Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/YwT_q4Kig3_g-NeH9DT3auGxCgo.roa
File:                     YwT_q4Kig3_g-NeH9DT3auGxCgo.roa (raw, json)
Hash identifier:          ZaE3qib+0ral12KqqE3Ve01vVTpIeV1MSx94xxKpbME=
Subject key identifier:   63:04:FF:AB:82:A2:83:7F:E0:F8:D7:87:F4:34:F7:6A:E1:B1:0A:0A
Certificate issuer:       /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial:       01985D4795488A26DE30C9DA950529A1E484
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/YwT_q4Kig3_g-NeH9DT3auGxCgo.roa
Signing time:             Wed 30 Jul 2025 21:40:28 +0000
ROA not before:           Wed 30 Jul 2025 21:40:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9123
IP address blocks:        80.85.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 06:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5d:47:95:48:8a:26:de:30:c9:da:95:05:29:a1:e4:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
        Validity
            Not Before: Jul 30 21:40:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6304ffab82a2837fe0f8d787f434f76ae1b10a0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ba:ea:30:dd:3c:d5:74:c3:a0:24:b6:d6:55:
                    1e:6c:16:10:dd:62:af:0d:af:78:a9:a6:e0:92:ff:
                    04:d6:12:37:a0:af:4b:68:57:c5:50:ad:2e:88:99:
                    e3:93:87:3d:e6:0d:be:cf:8f:e1:4a:dc:95:b1:c2:
                    60:db:81:47:75:ae:98:17:1d:03:2b:78:9b:c5:a2:
                    a2:38:81:cc:44:81:7c:35:95:8a:4f:67:64:53:c8:
                    2c:5a:17:0a:82:53:3d:ca:77:4f:45:20:24:62:c5:
                    3b:ed:af:a1:b1:59:53:64:78:09:0a:7e:a7:63:64:
                    7a:c0:8f:62:2a:80:65:db:79:e6:01:30:e4:d6:ef:
                    e8:b5:cf:2e:65:d0:95:40:ca:9f:04:d3:c6:14:74:
                    66:29:7b:61:52:50:a7:02:87:2b:b1:6d:35:a2:d5:
                    9c:8e:ef:03:57:02:11:b8:f9:1d:eb:81:d5:3e:73:
                    a9:ce:12:50:31:a7:c6:cc:4c:16:ce:f9:01:b2:40:
                    21:3d:c6:0d:61:a8:81:9f:a3:62:d5:e4:d7:35:6f:
                    5e:89:6b:3c:6d:64:1e:28:78:d0:56:fa:8d:35:0b:
                    24:53:10:b4:98:a7:b5:31:1f:3f:e2:72:46:bb:33:
                    09:d3:b5:6b:3d:62:0d:41:0e:06:d8:8c:9c:78:e3:
                    5c:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:04:FF:AB:82:A2:83:7F:E0:F8:D7:87:F4:34:F7:6A:E1:B1:0A:0A
            X509v3 Authority Key Identifier:
                keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/YwT_q4Kig3_g-NeH9DT3auGxCgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.85.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:16:a2:f2:41:70:38:47:51:24:34:b5:48:ac:6b:e2:00:c8:
         d0:d0:d9:40:f8:63:3b:f9:ca:05:c1:79:06:ab:6c:11:1d:8e:
         16:d1:53:8c:e0:9e:f7:22:06:99:14:43:13:4b:2a:5e:f8:8a:
         99:52:9f:c9:6a:fd:09:d6:e0:df:c8:4c:cb:f0:61:8b:ff:4a:
         8c:ab:d5:ba:a6:17:b1:fc:0a:05:9e:19:70:a2:f8:06:69:53:
         a8:0c:18:c4:82:1b:3a:93:e4:b1:39:89:57:45:9f:4a:de:af:
         9c:db:c6:74:d2:ec:96:d6:23:f1:de:db:cd:fd:11:c8:9b:7c:
         bf:09:ac:ae:7b:0e:a5:c7:6c:3a:c2:03:47:fb:27:c9:bb:07:
         7c:f2:0c:0c:98:1d:4e:86:20:18:5d:0c:50:75:28:90:6c:f0:
         74:d4:01:4a:43:7c:69:81:50:7c:d7:fd:d7:d2:d2:d9:4a:c9:
         7b:0d:bd:b4:68:c4:0b:af:32:e5:a3:0b:8c:7d:6e:89:37:4e:
         61:67:01:17:76:eb:6c:cf:42:d1:e2:1a:0b:58:56:31:b6:41:
         71:2a:4d:c4:b1:60:6e:94:e3:10:a5:bf:9a:cb:37:23:23:9d:
         11:b3:3e:8e:8b:e1:8a:e1:72:11:ff:f5:d4:48:75:81:cc:49:
         e6:8c:19:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhdR5VIiibeMMnalQUpoeSEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjUwNzMwMjE0MDI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzA0ZmZhYjgyYTI4MzdmZTBmOGQ3ODdmNDM0Zjc2YWUxYjEwYTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbrqMN081XTDoCS21lUebBYQ3WKv
Da94qabgkv8E1hI3oK9LaFfFUK0uiJnjk4c95g2+z4/hStyVscJg24FHda6YFx0D
K3ibxaKiOIHMRIF8NZWKT2dkU8gsWhcKglM9yndPRSAkYsU77a+hsVlTZHgJCn6n
Y2R6wI9iKoBl23nmATDk1u/otc8uZdCVQMqfBNPGFHRmKXthUlCnAocrsW01otWc
ju8DVwIRuPkd64HVPnOpzhJQMafGzEwWzvkBskAhPcYNYaiBn6Ni1eTXNW9eiWs8
bWQeKHjQVvqNNQskUxC0mKe1MR8/4nJGuzMJ07VrPWINQQ4G2IyceONcXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGME/6uCooN/4PjXh/Q092rhsQoKMB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEvWXdUX3E0S2lnM19nLU5lSDlEVDNhdUd4Q2dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEtZDg3MjEzNzU2NDRh
LzEvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFXyMA0G
CSqGSIb3DQEBCwUAA4IBAQAFFqLyQXA4R1EkNLVIrGviAMjQ0NlA+GM7+coFwXkG
q2wRHY4W0VOM4J73IgaZFEMTSype+IqZUp/Jav0J1uDfyEzL8GGL/0qMq9W6phex
/AoFnhlwovgGaVOoDBjEghs6k+SxOYlXRZ9K3q+c28Z00uyW1iPx3tvN/RHIm3y/
Cayuew6lx2w6wgNH+yfJuwd88gwMmB1OhiAYXQxQdSiQbPB01AFKQ3xpgVB81/3X
0tLZSsl7Db20aMQLrzLlowuMfW6JN05hZwEXdutsz0LR4hoLWFYxtkFxKk3EsWBu
lOMQpb+ayzcjI50Rsz6Oi+GK4XIR//XUSHWBzEnmjBl1
-----END CERTIFICATE-----