Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/YyGmcNxSsfAc6ESJSWyPtzmo84U.roa
File:                     YyGmcNxSsfAc6ESJSWyPtzmo84U.roa (raw, json)
Hash identifier:          uJG6rvHa5wlbj7BfPtW7Y5LUy1KLvK9ujurjeTd5NXM=
Subject key identifier:   63:21:A6:70:DC:52:B1:F0:1C:E8:44:89:49:6C:8F:B7:39:A8:F3:85
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       019A068FE099F5F15209B7A11EECAE55491B
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/YyGmcNxSsfAc6ESJSWyPtzmo84U.roa
Signing time:             Tue 21 Oct 2025 11:38:03 +0000
ROA not before:           Tue 21 Oct 2025 11:38:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59762
IP address blocks:        93.170.97.0/24 maxlen: 24
                          93.170.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:06:8f:e0:99:f5:f1:52:09:b7:a1:1e:ec:ae:55:49:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Oct 21 11:38:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6321a670dc52b1f01ce84489496c8fb739a8f385
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:36:00:37:f1:8e:58:e2:74:38:82:75:d7:66:
                    e8:ca:dd:86:22:33:60:40:08:6c:e8:51:4e:26:e9:
                    5b:d1:c1:f0:49:a0:62:df:8b:af:ba:81:21:71:b8:
                    03:19:c2:a1:df:22:f0:60:f8:ca:eb:69:ff:60:52:
                    1e:a3:66:78:e8:87:b3:28:c2:25:66:80:d7:80:dd:
                    4c:01:dc:d3:ce:4e:11:1e:2d:1c:5b:2a:17:a4:2d:
                    bd:cd:33:54:5a:4f:ba:3d:ec:9b:6e:91:60:33:c9:
                    14:ab:37:bc:6c:44:1a:2f:11:76:8c:2f:75:50:ef:
                    f9:09:71:8b:09:67:61:ad:25:23:ef:38:dc:4a:34:
                    af:96:9e:13:49:1a:c0:09:43:26:d1:45:fe:eb:66:
                    56:6a:fa:cf:cf:51:c4:5e:9b:00:82:22:fa:fe:2e:
                    a1:2a:83:55:59:8a:f6:fb:ab:97:1f:fe:2d:cd:31:
                    d5:97:9f:9a:ca:2a:17:a1:05:5b:ae:15:10:85:0f:
                    6e:49:d8:f4:8c:df:8b:b1:15:39:9a:52:c4:bd:0f:
                    40:5b:64:43:6f:a9:95:cf:f8:49:c7:b8:b0:f3:9f:
                    cf:72:70:81:51:66:63:8c:74:14:9e:67:9b:cc:dd:
                    29:5b:20:c0:91:96:76:14:f4:8c:e4:2a:1e:4c:47:
                    ef:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:21:A6:70:DC:52:B1:F0:1C:E8:44:89:49:6C:8F:B7:39:A8:F3:85
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/YyGmcNxSsfAc6ESJSWyPtzmo84U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.170.97.0/24
                  93.170.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:b5:90:3d:53:26:cc:83:e0:26:aa:d6:e8:80:81:21:0e:eb:
         b2:a3:41:29:60:89:f7:31:6a:b4:f4:6d:4c:e6:4b:b6:9a:a7:
         a7:ee:bb:45:42:5f:75:0c:1f:13:ea:a7:de:cf:34:f0:ef:fd:
         40:ac:f5:61:b8:a1:e3:12:e2:78:45:d5:5b:c3:91:67:f5:9f:
         ef:3f:35:c8:2e:f8:b5:42:fa:1b:67:8c:41:6b:af:22:07:d5:
         cd:2e:b8:dc:60:c8:2e:5a:6f:28:bf:92:2f:9a:64:da:0a:da:
         73:f6:02:28:32:20:c3:c8:d9:db:fb:75:ce:a4:38:16:99:4b:
         f5:8c:8e:01:0a:91:6c:67:05:dd:cb:1f:23:b3:57:19:64:c2:
         ef:f1:3e:d6:ca:f5:de:14:01:51:b1:c7:0d:fc:7e:7b:77:f1:
         e0:73:14:0c:99:9c:c6:b1:d2:92:a6:c2:d3:cb:ee:9e:1c:87:
         10:6b:b5:86:41:5b:4c:7e:f0:95:4c:63:38:f6:29:1a:9e:b0:
         b7:cb:33:b7:fd:ce:3b:cc:5d:fe:41:ac:75:39:f1:96:3e:80:
         46:56:45:5c:20:11:b3:c3:7b:65:1e:be:70:db:92:07:0a:34:
         d8:9d:bc:3a:55:c0:e1:e4:29:0b:88:e0:14:87:9d:fe:ca:35:
         cc:0a:ba:3f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZoGj+CZ9fFSCbehHuyuVUkbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUxMDIxMTEzODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzIxYTY3MGRjNTJiMWYwMWNlODQ0ODk0OTZjOGZiNzM5YThmMzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzYAN/GOWOJ0OIJ112boyt2GIjNg
QAhs6FFOJulb0cHwSaBi34uvuoEhcbgDGcKh3yLwYPjK62n/YFIeo2Z46IezKMIl
ZoDXgN1MAdzTzk4RHi0cWyoXpC29zTNUWk+6PeybbpFgM8kUqze8bEQaLxF2jC91
UO/5CXGLCWdhrSUj7zjcSjSvlp4TSRrACUMm0UX+62ZWavrPz1HEXpsAgiL6/i6h
KoNVWYr2+6uXH/4tzTHVl5+ayioXoQVbrhUQhQ9uSdj0jN+LsRU5mlLEvQ9AW2RD
b6mVz/hJx7iw85/PcnCBUWZjjHQUnmebzN0pWyDAkZZ2FPSM5CoeTEfvxQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGMhpnDcUrHwHOhEiUlsj7c5qPOFMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvWXlHbWNOeFNzZkFjNkVTSlNXeVB0em1vODRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXaphAwQA
Xar9MA0GCSqGSIb3DQEBCwUAA4IBAQBWtZA9UybMg+AmqtbogIEhDuuyo0EpYIn3
MWq09G1M5ku2mqen7rtFQl91DB8T6qfezzTw7/1ArPVhuKHjEuJ4RdVbw5Fn9Z/v
PzXILvi1QvobZ4xBa68iB9XNLrjcYMguWm8ov5IvmmTaCtpz9gIoMiDDyNnb+3XO
pDgWmUv1jI4BCpFsZwXdyx8js1cZZMLv8T7WyvXeFAFRsccN/H57d/HgcxQMmZzG
sdKSpsLTy+6eHIcQa7WGQVtMfvCVTGM49ikanrC3yzO3/c47zF3+Qax1OfGWPoBG
VkVcIBGzw3tlHr5w25IHCjTYnbw6VcDh5CkLiOAUh53+yjXMCro/
-----END CERTIFICATE-----