Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/YDu48ccrv96fD9s7QqKWWzYU6IM.roa
File:                     YDu48ccrv96fD9s7QqKWWzYU6IM.roa (raw, json)
Hash identifier:          yC69SHvO0jpmAs0fXgMhwcQlC+imfJ4mjc7pgKTMjo0=
Subject key identifier:   60:3B:B8:F1:C7:2B:BF:DE:9F:0F:DB:3B:42:A2:96:5B:36:14:E8:83
Certificate issuer:       /CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
Certificate serial:       01990A476A4035C943429FA6817CE352CCD9
Authority key identifier: F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/YDu48ccrv96fD9s7QqKWWzYU6IM.roa
Signing time:             Tue 02 Sep 2025 11:54:36 +0000
ROA not before:           Tue 02 Sep 2025 11:54:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        109.175.210.0/24 maxlen: 24
                          109.205.193.0/24 maxlen: 24
                          2a01:fb00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0a:47:6a:40:35:c9:43:42:9f:a6:81:7c:e3:52:cc:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
        Validity
            Not Before: Sep  2 11:54:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=603bb8f1c72bbfde9f0fdb3b42a2965b3614e883
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e3:3b:e4:b6:24:0f:a4:e3:b4:c3:84:6b:8d:
                    c8:ee:64:34:db:4a:28:89:7e:90:ab:88:75:a7:12:
                    f2:21:2a:ea:87:21:94:3b:49:45:7b:db:7a:67:eb:
                    0a:ed:c2:dd:4e:b5:8d:65:06:17:d9:02:d4:e9:ed:
                    0d:c0:73:cd:0b:1c:74:31:1b:29:95:5e:fb:e4:99:
                    f1:5d:b6:f1:48:2b:20:88:35:1a:9b:9b:99:93:02:
                    7a:02:fa:dd:ac:3b:50:c6:ea:d4:51:5f:97:da:03:
                    9e:0a:2f:f1:c9:21:fb:87:9a:aa:a2:3c:4c:93:91:
                    64:5d:a6:90:41:f8:9a:19:a5:03:8d:c7:3f:4f:f9:
                    0d:5b:c3:b0:ba:20:91:7c:6d:cd:eb:79:6b:3f:cc:
                    e9:0b:38:cd:4b:6b:69:63:71:c6:cf:26:b7:53:c8:
                    f8:17:44:40:b5:c2:2f:45:0a:e2:94:2b:84:0f:11:
                    51:dd:c6:ea:bb:9a:ce:3d:74:90:58:0a:50:19:e9:
                    b2:31:48:da:30:a7:61:b3:99:11:98:a7:d6:c1:57:
                    9f:9c:ac:d4:79:3a:89:c6:c8:5b:51:86:0f:e5:1c:
                    08:97:01:ad:0b:47:bc:00:3d:4a:6b:78:0c:58:c9:
                    dc:1e:c7:ed:4c:6b:d4:f3:89:42:e5:50:ff:3e:30:
                    ef:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:3B:B8:F1:C7:2B:BF:DE:9F:0F:DB:3B:42:A2:96:5B:36:14:E8:83
            X509v3 Authority Key Identifier:
                keyid:F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/YDu48ccrv96fD9s7QqKWWzYU6IM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.175.210.0/24
                  109.205.193.0/24
                IPv6:
                  2a01:fb00::/32

    Signature Algorithm: sha256WithRSAEncryption
         32:d3:b5:d3:a4:95:90:2b:55:bf:3d:27:90:af:8a:82:4b:57:
         f7:bc:1c:fe:6e:7d:51:3f:a5:03:a6:29:06:97:5d:9d:06:7d:
         8a:4c:3a:9f:2f:a6:6e:22:d8:bd:ad:48:e8:67:0e:ed:d1:11:
         ec:b5:8b:50:e3:0a:d6:1b:b8:87:01:31:9d:97:50:33:96:08:
         4f:49:3e:99:9f:b4:12:4c:53:28:91:7f:ec:a8:ff:73:da:ef:
         85:87:ed:ac:61:9c:26:30:fe:12:f5:85:f2:08:a5:f4:cf:58:
         e0:a7:24:40:79:18:6b:43:b2:ae:4f:05:e0:66:cd:59:f5:37:
         90:99:31:6c:25:f3:95:d2:66:e9:36:8a:eb:6c:32:59:a7:c9:
         b0:fb:95:40:19:35:3d:e7:fb:bd:32:af:f2:34:ef:bf:54:fd:
         11:f7:6c:70:09:88:e6:49:4a:fc:64:13:8e:46:22:b0:ae:ca:
         97:a5:07:63:d5:38:50:2d:7d:79:2f:73:c9:ff:a4:7c:41:5f:
         cf:95:2c:35:d2:75:80:76:d0:af:6b:46:96:54:20:88:8d:6f:
         ee:7b:67:c5:86:3b:09:9e:30:36:32:df:08:6a:61:80:cd:7b:
         e2:7d:6c:b5:a3:a0:fa:a3:1e:89:eb:ed:45:d4:fc:5f:81:45:
         41:d6:65:5b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZkKR2pANclDQp+mgXzjUszZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMjQ1ODFlNDM2ODgyNWQ1ZTEzZjRmMmEwZDZmZjhlNDg0
Yzk1ZTYwHhcNMjUwOTAyMTE1NDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDNiYjhmMWM3MmJiZmRlOWYwZmRiM2I0MmEyOTY1YjM2MTRlODgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOM75LYkD6TjtMOEa43I7mQ020oo
iX6Qq4h1pxLyISrqhyGUO0lFe9t6Z+sK7cLdTrWNZQYX2QLU6e0NwHPNCxx0MRsp
lV775JnxXbbxSCsgiDUam5uZkwJ6AvrdrDtQxurUUV+X2gOeCi/xySH7h5qqojxM
k5FkXaaQQfiaGaUDjcc/T/kNW8OwuiCRfG3N63lrP8zpCzjNS2tpY3HGzya3U8j4
F0RAtcIvRQrilCuEDxFR3cbqu5rOPXSQWApQGemyMUjaMKdhs5kRmKfWwVefnKzU
eTqJxshbUYYP5RwIlwGtC0e8AD1Ka3gMWMncHsftTGvU84lC5VD/PjDvkwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGA7uPHHK7/enw/bO0Kills2FOiDMB8GA1UdIwQY
MBaAFPMkWB5DaIJdXhP08qDW/45ITJXmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMt
NmUyZDk3Y2ExNWZmLzEvWUR1NDhjY3J2OTZmRDlzN1FxS1dXellVNklNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMtNmUyZDk3Y2ExNWZm
LzEvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAba/SAwQA
bc3BMA0EAgACMAcDBQAqAfsAMA0GCSqGSIb3DQEBCwUAA4IBAQAy07XTpJWQK1W/
PSeQr4qCS1f3vBz+bn1RP6UDpikGl12dBn2KTDqfL6ZuIti9rUjoZw7t0RHstYtQ
4wrWG7iHATGdl1AzlghPST6Zn7QSTFMokX/sqP9z2u+Fh+2sYZwmMP4S9YXyCKX0
z1jgpyRAeRhrQ7KuTwXgZs1Z9TeQmTFsJfOV0mbpNorrbDJZp8mw+5VAGTU95/u9
Mq/yNO+/VP0R92xwCYjmSUr8ZBOORiKwrsqXpQdj1ThQLX15L3PJ/6R8QV/PlSw1
0nWAdtCva0aWVCCIjW/ue2fFhjsJnjA2Mt8IamGAzXvifWy1o6D6ox6J6+1F1Pxf
gUVB1mVb
-----END CERTIFICATE-----