Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/YfXFpvD08P-jo1V0v9xbsQoM8PE.roa
File:                     YfXFpvD08P-jo1V0v9xbsQoM8PE.roa (raw, json)
Hash identifier:          2d4+f/FuqEZolYnApjw7KnX9/aPvtugVfho33/J9k9U=
Subject key identifier:   61:F5:C5:A6:F0:F4:F0:FF:A3:A3:55:74:BF:DC:5B:B1:0A:0C:F0:F1
Certificate issuer:       /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial:       019A57FE6C7376F36EEA6E1BED8980A1A878
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/YfXFpvD08P-jo1V0v9xbsQoM8PE.roa
Signing time:             Thu 06 Nov 2025 07:08:02 +0000
ROA not before:           Thu 06 Nov 2025 07:08:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214967
IP address blocks:        94.74.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Nov 2025 14:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:57:fe:6c:73:76:f3:6e:ea:6e:1b:ed:89:80:a1:a8:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
        Validity
            Not Before: Nov  6 07:08:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61f5c5a6f0f4f0ffa3a35574bfdc5bb10a0cf0f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:75:9a:3b:d2:45:5e:ca:a0:07:39:96:eb:17:
                    24:90:a3:ad:96:5e:f5:5f:d6:61:87:04:f7:55:ab:
                    5e:0b:10:ed:b9:5d:d6:5f:65:42:9a:a7:ee:9b:e2:
                    a5:25:7e:f1:e8:d4:17:70:96:48:5a:41:c7:ee:ed:
                    85:15:e2:05:00:9c:a5:af:d7:82:1b:9d:58:1c:34:
                    c0:3d:35:7d:ae:86:98:d7:f3:29:78:f3:2c:c5:c7:
                    cd:0e:7a:77:54:5f:d3:7e:c2:6b:50:39:13:44:64:
                    64:90:ee:6c:63:d3:e2:cb:9d:be:47:a1:08:88:bd:
                    3c:13:81:f1:83:cc:be:86:4d:30:0a:8b:fe:1c:25:
                    96:35:b8:a2:ae:17:96:f1:5f:f2:83:07:a3:cd:36:
                    3a:95:87:2d:eb:ae:96:41:30:b9:76:3a:63:63:73:
                    53:6d:ca:be:7e:ab:0b:a1:4e:f5:0e:e2:df:df:83:
                    2f:af:51:ee:c9:cf:aa:3c:6a:1a:27:5f:20:5f:aa:
                    5a:94:a7:11:07:48:e3:db:ba:b9:9a:db:17:d8:e6:
                    59:5e:17:50:b3:41:33:d2:aa:ed:aa:44:89:6e:cb:
                    43:1d:d7:74:94:c6:ab:89:7f:2a:42:50:cd:06:69:
                    ab:12:5c:72:72:75:a7:8d:0f:67:28:32:bc:9f:f1:
                    8d:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:F5:C5:A6:F0:F4:F0:FF:A3:A3:55:74:BF:DC:5B:B1:0A:0C:F0:F1
            X509v3 Authority Key Identifier:
                keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/YfXFpvD08P-jo1V0v9xbsQoM8PE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.74.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:38:94:87:84:db:7b:6b:13:c0:04:72:66:2b:e4:1b:be:b4:
         1a:0f:5f:78:74:ee:bb:81:2e:5e:bf:93:af:fa:de:e1:6a:c1:
         34:45:7a:4b:45:12:a4:df:87:da:6f:7b:c8:da:17:fe:8e:a2:
         3c:01:0d:1b:35:90:e5:9e:ab:d8:ef:8c:0f:a6:1f:5a:12:0a:
         4b:c0:12:81:de:5c:cf:3e:8e:46:5e:f6:67:49:31:e1:19:9c:
         7a:b5:df:c7:b9:95:ad:06:fe:2d:0d:7d:c5:b0:61:1b:5a:09:
         60:9c:f3:40:e7:f6:c2:2e:90:d9:f4:61:db:76:26:b1:37:36:
         6e:de:7c:39:b4:e0:88:8e:c7:7c:9d:6b:b8:7a:aa:21:9b:3d:
         11:1f:26:83:89:bf:81:66:a3:d5:45:87:8f:af:21:d3:fe:a3:
         37:78:51:9a:0c:93:b2:d9:f9:54:3a:b6:2b:8d:73:bc:83:c5:
         eb:5b:74:e0:1a:dd:d5:7d:51:16:10:d4:9f:e6:c4:f0:a8:57:
         09:09:7d:2a:35:52:bb:22:93:0c:42:be:9f:47:90:15:31:0b:
         cc:68:bf:e5:8d:bc:1f:2f:83:8e:c6:43:4d:11:8f:2c:1e:b8:
         8c:58:58:09:38:51:f3:94:80:91:3e:7e:88:ef:c2:a9:d8:f7:
         6f:84:31:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpX/mxzdvNu6m4b7YmAoah4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjUxMTA2MDcwODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWY1YzVhNmYwZjRmMGZmYTNhMzU1NzRiZmRjNWJiMTBhMGNmMGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnnWaO9JFXsqgBzmW6xckkKOtll71
X9ZhhwT3VateCxDtuV3WX2VCmqfum+KlJX7x6NQXcJZIWkHH7u2FFeIFAJylr9eC
G51YHDTAPTV9roaY1/MpePMsxcfNDnp3VF/TfsJrUDkTRGRkkO5sY9Piy52+R6EI
iL08E4Hxg8y+hk0wCov+HCWWNbiirheW8V/ygwejzTY6lYct666WQTC5djpjY3NT
bcq+fqsLoU71DuLf34Mvr1Huyc+qPGoaJ18gX6palKcRB0jj27q5mtsX2OZZXhdQ
s0Ez0qrtqkSJbstDHdd0lMariX8qQlDNBmmrElxycnWnjQ9nKDK8n/GNnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGH1xabw9PD/o6NVdL/cW7EKDPDxMB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvWWZYRnB2RDA4UC1qbzFWMHY5eGJzUW9NOFBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXkq/MA0G
CSqGSIb3DQEBCwUAA4IBAQASOJSHhNt7axPABHJmK+QbvrQaD194dO67gS5ev5Ov
+t7hasE0RXpLRRKk34fab3vI2hf+jqI8AQ0bNZDlnqvY74wPph9aEgpLwBKB3lzP
Po5GXvZnSTHhGZx6td/HuZWtBv4tDX3FsGEbWglgnPNA5/bCLpDZ9GHbdiaxNzZu
3nw5tOCIjsd8nWu4eqohmz0RHyaDib+BZqPVRYePryHT/qM3eFGaDJOy2flUOrYr
jXO8g8XrW3TgGt3VfVEWENSf5sTwqFcJCX0qNVK7IpMMQr6fR5AVMQvMaL/ljbwf
L4OOxkNNEY8sHriMWFgJOFHzlICRPn6I78Kp2PdvhDEu
-----END CERTIFICATE-----