Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/c3dc1b-d1ee-4ff2-a5aa-f0c4be8e240a/1/ygmr0LjW6g8O2ji5kesu3ACK874.roa
File:                     ygmr0LjW6g8O2ji5kesu3ACK874.roa (raw, json)
Hash identifier:          Fof0/v6mus5tChpoy38UTB0o2Mq7hczl/AM052BO+So=
Subject key identifier:   CA:09:AB:D0:B8:D6:EA:0F:0E:DA:38:B9:91:EB:2E:DC:00:8A:F3:BE
Certificate issuer:       /CN=49e44eeea26569d0ddbd0e8637f12cf505a4ede9
Certificate serial:       019813A5D882DD469F524238763347ECDE66
Authority key identifier: 49:E4:4E:EE:A2:65:69:D0:DD:BD:0E:86:37:F1:2C:F5:05:A4:ED:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeRO7qJladDdvQ6GN_Es9QWk7ek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/c3dc1b-d1ee-4ff2-a5aa-f0c4be8e240a/1/ygmr0LjW6g8O2ji5kesu3ACK874.roa
Signing time:             Wed 16 Jul 2025 14:31:32 +0000
ROA not before:           Wed 16 Jul 2025 14:31:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216353
IP address blocks:        193.105.186.0/24 maxlen: 24
                          2a03:6f80:f000::/36 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/c3dc1b-d1ee-4ff2-a5aa-f0c4be8e240a/1/SeRO7qJladDdvQ6GN_Es9QWk7ek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/c3dc1b-d1ee-4ff2-a5aa-f0c4be8e240a/1/SeRO7qJladDdvQ6GN_Es9QWk7ek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeRO7qJladDdvQ6GN_Es9QWk7ek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 08:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:13:a5:d8:82:dd:46:9f:52:42:38:76:33:47:ec:de:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e44eeea26569d0ddbd0e8637f12cf505a4ede9
        Validity
            Not Before: Jul 16 14:31:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ca09abd0b8d6ea0f0eda38b991eb2edc008af3be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:63:26:0e:d2:ba:15:32:e8:4c:e3:67:9a:0d:
                    ab:c3:5b:9b:a0:60:22:ea:b3:58:3f:19:e9:5f:75:
                    df:51:3a:8e:26:4d:24:6e:ea:04:37:e2:20:e3:f4:
                    01:d9:4d:bb:62:48:97:39:d3:f7:ce:13:89:33:1c:
                    11:0d:04:6f:48:30:8d:51:7c:66:91:e1:7c:24:47:
                    99:e9:a5:d7:64:7c:c0:50:ad:e9:81:21:ee:9e:b5:
                    e0:ac:43:bb:70:fb:0f:7d:21:f8:cd:ad:f8:53:ac:
                    0e:8b:65:e0:69:fd:f6:66:65:f9:3f:59:f2:61:5e:
                    aa:1b:7a:e7:4d:f3:45:b8:5d:13:b8:c1:65:46:9f:
                    e7:f6:6a:57:40:1b:5a:47:0f:ac:b3:ac:56:3f:1b:
                    c9:a2:a1:2e:f0:bd:f5:67:17:e9:15:15:3b:ea:c7:
                    27:9e:28:38:9c:59:9f:f7:d3:04:81:90:97:01:f6:
                    6b:b5:4d:19:55:4c:fe:60:a7:cc:d3:02:b8:bf:5b:
                    d7:45:db:77:79:18:bd:92:59:22:f2:1f:df:6e:89:
                    ed:ef:87:b2:2b:07:27:c5:c3:bc:49:8d:54:fd:b6:
                    ac:0c:9d:b0:03:2e:94:20:a2:dd:47:dc:87:96:b0:
                    d5:55:e7:96:af:da:ca:c0:83:91:63:3f:ad:f9:16:
                    4d:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:09:AB:D0:B8:D6:EA:0F:0E:DA:38:B9:91:EB:2E:DC:00:8A:F3:BE
            X509v3 Authority Key Identifier:
                keyid:49:E4:4E:EE:A2:65:69:D0:DD:BD:0E:86:37:F1:2C:F5:05:A4:ED:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeRO7qJladDdvQ6GN_Es9QWk7ek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/c3dc1b-d1ee-4ff2-a5aa-f0c4be8e240a/1/ygmr0LjW6g8O2ji5kesu3ACK874.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/c3dc1b-d1ee-4ff2-a5aa-f0c4be8e240a/1/SeRO7qJladDdvQ6GN_Es9QWk7ek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.186.0/24
                IPv6:
                  2a03:6f80:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         15:88:aa:c2:ad:6e:fa:f6:85:64:04:cd:66:a4:da:41:af:5f:
         37:70:0e:a4:37:ea:e5:00:af:d2:d5:8b:82:eb:8b:af:50:69:
         a8:e7:d3:38:53:47:1b:a2:b2:5d:d9:75:87:83:93:a7:d3:77:
         9e:4a:d1:36:0b:ce:9d:20:74:b0:d8:45:4b:32:40:0c:fc:56:
         20:c2:2a:e1:4e:3e:aa:13:f4:07:96:0d:a5:0e:48:c3:f4:3e:
         b3:81:d5:15:b5:d1:7b:36:2b:f0:d2:20:d9:67:11:a4:bd:1b:
         b1:64:d8:6f:5b:28:42:8a:be:26:10:f5:7e:20:38:d9:c3:fe:
         97:0c:82:e1:a8:90:10:a6:91:e6:6a:da:7b:0f:be:d3:be:3f:
         c8:59:d9:ea:e1:dc:85:fa:99:fb:c7:cf:cf:bf:6b:fb:b1:15:
         04:54:8f:0c:6f:7b:88:a7:54:a0:e5:33:69:40:2f:13:4d:70:
         a5:96:61:c9:f2:7e:6c:35:93:51:69:52:9f:99:9f:4f:ef:3e:
         61:45:ed:21:97:02:e8:15:9c:e9:52:ac:d9:74:fa:1b:e3:51:
         e2:0e:99:d2:8a:9d:cc:48:5a:6a:5f:95:fa:e6:d7:f4:54:93:
         31:cc:d4:6c:45:2f:83:2f:93:52:c7:1f:d9:72:e6:30:7a:58:
         fe:1e:7b:9e
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZgTpdiC3UafUkI4djNH7N5mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTQ0ZWVlYTI2NTY5ZDBkZGJkMGU4NjM3ZjEyY2Y1MDVh
NGVkZTkwHhcNMjUwNzE2MTQzMTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTA5YWJkMGI4ZDZlYTBmMGVkYTM4Yjk5MWViMmVkYzAwOGFmM2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2MmDtK6FTLoTONnmg2rw1uboGAi
6rNYPxnpX3XfUTqOJk0kbuoEN+Ig4/QB2U27YkiXOdP3zhOJMxwRDQRvSDCNUXxm
keF8JEeZ6aXXZHzAUK3pgSHunrXgrEO7cPsPfSH4za34U6wOi2Xgaf32ZmX5P1ny
YV6qG3rnTfNFuF0TuMFlRp/n9mpXQBtaRw+ss6xWPxvJoqEu8L31ZxfpFRU76scn
nig4nFmf99MEgZCXAfZrtU0ZVUz+YKfM0wK4v1vXRdt3eRi9klki8h/fbont74ey
KwcnxcO8SY1U/basDJ2wAy6UIKLdR9yHlrDVVeeWr9rKwIORYz+t+RZNdQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFMoJq9C41uoPDto4uZHrLtwAivO+MB8GA1UdIwQY
MBaAFEnkTu6iZWnQ3b0OhjfxLPUFpO3pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VSTzdxSmxhZERkdlE2R05fRXM5UVdrN2VrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9jM2RjMWItZDFlZS00ZmYyLWE1YWEt
ZjBjNGJlOGUyNDBhLzEveWdtcjBMalc2ZzhPMmppNWtlc3UzQUNLODc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9jM2RjMWItZDFlZS00ZmYyLWE1YWEtZjBjNGJlOGUyNDBh
LzEvU2VSTzdxSmxhZERkdlE2R05fRXM5UVdrN2VrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAwWm6MA4E
AgACMAgDBgQqA2+A8DANBgkqhkiG9w0BAQsFAAOCAQEAFYiqwq1u+vaFZATNZqTa
Qa9fN3AOpDfq5QCv0tWLguuLr1BpqOfTOFNHG6KyXdl1h4OTp9N3nkrRNgvOnSB0
sNhFSzJADPxWIMIq4U4+qhP0B5YNpQ5Iw/Q+s4HVFbXRezYr8NIg2WcRpL0bsWTY
b1soQoq+JhD1fiA42cP+lwyC4aiQEKaR5mraew++074/yFnZ6uHchfqZ+8fPz79r
+7EVBFSPDG97iKdUoOUzaUAvE01wpZZhyfJ+bDWTUWlSn5mfT+8+YUXtIZcC6BWc
6VKs2XT6G+NR4g6Z0oqdzEhaal+V+ubX9FSTMczUbEUvgy+TUscf2XLmMHpY/h57
ng==
-----END CERTIFICATE-----