Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/8b4b1a-ea4f-42e1-b942-b119c258cfad/1/YFmR0Oe188-ep2EXK9-6L2jYCaY.roa
File:                     YFmR0Oe188-ep2EXK9-6L2jYCaY.roa (raw, json)
Hash identifier:          FdIneObMEz6RRhDmxTXHgt4x9EaEt8DWTQFHXHKwhy0=
Subject key identifier:   60:59:91:D0:E7:B5:F3:CF:9E:A7:61:17:2B:DF:BA:2F:68:D8:09:A6
Certificate issuer:       /CN=bbe2cc20d69b30dde18ec0d002ce2f9149bfb06d
Certificate serial:       019715EFEEA6F5A5CFBDAE90729222CE7082
Authority key identifier: BB:E2:CC:20:D6:9B:30:DD:E1:8E:C0:D0:02:CE:2F:91:49:BF:B0:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u-LMINabMN3hjsDQAs4vkUm_sG0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/8b4b1a-ea4f-42e1-b942-b119c258cfad/1/YFmR0Oe188-ep2EXK9-6L2jYCaY.roa
Signing time:             Wed 28 May 2025 08:08:55 +0000
ROA not before:           Wed 28 May 2025 08:08:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215138
IP address blocks:        2001:678:450::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/8b4b1a-ea4f-42e1-b942-b119c258cfad/1/u-LMINabMN3hjsDQAs4vkUm_sG0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/8b4b1a-ea4f-42e1-b942-b119c258cfad/1/u-LMINabMN3hjsDQAs4vkUm_sG0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u-LMINabMN3hjsDQAs4vkUm_sG0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:15:ef:ee:a6:f5:a5:cf:bd:ae:90:72:92:22:ce:70:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbe2cc20d69b30dde18ec0d002ce2f9149bfb06d
        Validity
            Not Before: May 28 08:08:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=605991d0e7b5f3cf9ea761172bdfba2f68d809a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:3f:8c:c3:ed:0d:18:92:11:ad:80:58:54:0c:
                    df:8c:a9:b4:64:78:fb:da:4e:32:fb:8b:80:52:ac:
                    12:e7:fa:63:8a:f0:cb:7c:04:af:16:0e:f6:c1:dd:
                    b3:e0:c9:28:6a:c8:c3:53:03:ef:28:ae:6a:38:c5:
                    ca:82:94:fb:e2:6e:54:2f:1e:f2:40:61:eb:87:25:
                    2c:a9:a1:ec:a8:6d:75:bf:49:4f:28:90:9b:64:44:
                    69:b9:98:e1:e7:84:95:da:06:f2:df:67:bd:3c:28:
                    9e:70:a4:a7:16:d7:b8:e2:65:c3:81:1d:67:c7:21:
                    fc:de:48:fe:eb:1e:5a:f8:eb:6d:37:24:de:6a:57:
                    9c:47:1b:67:70:18:7d:c7:a7:a7:eb:3d:d9:a2:7d:
                    6d:b9:2e:69:37:a3:00:0f:72:63:1e:b5:c2:e6:a7:
                    98:93:7f:73:f9:11:f5:c1:74:9e:22:90:21:9f:8a:
                    a2:d1:db:d7:ef:62:3f:d9:91:ef:13:f5:32:a7:9a:
                    ce:a7:b2:60:96:e9:ae:27:73:88:4f:a0:d6:88:16:
                    30:eb:ad:5c:76:7c:f8:99:06:73:9d:ed:a5:1c:45:
                    92:31:52:05:b3:7b:2f:1a:4e:e3:e4:01:43:c1:5e:
                    69:5d:c7:eb:da:bb:d1:a9:3f:02:aa:4b:94:36:cd:
                    aa:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:59:91:D0:E7:B5:F3:CF:9E:A7:61:17:2B:DF:BA:2F:68:D8:09:A6
            X509v3 Authority Key Identifier:
                keyid:BB:E2:CC:20:D6:9B:30:DD:E1:8E:C0:D0:02:CE:2F:91:49:BF:B0:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u-LMINabMN3hjsDQAs4vkUm_sG0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/8b4b1a-ea4f-42e1-b942-b119c258cfad/1/YFmR0Oe188-ep2EXK9-6L2jYCaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/8b4b1a-ea4f-42e1-b942-b119c258cfad/1/u-LMINabMN3hjsDQAs4vkUm_sG0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:450::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:7a:cb:ab:d0:07:be:c6:6f:18:e8:43:4d:b5:bb:95:2c:39:
         d1:5e:32:1d:6d:3d:19:54:21:13:b4:d8:5a:8a:46:0b:93:6d:
         ef:f3:5d:c5:0f:0e:d8:d9:b9:96:ce:07:e8:a8:32:9b:68:e5:
         00:73:1a:e4:fe:c8:bf:88:0e:31:cd:1a:e4:aa:81:51:27:d5:
         9e:30:af:7f:3d:ea:56:e6:97:d5:7f:bc:d2:95:ac:b5:bd:43:
         7b:e9:28:88:9d:70:3a:a7:9b:0f:5e:98:8e:76:d6:ca:04:42:
         2b:f6:15:de:48:d0:a5:dd:a0:90:99:08:b9:96:69:a0:a1:c9:
         4d:b8:d6:6e:02:48:67:64:d5:e9:5c:3e:f3:0e:ec:b6:6e:ec:
         c9:d5:2b:dc:88:f7:7b:94:26:fc:e7:25:85:43:1d:7b:15:7e:
         bc:5c:72:18:6a:8b:b9:0d:8f:32:d6:6f:1b:70:8d:23:00:cb:
         c1:03:9c:11:68:19:d7:29:15:4f:3a:46:44:d0:81:b6:78:03:
         70:e4:af:ea:6b:00:6a:10:fa:3b:e5:a1:69:4a:34:fe:0c:aa:
         05:56:49:c3:71:00:79:35:84:4a:b4:a7:10:2a:16:f9:18:e5:
         8d:43:b7:8f:3f:7e:43:08:30:3f:85:cf:08:35:12:ab:04:ec:
         40:e6:2b:ab
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZcV7+6m9aXPva6QcpIiznCCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZTJjYzIwZDY5YjMwZGRlMThlYzBkMDAyY2UyZjkxNDli
ZmIwNmQwHhcNMjUwNTI4MDgwODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDU5OTFkMGU3YjVmM2NmOWVhNzYxMTcyYmRmYmEyZjY4ZDgwOWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtT+Mw+0NGJIRrYBYVAzfjKm0ZHj7
2k4y+4uAUqwS5/pjivDLfASvFg72wd2z4MkoasjDUwPvKK5qOMXKgpT74m5ULx7y
QGHrhyUsqaHsqG11v0lPKJCbZERpuZjh54SV2gby32e9PCiecKSnFte44mXDgR1n
xyH83kj+6x5a+OttNyTealecRxtncBh9x6en6z3Zon1tuS5pN6MAD3JjHrXC5qeY
k39z+RH1wXSeIpAhn4qi0dvX72I/2ZHvE/Uyp5rOp7JglumuJ3OIT6DWiBYw661c
dnz4mQZzne2lHEWSMVIFs3svGk7j5AFDwV5pXcfr2rvRqT8CqkuUNs2qVQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGBZkdDntfPPnqdhFyvfui9o2AmmMB8GA1UdIwQY
MBaAFLvizCDWmzDd4Y7A0ALOL5FJv7BtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdS1MTUlOYWJNTjNoanNEUUFzNHZrVW1fc0cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84YjRiMWEtZWE0Zi00MmUxLWI5NDIt
YjExOWMyNThjZmFkLzEvWUZtUjBPZTE4OC1lcDJFWEs5LTZMMmpZQ2FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84YjRiMWEtZWE0Zi00MmUxLWI5NDItYjExOWMyNThjZmFk
LzEvdS1MTUlOYWJNTjNoanNEUUFzNHZrVW1fc0cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeARQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBHesur0Ae+xm8Y6ENNtbuVLDnRXjIdbT0ZVCET
tNhaikYLk23v813FDw7Y2bmWzgfoqDKbaOUAcxrk/si/iA4xzRrkqoFRJ9WeMK9/
PepW5pfVf7zSlay1vUN76SiInXA6p5sPXpiOdtbKBEIr9hXeSNCl3aCQmQi5lmmg
oclNuNZuAkhnZNXpXD7zDuy2buzJ1SvciPd7lCb85yWFQx17FX68XHIYaou5DY8y
1m8bcI0jAMvBA5wRaBnXKRVPOkZE0IG2eANw5K/qawBqEPo75aFpSjT+DKoFVknD
cQB5NYRKtKcQKhb5GOWNQ7ePP35DCDA/hc8INRKrBOxA5iur
-----END CERTIFICATE-----