Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/YEqOSJW-V1IZRaR5N4ESa8q35jQ.roa
File:                     YEqOSJW-V1IZRaR5N4ESa8q35jQ.roa (raw, json)
Hash identifier:          1CNo3YNoGQNKYUP1rnUKC2ogI284faRiMvZbH8z4zoY=
Subject key identifier:   60:4A:8E:48:95:BE:57:52:19:45:A4:79:37:81:12:6B:CA:B7:E6:34
Certificate issuer:       /CN=962bd76a5cac283ece0a0f8eab2c97021401fb89
Certificate serial:       019A0C12B27E0DE4F789CB9DE79EEF818531
Authority key identifier: 96:2B:D7:6A:5C:AC:28:3E:CE:0A:0F:8E:AB:2C:97:02:14:01:FB:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/YEqOSJW-V1IZRaR5N4ESa8q35jQ.roa
Signing time:             Wed 22 Oct 2025 13:19:03 +0000
ROA not before:           Wed 22 Oct 2025 13:19:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6762
IP address blocks:        85.203.28.0/22 maxlen: 24
                          85.203.28.0/24 maxlen: 24
                          85.203.29.0/24 maxlen: 24
                          85.203.30.0/24 maxlen: 24
                          85.203.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0c:12:b2:7e:0d:e4:f7:89:cb:9d:e7:9e:ef:81:85:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=962bd76a5cac283ece0a0f8eab2c97021401fb89
        Validity
            Not Before: Oct 22 13:19:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=604a8e4895be57521945a4793781126bcab7e634
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:60:3e:e1:b6:aa:cf:91:f9:19:1b:f4:d0:c2:
                    7c:a4:d7:bc:db:54:1f:63:32:6c:4d:5b:bd:0a:cb:
                    a6:c5:f2:f2:d7:a1:e9:df:09:f8:d3:9b:db:84:28:
                    c0:2a:7f:7b:ab:1c:21:ee:cc:cb:65:92:40:13:03:
                    4a:2d:f6:8e:2d:8a:37:4f:f2:56:ff:f0:a8:d9:2b:
                    61:20:47:58:75:6c:2f:26:5a:9f:fb:b1:ad:77:b4:
                    17:e6:32:22:3f:15:7f:db:70:81:61:46:0e:5e:a1:
                    2c:7c:5f:bf:ec:b9:9d:0d:e9:4f:63:35:c1:07:ed:
                    b4:d9:3f:1e:f4:c6:57:61:e7:8e:74:d5:81:2b:89:
                    62:eb:16:c0:6b:37:90:ab:2b:32:8e:5a:e7:d5:c1:
                    6d:24:e9:2e:55:78:d3:ba:d0:a1:3c:ce:80:b3:8b:
                    ea:70:c1:9e:f4:15:34:21:ae:7d:19:7c:24:02:51:
                    97:88:4d:63:03:97:d3:b2:ed:39:3a:44:8d:a7:e7:
                    6f:8b:d8:0e:24:82:8e:bc:d0:c7:bb:b7:43:56:10:
                    30:f1:81:dc:68:e4:83:85:04:39:8a:8f:a0:a7:51:
                    e0:7e:75:f7:cf:c0:6e:bd:e7:75:e1:c1:c3:fa:fb:
                    4f:a9:29:5c:cf:18:9b:dd:ff:ef:35:23:a7:6d:9d:
                    06:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:4A:8E:48:95:BE:57:52:19:45:A4:79:37:81:12:6B:CA:B7:E6:34
            X509v3 Authority Key Identifier:
                keyid:96:2B:D7:6A:5C:AC:28:3E:CE:0A:0F:8E:AB:2C:97:02:14:01:FB:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/YEqOSJW-V1IZRaR5N4ESa8q35jQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:a6:a3:75:47:0f:8d:9a:a6:97:ca:e6:91:50:5d:ed:e6:57:
         db:fb:6c:69:c6:d0:18:e7:14:80:d1:fb:b5:1b:d3:e3:9b:46:
         bf:d6:5b:66:f2:b3:06:47:92:b9:1c:45:db:02:41:19:1b:00:
         2d:6d:26:83:db:2b:2f:45:2d:3a:3a:64:2a:48:18:1d:f8:5d:
         a8:82:1a:ab:e3:db:ae:e7:a2:af:4d:c2:5a:ea:88:11:eb:5b:
         a6:58:1a:44:e6:3f:ec:e1:a3:be:47:ee:a8:54:b3:89:2e:61:
         4f:f5:99:28:32:6d:06:4f:3d:bd:4e:e9:06:cc:08:3e:92:44:
         a0:b8:86:58:14:a0:b7:0b:92:9f:24:a9:c3:f6:00:60:80:20:
         ca:fe:3a:68:81:ec:1c:94:29:b0:3a:3e:82:33:bc:0d:23:6d:
         83:25:6f:04:ae:5b:dc:27:cc:6d:b2:b4:4e:f8:ed:97:6d:53:
         da:38:3a:1a:5c:59:76:33:c2:08:71:59:5c:ad:8d:7b:3e:cd:
         dd:49:b3:f1:57:e2:d0:74:bc:15:bd:c1:53:f4:a8:ab:ec:e5:
         b1:9d:1e:0e:36:ac:b3:84:c1:2d:2d:c8:22:f7:03:c8:61:10:
         48:91:6d:64:80:cc:60:e8:d6:76:39:84:1c:0b:78:90:a1:b5:
         0f:72:1a:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoMErJ+DeT3icud557vgYUxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MmJkNzZhNWNhYzI4M2VjZTBhMGY4ZWFiMmM5NzAyMTQw
MWZiODkwHhcNMjUxMDIyMTMxOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDRhOGU0ODk1YmU1NzUyMTk0NWE0NzkzNzgxMTI2YmNhYjdlNjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA12A+4baqz5H5GRv00MJ8pNe821Qf
YzJsTVu9CsumxfLy16Hp3wn405vbhCjAKn97qxwh7szLZZJAEwNKLfaOLYo3T/JW
//Co2SthIEdYdWwvJlqf+7Gtd7QX5jIiPxV/23CBYUYOXqEsfF+/7LmdDelPYzXB
B+202T8e9MZXYeeOdNWBK4li6xbAazeQqysyjlrn1cFtJOkuVXjTutChPM6As4vq
cMGe9BU0Ia59GXwkAlGXiE1jA5fTsu05OkSNp+dvi9gOJIKOvNDHu7dDVhAw8YHc
aOSDhQQ5io+gp1HgfnX3z8Buved14cHD+vtPqSlczxib3f/vNSOnbZ0GjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGBKjkiVvldSGUWkeTeBEmvKt+Y0MB8GA1UdIwQY
MBaAFJYr12pcrCg+zgoPjqsslwIUAfuJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGl2WGFseXNLRDdPQ2ctT3F5eVhBaFFCLTRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8wNDY0NjAtMTAyYy00OTMwLTg0MmMt
NmFiMTExNTVmNmZiLzEvWUVxT1NKVy1WMUlaUmFSNU40RVNhOHEzNWpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8wNDY0NjAtMTAyYy00OTMwLTg0MmMtNmFiMTExNTVmNmZi
LzEvbGl2WGFseXNLRDdPQ2ctT3F5eVhBaFFCLTRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVcscMA0G
CSqGSIb3DQEBCwUAA4IBAQCepqN1Rw+NmqaXyuaRUF3t5lfb+2xpxtAY5xSA0fu1
G9Pjm0a/1ltm8rMGR5K5HEXbAkEZGwAtbSaD2ysvRS06OmQqSBgd+F2oghqr49uu
56KvTcJa6ogR61umWBpE5j/s4aO+R+6oVLOJLmFP9ZkoMm0GTz29TukGzAg+kkSg
uIZYFKC3C5KfJKnD9gBggCDK/jpogewclCmwOj6CM7wNI22DJW8ErlvcJ8xtsrRO
+O2XbVPaODoaXFl2M8IIcVlcrY17Ps3dSbPxV+LQdLwVvcFT9Kir7OWxnR4ONqyz
hMEtLcgi9wPIYRBIkW1kgMxg6NZ2OYQcC3iQobUPchpN
-----END CERTIFICATE-----