Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/YXQhK1AMDPjd8JGTHP7t5ugYZ-s.roa
File:                     YXQhK1AMDPjd8JGTHP7t5ugYZ-s.roa (raw, json)
Hash identifier:          OZKoD/4lMPpkgP/mbWdxP/41Oh8sdTEy8ilBRXggyJ8=
Subject key identifier:   61:74:21:2B:50:0C:0C:F8:DD:F0:91:93:1C:FE:ED:E6:E8:18:67:EB
Certificate issuer:       /CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
Certificate serial:       0199285AD02875C123E60FBF6C5EC2B53D24
Authority key identifier: BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/YXQhK1AMDPjd8JGTHP7t5ugYZ-s.roa
Signing time:             Mon 08 Sep 2025 08:04:23 +0000
ROA not before:           Mon 08 Sep 2025 08:04:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     395793
IP address blocks:        209.131.65.0/24 maxlen: 24
                          209.131.66.0/24 maxlen: 24
                          209.131.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 13:49:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:28:5a:d0:28:75:c1:23:e6:0f:bf:6c:5e:c2:b5:3d:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
        Validity
            Not Before: Sep  8 08:04:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6174212b500c0cf8ddf091931cfeede6e81867eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:1a:99:93:25:75:de:d5:b3:41:79:5f:74:d8:
                    aa:c6:ae:50:a3:8f:2f:cf:05:84:08:af:a2:0a:b4:
                    5b:2b:cf:a5:ca:38:22:60:e2:ff:86:11:b5:02:e4:
                    83:15:a4:e4:cd:cc:a8:4d:6d:76:c0:d8:0a:fa:3c:
                    cf:9a:fc:5b:86:24:99:c6:29:49:e9:87:f7:af:f3:
                    dd:a0:cb:68:b5:80:5d:8a:69:2b:13:25:1d:50:81:
                    65:49:a4:1d:14:c6:95:55:8b:4a:0d:10:a4:1e:e9:
                    59:d2:5a:c2:54:f7:fe:78:a0:6b:72:c6:fb:35:ae:
                    83:a3:01:c4:6e:dd:b1:da:fd:30:0e:cb:5b:59:63:
                    58:14:fc:39:17:6b:4d:f3:a8:ac:ee:19:23:bd:53:
                    c4:40:55:83:41:a3:b4:0b:9d:c5:97:5d:60:88:0e:
                    ba:fa:42:6c:33:02:75:cd:44:9e:f3:88:18:56:3e:
                    b3:8b:4c:9b:f4:9e:bb:30:b6:ce:dd:84:99:3b:ac:
                    0e:a2:e9:f1:4a:55:90:9f:bc:e0:f8:cf:e6:e5:49:
                    e8:3d:f6:97:9c:73:e2:a1:2b:36:55:04:44:9b:9c:
                    06:83:95:96:86:36:00:f2:28:46:72:8f:72:17:f6:
                    52:b0:fd:f5:bf:c7:ff:24:94:20:73:6b:10:d9:de:
                    b7:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:74:21:2B:50:0C:0C:F8:DD:F0:91:93:1C:FE:ED:E6:E8:18:67:EB
            X509v3 Authority Key Identifier:
                keyid:BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/YXQhK1AMDPjd8JGTHP7t5ugYZ-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.131.65.0-209.131.66.255
                  209.131.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:2c:81:11:95:39:12:1c:89:2b:cc:38:d0:19:2f:ac:70:7c:
         5a:f8:62:3f:01:a3:8c:eb:6e:78:d5:24:1b:1c:16:0d:7a:ed:
         9e:12:d1:ac:23:95:db:8e:e0:a5:a7:ff:14:62:88:a3:ff:1b:
         3e:28:bc:e1:14:3b:8b:4f:c4:a7:45:b0:54:39:24:ff:a2:46:
         01:02:22:36:a3:9d:1d:0b:2b:a4:2d:5e:84:97:89:e9:a8:a3:
         da:b9:56:c5:64:28:eb:f5:90:53:81:88:f9:66:a6:78:fa:05:
         d8:c0:2d:0c:83:fe:6e:7b:8a:da:23:71:9b:6f:b0:cb:9b:4d:
         32:9d:7d:a6:6c:fd:10:1b:cf:00:ce:64:35:32:12:36:84:be:
         62:66:1e:68:05:f7:cb:6a:25:8d:66:b0:4d:4e:f4:ea:66:e3:
         0b:7d:ed:04:fd:bb:6b:e7:9b:8f:d3:80:8f:c6:3d:49:8b:f9:
         94:cc:a3:19:d5:2a:cb:7d:6f:df:91:ef:59:03:43:ee:1c:28:
         ca:4a:37:34:9a:df:04:e4:85:cd:7b:57:51:a5:c7:5b:ba:1e:
         6f:e1:31:bb:d7:5f:0a:e3:09:16:32:6e:ef:ef:4a:a4:b5:38:
         a8:47:15:1b:fd:7f:37:c0:9f:61:8f:68:32:b4:23:96:96:73:
         fb:89:71:87
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZkoWtAodcEj5g+/bF7CtT0kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNjdiZmY3YmFkMWViODM4NGI1ODVkZjdiZWYxMjA2Zjdm
MTlmN2UwHhcNMjUwOTA4MDgwNDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTc0MjEyYjUwMGMwY2Y4ZGRmMDkxOTMxY2ZlZWRlNmU4MTg2N2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohqZkyV13tWzQXlfdNiqxq5Qo48v
zwWECK+iCrRbK8+lyjgiYOL/hhG1AuSDFaTkzcyoTW12wNgK+jzPmvxbhiSZxilJ
6Yf3r/PdoMtotYBdimkrEyUdUIFlSaQdFMaVVYtKDRCkHulZ0lrCVPf+eKBrcsb7
Na6DowHEbt2x2v0wDstbWWNYFPw5F2tN86is7hkjvVPEQFWDQaO0C53Fl11giA66
+kJsMwJ1zUSe84gYVj6zi0yb9J67MLbO3YSZO6wOounxSlWQn7zg+M/m5UnoPfaX
nHPioSs2VQREm5wGg5WWhjYA8ihGco9yF/ZSsP31v8f/JJQgc2sQ2d63mQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGF0IStQDAz43fCRkxz+7eboGGfrMB8GA1UdIwQY
MBaAFLpnv/e60euDhLWF33vvEgb38Z9+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYt
ZGE0NTM4MDIyYWM3LzEvWVhRaEsxQU1EUGpkOEpHVEhQN3Q1dWdZWi1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYtZGE0NTM4MDIyYWM3
LzEvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBADRg0ED
BADRg0IDBADRg0QwDQYJKoZIhvcNAQELBQADggEBADgsgRGVORIciSvMONAZL6xw
fFr4Yj8Bo4zrbnjVJBscFg167Z4S0awjlduO4KWn/xRiiKP/Gz4ovOEUO4tPxKdF
sFQ5JP+iRgECIjajnR0LK6QtXoSXiemoo9q5VsVkKOv1kFOBiPlmpnj6BdjALQyD
/m57itojcZtvsMubTTKdfaZs/RAbzwDOZDUyEjaEvmJmHmgF98tqJY1msE1O9Opm
4wt97QT9u2vnm4/TgI/GPUmL+ZTMoxnVKst9b9+R71kDQ+4cKMpKNzSa3wTkhc17
V1Glx1u6Hm/hMbvXXwrjCRYybu/vSqS1OKhHFRv9fzfAn2GPaDK0I5aWc/uJcYc=
-----END CERTIFICATE-----