Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/3b6eab-f909-42c9-b588-15c65ff258e8/1/YIGtHD7S0_N18DJSeC_E0_Jn3sk.roa
File:                     YIGtHD7S0_N18DJSeC_E0_Jn3sk.roa (raw, json)
Hash identifier:          AalmOgrQxfmPJAes8mWDMEejVYtQtR0Ex3TWn3wOs5E=
Subject key identifier:   60:81:AD:1C:3E:D2:D3:F3:75:F0:32:52:78:2F:C4:D3:F2:67:DE:C9
Certificate issuer:       /CN=ef1535978be6b0ad7a9cb70eb0522f8c950982a9
Certificate serial:       019A29BC13D2CC98FD758295C67EAE94D296
Authority key identifier: EF:15:35:97:8B:E6:B0:AD:7A:9C:B7:0E:B0:52:2F:8C:95:09:82:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7xU1l4vmsK16nLcOsFIvjJUJgqk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/3b6eab-f909-42c9-b588-15c65ff258e8/1/YIGtHD7S0_N18DJSeC_E0_Jn3sk.roa
Signing time:             Tue 28 Oct 2025 07:33:03 +0000
ROA not before:           Tue 28 Oct 2025 07:33:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206276
IP address blocks:        81.172.96.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/3b6eab-f909-42c9-b588-15c65ff258e8/1/7xU1l4vmsK16nLcOsFIvjJUJgqk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/3b6eab-f909-42c9-b588-15c65ff258e8/1/7xU1l4vmsK16nLcOsFIvjJUJgqk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7xU1l4vmsK16nLcOsFIvjJUJgqk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 04:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:29:bc:13:d2:cc:98:fd:75:82:95:c6:7e:ae:94:d2:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef1535978be6b0ad7a9cb70eb0522f8c950982a9
        Validity
            Not Before: Oct 28 07:33:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6081ad1c3ed2d3f375f03252782fc4d3f267dec9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:85:a5:c8:9d:18:b1:6b:b9:3f:fe:6e:ba:44:
                    56:c9:2c:14:ee:19:41:a3:28:d9:88:c8:4f:6d:35:
                    f0:cd:b8:58:df:f6:9b:13:fe:93:0d:71:4a:46:16:
                    9c:a4:c3:c4:b6:8b:d1:f4:e0:ef:1d:86:b1:3e:9f:
                    c9:92:75:79:3b:9e:0b:97:b5:83:b3:30:82:8b:02:
                    f8:61:77:98:76:32:04:ed:d0:43:36:82:43:02:ba:
                    a7:20:ac:25:28:65:96:21:11:24:f5:c0:99:dd:cd:
                    9c:33:27:ae:51:f2:b3:25:4c:71:74:d4:c2:f5:82:
                    58:99:61:24:7b:bc:0e:42:c5:e7:4d:2b:28:5f:05:
                    4c:b5:a6:c1:f6:d3:aa:71:ef:9f:d7:ea:84:bf:1c:
                    9c:e9:48:c7:f9:fc:04:ef:8f:c4:d8:f7:06:d4:34:
                    c9:31:cf:dd:d5:84:53:92:b9:ff:d6:b9:52:b0:63:
                    ad:0d:4a:e6:7b:52:fa:1f:97:99:4a:f5:49:41:69:
                    d1:3f:68:c4:f0:32:b6:30:b7:85:36:37:67:8e:eb:
                    a3:01:8c:d8:9c:47:96:de:cc:3c:6b:72:96:f7:4e:
                    9e:03:e6:69:32:5b:f5:07:6d:49:0b:a7:be:48:b2:
                    66:93:43:ea:31:31:a7:fe:20:8a:30:62:b6:32:ba:
                    4a:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:81:AD:1C:3E:D2:D3:F3:75:F0:32:52:78:2F:C4:D3:F2:67:DE:C9
            X509v3 Authority Key Identifier:
                keyid:EF:15:35:97:8B:E6:B0:AD:7A:9C:B7:0E:B0:52:2F:8C:95:09:82:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7xU1l4vmsK16nLcOsFIvjJUJgqk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/3b6eab-f909-42c9-b588-15c65ff258e8/1/YIGtHD7S0_N18DJSeC_E0_Jn3sk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/3b6eab-f909-42c9-b588-15c65ff258e8/1/7xU1l4vmsK16nLcOsFIvjJUJgqk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.172.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:f0:90:71:b7:cd:82:01:81:c9:db:b4:4a:08:9a:31:4d:a0:
         bf:f6:a7:e0:17:f2:5d:37:bf:98:4f:09:ac:fb:bb:8d:f6:af:
         52:21:c3:68:38:2f:ed:94:dd:a1:bd:a5:08:f8:19:7b:48:50:
         3d:1a:57:01:bd:5c:d4:fa:ce:5d:b3:a5:67:44:f1:af:22:5f:
         cb:8f:b9:2a:45:09:06:4d:fb:9e:ae:4f:c6:9a:dd:15:2b:b4:
         0e:65:f8:4e:26:91:51:3e:ad:83:c8:5e:11:8d:b5:fc:4e:40:
         5a:38:dd:7d:0c:2a:52:80:12:0a:e8:ff:5d:73:ac:3f:96:8d:
         34:dc:0d:11:ff:a2:4b:36:88:a4:9f:8b:b1:54:ee:6f:eb:99:
         79:be:ba:94:0e:42:df:74:33:11:66:59:02:20:97:0d:a0:93:
         62:ae:82:d1:03:85:ef:37:4a:97:5f:1e:c0:68:7b:66:ac:f1:
         12:ce:9c:c8:a2:ea:e5:d5:d6:77:95:4a:cf:09:0b:69:b8:f6:
         ed:79:e7:64:0d:1c:41:89:4d:71:da:1d:d4:d2:d2:68:c3:0b:
         a4:39:e8:5c:dc:ff:50:e3:36:51:8a:64:ac:80:c0:d3:4f:1f:
         93:d8:fe:0b:3e:33:86:8f:50:d7:82:b1:f0:8a:48:f8:6b:5d:
         ea:0f:d8:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZopvBPSzJj9dYKVxn6ulNKWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmMTUzNTk3OGJlNmIwYWQ3YTljYjcwZWIwNTIyZjhjOTUw
OTgyYTkwHhcNMjUxMDI4MDczMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDgxYWQxYzNlZDJkM2YzNzVmMDMyNTI3ODJmYzRkM2YyNjdkZWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4WlyJ0YsWu5P/5uukRWySwU7hlB
oyjZiMhPbTXwzbhY3/abE/6TDXFKRhacpMPEtovR9ODvHYaxPp/JknV5O54Ll7WD
szCCiwL4YXeYdjIE7dBDNoJDArqnIKwlKGWWIREk9cCZ3c2cMyeuUfKzJUxxdNTC
9YJYmWEke7wOQsXnTSsoXwVMtabB9tOqce+f1+qEvxyc6UjH+fwE74/E2PcG1DTJ
Mc/d1YRTkrn/1rlSsGOtDUrme1L6H5eZSvVJQWnRP2jE8DK2MLeFNjdnjuujAYzY
nEeW3sw8a3KW906eA+ZpMlv1B21JC6e+SLJmk0PqMTGn/iCKMGK2MrpKHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCBrRw+0tPzdfAyUngvxNPyZ97JMB8GA1UdIwQY
MBaAFO8VNZeL5rCtepy3DrBSL4yVCYKpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3hVMWw0dm1zSzE2bkxjT3NGSXZqSlVKZ3FrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC8zYjZlYWItZjkwOS00MmM5LWI1ODgt
MTVjNjVmZjI1OGU4LzEvWUlHdEhEN1MwX04xOERKU2VDX0UwX0puM3NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC8zYjZlYWItZjkwOS00MmM5LWI1ODgtMTVjNjVmZjI1OGU4
LzEvN3hVMWw0dm1zSzE2bkxjT3NGSXZqSlVKZ3FrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUaxgMA0G
CSqGSIb3DQEBCwUAA4IBAQCO8JBxt82CAYHJ27RKCJoxTaC/9qfgF/JdN7+YTwms
+7uN9q9SIcNoOC/tlN2hvaUI+Bl7SFA9GlcBvVzU+s5ds6VnRPGvIl/Lj7kqRQkG
Tfuerk/Gmt0VK7QOZfhOJpFRPq2DyF4RjbX8TkBaON19DCpSgBIK6P9dc6w/lo00
3A0R/6JLNoikn4uxVO5v65l5vrqUDkLfdDMRZlkCIJcNoJNiroLRA4XvN0qXXx7A
aHtmrPESzpzIourl1dZ3lUrPCQtpuPbteedkDRxBiU1x2h3U0tJowwukOehc3P9Q
4zZRimSsgMDTTx+T2P4LPjOGj1DXgrHwikj4a13qD9ib
-----END CERTIFICATE-----