Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/6cb145-fe6a-45b7-885f-61d1f7fb1044/1/YFRHntH9AB6J_9p-ec1L6rWDsyc.roa
File:                     YFRHntH9AB6J_9p-ec1L6rWDsyc.roa (raw, json)
Hash identifier:          QWDe2AgrTQml0pWJuJyjoi3nAbxgZlcrSf5Yvm3lXe0=
Subject key identifier:   60:54:47:9E:D1:FD:00:1E:89:FF:DA:7E:79:CD:4B:EA:B5:83:B3:27
Certificate issuer:       /CN=019969ac75abcd5968f189e0d45dbbdab2982bda
Certificate serial:       0199BEF6A0F7BA334736664DDE49467D3F68
Authority key identifier: 01:99:69:AC:75:AB:CD:59:68:F1:89:E0:D4:5D:BB:DA:B2:98:2B:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AZlprHWrzVlo8Yng1F272rKYK9o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/6cb145-fe6a-45b7-885f-61d1f7fb1044/1/YFRHntH9AB6J_9p-ec1L6rWDsyc.roa
Signing time:             Tue 07 Oct 2025 13:57:37 +0000
ROA not before:           Tue 07 Oct 2025 13:57:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2001:b88:8000::/33 maxlen: 33
                          2001:b89::/32 maxlen: 32
                          2001:b8a::/31 maxlen: 31
                          2001:b8c::/30 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/6cb145-fe6a-45b7-885f-61d1f7fb1044/1/AZlprHWrzVlo8Yng1F272rKYK9o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/6cb145-fe6a-45b7-885f-61d1f7fb1044/1/AZlprHWrzVlo8Yng1F272rKYK9o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AZlprHWrzVlo8Yng1F272rKYK9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 07:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:be:f6:a0:f7:ba:33:47:36:66:4d:de:49:46:7d:3f:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=019969ac75abcd5968f189e0d45dbbdab2982bda
        Validity
            Not Before: Oct  7 13:57:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6054479ed1fd001e89ffda7e79cd4beab583b327
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ef:3a:5b:3c:c2:b5:d3:3a:f6:77:a4:8e:25:
                    50:d5:fa:30:ae:65:97:fe:e4:39:36:2e:f0:3d:1b:
                    e6:32:b2:c0:a0:f6:1d:d1:00:23:70:65:92:53:ec:
                    ff:4b:1c:e0:ab:b2:6b:24:56:f1:ee:70:15:f0:22:
                    5d:be:02:2e:48:c1:4f:77:8f:99:6c:2c:c7:a9:d1:
                    1a:e6:9f:08:be:0e:18:aa:96:1e:d4:4b:4f:db:77:
                    23:cf:17:a8:23:1d:c9:5a:4d:bd:a7:84:a1:62:59:
                    0d:a2:65:07:8d:3f:be:9a:44:62:25:b9:6b:0f:a5:
                    f3:34:aa:62:17:2d:fb:85:f0:72:9e:fd:95:cd:7b:
                    e6:7e:22:2e:a8:65:91:3f:bd:15:04:b5:02:37:97:
                    cb:af:d1:9e:c3:9c:d2:4f:be:d5:e9:f5:7d:7e:67:
                    af:e4:91:7f:3a:d9:25:ae:a4:b2:a0:62:19:6a:d5:
                    7e:a8:8f:18:b4:e3:6c:2e:e9:28:22:15:05:5c:47:
                    4c:64:21:6f:fc:12:f4:42:99:f1:ff:8c:93:8d:91:
                    4a:20:9a:8e:f9:1b:c8:a5:aa:f0:11:9e:92:77:84:
                    32:34:f3:c0:ec:34:94:b7:6d:87:fb:49:95:1b:f2:
                    3d:14:96:f7:e2:61:21:6c:1d:22:40:99:32:0e:83:
                    39:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:54:47:9E:D1:FD:00:1E:89:FF:DA:7E:79:CD:4B:EA:B5:83:B3:27
            X509v3 Authority Key Identifier:
                keyid:01:99:69:AC:75:AB:CD:59:68:F1:89:E0:D4:5D:BB:DA:B2:98:2B:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AZlprHWrzVlo8Yng1F272rKYK9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/6cb145-fe6a-45b7-885f-61d1f7fb1044/1/YFRHntH9AB6J_9p-ec1L6rWDsyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/6cb145-fe6a-45b7-885f-61d1f7fb1044/1/AZlprHWrzVlo8Yng1F272rKYK9o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:b88:8000::-2001:b8f:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         53:c1:d9:73:e7:4f:70:6f:42:04:f2:30:47:d4:7f:59:19:d3:
         c1:89:0c:38:62:1d:fa:90:6a:f3:ab:27:50:6a:35:16:b0:4d:
         12:14:c0:6d:81:5d:20:a7:a5:2f:78:34:22:49:80:dc:75:c9:
         95:f0:31:88:06:75:b4:12:46:44:08:63:d1:e7:73:3c:fe:99:
         39:63:b1:39:56:d6:df:a4:13:33:98:5b:de:19:64:c6:2b:09:
         21:a6:f7:1f:92:dc:60:2e:d9:fa:40:b3:b9:4a:e9:10:c8:92:
         9a:18:00:0d:54:f6:fd:ef:f0:f1:63:b1:52:2d:e2:60:d3:c7:
         78:5c:18:66:7a:6f:83:77:a7:a0:8b:89:c8:88:2f:19:85:60:
         22:f2:30:23:1e:19:45:62:6e:22:61:ae:df:77:13:01:c5:d2:
         85:06:7b:1e:ca:40:66:e5:ca:74:2a:14:c8:20:f0:f4:2b:7b:
         2f:59:34:d9:75:df:b4:03:23:b5:3d:1a:d8:a1:33:41:c1:c3:
         ed:4f:10:c7:6e:f4:e7:51:72:8c:5a:73:7f:70:f4:24:66:a5:
         43:8c:c0:5e:4c:af:02:c3:b2:f6:66:57:e9:8f:0d:6c:6b:e4:
         b0:a8:37:61:7b:fd:05:d5:d6:81:64:98:7d:33:5b:ea:9e:4b:
         b9:c6:a6:e4
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZm+9qD3ujNHNmZN3klGfT9oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxOTk2OWFjNzVhYmNkNTk2OGYxODllMGQ0NWRiYmRhYjI5
ODJiZGEwHhcNMjUxMDA3MTM1NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDU0NDc5ZWQxZmQwMDFlODlmZmRhN2U3OWNkNGJlYWI1ODNiMzI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+86WzzCtdM69nekjiVQ1fowrmWX
/uQ5Ni7wPRvmMrLAoPYd0QAjcGWSU+z/Sxzgq7JrJFbx7nAV8CJdvgIuSMFPd4+Z
bCzHqdEa5p8Ivg4YqpYe1EtP23cjzxeoIx3JWk29p4ShYlkNomUHjT++mkRiJblr
D6XzNKpiFy37hfBynv2VzXvmfiIuqGWRP70VBLUCN5fLr9Gew5zST77V6fV9fmev
5JF/OtklrqSyoGIZatV+qI8YtONsLukoIhUFXEdMZCFv/BL0Qpnx/4yTjZFKIJqO
+RvIparwEZ6Sd4QyNPPA7DSUt22H+0mVG/I9FJb34mEhbB0iQJkyDoM5EQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFGBUR57R/QAeif/afnnNS+q1g7MnMB8GA1UdIwQY
MBaAFAGZaax1q81ZaPGJ4NRdu9qymCvaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVpscHJIV3J6VmxvOFluZzFGMjcycktZSzlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi82Y2IxNDUtZmU2YS00NWI3LTg4NWYt
NjFkMWY3ZmIxMDQ0LzEvWUZSSG50SDlBQjZKXzlwLWVjMUw2cldEc3ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi82Y2IxNDUtZmU2YS00NWI3LTg4NWYtNjFkMWY3ZmIxMDQ0
LzEvQVpscHJIV3J6VmxvOFluZzFGMjcycktZSzlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARMA8DBgcgAQuI
gAMFBCABC4AwDQYJKoZIhvcNAQELBQADggEBAFPB2XPnT3BvQgTyMEfUf1kZ08GJ
DDhiHfqQavOrJ1BqNRawTRIUwG2BXSCnpS94NCJJgNx1yZXwMYgGdbQSRkQIY9Hn
czz+mTljsTlW1t+kEzOYW94ZZMYrCSGm9x+S3GAu2fpAs7lK6RDIkpoYAA1U9v3v
8PFjsVIt4mDTx3hcGGZ6b4N3p6CLiciILxmFYCLyMCMeGUVibiJhrt93EwHF0oUG
ex7KQGblynQqFMgg8PQrey9ZNNl137QDI7U9GtihM0HBw+1PEMdu9OdRcoxac39w
9CRmpUOMwF5MrwLDsvZmV+mPDWxr5LCoN2F7/QXV1oFkmH0zW+qeS7nGpuQ=
-----END CERTIFICATE-----