Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/yCKX0fbS_7jtlMuk4WWLpLIX-rQ.roa
File:                     yCKX0fbS_7jtlMuk4WWLpLIX-rQ.roa (raw, json)
Hash identifier:          2s+3hqGJCCdt80WUMCDYsHyYs+5JJ79MfYW2dbPfN18=
Subject key identifier:   C8:22:97:D1:F6:D2:FF:B8:ED:94:CB:A4:E1:65:8B:A4:B2:17:FA:B4
Certificate issuer:       /CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Certificate serial:       01992DE0B2E88CBCE7DA04281D18F02EFCA3
Authority key identifier: CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/yCKX0fbS_7jtlMuk4WWLpLIX-rQ.roa
Signing time:             Tue 09 Sep 2025 09:48:44 +0000
ROA not before:           Tue 09 Sep 2025 09:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209165
IP address blocks:        216.163.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 11:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2d:e0:b2:e8:8c:bc:e7:da:04:28:1d:18:f0:2e:fc:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
        Validity
            Not Before: Sep  9 09:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c82297d1f6d2ffb8ed94cba4e1658ba4b217fab4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:4d:c8:ca:2b:43:99:47:74:bf:3b:8b:ba:b0:
                    0f:7f:99:5e:18:fd:79:de:d1:d3:06:81:b3:2a:56:
                    a4:13:c8:c9:82:03:7c:e4:84:a9:4e:f0:f3:36:de:
                    e5:f2:b5:7d:c7:73:48:2e:4a:4e:cd:28:1f:05:74:
                    c1:78:40:71:1f:06:a6:0c:bf:d9:60:5f:aa:f4:c0:
                    97:96:d8:6a:bf:1d:5d:4f:5f:00:7a:0b:0f:12:66:
                    6f:c0:e7:42:43:dc:f2:d9:89:8d:f6:cf:50:9d:d5:
                    44:72:a2:63:4a:a5:27:5e:94:6d:1f:5d:6b:07:50:
                    07:21:4b:df:ff:20:aa:6a:9f:9d:61:54:6f:7e:54:
                    b1:b4:48:6f:75:17:81:ca:34:bb:c6:e5:43:b3:a7:
                    b6:c7:22:50:85:5d:04:d9:ab:59:ed:c3:8c:e9:69:
                    ec:97:67:d7:96:43:bf:c7:af:45:1d:78:08:d5:dd:
                    83:56:56:78:e1:a1:66:2e:de:cc:0f:c1:f3:22:bb:
                    8d:7b:d0:59:a5:c7:7a:9c:c1:82:be:ef:e7:7f:02:
                    05:99:7e:52:2a:5a:73:96:64:cc:75:b7:7c:83:4e:
                    c1:1f:ef:59:ee:92:aa:b9:6f:30:f2:0c:fb:f0:7b:
                    ae:3b:99:42:58:7c:ff:f4:bc:fa:ce:20:f5:2e:46:
                    f1:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:22:97:D1:F6:D2:FF:B8:ED:94:CB:A4:E1:65:8B:A4:B2:17:FA:B4
            X509v3 Authority Key Identifier:
                keyid:CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/yCKX0fbS_7jtlMuk4WWLpLIX-rQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.163.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:8e:55:0c:58:ab:d7:2b:13:ae:bb:95:60:c8:59:7c:64:1d:
         12:87:4b:6f:81:2a:8c:78:6c:d3:5b:0d:b8:40:21:ae:43:b0:
         d1:eb:17:6a:3b:32:e6:6d:ab:12:fe:0b:0d:eb:c4:2e:c6:37:
         92:ac:af:4c:c6:2f:ab:5d:50:21:fc:9a:9f:e3:d4:08:6a:c8:
         a1:a3:83:30:f7:ae:db:c3:cc:a4:c0:c3:03:d1:fb:f1:74:e1:
         0b:4e:d8:e0:0b:fe:dd:fb:ee:5e:9b:0c:b0:47:a2:1a:8b:4b:
         46:4b:da:2b:8d:72:df:3f:03:c4:a4:cc:c4:c0:1c:4f:8e:fb:
         d4:3c:8b:cb:9c:2b:c8:17:a9:f5:c4:bb:90:41:38:8c:75:48:
         68:9a:b2:3f:8c:3a:11:f0:ea:76:5f:8a:f8:01:05:14:fc:10:
         ba:e6:38:a5:88:5c:a7:87:23:f1:cc:fe:3a:3e:20:24:a5:96:
         49:11:f6:18:43:43:fd:1c:82:d0:38:60:55:44:43:73:26:df:
         b7:f6:b3:53:e8:cc:19:7f:e0:00:5e:35:d8:3b:83:f0:79:dd:
         30:57:89:f4:84:3d:cd:6b:f0:27:05:47:03:8c:53:2c:0c:98:
         56:ef:58:2c:b2:cb:67:17:ac:39:c2:3d:81:07:c3:99:0f:d1:
         02:51:25:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkt4LLojLzn2gQoHRjwLvyjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjQ0MWQ5ZDgwN2UwZDc4Y2U3NTIxM2ExMDM0MDBlZTE0
YTdjZGMwHhcNMjUwOTA5MDk0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODIyOTdkMWY2ZDJmZmI4ZWQ5NGNiYTRlMTY1OGJhNGIyMTdmYWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr03IyitDmUd0vzuLurAPf5leGP15
3tHTBoGzKlakE8jJggN85ISpTvDzNt7l8rV9x3NILkpOzSgfBXTBeEBxHwamDL/Z
YF+q9MCXlthqvx1dT18AegsPEmZvwOdCQ9zy2YmN9s9QndVEcqJjSqUnXpRtH11r
B1AHIUvf/yCqap+dYVRvflSxtEhvdReByjS7xuVDs6e2xyJQhV0E2atZ7cOM6Wns
l2fXlkO/x69FHXgI1d2DVlZ44aFmLt7MD8HzIruNe9BZpcd6nMGCvu/nfwIFmX5S
KlpzlmTMdbd8g07BH+9Z7pKquW8w8gz78HuuO5lCWHz/9Lz6ziD1LkbxxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMgil9H20v+47ZTLpOFli6SyF/q0MB8GA1UdIwQY
MBaAFMpkQdnYB+DXjOdSE6EDQA7hSnzcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYt
MmUyOGI5NjQ5OGE5LzEveUNLWDBmYlNfN2p0bE11azRXV0xwTElYLXJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYtMmUyOGI5NjQ5OGE5
LzEveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2KOwMA0G
CSqGSIb3DQEBCwUAA4IBAQCVjlUMWKvXKxOuu5VgyFl8ZB0Sh0tvgSqMeGzTWw24
QCGuQ7DR6xdqOzLmbasS/gsN68QuxjeSrK9Mxi+rXVAh/Jqf49QIasiho4Mw967b
w8ykwMMD0fvxdOELTtjgC/7d++5emwywR6Iai0tGS9orjXLfPwPEpMzEwBxPjvvU
PIvLnCvIF6n1xLuQQTiMdUhomrI/jDoR8Op2X4r4AQUU/BC65jiliFynhyPxzP46
PiAkpZZJEfYYQ0P9HILQOGBVRENzJt+39rNT6MwZf+AAXjXYO4Pwed0wV4n0hD3N
a/AnBUcDjFMsDJhW71gssstnF6w5wj2BB8OZD9ECUSUQ
-----END CERTIFICATE-----