Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/6YeOU-xwRHqJMQtyKmVzLjZmCAM.roa
File:                     6YeOU-xwRHqJMQtyKmVzLjZmCAM.roa (raw, json)
Hash identifier:          oPTqGQuFEIoUL5I0HzlZEpKxPvEK6ljihx+tltcKNDI=
Subject key identifier:   E9:87:8E:53:EC:70:44:7A:89:31:0B:72:2A:65:73:2E:36:66:08:03
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       0199FCA7CB1FE49A14414EF4DD8F650AE40E
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/6YeOU-xwRHqJMQtyKmVzLjZmCAM.roa
Signing time:             Sun 19 Oct 2025 13:27:58 +0000
ROA not before:           Sun 19 Oct 2025 13:27:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        84.55.8.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 Oct 2025 08:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fc:a7:cb:1f:e4:9a:14:41:4e:f4:dd:8f:65:0a:e4:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Oct 19 13:27:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e9878e53ec70447a89310b722a65732e36660803
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:b1:f5:86:66:3a:80:8c:d8:d6:ee:c2:47:d2:
                    cc:54:fc:31:0f:86:d7:92:0a:2f:08:2c:af:d1:e3:
                    d0:be:a4:18:23:c4:a8:ae:d5:09:25:d5:f7:f9:40:
                    fa:35:b4:d6:12:5e:bd:63:78:9f:e1:ea:ef:2e:45:
                    1e:20:69:d6:17:9c:04:e9:2f:36:9d:da:02:34:94:
                    05:a8:81:9b:95:6a:8c:c5:89:e1:7d:67:b6:ba:69:
                    d8:4d:12:60:61:f1:ed:82:2a:51:28:49:d1:40:13:
                    d1:7d:9c:2b:da:71:26:54:0f:8e:d0:f1:b1:25:7b:
                    7e:3f:ab:5f:78:87:91:03:48:53:72:66:0a:4b:b9:
                    72:ef:6f:5e:92:4e:86:4e:74:41:8d:9c:a3:39:79:
                    1b:31:88:48:a1:ee:32:21:42:e3:4f:3d:0b:fc:dc:
                    c7:99:79:61:17:ae:54:03:09:f6:de:6f:85:81:0b:
                    87:e6:72:2e:68:2d:1c:d9:58:67:07:3d:b0:46:d4:
                    e2:8e:d9:fb:12:74:32:35:31:3c:0b:17:8c:90:0e:
                    98:6f:92:97:f8:bb:b1:63:0d:96:f1:ec:42:c7:fe:
                    ab:c3:09:bb:32:c9:a2:ce:88:b6:5e:ad:1e:3e:8a:
                    3b:0c:a2:55:fe:d0:2a:fb:2e:b2:28:22:2b:07:0e:
                    13:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:87:8E:53:EC:70:44:7A:89:31:0B:72:2A:65:73:2E:36:66:08:03
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/6YeOU-xwRHqJMQtyKmVzLjZmCAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.55.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:08:83:9b:f4:25:1e:8e:13:09:b2:c6:0c:fe:c2:d2:72:35:
         8f:c2:f7:2e:b4:df:f8:22:c7:e1:aa:f8:8c:47:a9:4e:19:3c:
         75:19:73:7a:50:c5:bd:dc:13:dd:85:2c:a3:44:7a:b8:cd:64:
         88:69:a6:f5:a7:87:d6:9d:e4:f8:8c:e8:5c:e4:81:66:37:de:
         b7:12:e6:05:41:ee:eb:d4:f1:b7:76:2a:95:80:41:05:2f:3c:
         c9:47:80:12:5b:b6:a3:21:32:7d:9c:d6:0c:e4:88:f4:b4:62:
         3a:d8:ab:5a:2d:71:a3:0e:8b:94:82:2c:11:ec:4f:e6:a2:5e:
         01:f1:7d:5a:00:44:03:7c:47:25:39:c9:d3:ad:fe:90:71:3f:
         09:ff:da:bb:5f:8f:e2:74:06:da:d1:50:e3:7a:b7:00:db:9e:
         de:63:35:8e:54:25:6e:ed:09:b2:a8:5f:68:96:26:29:f0:10:
         3c:da:70:74:06:97:4c:85:39:1e:b8:8f:26:67:c4:f9:83:5b:
         56:41:a3:66:b3:39:bf:28:44:77:b8:0e:4b:27:b0:22:ed:67:
         47:6f:51:10:4b:af:8d:d2:c0:fc:a0:9c:eb:bc:50:22:06:f1:
         36:cd:04:4a:a7:01:2e:4d:9f:76:57:a5:92:aa:db:56:43:ec:
         35:c3:75:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZn8p8sf5JoUQU703Y9lCuQOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjUxMDE5MTMyNzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTg3OGU1M2VjNzA0NDdhODkzMTBiNzIyYTY1NzMyZTM2NjYwODAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLH1hmY6gIzY1u7CR9LMVPwxD4bX
kgovCCyv0ePQvqQYI8SortUJJdX3+UD6NbTWEl69Y3if4ervLkUeIGnWF5wE6S82
ndoCNJQFqIGblWqMxYnhfWe2umnYTRJgYfHtgipRKEnRQBPRfZwr2nEmVA+O0PGx
JXt+P6tfeIeRA0hTcmYKS7ly729ekk6GTnRBjZyjOXkbMYhIoe4yIULjTz0L/NzH
mXlhF65UAwn23m+FgQuH5nIuaC0c2VhnBz2wRtTijtn7EnQyNTE8CxeMkA6Yb5KX
+LuxYw2W8exCx/6rwwm7Msmizoi2Xq0ePoo7DKJV/tAq+y6yKCIrBw4TZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOmHjlPscER6iTELciplcy42ZggDMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvNlllT1UteHdSSHFKTVF0eUttVnpMalptQ0FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVDcIMA0G
CSqGSIb3DQEBCwUAA4IBAQAaCIOb9CUejhMJssYM/sLScjWPwvcutN/4IsfhqviM
R6lOGTx1GXN6UMW93BPdhSyjRHq4zWSIaab1p4fWneT4jOhc5IFmN963EuYFQe7r
1PG3diqVgEEFLzzJR4ASW7ajITJ9nNYM5Ij0tGI62KtaLXGjDouUgiwR7E/mol4B
8X1aAEQDfEclOcnTrf6QcT8J/9q7X4/idAba0VDjercA257eYzWOVCVu7QmyqF9o
liYp8BA82nB0BpdMhTkeuI8mZ8T5g1tWQaNmszm/KER3uA5LJ7Ai7WdHb1EQS6+N
0sD8oJzrvFAiBvE2zQRKpwEuTZ92V6WSqttWQ+w1w3W7
-----END CERTIFICATE-----