Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/c68e5f-8efa-43ff-890f-272960bc4322/1/YCBMVw8lhfTbZWn4cTYVsc3blBQ.roa
File:                     YCBMVw8lhfTbZWn4cTYVsc3blBQ.roa (raw, json)
Hash identifier:          DAw8H6oh39jnMGAPAS2Ix82bT3BCrrolFFfmIIaPBT0=
Subject key identifier:   60:20:4C:57:0F:25:85:F4:DB:65:69:F8:71:36:15:B1:CD:DB:94:14
Certificate issuer:       /CN=ff925ba5a410467964634cff4afad77a56da4722
Certificate serial:       01971216D1F7183B27D7A462E7E6A080DDA9
Authority key identifier: FF:92:5B:A5:A4:10:46:79:64:63:4C:FF:4A:FA:D7:7A:56:DA:47:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_5JbpaQQRnlkY0z_SvrXelbaRyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/c68e5f-8efa-43ff-890f-272960bc4322/1/YCBMVw8lhfTbZWn4cTYVsc3blBQ.roa
Signing time:             Tue 27 May 2025 14:12:54 +0000
ROA not before:           Tue 27 May 2025 14:12:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31673
IP address blocks:        185.62.208.0/22 maxlen: 22
                          2a03:120::/32 maxlen: 32
                          2a04:72c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/c68e5f-8efa-43ff-890f-272960bc4322/1/_5JbpaQQRnlkY0z_SvrXelbaRyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/c68e5f-8efa-43ff-890f-272960bc4322/1/_5JbpaQQRnlkY0z_SvrXelbaRyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_5JbpaQQRnlkY0z_SvrXelbaRyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:12:16:d1:f7:18:3b:27:d7:a4:62:e7:e6:a0:80:dd:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff925ba5a410467964634cff4afad77a56da4722
        Validity
            Not Before: May 27 14:12:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=60204c570f2585f4db6569f8713615b1cddb9414
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:3e:34:d7:6f:97:6c:b8:31:61:9c:42:46:64:
                    88:b2:65:f9:c5:aa:52:32:1e:03:90:4c:9c:bc:2c:
                    08:84:65:6d:87:53:b1:be:f4:ef:11:ca:e9:58:c7:
                    1b:f8:aa:db:f8:07:4d:b8:ea:4b:e0:5f:bd:8c:af:
                    f9:33:56:7b:41:a2:09:92:46:13:7e:e5:f4:ce:d7:
                    11:9f:e3:9e:c6:ad:c7:7b:43:00:29:66:39:cd:85:
                    23:33:e2:ea:48:fd:7d:ea:93:73:ca:81:19:6c:90:
                    26:a0:c4:6d:7d:db:c3:6c:86:81:04:32:0e:54:ec:
                    69:bf:4b:85:dc:13:78:d4:8c:1a:df:90:96:31:e4:
                    f9:e7:09:0a:67:b3:ee:9b:b9:df:0d:68:ee:4f:68:
                    b4:91:da:a0:c8:51:73:48:f7:b7:6d:47:e3:9c:e2:
                    2e:ac:70:80:07:83:39:76:e1:20:a8:71:95:0c:4e:
                    2a:20:78:a1:e8:84:dd:52:cd:7f:6f:86:da:2d:4d:
                    3d:2b:9e:41:59:5f:e3:cb:37:07:2a:97:cd:02:5f:
                    ed:1b:08:25:c1:5b:03:87:dc:cf:a8:bd:13:1a:36:
                    95:7f:b5:90:40:1f:21:66:d5:ed:e1:0e:c7:7c:d1:
                    15:c3:36:96:a0:18:04:bb:a5:7e:d0:10:a0:77:e3:
                    f0:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:20:4C:57:0F:25:85:F4:DB:65:69:F8:71:36:15:B1:CD:DB:94:14
            X509v3 Authority Key Identifier:
                keyid:FF:92:5B:A5:A4:10:46:79:64:63:4C:FF:4A:FA:D7:7A:56:DA:47:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_5JbpaQQRnlkY0z_SvrXelbaRyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c68e5f-8efa-43ff-890f-272960bc4322/1/YCBMVw8lhfTbZWn4cTYVsc3blBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c68e5f-8efa-43ff-890f-272960bc4322/1/_5JbpaQQRnlkY0z_SvrXelbaRyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.62.208.0/22
                IPv6:
                  2a03:120::/32
                  2a04:72c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         73:9c:bb:5c:56:f6:f0:4e:a9:6e:d1:70:28:79:b4:11:41:ed:
         5d:8c:92:c5:b0:af:2d:99:44:b1:a4:fd:07:30:20:18:bb:27:
         75:d5:8b:a3:78:f9:58:c6:63:8a:06:ec:6e:d6:45:5e:8d:2a:
         f5:80:82:16:f8:47:13:8e:b6:91:bb:d1:5c:28:61:20:c4:1c:
         fa:01:90:77:ed:b9:7f:3c:0b:3d:f5:34:44:c3:1e:7f:bc:83:
         33:c8:1a:9a:92:7e:48:34:f2:b7:7c:1b:ce:dc:15:7d:60:a9:
         dd:b4:a5:de:b4:2b:3e:51:84:94:da:c9:7f:34:08:54:ee:1e:
         7b:f6:f0:a2:cc:7b:c4:0e:d7:50:66:65:a4:3b:e1:3e:df:88:
         ac:9a:4f:af:83:0e:0b:d0:0f:7a:14:30:1a:64:8b:01:79:c8:
         79:ff:1b:81:5a:da:d6:2d:b9:a2:c0:c6:cf:0c:fb:4e:e8:f1:
         71:dd:05:19:d2:55:e2:a8:55:23:c5:fd:48:7f:f0:63:2a:ff:
         26:de:2f:26:42:eb:56:56:ed:d1:09:78:81:ea:3e:54:3a:1e:
         9f:0f:1a:ac:64:78:8b:ef:99:3b:9e:dd:2b:29:bd:b5:24:39:
         bb:af:28:39:ff:f0:ac:8d:cf:61:35:8c:35:e9:46:0c:ce:bf:
         f7:02:75:bb
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZcSFtH3GDsn16Ri5+aggN2pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmOTI1YmE1YTQxMDQ2Nzk2NDYzNGNmZjRhZmFkNzdhNTZk
YTQ3MjIwHhcNMjUwNTI3MTQxMjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDIwNGM1NzBmMjU4NWY0ZGI2NTY5Zjg3MTM2MTViMWNkZGI5NDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3D4012+XbLgxYZxCRmSIsmX5xapS
Mh4DkEycvCwIhGVth1OxvvTvEcrpWMcb+Krb+AdNuOpL4F+9jK/5M1Z7QaIJkkYT
fuX0ztcRn+Oexq3He0MAKWY5zYUjM+LqSP196pNzyoEZbJAmoMRtfdvDbIaBBDIO
VOxpv0uF3BN41Iwa35CWMeT55wkKZ7Pum7nfDWjuT2i0kdqgyFFzSPe3bUfjnOIu
rHCAB4M5duEgqHGVDE4qIHih6ITdUs1/b4baLU09K55BWV/jyzcHKpfNAl/tGwgl
wVsDh9zPqL0TGjaVf7WQQB8hZtXt4Q7HfNEVwzaWoBgEu6V+0BCgd+PwuwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFGAgTFcPJYX022Vp+HE2FbHN25QUMB8GA1UdIwQY
MBaAFP+SW6WkEEZ5ZGNM/0r613pW2kciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzVKYnBhUVFSbmxrWTB6X1N2clhlbGJhUnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jNjhlNWYtOGVmYS00M2ZmLTg5MGYt
MjcyOTYwYmM0MzIyLzEvWUNCTVZ3OGxoZlRiWlduNGNUWVZzYzNibEJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jNjhlNWYtOGVmYS00M2ZmLTg5MGYtMjcyOTYwYmM0MzIy
LzEvXzVKYnBhUVFSbmxrWTB6X1N2clhlbGJhUnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQCuT7QMBQE
AgACMA4DBQAqAwEgAwUDKgRywDANBgkqhkiG9w0BAQsFAAOCAQEAc5y7XFb28E6p
btFwKHm0EUHtXYySxbCvLZlEsaT9BzAgGLsnddWLo3j5WMZjigbsbtZFXo0q9YCC
FvhHE462kbvRXChhIMQc+gGQd+25fzwLPfU0RMMef7yDM8gampJ+SDTyt3wbztwV
fWCp3bSl3rQrPlGElNrJfzQIVO4ee/bwosx7xA7XUGZlpDvhPt+IrJpPr4MOC9AP
ehQwGmSLAXnIef8bgVra1i25osDGzwz7Tujxcd0FGdJV4qhVI8X9SH/wYyr/Jt4v
JkLrVlbt0Ql4geo+VDoenw8arGR4i++ZO57dKym9tSQ5u68oOf/wrI3PYTWMNelG
DM6/9wJ1uw==
-----END CERTIFICATE-----