Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/145943-651f-46ff-93b2-949662b271b2/1/YK5nFZTFgBEwXmaFB6vIIRqOTD0.roa
File:                     YK5nFZTFgBEwXmaFB6vIIRqOTD0.roa (raw, json)
Hash identifier:          jOXBRmwr3D9a+H6ywOkdI9zIP2sM0Nf1YNNjnaSWmfo=
Subject key identifier:   60:AE:67:15:94:C5:80:11:30:5E:66:85:07:AB:C8:21:1A:8E:4C:3D
Certificate issuer:       /CN=bff76a06eaa2a03c7991347509b8608f4a71071f
Certificate serial:       019A36B10862707731085AE9EA86C13D00A1
Authority key identifier: BF:F7:6A:06:EA:A2:A0:3C:79:91:34:75:09:B8:60:8F:4A:71:07:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v_dqBuqioDx5kTR1Cbhgj0pxBx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/145943-651f-46ff-93b2-949662b271b2/1/YK5nFZTFgBEwXmaFB6vIIRqOTD0.roa
Signing time:             Thu 30 Oct 2025 19:56:02 +0000
ROA not before:           Thu 30 Oct 2025 19:56:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204225
IP address blocks:        203.12.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/145943-651f-46ff-93b2-949662b271b2/1/v_dqBuqioDx5kTR1Cbhgj0pxBx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/145943-651f-46ff-93b2-949662b271b2/1/v_dqBuqioDx5kTR1Cbhgj0pxBx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v_dqBuqioDx5kTR1Cbhgj0pxBx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:36:b1:08:62:70:77:31:08:5a:e9:ea:86:c1:3d:00:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bff76a06eaa2a03c7991347509b8608f4a71071f
        Validity
            Not Before: Oct 30 19:56:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=60ae671594c58011305e668507abc8211a8e4c3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a7:f3:86:26:62:76:dc:3e:c4:0f:00:93:47:
                    53:f5:b1:65:78:c0:22:c5:a0:33:44:1b:13:23:0c:
                    cc:24:bc:cf:35:2f:bb:64:15:71:82:10:05:14:aa:
                    3d:88:8b:b9:72:09:8c:6f:d9:c9:6c:1f:15:c0:7d:
                    ab:91:1e:d5:bb:9a:ee:5a:9a:05:ab:b4:f0:62:35:
                    07:29:77:43:ed:24:3c:79:3b:e6:ed:e1:0a:d2:f1:
                    55:dc:5a:6a:47:6e:d6:03:17:14:e8:80:3c:99:0e:
                    07:af:61:63:24:74:53:5c:58:ee:e2:26:5b:32:f0:
                    46:9e:83:65:5a:bb:52:c6:a5:47:03:21:4a:3a:f5:
                    17:b2:fb:35:0a:51:86:77:77:7d:4c:f4:55:4c:e8:
                    aa:10:ea:f2:76:7a:a5:f1:1e:84:a5:e3:02:50:ce:
                    b4:4c:66:d7:8e:03:54:63:81:90:10:66:bf:46:d0:
                    4c:d6:7c:18:b6:bc:c4:0f:09:36:ed:af:12:ce:99:
                    03:a3:0f:bb:92:f1:3c:2e:27:50:41:67:bc:87:73:
                    b5:98:c2:45:b1:65:fe:72:b2:63:08:57:8e:5d:23:
                    cb:aa:97:29:5a:35:1f:58:ac:c5:76:64:e5:e2:3e:
                    fa:09:9c:69:5e:3f:f2:0c:54:41:f9:e7:39:3a:38:
                    a1:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:AE:67:15:94:C5:80:11:30:5E:66:85:07:AB:C8:21:1A:8E:4C:3D
            X509v3 Authority Key Identifier:
                keyid:BF:F7:6A:06:EA:A2:A0:3C:79:91:34:75:09:B8:60:8F:4A:71:07:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v_dqBuqioDx5kTR1Cbhgj0pxBx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/145943-651f-46ff-93b2-949662b271b2/1/YK5nFZTFgBEwXmaFB6vIIRqOTD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/145943-651f-46ff-93b2-949662b271b2/1/v_dqBuqioDx5kTR1Cbhgj0pxBx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.12.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:78:62:cb:fd:8f:c7:1f:ef:65:7a:e4:9c:2e:80:14:20:73:
         12:0a:79:08:61:3e:f2:f2:6d:24:ee:a0:72:4d:03:5b:4d:c3:
         03:e8:31:fa:72:5d:74:88:48:76:7c:70:48:b8:8f:e4:15:6a:
         ec:a7:cb:d4:24:9f:27:b4:f6:f3:2e:a7:34:49:f9:0d:b3:89:
         5d:b7:b6:51:f2:7b:a8:1c:eb:c7:53:fd:72:76:b1:b2:ac:6d:
         02:2c:91:c9:e3:35:00:00:e1:e8:37:02:13:19:67:4b:8c:16:
         95:ed:46:6b:a9:cc:70:5d:20:ed:b0:eb:a7:81:ac:a9:62:74:
         08:06:35:63:3f:11:aa:45:a8:4b:86:12:87:78:a7:56:6f:95:
         24:58:b7:36:6e:6d:c5:46:40:3f:68:4c:07:e1:8c:10:6b:14:
         e1:a3:3a:19:49:c5:37:59:1d:f4:6a:6d:f5:b1:38:9e:99:3a:
         30:a8:13:d7:5e:b6:a4:f9:bb:13:54:2c:e4:fb:72:c4:9e:eb:
         77:2b:60:88:88:f9:3a:1e:2c:5c:f7:1a:d4:20:b2:bb:c3:44:
         36:b2:b4:6c:03:56:be:7f:49:63:e8:07:34:27:58:5b:6b:fd:
         ce:74:57:46:e9:7c:f4:5a:4e:2e:35:6f:66:55:a2:b1:fc:2e:
         58:e4:4c:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZo2sQhicHcxCFrp6obBPQChMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZjc2YTA2ZWFhMmEwM2M3OTkxMzQ3NTA5Yjg2MDhmNGE3
MTA3MWYwHhcNMjUxMDMwMTk1NjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGFlNjcxNTk0YzU4MDExMzA1ZTY2ODUwN2FiYzgyMTFhOGU0YzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKfzhiZidtw+xA8Ak0dT9bFleMAi
xaAzRBsTIwzMJLzPNS+7ZBVxghAFFKo9iIu5cgmMb9nJbB8VwH2rkR7Vu5ruWpoF
q7TwYjUHKXdD7SQ8eTvm7eEK0vFV3FpqR27WAxcU6IA8mQ4Hr2FjJHRTXFju4iZb
MvBGnoNlWrtSxqVHAyFKOvUXsvs1ClGGd3d9TPRVTOiqEOrydnql8R6EpeMCUM60
TGbXjgNUY4GQEGa/RtBM1nwYtrzEDwk27a8SzpkDow+7kvE8LidQQWe8h3O1mMJF
sWX+crJjCFeOXSPLqpcpWjUfWKzFdmTl4j76CZxpXj/yDFRB+ec5OjihXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCuZxWUxYARMF5mhQeryCEajkw9MB8GA1UdIwQY
MBaAFL/3agbqoqA8eZE0dQm4YI9KcQcfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdl9kcUJ1cWlvRHg1a1RSMUNiaGdqMHB4Qng4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8xNDU5NDMtNjUxZi00NmZmLTkzYjIt
OTQ5NjYyYjI3MWIyLzEvWUs1bkZaVEZnQkV3WG1hRkI2dklJUnFPVEQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8xNDU5NDMtNjUxZi00NmZmLTkzYjItOTQ5NjYyYjI3MWIy
LzEvdl9kcUJ1cWlvRHg1a1RSMUNiaGdqMHB4Qng4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAywwfMA0G
CSqGSIb3DQEBCwUAA4IBAQB7eGLL/Y/HH+9leuScLoAUIHMSCnkIYT7y8m0k7qBy
TQNbTcMD6DH6cl10iEh2fHBIuI/kFWrsp8vUJJ8ntPbzLqc0SfkNs4ldt7ZR8nuo
HOvHU/1ydrGyrG0CLJHJ4zUAAOHoNwITGWdLjBaV7UZrqcxwXSDtsOungaypYnQI
BjVjPxGqRahLhhKHeKdWb5UkWLc2bm3FRkA/aEwH4YwQaxThozoZScU3WR30am31
sTiemTowqBPXXrak+bsTVCzk+3LEnut3K2CIiPk6Hixc9xrUILK7w0Q2srRsA1a+
f0lj6Ac0J1hba/3OdFdG6Xz0Wk4uNW9mVaKx/C5Y5Exw
-----END CERTIFICATE-----