Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/YJQs11xqugWoEBWoZ3oCcK3sbS4.roa
File:                     YJQs11xqugWoEBWoZ3oCcK3sbS4.roa (raw, json)
Hash identifier:          9zEKu1Xz7UUzUVy1uRJShcboHyDK7OhgJL2RQwhgJQU=
Subject key identifier:   60:94:2C:D7:5C:6A:BA:05:A8:10:15:A8:67:7A:02:70:AD:EC:6D:2E
Certificate issuer:       /CN=623526ad9fbec574fa4ec3d9badb5433fdaaca7b
Certificate serial:       01975ED663AD14619015D3E541C964DAC94A
Authority key identifier: 62:35:26:AD:9F:BE:C5:74:FA:4E:C3:D9:BA:DB:54:33:FD:AA:CA:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YjUmrZ--xXT6TsPZuttUM_2qyns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/YJQs11xqugWoEBWoZ3oCcK3sbS4.roa
Signing time:             Wed 11 Jun 2025 11:53:17 +0000
ROA not before:           Wed 11 Jun 2025 11:53:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48269
IP address blocks:        194.169.198.0/24 maxlen: 24
                          2a0c:15c0::/50 maxlen: 50
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/YjUmrZ--xXT6TsPZuttUM_2qyns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/YjUmrZ--xXT6TsPZuttUM_2qyns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YjUmrZ--xXT6TsPZuttUM_2qyns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5e:d6:63:ad:14:61:90:15:d3:e5:41:c9:64:da:c9:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=623526ad9fbec574fa4ec3d9badb5433fdaaca7b
        Validity
            Not Before: Jun 11 11:53:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=60942cd75c6aba05a81015a8677a0270adec6d2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ab:d1:5e:aa:be:d8:d1:5d:c8:86:01:9c:ce:
                    76:44:14:b6:e6:62:3e:db:d8:38:8c:ef:e1:26:db:
                    ab:56:6a:80:33:d0:10:70:e0:92:c5:4b:84:b9:60:
                    70:98:a1:07:81:f5:60:7a:d9:64:66:12:13:59:d1:
                    83:fa:f1:a0:98:91:30:7c:a8:e9:8c:30:ff:32:24:
                    24:7f:2c:2e:a7:da:54:2a:47:39:ef:b6:96:d9:02:
                    18:50:8e:13:1e:c3:f9:25:97:ff:fb:9e:6d:14:04:
                    57:f8:37:29:90:cb:c4:fe:35:4a:9d:f7:c5:ea:05:
                    73:74:18:bf:80:91:6d:aa:04:73:53:c8:d9:e2:11:
                    c2:35:a7:3e:a7:a9:32:ef:6a:8f:b7:cf:6e:82:24:
                    d8:48:fb:c2:15:6f:8d:3d:41:8f:5b:16:43:7f:90:
                    75:cf:b5:a0:6f:cb:62:2d:75:64:28:8d:cd:e6:9a:
                    bb:9b:90:53:63:92:59:a6:54:24:cc:09:3a:28:59:
                    3d:7f:2e:c3:ff:90:a3:1e:d4:47:00:b8:97:47:08:
                    be:93:24:16:db:88:00:38:d4:8a:8a:ea:38:7a:b4:
                    58:fe:16:0c:7d:77:22:37:bf:5a:51:d4:2e:5e:65:
                    3c:60:b1:be:27:63:f2:01:fa:01:5c:a0:9d:74:67:
                    5f:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:94:2C:D7:5C:6A:BA:05:A8:10:15:A8:67:7A:02:70:AD:EC:6D:2E
            X509v3 Authority Key Identifier:
                keyid:62:35:26:AD:9F:BE:C5:74:FA:4E:C3:D9:BA:DB:54:33:FD:AA:CA:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YjUmrZ--xXT6TsPZuttUM_2qyns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/YJQs11xqugWoEBWoZ3oCcK3sbS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/YjUmrZ--xXT6TsPZuttUM_2qyns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.169.198.0/24
                IPv6:
                  2a0c:15c0::/50

    Signature Algorithm: sha256WithRSAEncryption
         14:5d:b0:02:01:50:32:fc:e7:44:8f:a2:7b:3f:00:0f:2c:ca:
         e0:f9:08:09:3d:ac:4a:c1:5e:e9:30:d7:23:69:c7:92:e7:6a:
         a1:1e:e7:7d:f0:b3:66:8c:8d:bc:26:70:9b:b8:0d:2b:cc:c4:
         84:d8:bf:bd:32:07:d2:18:a9:ae:e5:2f:54:2d:fa:b0:28:02:
         64:f5:6b:5f:ac:1c:13:c6:7d:9a:e9:6b:05:40:0a:c0:6b:68:
         61:54:00:34:f0:b4:ab:4d:2e:ab:b2:25:78:46:36:c9:bd:cf:
         2e:c4:df:80:f7:1c:8d:73:b3:a8:83:ba:d9:05:87:74:cb:3f:
         f3:0d:46:c8:02:50:ec:cc:00:f1:0d:49:ed:fa:35:ff:65:e7:
         ac:90:2a:b8:29:93:00:23:f5:54:a7:a1:bb:b2:0e:79:37:65:
         bc:cd:57:63:20:cf:45:ab:67:91:b3:5f:27:08:ee:96:b1:5e:
         4d:6e:12:02:cd:4d:15:4f:61:01:e4:35:ec:43:55:51:3f:59:
         0d:7e:f9:46:73:e9:ec:b2:d5:d8:05:34:01:55:e2:7e:d0:92:
         1a:3a:a5:96:6a:11:8c:6e:85:bb:7e:1f:e8:c4:79:fb:48:94:
         20:e5:da:ed:44:76:d2:1c:ae:74:c4:09:49:27:4a:00:83:a7:
         59:58:f8:e3
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZde1mOtFGGQFdPlQclk2slKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMzUyNmFkOWZiZWM1NzRmYTRlYzNkOWJhZGI1NDMzZmRh
YWNhN2IwHhcNMjUwNjExMTE1MzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDk0MmNkNzVjNmFiYTA1YTgxMDE1YTg2NzdhMDI3MGFkZWM2ZDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKvRXqq+2NFdyIYBnM52RBS25mI+
29g4jO/hJturVmqAM9AQcOCSxUuEuWBwmKEHgfVgetlkZhITWdGD+vGgmJEwfKjp
jDD/MiQkfywup9pUKkc577aW2QIYUI4THsP5JZf/+55tFARX+DcpkMvE/jVKnffF
6gVzdBi/gJFtqgRzU8jZ4hHCNac+p6ky72qPt89ugiTYSPvCFW+NPUGPWxZDf5B1
z7Wgb8tiLXVkKI3N5pq7m5BTY5JZplQkzAk6KFk9fy7D/5CjHtRHALiXRwi+kyQW
24gAONSKiuo4erRY/hYMfXciN79aUdQuXmU8YLG+J2PyAfoBXKCddGdf2QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGCULNdcaroFqBAVqGd6AnCt7G0uMB8GA1UdIwQY
MBaAFGI1Jq2fvsV0+k7D2brbVDP9qsp7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWpVbXJaLS14WFQ2VHNQWnV0dFVNXzJxeW5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8xZDhmYzktYjIxYi00ZGI1LTk1Y2Yt
ODFjOGNlNzUwMTI0LzEvWUpRczExeHF1Z1dvRUJXb1ozb0NjSzNzYlM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8xZDhmYzktYjIxYi00ZGI1LTk1Y2YtODFjOGNlNzUwMTI0
LzEvWWpVbXJaLS14WFQ2VHNQWnV0dFVNXzJxeW5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAMBAIAATAGAwQAwqnGMBAE
AgACMAoDCAYqDBXAAAAAMA0GCSqGSIb3DQEBCwUAA4IBAQAUXbACAVAy/OdEj6J7
PwAPLMrg+QgJPaxKwV7pMNcjaceS52qhHud98LNmjI28JnCbuA0rzMSE2L+9MgfS
GKmu5S9ULfqwKAJk9WtfrBwTxn2a6WsFQArAa2hhVAA08LSrTS6rsiV4RjbJvc8u
xN+A9xyNc7Oog7rZBYd0yz/zDUbIAlDszADxDUnt+jX/ZeeskCq4KZMAI/VUp6G7
sg55N2W8zVdjIM9Fq2eRs18nCO6WsV5NbhICzU0VT2EB5DXsQ1VRP1kNfvlGc+ns
stXYBTQBVeJ+0JIaOqWWahGMboW7fh/oxHn7SJQg5drtRHbSHK50xAlJJ0oAg6dZ
WPjj
-----END CERTIFICATE-----