Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/YaOOJKipTyIBbM4qEXiHrQP0U6I.roa
File:                     YaOOJKipTyIBbM4qEXiHrQP0U6I.roa (raw, json)
Hash identifier:          P6xkjZGBPMqn6JqsiXNk8vUeROoYT1I2lFLCd+RGl44=
Subject key identifier:   61:A3:8E:24:A8:A9:4F:22:01:6C:CE:2A:11:78:87:AD:03:F4:53:A2
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       0198F6E0ADD1B6C47F4ADFCABB7FB7C65BF4
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/YaOOJKipTyIBbM4qEXiHrQP0U6I.roa
Signing time:             Fri 29 Aug 2025 17:29:36 +0000
ROA not before:           Fri 29 Aug 2025 17:29:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216155
IP address blocks:        5.178.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 11:14:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f6:e0:ad:d1:b6:c4:7f:4a:df:ca:bb:7f:b7:c6:5b:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Aug 29 17:29:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61a38e24a8a94f22016cce2a117887ad03f453a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:a3:57:38:f0:f8:fb:f3:de:c2:d9:dd:db:98:
                    92:93:0e:c5:41:fa:70:cb:83:a3:22:09:8b:29:b6:
                    a1:d9:db:69:c4:21:63:69:88:b0:fe:04:a4:b7:15:
                    d7:a8:47:9c:fb:df:07:45:16:14:6f:e7:db:92:95:
                    fe:b6:40:ec:53:5f:8a:0c:58:68:a7:f9:22:e6:77:
                    92:b2:58:fb:2f:c7:3f:6d:fb:26:76:d4:c5:4a:38:
                    09:82:67:f5:a2:92:f4:52:c3:25:03:ed:c0:f9:0d:
                    4e:14:6b:a9:fc:47:90:2e:22:82:4d:d3:62:3e:2f:
                    4e:15:f9:d3:32:37:6d:a8:83:dd:73:f1:1f:ac:da:
                    16:1a:ba:88:f7:3a:3d:2e:d0:25:47:bc:18:21:1a:
                    58:90:86:52:2a:69:7a:a0:a6:d3:15:b6:73:3f:e5:
                    8a:0f:fc:58:ba:a9:fc:4b:3c:0d:bb:6c:c9:ae:23:
                    fc:b0:9a:3e:f9:23:d0:27:04:56:0a:a4:4f:b0:c0:
                    23:2a:82:0d:43:b4:4e:c0:a4:f3:aa:92:41:07:ef:
                    7f:bc:2b:b7:c0:f3:0e:81:c5:7c:c0:2c:c4:db:9f:
                    1c:5c:7f:e8:8a:41:31:07:86:10:0b:d7:a6:30:3c:
                    ec:fe:3c:b9:a1:e8:82:1a:09:b1:4b:a4:58:76:c1:
                    01:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:A3:8E:24:A8:A9:4F:22:01:6C:CE:2A:11:78:87:AD:03:F4:53:A2
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/YaOOJKipTyIBbM4qEXiHrQP0U6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e3:9c:ae:21:ca:75:32:1b:a6:ab:4c:b5:88:41:fa:7d:2a:b2:
         37:39:62:e7:dc:2c:32:2a:8f:6f:98:24:08:8d:f9:d1:09:03:
         aa:fd:53:7e:6d:f3:f0:5c:a8:7b:f3:e3:b2:26:76:ac:bf:84:
         2d:e6:06:5e:1c:a7:89:77:e3:e9:b9:89:65:46:7e:76:13:3f:
         29:03:6a:1e:60:03:a1:f1:61:c1:a6:27:9a:77:6d:34:f7:8b:
         fd:3b:37:b5:6e:2e:1c:9e:15:72:4f:85:6a:1d:dc:40:43:5c:
         6b:0d:89:fb:45:97:60:33:49:ef:8d:61:ad:76:71:10:07:82:
         71:55:f6:fd:0b:08:8d:bb:63:af:d5:2f:2b:ac:da:a4:72:16:
         bb:60:67:73:54:99:ec:85:86:b4:82:86:c8:00:8c:b0:7c:ef:
         a6:24:07:ee:88:99:94:35:1a:e1:a0:58:60:6a:4a:aa:f7:80:
         c9:c6:13:c6:94:fa:30:b0:0b:0e:a7:61:90:09:69:41:b8:49:
         39:cc:a4:b0:e6:f0:e9:a4:40:41:7d:35:0f:d4:6b:25:d0:7d:
         cb:9c:1c:70:eb:02:aa:e3:c0:97:eb:0d:75:35:73:32:57:ff:
         81:30:b7:a0:d7:a3:8c:b0:86:a3:83:fb:26:78:8c:bb:51:3b:
         ca:9e:8e:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZj24K3RtsR/St/Ku3+3xlv0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjUwODI5MTcyOTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWEzOGUyNGE4YTk0ZjIyMDE2Y2NlMmExMTc4ODdhZDAzZjQ1M2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKNXOPD4+/Pewtnd25iSkw7FQfpw
y4OjIgmLKbah2dtpxCFjaYiw/gSktxXXqEec+98HRRYUb+fbkpX+tkDsU1+KDFho
p/ki5neSslj7L8c/bfsmdtTFSjgJgmf1opL0UsMlA+3A+Q1OFGup/EeQLiKCTdNi
Pi9OFfnTMjdtqIPdc/EfrNoWGrqI9zo9LtAlR7wYIRpYkIZSKml6oKbTFbZzP+WK
D/xYuqn8SzwNu2zJriP8sJo++SPQJwRWCqRPsMAjKoINQ7ROwKTzqpJBB+9/vCu3
wPMOgcV8wCzE258cXH/oikExB4YQC9emMDzs/jy5oeiCGgmxS6RYdsEBJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGGjjiSoqU8iAWzOKhF4h60D9FOiMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvWWFPT0pLaXBUeUlCYk00cUVYaUhyUVAwVTZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbJrMA0G
CSqGSIb3DQEBCwUAA4IBAQDjnK4hynUyG6arTLWIQfp9KrI3OWLn3CwyKo9vmCQI
jfnRCQOq/VN+bfPwXKh78+OyJnasv4Qt5gZeHKeJd+PpuYllRn52Ez8pA2oeYAOh
8WHBpiead20094v9Oze1bi4cnhVyT4VqHdxAQ1xrDYn7RZdgM0nvjWGtdnEQB4Jx
Vfb9CwiNu2Ov1S8rrNqkcha7YGdzVJnshYa0gobIAIywfO+mJAfuiJmUNRrhoFhg
akqq94DJxhPGlPowsAsOp2GQCWlBuEk5zKSw5vDppEBBfTUP1Gsl0H3LnBxw6wKq
48CX6w11NXMyV/+BMLeg16OMsIajg/smeIy7UTvKno4C
-----END CERTIFICATE-----