Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/Y9mO9MZ0fPVTX27-DWY9Am_Zcdk.roa
File:                     Y9mO9MZ0fPVTX27-DWY9Am_Zcdk.roa (raw, json)
Hash identifier:          zUlf5je0QGwHf8Xgl4z7VcTV5+svpQrR/o96gVaDZyQ=
Subject key identifier:   63:D9:8E:F4:C6:74:7C:F5:53:5F:6E:FE:0D:66:3D:02:6F:D9:71:D9
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       019A295F9D028FA13FC3FB325D531DD8E737
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/Y9mO9MZ0fPVTX27-DWY9Am_Zcdk.roa
Signing time:             Tue 28 Oct 2025 05:52:03 +0000
ROA not before:           Tue 28 Oct 2025 05:52:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        185.24.150.0/24 maxlen: 24
                          212.16.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 Oct 2025 08:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:29:5f:9d:02:8f:a1:3f:c3:fb:32:5d:53:1d:d8:e7:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Oct 28 05:52:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63d98ef4c6747cf5535f6efe0d663d026fd971d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:75:12:e8:7d:ff:cd:a8:8a:72:87:72:e0:06:
                    b5:47:c3:75:f5:5d:e6:49:37:eb:db:16:73:3f:9a:
                    7b:59:fb:ec:7c:93:54:52:28:fb:47:77:c0:e1:df:
                    c0:ed:ec:bb:1f:55:d0:a6:01:28:88:33:0c:4e:3a:
                    4d:d6:09:0c:eb:db:8b:16:ba:ae:10:bb:96:ad:3b:
                    b3:b7:d3:cd:4a:c9:9c:cb:73:2c:85:fe:50:2f:41:
                    fd:f4:6b:9d:72:ab:1a:d9:60:5e:1a:1b:79:98:dc:
                    bb:db:f3:5d:51:87:b4:ee:48:17:8c:a3:06:c0:af:
                    cc:84:0f:55:dc:43:a4:5c:05:2e:95:e9:7d:3b:4d:
                    37:fe:20:53:3e:d0:4c:07:52:e0:4e:d3:dd:ec:18:
                    5f:0d:ad:13:05:5e:8c:2b:8a:7b:70:54:5b:d6:e3:
                    80:46:cd:f1:fa:a8:0c:18:dc:25:ae:62:5f:3c:e5:
                    40:d7:6c:29:e2:c6:ba:6f:dc:77:2e:66:32:34:f8:
                    26:44:8a:1b:97:03:db:5f:93:6f:5f:59:a1:66:b3:
                    12:39:5c:2d:96:89:f9:15:41:8e:58:6b:1a:73:be:
                    93:b4:c4:c3:04:ad:18:d1:8d:c9:99:86:2c:fa:02:
                    62:c8:ed:47:04:5b:90:d4:af:93:62:67:f3:db:ad:
                    b6:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:D9:8E:F4:C6:74:7C:F5:53:5F:6E:FE:0D:66:3D:02:6F:D9:71:D9
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/Y9mO9MZ0fPVTX27-DWY9Am_Zcdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.24.150.0/24
                  212.16.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:6b:75:19:0f:38:3e:fd:b1:fe:fc:52:27:1a:23:d9:1a:77:
         a4:de:19:03:4d:d7:19:e6:2c:da:2b:e0:17:44:60:21:b7:4b:
         01:33:bc:18:07:6d:6e:5e:5c:17:67:a0:88:4e:f3:75:41:57:
         02:f3:66:40:26:69:dc:e5:d9:7c:45:c1:40:a9:38:ac:0c:3f:
         63:67:d9:84:ac:9a:c3:32:fb:5b:20:2a:25:b9:5f:c3:8d:01:
         97:1c:a3:d9:36:85:11:55:69:ae:94:d8:72:78:37:93:a3:20:
         e3:bd:c0:87:fb:36:97:bd:81:f2:76:20:8a:a4:c9:01:62:26:
         ee:1d:6f:a3:4c:52:63:b3:9f:1a:f8:de:81:e1:78:58:58:58:
         3c:0f:41:69:32:c1:7d:d2:b1:9a:23:6c:68:10:e6:0a:d2:13:
         cf:47:36:52:e1:82:86:2b:2b:8d:e7:f1:06:31:13:88:02:96:
         d0:a9:80:3e:1a:13:cc:4e:07:39:16:8d:0a:97:0e:64:19:8e:
         7a:d1:d5:d3:50:11:84:32:31:c7:36:d3:28:2e:bd:b8:ba:2a:
         b4:d3:f4:55:40:87:d2:29:05:72:94:29:9b:d2:e8:23:48:26:
         d8:82:c0:1a:79:d1:4b:18:d1:4f:41:e4:9f:4e:9e:2c:cd:ef:
         a7:04:99:d8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZopX50Cj6E/w/syXVMd2Oc3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUxMDI4MDU1MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2Q5OGVmNGM2NzQ3Y2Y1NTM1ZjZlZmUwZDY2M2QwMjZmZDk3MWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnUS6H3/zaiKcody4Aa1R8N19V3m
STfr2xZzP5p7WfvsfJNUUij7R3fA4d/A7ey7H1XQpgEoiDMMTjpN1gkM69uLFrqu
ELuWrTuzt9PNSsmcy3Mshf5QL0H99Gudcqsa2WBeGht5mNy72/NdUYe07kgXjKMG
wK/MhA9V3EOkXAUulel9O003/iBTPtBMB1LgTtPd7BhfDa0TBV6MK4p7cFRb1uOA
Rs3x+qgMGNwlrmJfPOVA12wp4sa6b9x3LmYyNPgmRIoblwPbX5NvX1mhZrMSOVwt
lon5FUGOWGsac76TtMTDBK0Y0Y3JmYYs+gJiyO1HBFuQ1K+TYmfz2622nwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGPZjvTGdHz1U19u/g1mPQJv2XHZMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvWTltTzlNWjBmUFZUWDI3LURXWTlBbV9aY2RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuRiWAwQA
1BBOMA0GCSqGSIb3DQEBCwUAA4IBAQCTa3UZDzg+/bH+/FInGiPZGnek3hkDTdcZ
5izaK+AXRGAht0sBM7wYB21uXlwXZ6CITvN1QVcC82ZAJmnc5dl8RcFAqTisDD9j
Z9mErJrDMvtbIColuV/DjQGXHKPZNoURVWmulNhyeDeToyDjvcCH+zaXvYHydiCK
pMkBYibuHW+jTFJjs58a+N6B4XhYWFg8D0FpMsF90rGaI2xoEOYK0hPPRzZS4YKG
KyuN5/EGMROIApbQqYA+GhPMTgc5Fo0Klw5kGY560dXTUBGEMjHHNtMoLr24uiq0
0/RVQIfSKQVylCmb0ugjSCbYgsAaedFLGNFPQeSfTp4sze+nBJnY
-----END CERTIFICATE-----