:a2:
                    29:74:f4:f8:de:c4:12:a5:52:e7:39:4d:cf:17:ec:
                    53:9f:f5:4b:a1:18:a1:06:02:6a:26:28:79:0f:2f:
                    44:9a:31:71:7f:7b:bd:c7:c8:3f:e2:21:15:97:24:
                    01:b1:28:9c:84:62:fa:3c:ff:8f:9d:27:5d:0b:49:
                    4c:20:12:09:53:3a:18:83:be:25:e7:a4:08:64:b8:
                    9f:dc:0c:d8:17:bb:f0:32:e3:82:8d:ea:2d:3e:81:
                    5d:71:a7:12:08:cf:6a:0b:d7:8e:e5:d9:e3:13:0e:
                    88:55:89:36:91:fa:27:11:05:f1:a4:1e:52:87:74:
                    cb:40:34:75:a1:30:d2:28:c3:82:6f:ea:c5:1b:fc:
                    35:3a:cf:b8:11:e7:88:68:62:8d:b6:d9:d6:65:1d:
                    c1:be:51:75:74:11:3f:0d:d8:2d:ae:25:bc:1b:33:
                    01:1d:54:a8:9c:dc:5f:dd:2e:12:81:3f:a4:23:fb:
                    75:b5:9f:27:43:a5:8d:6e:5a:cc:7c:3b:94:b9:70:
                    1f:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:46:C6:29:CF:8B:1A:A2:10:64:C0:DE:AE:90:CD:F1:70:CE:4D:BC
            X509v3 Authority Key Identifier:
                keyid:88:3F:72:60:65:00:26:B9:73:A1:8A:7F:3E:99:58:D3:21:EC:E1:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iD9yYGUAJrlzoYp_PplY0yHs4ds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/11d4e7-e978-4037-ab09-c09ff16fc34b/1/YkbGKc-LGqIQZMDerpDN8XDOTbw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/11d4e7-e978-4037-ab09-c09ff16fc34b/1/iD9yYGUAJrlzoYp_PplY0yHs4ds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:aa01::/32

    Signature Algorithm: sha256WithRSAEncryption
         a9:37:a8:d8:67:b0:0c:4a:42:7b:7b:38:03:06:32:97:ae:c2:
         43:09:30:7d:b8:b8:3e:2b:07:83:f8:c8:58:20:40:e7:99:55:
         c7:8c:e1:b6:8f:81:60:cc:5c:3b:33:af:cc:88:4c:0e:21:91:
         da:53:7b:88:2b:d5:31:5a:f3:cb:a8:cd:95:7f:fe:17:c4:54:
         9e:f2:aa:21:be:51:1c:9a:fd:3f:5e:86:cd:e9:95:15:e1:7e:
         c2:ad:a5:76:c2:dd:0f:4c:ef:25:4e:12:d2:63:0d:4a:fd:ed:
         55:47:83:c8:74:14:01:84:4f:50:e3:fa:58:c7:d2:71:b6:70:
         81:20:92:80:8a:a4:9d:73:c9:a8:f3:0b:74:4d:74:8b:4d:06:
         61:2b:82:a6:fe:fb:37:90:e9:a2:a9:64:fd:46:57:79:49:8d:
         0b:b7:4f:a8:81:0a:2b:1d:80:b2:fc:5d:fc:34:b4:bd:f8:44:
         48:32:21:a6:20:8f:18:8d:79:1e:59:4d:da:ed:4e:4b:96:b7:
         bc:1f:ad:c4:fd:ae:21:c6:79:95:9f:2b:b2:cd:4d:0b:03:e5:
         e5:93:79:d1:8f:51:2f:ac:d1:83:e5:04:1e:77:20:d2:d5:2c:
         ec:6b:c3:78:fe:5e:86:ff:ab:96:83:dd:58:84:9c:6c:39:b3:
         16:33:83:43
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZgNDinb7hM6u/nRmx5pZJZjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4M2Y3MjYwNjUwMDI2Yjk3M2ExOGE3ZjNlOTk1OGQzMjFl
Y2UxZGIwHhcNMjUwNzE1MDc0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjQ2YzYyOWNmOGIxYWEyMTA2NGMwZGVhZTkwY2RmMTcwY2U0ZGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwaGOnjsffHVz6fKWNkjhdcgNZYW3
eBcqHLlfOyGUvxkWmhzRIQKsF823/7oN1S3YzkPwD3HW4/VaqqIpdPT43sQSpVLn
OU3PF+xTn/VLoRihBgJqJih5Dy9EmjFxf3u9x8g/4iEVlyQBsSichGL6PP+PnSdd
C0lMIBIJUzoYg74l56QIZLif3AzYF7vwMuOCjeotPoFdcacSCM9qC9eO5dnjEw6I
VYk2kfonEQXxpB5Sh3TLQDR1oTDSKMOCb+rFG/w1Os+4EeeIaGKNttnWZR3BvlF1
dBE/DdgtriW8GzMBHVSonNxf3S4SgT+kI/t1tZ8nQ6WNblrMfDuUuXAfGQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGJGxinPixqiEGTA3q6QzfFwzk28MB8GA1UdIwQY
MBaAFIg/cmBlACa5c6GKfz6ZWNMh7OHbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUQ5eVlHVUFKcmx6b1lwX1BwbFkweUhzNGRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8xMWQ0ZTctZTk3OC00MDM3LWFiMDkt
YzA5ZmYxNmZjMzRiLzEvWWtiR0tjLUxHcUlRWk1EZXJwRE44WERPVGJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8xMWQ0ZTctZTk3OC00MDM3LWFiMDktYzA5ZmYxNmZjMzRi
LzEvaUQ5eVlHVUFKcmx6b1lwX1BwbFkweUhzNGRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgSqATAN
BgkqhkiG9w0BAQsFAAOCAQEAqTeo2GewDEpCe3s4AwYyl67CQwkwfbi4PisHg/jI
WCBA55lVx4zhto+BYMxcOzOvzIhMDiGR2lN7iCvVMVrzy6jNlX/+F8RUnvKqIb5R
HJr9P16GzemVFeF+wq2ldsLdD0zvJU4S0mMNSv3tVUeDyHQUAYRPUOP6WMfScbZw
gSCSgIqknXPJqPMLdE10i00GYSuCpv77N5Dpoqlk/UZXeUmNC7dPqIEKKx2Asvxd
/DS0vfhESDIhpiCPGI15HllN2u1OS5a3vB+txP2uIcZ5lZ8rss1NCwPl5ZN50Y9R
L6zRg+UEHncg0tUs7GvDeP5ehv+rloPdWIScbDmzFjODQw==
-----END CERTIFICATE-----