Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/YkdX96sdW2kf34it7NRfO33Jl2E.roa
File:                     YkdX96sdW2kf34it7NRfO33Jl2E.roa (raw, json)
Hash identifier:          jJcqcO4GiwSZlda2AkVIwznopbiQ2Tcij+jw/m7MZjs=
Subject key identifier:   62:47:57:F7:AB:1D:5B:69:1F:DF:88:AD:EC:D4:5F:3B:7D:C9:97:61
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       01990E54B5FBD197947DB8E3E8C5E6B4C82D
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/YkdX96sdW2kf34it7NRfO33Jl2E.roa
Signing time:             Wed 03 Sep 2025 06:47:36 +0000
ROA not before:           Wed 03 Sep 2025 06:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        89.39.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0e:54:b5:fb:d1:97:94:7d:b8:e3:e8:c5:e6:b4:c8:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Sep  3 06:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=624757f7ab1d5b691fdf88adecd45f3b7dc99761
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:ec:62:ad:7d:75:29:fd:2d:f1:9e:e9:0a:b6:
                    d2:70:76:1f:ea:4e:24:3b:06:4f:11:9f:36:59:15:
                    39:d4:3c:0b:11:c5:e6:d4:3e:3c:c3:4e:95:68:41:
                    6a:f9:5a:32:ea:6b:22:23:5f:aa:0e:6a:ab:07:97:
                    75:dd:fd:d8:3d:d8:ea:b3:e5:3e:8a:46:76:81:c6:
                    9e:d3:c1:7c:04:53:be:41:38:3b:f3:2f:cf:2d:5f:
                    df:aa:44:1f:f4:16:86:87:20:42:d7:1f:ae:9c:52:
                    bc:5f:f6:86:23:4c:11:b8:01:ef:2f:6c:31:9b:13:
                    44:46:45:d2:ed:f2:07:17:7a:fe:71:21:23:ca:a1:
                    8d:d4:05:29:ed:a7:1d:5e:77:69:d6:99:57:7b:5f:
                    97:22:2d:5b:53:2e:82:e4:25:f1:52:61:de:88:b1:
                    d7:b4:e5:51:ad:1e:51:df:f3:2e:c2:95:1b:75:a3:
                    5c:d3:f4:19:8f:e9:65:f5:0f:b8:8a:f6:e3:4e:53:
                    77:30:68:7a:e0:f3:3b:15:eb:03:7e:c7:8f:f1:8a:
                    5b:ca:97:f7:84:5e:9a:77:2f:ba:bc:c7:41:a7:66:
                    90:dd:5b:05:a7:87:72:fa:54:d7:bf:5e:ba:b5:15:
                    95:ac:c6:00:19:45:86:22:fe:c7:5e:74:da:4d:05:
                    d1:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:47:57:F7:AB:1D:5B:69:1F:DF:88:AD:EC:D4:5F:3B:7D:C9:97:61
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/YkdX96sdW2kf34it7NRfO33Jl2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.39.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:3c:53:a6:ad:ad:cc:ce:20:b3:4c:ff:d2:2d:c8:72:91:a3:
         38:dd:99:d2:e5:2f:f6:ea:8c:1e:d4:ac:f5:1d:cd:49:95:f8:
         b2:91:00:0c:dc:e1:54:78:be:1a:e7:0f:a1:90:6f:bb:7b:37:
         73:d3:db:e8:e6:bf:e8:1c:c3:58:90:45:05:e9:e4:df:a9:28:
         f8:d0:c0:57:21:40:fc:9c:c1:b0:86:31:d6:fc:f8:72:71:3f:
         87:e7:d7:e0:61:76:76:20:4a:5f:1e:73:79:cf:63:f1:b4:38:
         7b:d4:e1:24:23:67:94:e6:2a:f0:64:14:d0:86:d2:e3:a2:8c:
         05:ac:3e:4d:f8:4a:3a:c0:59:af:ce:be:29:8d:17:03:5e:2b:
         1a:e5:0d:a4:d0:58:82:4c:e4:6a:1d:58:be:fb:f3:74:b7:c0:
         03:0a:15:93:af:cb:5b:1e:1d:9b:c5:cf:07:a3:0f:1c:bf:34:
         46:64:ce:cc:c7:2c:9d:ed:8e:df:54:29:d6:27:9d:7f:4e:12:
         91:3b:75:35:cd:9c:62:bf:4c:87:10:e7:49:1c:7a:8a:7b:0e:
         9d:30:19:08:15:a1:d0:51:eb:50:13:e4:63:72:dd:58:eb:63:
         83:95:77:33:25:db:39:c8:c3:fc:eb:f2:37:9a:18:d1:98:e6:
         59:b4:c5:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkOVLX70ZeUfbjj6MXmtMgtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwOTAzMDY0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjQ3NTdmN2FiMWQ1YjY5MWZkZjg4YWRlY2Q0NWYzYjdkYzk5NzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+xirX11Kf0t8Z7pCrbScHYf6k4k
OwZPEZ82WRU51DwLEcXm1D48w06VaEFq+Voy6msiI1+qDmqrB5d13f3YPdjqs+U+
ikZ2gcae08F8BFO+QTg78y/PLV/fqkQf9BaGhyBC1x+unFK8X/aGI0wRuAHvL2wx
mxNERkXS7fIHF3r+cSEjyqGN1AUp7acdXndp1plXe1+XIi1bUy6C5CXxUmHeiLHX
tOVRrR5R3/MuwpUbdaNc0/QZj+ll9Q+4ivbjTlN3MGh64PM7FesDfseP8Ypbypf3
hF6ady+6vMdBp2aQ3VsFp4dy+lTXv166tRWVrMYAGUWGIv7HXnTaTQXRtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGJHV/erHVtpH9+IrezUXzt9yZdhMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvWWtkWDk2c2RXMmtmMzRpdDdOUmZPMzNKbDJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSd4MA0G
CSqGSIb3DQEBCwUAA4IBAQBYPFOmra3MziCzTP/SLchykaM43ZnS5S/26owe1Kz1
Hc1JlfiykQAM3OFUeL4a5w+hkG+7ezdz09vo5r/oHMNYkEUF6eTfqSj40MBXIUD8
nMGwhjHW/PhycT+H59fgYXZ2IEpfHnN5z2PxtDh71OEkI2eU5irwZBTQhtLjoowF
rD5N+Eo6wFmvzr4pjRcDXisa5Q2k0FiCTORqHVi++/N0t8ADChWTr8tbHh2bxc8H
ow8cvzRGZM7Mxyyd7Y7fVCnWJ51/ThKRO3U1zZxiv0yHEOdJHHqKew6dMBkIFaHQ
UetQE+Rjct1Y62ODlXczJds5yMP86/I3mhjRmOZZtMUJ
-----END CERTIFICATE-----