Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/YzFIZL3PJSZ02-Hz_ZVvmZ2o0mo.roa
File:                     YzFIZL3PJSZ02-Hz_ZVvmZ2o0mo.roa (raw, json)
Hash identifier:          wpx/NpGphtE/UaDXkTvNHF5WvQJn9pkZZ79bW08hOCw=
Subject key identifier:   63:31:48:64:BD:CF:25:26:74:DB:E1:F3:FD:95:6F:99:9D:A8:D2:6A
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       01982DC4C065CB0EC887832896D7ECAFC4B7
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/YzFIZL3PJSZ02-Hz_ZVvmZ2o0mo.roa
Signing time:             Mon 21 Jul 2025 16:15:25 +0000
ROA not before:           Mon 21 Jul 2025 16:15:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58061
IP address blocks:        95.81.117.0/24 maxlen: 24
                          194.79.60.0/24 maxlen: 24
                          194.79.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2d:c4:c0:65:cb:0e:c8:87:83:28:96:d7:ec:af:c4:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: Jul 21 16:15:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63314864bdcf252674dbe1f3fd956f999da8d26a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:3f:d7:d3:3c:5a:a2:4f:da:d0:dd:cd:0e:11:
                    75:dc:3e:8b:63:7d:bc:b5:65:b3:0b:9b:ec:ff:7f:
                    1f:c4:4c:db:ed:cb:c8:7e:51:1b:cf:bf:ed:b7:f7:
                    ad:f3:5f:88:90:01:d1:2d:97:89:d8:f2:9c:99:2b:
                    51:2c:20:69:00:14:79:1b:d5:e7:35:22:db:35:df:
                    f1:3e:ba:7d:42:83:27:c6:ed:10:31:4a:63:18:86:
                    19:1e:f9:e7:b3:02:f3:a9:25:1f:d3:35:6a:77:93:
                    2d:54:15:02:5e:b3:63:b6:0c:59:28:08:d7:2f:21:
                    de:89:d6:b7:70:b9:8d:c2:99:a6:cf:a8:73:d1:45:
                    7f:82:06:6f:ce:4b:62:87:e0:90:0d:14:fa:03:69:
                    9c:8b:d3:9f:0d:cb:18:93:f8:aa:5a:3d:5b:e9:b4:
                    26:e7:30:9f:d4:61:3e:fd:b0:cb:09:45:47:c8:4c:
                    1c:0c:fb:59:44:d6:46:e8:d6:e6:61:f2:53:3d:b0:
                    f8:db:01:85:0f:02:04:67:5b:dd:a1:d3:28:23:3d:
                    09:a5:f6:bb:8d:73:d8:7b:7b:d8:c7:f2:a1:28:f0:
                    77:fa:9c:a6:b7:21:7e:b6:d4:78:10:e2:11:03:b0:
                    94:b2:cb:a1:e0:5f:8e:53:31:34:64:86:7f:01:05:
                    da:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:31:48:64:BD:CF:25:26:74:DB:E1:F3:FD:95:6F:99:9D:A8:D2:6A
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/YzFIZL3PJSZ02-Hz_ZVvmZ2o0mo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.81.117.0/24
                  194.79.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4f:a9:47:28:c9:f7:45:66:65:11:7e:fd:1f:3d:11:e0:32:a3:
         5a:73:6d:82:63:af:9e:0b:c7:8a:28:53:2a:ea:ef:92:87:b8:
         10:81:d0:ba:63:ac:2d:59:e0:7b:0d:c4:06:dc:46:f1:9e:ca:
         7b:7a:74:ed:92:75:13:fd:3c:b0:ad:d7:a1:15:8a:3e:5b:e7:
         ae:62:35:0d:91:a6:14:3f:30:29:cc:89:f2:41:c3:ad:7a:da:
         cc:50:cf:d2:c7:83:c7:e9:5f:ec:4b:a7:65:86:fd:f3:cb:ab:
         59:21:57:0a:e5:fa:96:fc:ec:4c:a7:88:b1:8e:80:59:ec:c2:
         e7:20:05:91:31:33:bf:a7:04:4b:db:2e:cc:a8:ae:e0:c5:2c:
         a8:6a:1f:99:a6:1c:a2:39:82:9c:de:77:3d:68:53:93:70:aa:
         85:cb:f8:74:22:21:3e:e5:41:c2:87:f9:76:79:ea:14:7d:2f:
         3a:eb:0f:67:66:f0:86:f7:92:e2:47:88:0f:2a:0e:0a:69:03:
         39:e4:2c:65:5b:a8:09:41:49:0b:27:a4:93:f2:e4:19:f7:d9:
         2f:b0:65:0b:27:ef:c4:33:c0:cc:0a:37:e0:61:51:ff:0d:7a:
         c4:2c:09:30:d7:ca:99:3d:99:82:4b:ff:7f:83:da:2d:4e:eb:
         4d:3f:3a:32
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgtxMBlyw7Ih4Moltfsr8S3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjUwNzIxMTYxNTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzMxNDg2NGJkY2YyNTI2NzRkYmUxZjNmZDk1NmY5OTlkYThkMjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2j/X0zxaok/a0N3NDhF13D6LY328
tWWzC5vs/38fxEzb7cvIflEbz7/tt/et81+IkAHRLZeJ2PKcmStRLCBpABR5G9Xn
NSLbNd/xPrp9QoMnxu0QMUpjGIYZHvnnswLzqSUf0zVqd5MtVBUCXrNjtgxZKAjX
LyHeida3cLmNwpmmz6hz0UV/ggZvzktih+CQDRT6A2mci9OfDcsYk/iqWj1b6bQm
5zCf1GE+/bDLCUVHyEwcDPtZRNZG6NbmYfJTPbD42wGFDwIEZ1vdodMoIz0Jpfa7
jXPYe3vYx/KhKPB3+pymtyF+ttR4EOIRA7CUssuh4F+OUzE0ZIZ/AQXa3wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGMxSGS9zyUmdNvh8/2Vb5mdqNJqMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvWXpGSVpMM1BKU1owMi1Iel9aVnZtWjJvMG1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX1F1AwQB
wk88MA0GCSqGSIb3DQEBCwUAA4IBAQBPqUcoyfdFZmURfv0fPRHgMqNac22CY6+e
C8eKKFMq6u+Sh7gQgdC6Y6wtWeB7DcQG3Ebxnsp7enTtknUT/TywrdehFYo+W+eu
YjUNkaYUPzApzInyQcOtetrMUM/Sx4PH6V/sS6dlhv3zy6tZIVcK5fqW/OxMp4ix
joBZ7MLnIAWRMTO/pwRL2y7MqK7gxSyoah+ZphyiOYKc3nc9aFOTcKqFy/h0IiE+
5UHCh/l2eeoUfS866w9nZvCG95LiR4gPKg4KaQM55CxlW6gJQUkLJ6ST8uQZ99kv
sGULJ+/EM8DMCjfgYVH/DXrELAkw18qZPZmCS/9/g9otTutNPzoy
-----END CERTIFICATE-----