Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/672fdd-cc7c-4449-9f55-023995906c46/1/iK-6vM3UN-0JPyozDLdhLjJ5znw.roa
File:                     iK-6vM3UN-0JPyozDLdhLjJ5znw.roa (raw, json)
Hash identifier:          LEDGjWpooiw+DnQIpdRJAz1t/vP9dQU00MHsp9zo7Ow=
Subject key identifier:   88:AF:BA:BC:CD:D4:37:ED:09:3F:2A:33:0C:B7:61:2E:32:79:CE:7C
Certificate issuer:       /CN=60bff94704e4a475374e170cbe17365fa89fe07b
Certificate serial:       01990AD8FB39F571CE1BAF2DFD41FF8CF46B
Authority key identifier: 60:BF:F9:47:04:E4:A4:75:37:4E:17:0C:BE:17:36:5F:A8:9F:E0:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YL_5RwTkpHU3ThcMvhc2X6if4Hs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/672fdd-cc7c-4449-9f55-023995906c46/1/iK-6vM3UN-0JPyozDLdhLjJ5znw.roa
Signing time:             Tue 02 Sep 2025 14:33:36 +0000
ROA not before:           Tue 02 Sep 2025 14:33:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210423
IP address blocks:        79.108.232.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/672fdd-cc7c-4449-9f55-023995906c46/1/YL_5RwTkpHU3ThcMvhc2X6if4Hs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/672fdd-cc7c-4449-9f55-023995906c46/1/YL_5RwTkpHU3ThcMvhc2X6if4Hs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YL_5RwTkpHU3ThcMvhc2X6if4Hs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0a:d8:fb:39:f5:71:ce:1b:af:2d:fd:41:ff:8c:f4:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60bff94704e4a475374e170cbe17365fa89fe07b
        Validity
            Not Before: Sep  2 14:33:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88afbabccdd437ed093f2a330cb7612e3279ce7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:67:f7:77:6c:0d:22:03:fe:88:8a:0d:2f:bc:
                    93:e0:ad:cc:b9:a9:fe:c3:80:04:3e:bd:58:ab:d0:
                    3d:dd:71:00:4f:e5:e7:cb:91:ff:06:bd:fa:3d:51:
                    71:99:49:a0:64:a5:cc:71:d8:2d:87:fa:22:0b:a3:
                    dc:55:8b:9d:18:96:d1:0f:79:44:2c:d7:d6:e9:fa:
                    34:23:88:a7:61:a8:25:c8:b3:f5:80:56:43:58:c7:
                    19:2b:1b:f6:86:86:91:6a:e0:1f:17:4f:70:8c:54:
                    63:9a:66:54:ce:ad:38:05:c5:a3:4d:17:84:f9:5c:
                    ac:ed:40:90:8d:c8:2d:84:12:65:24:65:44:d2:0a:
                    9b:7c:4c:fd:b6:66:66:ac:37:ba:a5:da:66:3a:31:
                    01:5b:80:4f:87:b3:01:c0:4e:a0:37:d2:a5:cd:b1:
                    4a:5d:a7:39:cb:08:e2:d1:fe:5e:73:ce:75:78:e4:
                    8c:cc:46:15:fd:e6:ba:30:75:3a:a8:06:36:f3:4f:
                    90:9e:9e:df:3f:42:f4:7d:71:4a:cb:82:d9:ee:b5:
                    ae:1a:f9:c6:5b:1d:fa:14:9c:b7:dc:81:ab:b4:92:
                    79:5a:8c:57:4f:fd:b5:17:b1:3a:85:5d:01:ec:c3:
                    67:45:51:cf:4a:90:8e:63:36:93:f9:d9:71:da:cc:
                    d7:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:AF:BA:BC:CD:D4:37:ED:09:3F:2A:33:0C:B7:61:2E:32:79:CE:7C
            X509v3 Authority Key Identifier:
                keyid:60:BF:F9:47:04:E4:A4:75:37:4E:17:0C:BE:17:36:5F:A8:9F:E0:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YL_5RwTkpHU3ThcMvhc2X6if4Hs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/672fdd-cc7c-4449-9f55-023995906c46/1/iK-6vM3UN-0JPyozDLdhLjJ5znw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/672fdd-cc7c-4449-9f55-023995906c46/1/YL_5RwTkpHU3ThcMvhc2X6if4Hs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.108.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         ac:27:ed:14:f0:d8:f2:d5:3e:fd:28:dc:9c:b4:57:01:71:0f:
         dc:67:ac:d8:2a:09:9b:70:32:90:5a:ec:bd:02:dd:af:0b:24:
         0e:49:78:1b:15:ca:5e:4e:4a:0b:92:06:72:6d:d0:83:bd:44:
         6c:b5:3e:da:ba:5c:fd:49:99:ce:0a:a8:5b:47:0f:d8:dc:84:
         20:38:00:86:a7:cd:04:5c:f6:f1:6f:11:55:fa:d2:2f:3e:64:
         7e:c6:f9:4b:0d:14:c4:b4:b3:9c:eb:f1:a6:75:a8:68:6b:0f:
         b0:5b:97:76:54:30:c3:7e:7b:8f:44:40:06:3c:ad:50:d0:09:
         e9:47:7b:c4:23:cc:ba:4b:96:17:e0:01:36:ef:e3:bb:3b:fc:
         e4:95:fd:e6:b9:a9:9b:0e:2e:73:1d:93:44:26:41:47:39:3a:
         05:7f:44:8c:6f:b6:0a:6c:b4:ba:a8:a1:1a:95:3d:fb:24:a3:
         84:f3:9e:58:2c:da:5a:5d:b4:63:b8:a1:73:e8:d5:99:fe:f0:
         68:df:db:a6:c5:0e:01:52:3f:c2:ce:7a:30:55:20:d3:cc:7b:
         50:42:f2:5a:d8:99:4b:36:a2:cc:e4:a0:af:da:6e:8e:9c:a1:
         cb:74:6d:44:28:52:b0:c8:a5:bb:d0:cf:fb:89:f8:e3:64:3e:
         d5:4e:8c:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkK2Ps59XHOG68t/UH/jPRrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYmZmOTQ3MDRlNGE0NzUzNzRlMTcwY2JlMTczNjVmYTg5
ZmUwN2IwHhcNMjUwOTAyMTQzMzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGFmYmFiY2NkZDQzN2VkMDkzZjJhMzMwY2I3NjEyZTMyNzljZTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWf3d2wNIgP+iIoNL7yT4K3Muan+
w4AEPr1Yq9A93XEAT+Xny5H/Br36PVFxmUmgZKXMcdgth/oiC6PcVYudGJbRD3lE
LNfW6fo0I4inYaglyLP1gFZDWMcZKxv2hoaRauAfF09wjFRjmmZUzq04BcWjTReE
+Vys7UCQjcgthBJlJGVE0gqbfEz9tmZmrDe6pdpmOjEBW4BPh7MBwE6gN9KlzbFK
Xac5ywji0f5ec851eOSMzEYV/ea6MHU6qAY280+Qnp7fP0L0fXFKy4LZ7rWuGvnG
Wx36FJy33IGrtJJ5WoxXT/21F7E6hV0B7MNnRVHPSpCOYzaT+dlx2szXGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIivurzN1DftCT8qMwy3YS4yec58MB8GA1UdIwQY
MBaAFGC/+UcE5KR1N04XDL4XNl+on+B7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUxfNVJ3VGtwSFUzVGhjTXZoYzJYNmlmNEhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NzJmZGQtY2M3Yy00NDQ5LTlmNTUt
MDIzOTk1OTA2YzQ2LzEvaUstNnZNM1VOLTBKUHlvekRMZGhMako1em53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NzJmZGQtY2M3Yy00NDQ5LTlmNTUtMDIzOTk1OTA2YzQ2
LzEvWUxfNVJ3VGtwSFUzVGhjTXZoYzJYNmlmNEhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDT2zoMA0G
CSqGSIb3DQEBCwUAA4IBAQCsJ+0U8Njy1T79KNyctFcBcQ/cZ6zYKgmbcDKQWuy9
At2vCyQOSXgbFcpeTkoLkgZybdCDvURstT7aulz9SZnOCqhbRw/Y3IQgOACGp80E
XPbxbxFV+tIvPmR+xvlLDRTEtLOc6/Gmdahoaw+wW5d2VDDDfnuPREAGPK1Q0Anp
R3vEI8y6S5YX4AE27+O7O/zklf3muambDi5zHZNEJkFHOToFf0SMb7YKbLS6qKEa
lT37JKOE855YLNpaXbRjuKFz6NWZ/vBo39umxQ4BUj/CznowVSDTzHtQQvJa2JlL
NqLM5KCv2m6OnKHLdG1EKFKwyKW70M/7ifjjZD7VToyW
-----END CERTIFICATE-----