Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/2e8537-36be-498f-8155-cc03bd315ff9/1/YNsdsH-n-AmHwzwHk8uEB1xLpbc.roa
File:                     YNsdsH-n-AmHwzwHk8uEB1xLpbc.roa (raw, json)
Hash identifier:          Z2put0LP3pL4K0BauVWtqhB4C8iT6AgFRsfUMqrtzI8=
Subject key identifier:   60:DB:1D:B0:7F:A7:F8:09:87:C3:3C:07:93:CB:84:07:5C:4B:A5:B7
Certificate issuer:       /CN=1690970ddbb7619cc82186ddb536eb4e8985d2de
Certificate serial:       01997A624134601813B6A3D038B6639EF658
Authority key identifier: 16:90:97:0D:DB:B7:61:9C:C8:21:86:DD:B5:36:EB:4E:89:85:D2:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FpCXDdu3YZzIIYbdtTbrTomF0t4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/2e8537-36be-498f-8155-cc03bd315ff9/1/YNsdsH-n-AmHwzwHk8uEB1xLpbc.roa
Signing time:             Wed 24 Sep 2025 06:21:23 +0000
ROA not before:           Wed 24 Sep 2025 06:21:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        185.29.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/2e8537-36be-498f-8155-cc03bd315ff9/1/FpCXDdu3YZzIIYbdtTbrTomF0t4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/2e8537-36be-498f-8155-cc03bd315ff9/1/FpCXDdu3YZzIIYbdtTbrTomF0t4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FpCXDdu3YZzIIYbdtTbrTomF0t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 09:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7a:62:41:34:60:18:13:b6:a3:d0:38:b6:63:9e:f6:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1690970ddbb7619cc82186ddb536eb4e8985d2de
        Validity
            Not Before: Sep 24 06:21:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=60db1db07fa7f80987c33c0793cb84075c4ba5b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:d9:05:ae:44:7c:1c:4d:25:a5:e9:dc:2e:ad:
                    aa:39:ae:c6:06:de:ac:20:8f:f9:6e:5b:f1:0c:73:
                    76:98:3e:96:58:af:fe:04:c8:70:f2:c0:2e:cd:84:
                    c4:b2:24:14:4b:82:63:31:7f:79:21:57:8b:45:a6:
                    00:14:d6:c3:1f:76:9d:41:d4:6c:87:f9:6f:fb:64:
                    0b:a5:21:2b:d6:99:2b:ef:8b:49:2b:ba:df:0a:f1:
                    0d:fd:f2:90:58:ca:9f:27:f4:10:c2:a4:df:f6:39:
                    7c:53:b6:ab:e1:db:bc:3a:35:c4:6a:42:98:ac:05:
                    c0:23:91:59:f1:ff:11:58:a9:db:de:6e:33:be:74:
                    74:5b:d2:cc:d2:35:76:a1:b8:cb:1f:cb:40:06:2d:
                    2d:02:9a:86:ce:86:e8:e0:dd:8a:18:e1:f8:80:ab:
                    66:71:9a:4b:5a:d7:3c:e4:c7:ab:1c:8e:9c:0a:de:
                    38:35:bc:c4:f9:88:36:81:b1:3d:56:28:27:66:52:
                    8f:c9:3a:5d:2c:57:73:e8:98:39:3a:c6:65:22:d4:
                    39:e5:0c:a8:92:af:33:08:6b:e6:07:89:59:3e:9f:
                    a6:d2:aa:70:91:19:81:bb:be:50:93:04:1e:0e:15:
                    6e:bf:18:7f:ea:66:3e:33:c1:29:76:a6:22:96:db:
                    5a:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:DB:1D:B0:7F:A7:F8:09:87:C3:3C:07:93:CB:84:07:5C:4B:A5:B7
            X509v3 Authority Key Identifier:
                keyid:16:90:97:0D:DB:B7:61:9C:C8:21:86:DD:B5:36:EB:4E:89:85:D2:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FpCXDdu3YZzIIYbdtTbrTomF0t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/2e8537-36be-498f-8155-cc03bd315ff9/1/YNsdsH-n-AmHwzwHk8uEB1xLpbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/2e8537-36be-498f-8155-cc03bd315ff9/1/FpCXDdu3YZzIIYbdtTbrTomF0t4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.29.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:54:b0:bc:4d:4c:c0:32:a8:33:61:87:38:7a:78:62:83:7c:
         35:86:23:8e:59:b8:82:94:96:da:19:e8:10:22:be:86:59:b1:
         bf:2b:de:40:45:d7:86:9a:96:51:21:bd:26:c1:09:94:d4:5a:
         33:e1:ea:97:02:c8:5f:1a:76:ec:88:8a:4c:0d:86:58:12:31:
         ca:ea:42:2c:1b:c8:dc:e0:1c:2d:6e:45:ed:af:5b:90:9a:e3:
         fc:06:17:6d:61:d3:c3:91:c2:02:34:3b:0c:7f:72:a0:2b:88:
         a6:2f:69:70:6e:a8:8a:e7:b2:5a:f8:e8:6c:9e:ea:60:52:80:
         69:a3:c8:ef:80:dd:7e:86:e3:ec:ca:33:87:fe:8f:d1:c2:50:
         9d:6d:e6:ff:a5:53:de:e8:c8:a9:82:26:8f:90:a6:4a:7b:c8:
         07:c5:99:20:1f:26:f3:01:d9:c8:f5:e5:93:ca:fc:e8:bb:91:
         7f:13:9e:3e:bf:6a:34:49:7a:f4:68:72:cf:55:a4:ec:dd:4d:
         2c:b2:f5:e9:5f:7d:4a:fc:53:bf:d2:74:23:c6:b9:73:10:a3:
         7a:38:35:80:84:09:bf:98:28:9c:82:97:43:f2:cd:29:a9:2e:
         67:e8:42:ff:53:6c:a1:0f:1a:14:aa:54:b5:a9:c7:af:ae:d8:
         b7:e7:c5:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl6YkE0YBgTtqPQOLZjnvZYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2OTA5NzBkZGJiNzYxOWNjODIxODZkZGI1MzZlYjRlODk4
NWQyZGUwHhcNMjUwOTI0MDYyMTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGRiMWRiMDdmYTdmODA5ODdjMzNjMDc5M2NiODQwNzVjNGJhNWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6dkFrkR8HE0lpencLq2qOa7GBt6s
II/5blvxDHN2mD6WWK/+BMhw8sAuzYTEsiQUS4JjMX95IVeLRaYAFNbDH3adQdRs
h/lv+2QLpSEr1pkr74tJK7rfCvEN/fKQWMqfJ/QQwqTf9jl8U7ar4du8OjXEakKY
rAXAI5FZ8f8RWKnb3m4zvnR0W9LM0jV2objLH8tABi0tApqGzobo4N2KGOH4gKtm
cZpLWtc85MerHI6cCt44NbzE+Yg2gbE9VignZlKPyTpdLFdz6Jg5OsZlItQ55Qyo
kq8zCGvmB4lZPp+m0qpwkRmBu75QkwQeDhVuvxh/6mY+M8EpdqYilttaowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGDbHbB/p/gJh8M8B5PLhAdcS6W3MB8GA1UdIwQY
MBaAFBaQlw3bt2GcyCGG3bU2606JhdLeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnBDWERkdTNZWnpJSVliZHRUYnJUb21GMHQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8yZTg1MzctMzZiZS00OThmLTgxNTUt
Y2MwM2JkMzE1ZmY5LzEvWU5zZHNILW4tQW1Id3p3SGs4dUVCMXhMcGJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8yZTg1MzctMzZiZS00OThmLTgxNTUtY2MwM2JkMzE1ZmY5
LzEvRnBDWERkdTNZWnpJSVliZHRUYnJUb21GMHQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuR1MMA0G
CSqGSIb3DQEBCwUAA4IBAQCrVLC8TUzAMqgzYYc4enhig3w1hiOOWbiClJbaGegQ
Ir6GWbG/K95ARdeGmpZRIb0mwQmU1Foz4eqXAshfGnbsiIpMDYZYEjHK6kIsG8jc
4BwtbkXtr1uQmuP8BhdtYdPDkcICNDsMf3KgK4imL2lwbqiK57Ja+OhsnupgUoBp
o8jvgN1+huPsyjOH/o/RwlCdbeb/pVPe6MipgiaPkKZKe8gHxZkgHybzAdnI9eWT
yvzou5F/E54+v2o0SXr0aHLPVaTs3U0ssvXpX31K/FO/0nQjxrlzEKN6ODWAhAm/
mCicgpdD8s0pqS5n6EL/U2yhDxoUqlS1qcevrti358XN
-----END CERTIFICATE-----
Generated at Sun Oct 19 19:10:18 2025 by rpki-client