Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/YGJNRtKr0EJyhpk6885-UbyjmLk.roa
File:                     YGJNRtKr0EJyhpk6885-UbyjmLk.roa (raw, json)
Hash identifier:          6LTfeKJG/E+fxok5TDDaTnxGJEUFZJJ6kx9mLWwYtZE=
Subject key identifier:   60:62:4D:46:D2:AB:D0:42:72:86:99:3A:F3:CE:7E:51:BC:A3:98:B9
Certificate issuer:       /CN=05d4d49da3e14855a7b883603ff148c1bb21f690
Certificate serial:       019A07E473CDC6FF0C13CD5BF0CF0BAC7A17
Authority key identifier: 05:D4:D4:9D:A3:E1:48:55:A7:B8:83:60:3F:F1:48:C1:BB:21:F6:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BdTUnaPhSFWnuINgP_FIwbsh9pA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/YGJNRtKr0EJyhpk6885-UbyjmLk.roa
Signing time:             Tue 21 Oct 2025 17:50:03 +0000
ROA not before:           Tue 21 Oct 2025 17:50:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215330
IP address blocks:        2a0e:5cc0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/BdTUnaPhSFWnuINgP_FIwbsh9pA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/BdTUnaPhSFWnuINgP_FIwbsh9pA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BdTUnaPhSFWnuINgP_FIwbsh9pA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 Oct 2025 20:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:07:e4:73:cd:c6:ff:0c:13:cd:5b:f0:cf:0b:ac:7a:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05d4d49da3e14855a7b883603ff148c1bb21f690
        Validity
            Not Before: Oct 21 17:50:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=60624d46d2abd0427286993af3ce7e51bca398b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:58:d1:4c:8c:68:1c:77:43:49:4b:06:f1:ab:
                    9f:dc:2e:53:c2:15:0a:dd:cf:d8:30:7c:3b:04:c2:
                    45:0f:f9:a8:77:fe:f3:56:2c:1e:54:61:83:b9:2c:
                    39:7e:d9:80:f5:36:91:cb:23:48:f7:7e:18:5e:a1:
                    c1:bc:5d:7b:89:9d:cd:a1:a0:44:da:fc:71:01:c4:
                    2f:d6:1f:cf:5b:0b:88:05:f8:0e:e3:ee:fd:07:1c:
                    f9:a7:67:8c:10:0b:ea:69:4c:f5:17:09:09:fe:8b:
                    d0:b6:83:f8:e6:7f:72:40:5b:e8:56:ec:32:82:ea:
                    4e:45:31:6c:a1:5b:c8:ba:f9:da:a5:94:00:cb:17:
                    63:44:66:e0:eb:2e:ba:ec:e4:1a:76:1d:df:eb:4a:
                    63:2c:db:d8:43:1e:e8:c4:8d:3b:28:45:e4:c2:41:
                    e6:f7:de:6d:5e:09:ff:9b:b4:1b:70:3b:1b:0e:30:
                    3a:54:ff:b3:e6:a9:0e:3a:a2:e6:10:50:aa:c3:b1:
                    f3:ff:42:e9:8f:17:62:10:3a:23:36:ee:c3:cd:6f:
                    c6:01:b2:bd:f2:9e:69:4e:02:eb:83:36:49:3d:e2:
                    5c:a6:5b:6f:43:e4:69:ae:ac:fd:b5:d3:5a:6c:ce:
                    e0:61:a6:85:d9:91:64:aa:3b:9e:a6:79:56:2c:37:
                    e6:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:62:4D:46:D2:AB:D0:42:72:86:99:3A:F3:CE:7E:51:BC:A3:98:B9
            X509v3 Authority Key Identifier:
                keyid:05:D4:D4:9D:A3:E1:48:55:A7:B8:83:60:3F:F1:48:C1:BB:21:F6:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BdTUnaPhSFWnuINgP_FIwbsh9pA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/YGJNRtKr0EJyhpk6885-UbyjmLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/BdTUnaPhSFWnuINgP_FIwbsh9pA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:5cc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:13:20:3a:fd:19:1e:8f:9e:92:d4:bf:14:f8:f6:92:b1:fd:
         f7:cb:a4:2d:1e:01:62:24:b8:eb:82:ca:18:9d:38:36:bf:e1:
         5b:6b:75:7e:ea:a7:cc:80:6e:77:bb:41:23:b3:ef:f1:f5:bd:
         22:34:31:54:7a:3e:33:6c:4a:a3:1e:9b:d6:99:11:ff:68:7b:
         23:19:a1:65:21:36:9e:a1:89:6c:1e:05:ad:d5:a2:0a:69:71:
         0f:67:5b:2f:49:d6:ad:b2:94:d2:09:5d:10:3c:51:69:2b:b1:
         3b:3f:b2:e0:c3:e4:86:e5:26:b0:9c:aa:a1:2e:db:81:d9:33:
         89:77:f7:16:cc:99:b3:17:75:f4:5c:af:08:53:a6:45:84:89:
         27:64:90:a1:c3:73:b3:30:08:91:07:17:34:99:d0:fa:be:fc:
         34:14:56:93:29:a9:1a:93:69:d5:13:12:5c:be:a5:c8:27:23:
         4d:73:78:e4:c4:a6:29:57:4d:21:6c:41:87:dd:e5:ce:d8:b7:
         a9:eb:11:2d:99:6b:e4:d1:8e:f6:1d:d6:c0:96:3d:24:3c:02:
         50:02:ac:5c:c2:7d:b2:d3:ca:8e:ce:ad:37:64:55:37:a4:41:
         ff:a3:d9:91:68:36:ea:65:f3:ca:24:fc:ea:83:ff:e8:25:33:
         b0:43:1f:e8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZoH5HPNxv8ME81b8M8LrHoXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZDRkNDlkYTNlMTQ4NTVhN2I4ODM2MDNmZjE0OGMxYmIy
MWY2OTAwHhcNMjUxMDIxMTc1MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDYyNGQ0NmQyYWJkMDQyNzI4Njk5M2FmM2NlN2U1MWJjYTM5OGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFjRTIxoHHdDSUsG8auf3C5TwhUK
3c/YMHw7BMJFD/mod/7zViweVGGDuSw5ftmA9TaRyyNI934YXqHBvF17iZ3NoaBE
2vxxAcQv1h/PWwuIBfgO4+79Bxz5p2eMEAvqaUz1FwkJ/ovQtoP45n9yQFvoVuwy
gupORTFsoVvIuvnapZQAyxdjRGbg6y667OQadh3f60pjLNvYQx7oxI07KEXkwkHm
995tXgn/m7QbcDsbDjA6VP+z5qkOOqLmEFCqw7Hz/0LpjxdiEDojNu7DzW/GAbK9
8p5pTgLrgzZJPeJcpltvQ+Rprqz9tdNabM7gYaaF2ZFkqjuepnlWLDfmjwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGBiTUbSq9BCcoaZOvPOflG8o5i5MB8GA1UdIwQY
MBaAFAXU1J2j4UhVp7iDYD/xSMG7IfaQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmRUVW5hUGhTRldudUlOZ1BfRkl3YnNoOXBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC8xYTNmOTEtMTViYy00ZWI4LTk3ZGQt
NThmMWNiZjNjYWMzLzEvWUdKTlJ0S3IwRUp5aHBrNjg4NS1VYnlqbUxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC8xYTNmOTEtMTViYy00ZWI4LTk3ZGQtNThmMWNiZjNjYWMz
LzEvQmRUVW5hUGhTRldudUlOZ1BfRkl3YnNoOXBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg5cwDAN
BgkqhkiG9w0BAQsFAAOCAQEAQBMgOv0ZHo+ektS/FPj2krH998ukLR4BYiS464LK
GJ04Nr/hW2t1fuqnzIBud7tBI7Pv8fW9IjQxVHo+M2xKox6b1pkR/2h7IxmhZSE2
nqGJbB4FrdWiCmlxD2dbL0nWrbKU0gldEDxRaSuxOz+y4MPkhuUmsJyqoS7bgdkz
iXf3FsyZsxd19FyvCFOmRYSJJ2SQocNzszAIkQcXNJnQ+r78NBRWkympGpNp1RMS
XL6lyCcjTXN45MSmKVdNIWxBh93lzti3qesRLZlr5NGO9h3WwJY9JDwCUAKsXMJ9
stPKjs6tN2RVN6RB/6PZkWg26mXzyiT86oP/6CUzsEMf6A==
-----END CERTIFICATE-----