Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/bce915-0783-4a54-8c45-52cba97d9b9e/1/Yl5dVHvt8TLEuXDW_2N88snHkxY.roa
File:                     Yl5dVHvt8TLEuXDW_2N88snHkxY.roa (raw, json)
Hash identifier:          RVpoQeieFNCy2NDCVSw5A9nvcWMxgvqJyoDHS7AWVvg=
Subject key identifier:   62:5E:5D:54:7B:ED:F1:32:C4:B9:70:D6:FF:63:7C:F2:C9:C7:93:16
Certificate issuer:       /CN=d91786a069e4934b2681bb8e9b3738079b24ef65
Certificate serial:       019928537CF69EC8A96F2D022B450E880BE4
Authority key identifier: D9:17:86:A0:69:E4:93:4B:26:81:BB:8E:9B:37:38:07:9B:24:EF:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2ReGoGnkk0smgbuOmzc4B5sk72U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/bce915-0783-4a54-8c45-52cba97d9b9e/1/Yl5dVHvt8TLEuXDW_2N88snHkxY.roa
Signing time:             Mon 08 Sep 2025 07:56:23 +0000
ROA not before:           Mon 08 Sep 2025 07:56:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        212.108.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/bce915-0783-4a54-8c45-52cba97d9b9e/1/2ReGoGnkk0smgbuOmzc4B5sk72U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/bce915-0783-4a54-8c45-52cba97d9b9e/1/2ReGoGnkk0smgbuOmzc4B5sk72U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2ReGoGnkk0smgbuOmzc4B5sk72U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 07:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:28:53:7c:f6:9e:c8:a9:6f:2d:02:2b:45:0e:88:0b:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d91786a069e4934b2681bb8e9b3738079b24ef65
        Validity
            Not Before: Sep  8 07:56:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=625e5d547bedf132c4b970d6ff637cf2c9c79316
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:c9:03:c3:ee:7b:9a:59:1e:14:9a:bc:a1:36:
                    36:96:e7:39:63:70:bc:e5:06:a3:5e:0d:be:1b:85:
                    54:f3:d2:c8:02:30:aa:61:b1:d2:06:7c:aa:ee:a2:
                    e1:ed:79:78:e2:5d:28:9e:95:f6:12:b1:8b:55:f0:
                    30:6c:86:b1:d7:5f:66:94:72:de:f5:26:30:a2:c5:
                    16:75:03:99:d1:d5:60:23:f0:0d:56:27:8a:12:9e:
                    13:ce:7f:57:11:e9:8d:5d:a1:a9:0e:9e:cc:ef:15:
                    f9:82:99:2f:71:af:92:43:c5:cc:9a:dd:9c:ba:a6:
                    5b:e8:6c:7c:82:0e:b9:c6:ec:4f:e6:2f:c4:79:75:
                    7d:44:cc:ec:cb:ed:50:ea:01:f4:c0:99:84:bd:f9:
                    c4:19:b9:bb:02:37:8e:7b:63:b5:75:0b:1f:d5:9b:
                    8f:a5:b4:89:f9:82:4e:5f:6e:ff:01:5b:73:7e:32:
                    0d:80:f5:bb:63:25:67:76:c5:94:e2:ee:ef:c7:ef:
                    99:e6:3f:5b:47:05:08:6f:bb:c3:05:46:be:67:e9:
                    ec:6c:45:12:b7:71:39:06:e7:20:31:a5:51:bb:7d:
                    17:55:3a:a8:29:7c:e3:68:c0:c0:68:4d:85:ed:c6:
                    7e:ff:a4:85:fa:3a:cf:23:b1:83:2f:7c:56:41:f5:
                    c3:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:5E:5D:54:7B:ED:F1:32:C4:B9:70:D6:FF:63:7C:F2:C9:C7:93:16
            X509v3 Authority Key Identifier:
                keyid:D9:17:86:A0:69:E4:93:4B:26:81:BB:8E:9B:37:38:07:9B:24:EF:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2ReGoGnkk0smgbuOmzc4B5sk72U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/bce915-0783-4a54-8c45-52cba97d9b9e/1/Yl5dVHvt8TLEuXDW_2N88snHkxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/bce915-0783-4a54-8c45-52cba97d9b9e/1/2ReGoGnkk0smgbuOmzc4B5sk72U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.108.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:dd:0e:e8:cb:b2:ff:61:2e:45:8f:0b:39:56:f8:83:3b:b1:
         0a:1b:0d:86:c8:b2:2b:4f:b1:9b:d8:f9:c8:81:68:89:92:79:
         5c:22:1c:ff:7f:66:67:32:af:fa:b2:18:b3:98:82:2c:63:51:
         e4:86:ec:dd:5f:f8:7d:c3:cc:17:e0:8c:28:8d:05:20:54:7d:
         4e:34:92:00:45:d0:c4:dd:1f:2a:57:f5:60:ff:bc:5b:0e:f4:
         27:01:82:25:5d:57:70:d6:8e:e7:c0:fa:76:fc:c7:59:79:2d:
         52:1e:3c:8d:83:5e:aa:7e:85:75:b0:03:21:9f:c9:f9:ca:3e:
         e4:75:79:02:0a:2c:79:22:fe:86:15:09:e8:f7:63:20:1c:62:
         82:43:5d:54:93:69:bf:cd:14:29:b5:e6:65:e9:f4:f5:64:f6:
         4a:c7:13:90:38:01:29:08:d8:39:e8:be:b1:56:27:72:c4:87:
         aa:e9:22:67:64:22:71:15:1e:e8:27:2f:2c:25:8c:d4:33:4b:
         d5:16:c1:59:6d:9f:f7:3a:d2:ff:eb:db:1f:35:0a:44:30:93:
         0d:ff:9f:af:a8:fd:99:41:9e:28:69:c0:1c:4d:ed:52:a5:5c:
         f8:15:55:b0:e3:76:c0:29:d3:78:f9:f2:37:4a:0d:53:9f:5e:
         e2:31:d8:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkoU3z2nsipby0CK0UOiAvkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5MTc4NmEwNjllNDkzNGIyNjgxYmI4ZTliMzczODA3OWIy
NGVmNjUwHhcNMjUwOTA4MDc1NjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjVlNWQ1NDdiZWRmMTMyYzRiOTcwZDZmZjYzN2NmMmM5Yzc5MzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0MkDw+57mlkeFJq8oTY2luc5Y3C8
5QajXg2+G4VU89LIAjCqYbHSBnyq7qLh7Xl44l0onpX2ErGLVfAwbIax119mlHLe
9SYwosUWdQOZ0dVgI/ANVieKEp4Tzn9XEemNXaGpDp7M7xX5gpkvca+SQ8XMmt2c
uqZb6Gx8gg65xuxP5i/EeXV9RMzsy+1Q6gH0wJmEvfnEGbm7AjeOe2O1dQsf1ZuP
pbSJ+YJOX27/AVtzfjINgPW7YyVndsWU4u7vx++Z5j9bRwUIb7vDBUa+Z+nsbEUS
t3E5BucgMaVRu30XVTqoKXzjaMDAaE2F7cZ+/6SF+jrPI7GDL3xWQfXD9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGJeXVR77fEyxLlw1v9jfPLJx5MWMB8GA1UdIwQY
MBaAFNkXhqBp5JNLJoG7jps3OAebJO9lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlJlR29HbmtrMHNtZ2J1T216YzRCNXNrNzJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9iY2U5MTUtMDc4My00YTU0LThjNDUt
NTJjYmE5N2Q5YjllLzEvWWw1ZFZIdnQ4VExFdVhEV18yTjg4c25Ia3hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9iY2U5MTUtMDc4My00YTU0LThjNDUtNTJjYmE5N2Q5Yjll
LzEvMlJlR29HbmtrMHNtZ2J1T216YzRCNXNrNzJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GxhMA0G
CSqGSIb3DQEBCwUAA4IBAQB03Q7oy7L/YS5Fjws5VviDO7EKGw2GyLIrT7Gb2PnI
gWiJknlcIhz/f2ZnMq/6shizmIIsY1HkhuzdX/h9w8wX4IwojQUgVH1ONJIARdDE
3R8qV/Vg/7xbDvQnAYIlXVdw1o7nwPp2/MdZeS1SHjyNg16qfoV1sAMhn8n5yj7k
dXkCCix5Iv6GFQno92MgHGKCQ11Uk2m/zRQpteZl6fT1ZPZKxxOQOAEpCNg56L6x
VidyxIeq6SJnZCJxFR7oJy8sJYzUM0vVFsFZbZ/3OtL/69sfNQpEMJMN/5+vqP2Z
QZ4oacAcTe1SpVz4FVWw43bAKdN4+fI3Sg1Tn17iMdhC
-----END CERTIFICATE-----