Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/YnjIxprxbe8Rv67vaUCJJD6mhxM.roa
File:                     YnjIxprxbe8Rv67vaUCJJD6mhxM.roa (raw, json)
Hash identifier:          6p7M/glMLxkVYFrVAs8zE62CVasIk++ifCb/xqCKU/4=
Subject key identifier:   62:78:C8:C6:9A:F1:6D:EF:11:BF:AE:EF:69:40:89:24:3E:A6:87:13
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019854A8CD348A8D5C5C3D07FB45AFF79B94
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/YnjIxprxbe8Rv67vaUCJJD6mhxM.roa
Signing time:             Tue 29 Jul 2025 05:30:05 +0000
ROA not before:           Tue 29 Jul 2025 05:30:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206238
IP address blocks:        185.238.128.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:54:a8:cd:34:8a:8d:5c:5c:3d:07:fb:45:af:f7:9b:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jul 29 05:30:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6278c8c69af16def11bfaeef694089243ea68713
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:84:f8:d5:cd:e8:e6:c4:1d:99:5f:3b:fa:bb:
                    6f:f3:ed:1a:f9:88:92:8e:9c:9e:5d:b7:7b:52:5b:
                    7d:58:d7:d2:b8:9c:83:de:fa:9a:c4:58:49:63:9a:
                    fa:42:bc:fd:fc:00:34:a7:b0:65:26:47:e4:d5:2e:
                    7c:2a:d2:fb:f8:83:87:db:ff:6a:76:84:b1:1d:31:
                    f5:7a:ec:8d:a8:7a:b7:59:48:ed:9c:40:3b:51:1f:
                    74:36:ec:37:26:64:0d:c9:1f:b1:57:72:e0:83:17:
                    8a:ec:25:98:07:d6:35:e1:42:2e:ba:bc:fb:35:f7:
                    56:bf:55:86:1d:38:35:5c:26:14:e4:a1:79:56:09:
                    cd:76:f1:2c:3e:06:f5:fb:15:fa:0a:a6:02:fb:5b:
                    56:0c:1b:87:c8:50:5d:e1:6c:7d:89:7f:bb:59:ac:
                    21:6a:7b:d5:0b:7b:03:9a:78:f4:79:c1:07:c0:8c:
                    54:ec:6b:24:19:78:0c:5b:fe:0f:31:a2:9d:61:f6:
                    43:e5:3f:6f:5f:e9:1b:72:5a:d0:fa:4b:69:b3:e3:
                    52:9d:6b:5c:bb:e8:c8:47:e4:db:24:b5:c7:9e:38:
                    c0:d8:9a:8b:72:c8:bd:56:14:7a:cd:24:ce:24:fd:
                    3b:fc:48:7b:0a:ce:a1:c8:f6:fa:47:56:00:f1:86:
                    f0:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:78:C8:C6:9A:F1:6D:EF:11:BF:AE:EF:69:40:89:24:3E:A6:87:13
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/YnjIxprxbe8Rv67vaUCJJD6mhxM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:30:47:38:42:6e:d1:a3:f9:86:fd:b3:e7:dd:db:da:dd:b0:
         87:68:da:30:03:9f:39:61:d8:9d:b1:db:c2:10:c8:ac:92:72:
         01:e8:a0:b5:c1:2c:95:4c:bf:d2:f5:4e:40:55:4c:70:05:c3:
         c7:4d:eb:9d:96:53:80:0f:f7:26:a2:20:57:51:ca:4c:a7:12:
         c7:a9:64:31:c1:e3:cf:fa:7d:dd:41:d0:8b:59:36:cb:59:14:
         b5:fe:ae:8f:45:c0:a9:4b:4a:6f:73:1b:a5:a7:38:f2:78:99:
         38:fb:fb:97:ae:55:58:65:be:23:26:56:fd:84:27:01:d5:d8:
         8a:11:d8:cd:a6:79:c1:6b:60:67:51:88:84:95:62:ab:cd:91:
         7f:70:bc:7c:ab:6d:3f:d1:8f:7f:bc:3e:f4:23:14:20:f4:0c:
         27:7b:c0:13:83:0d:d2:36:fc:d4:49:0a:bb:ff:a5:a1:f5:33:
         57:c7:23:92:ba:ce:a6:cd:12:03:14:29:fc:ac:c4:ee:dc:fc:
         5a:79:39:87:bc:f0:6f:a0:45:59:56:c5:a0:13:4e:7e:c3:57:
         e6:3c:af:6b:72:5e:87:74:19:ff:23:d6:90:27:f3:9d:73:e4:
         85:b5:53:1d:61:ea:17:78:34:fd:2a:8b:bc:53:47:47:b2:4f:
         9f:be:79:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhUqM00io1cXD0H+0Wv95uUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwNzI5MDUzMDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mjc4YzhjNjlhZjE2ZGVmMTFiZmFlZWY2OTQwODkyNDNlYTY4NzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0oT41c3o5sQdmV87+rtv8+0a+YiS
jpyeXbd7Ult9WNfSuJyD3vqaxFhJY5r6Qrz9/AA0p7BlJkfk1S58KtL7+IOH2/9q
doSxHTH1euyNqHq3WUjtnEA7UR90Nuw3JmQNyR+xV3LggxeK7CWYB9Y14UIuurz7
NfdWv1WGHTg1XCYU5KF5VgnNdvEsPgb1+xX6CqYC+1tWDBuHyFBd4Wx9iX+7Wawh
anvVC3sDmnj0ecEHwIxU7GskGXgMW/4PMaKdYfZD5T9vX+kbclrQ+ktps+NSnWtc
u+jIR+TbJLXHnjjA2JqLcsi9VhR6zSTOJP07/Eh7Cs6hyPb6R1YA8YbwmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGJ4yMaa8W3vEb+u72lAiSQ+pocTMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvWW5qSXhwcnhiZThSdjY3dmFVQ0pKRDZtaHhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCue6AMA0G
CSqGSIb3DQEBCwUAA4IBAQBEMEc4Qm7Ro/mG/bPn3dva3bCHaNowA585YdidsdvC
EMisknIB6KC1wSyVTL/S9U5AVUxwBcPHTeudllOAD/cmoiBXUcpMpxLHqWQxwePP
+n3dQdCLWTbLWRS1/q6PRcCpS0pvcxulpzjyeJk4+/uXrlVYZb4jJlb9hCcB1diK
EdjNpnnBa2BnUYiElWKrzZF/cLx8q20/0Y9/vD70IxQg9Awne8ATgw3SNvzUSQq7
/6Wh9TNXxyOSus6mzRIDFCn8rMTu3PxaeTmHvPBvoEVZVsWgE05+w1fmPK9rcl6H
dBn/I9aQJ/Odc+SFtVMdYeoXeDT9Kou8U0dHsk+fvnmC
-----END CERTIFICATE-----
Generated at Sat Aug 9 23:09:11 2025 by rpki-client