Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/Yw1DL4n3FWC67KL8P9tumDcnyZE.roa
File:                     Yw1DL4n3FWC67KL8P9tumDcnyZE.roa (raw, json)
Hash identifier:          kPAh3h9z93w4ldeG3DZ18aXthzPwd8/sa1w8KSR09RU=
Subject key identifier:   63:0D:43:2F:89:F7:15:60:BA:EC:A2:FC:3F:DB:6E:98:37:27:C9:91
Certificate issuer:       /CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
Certificate serial:       0197561617920D8FF35EDDB2F3BCAB3C9414
Authority key identifier: D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/Yw1DL4n3FWC67KL8P9tumDcnyZE.roa
Signing time:             Mon 09 Jun 2025 19:06:17 +0000
ROA not before:           Mon 09 Jun 2025 19:06:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400909
IP address blocks:        185.219.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 22:19:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:56:16:17:92:0d:8f:f3:5e:dd:b2:f3:bc:ab:3c:94:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
        Validity
            Not Before: Jun  9 19:06:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=630d432f89f71560baeca2fc3fdb6e983727c991
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:b2:15:cf:7d:9a:d4:62:de:f1:5a:1e:b7:7e:
                    1d:57:23:63:1a:5c:e7:ff:4c:8a:4c:d2:8f:c5:2e:
                    76:08:4c:b2:5b:6b:d2:00:6b:4b:34:a2:09:af:9c:
                    0b:52:93:13:cc:91:95:3d:7c:4d:d3:5f:e3:3a:00:
                    34:f4:42:03:69:5d:73:db:92:d4:fe:c4:51:5a:b8:
                    ac:d9:43:65:c1:27:44:9a:f0:93:33:6f:db:4a:75:
                    eb:d2:10:cc:0e:44:84:75:84:e4:51:32:f9:31:98:
                    03:1b:22:0c:b7:74:94:10:b2:a7:4a:da:4a:88:5a:
                    98:b0:ea:40:d4:a4:de:ea:8f:52:5e:eb:4e:d6:e9:
                    e1:20:09:8c:03:c9:e8:fa:62:ae:8b:2b:cb:77:ea:
                    6c:20:38:fb:49:50:db:3a:6c:04:51:af:b3:2e:09:
                    9c:e1:ad:e7:c8:5f:ed:b2:31:95:d5:d5:02:31:01:
                    27:f5:d4:c4:7c:08:41:71:44:7e:db:5e:63:bd:be:
                    9d:57:b6:f4:54:bc:9b:de:cd:e5:07:4d:b0:41:7c:
                    e5:0c:f5:73:d3:88:48:de:30:0d:b8:18:97:62:cd:
                    42:1a:1e:3e:e7:3a:5e:fa:08:87:2f:f7:d6:4d:9a:
                    d6:23:5a:7d:3c:8b:89:38:f9:43:b2:8d:ec:89:29:
                    3e:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:0D:43:2F:89:F7:15:60:BA:EC:A2:FC:3F:DB:6E:98:37:27:C9:91
            X509v3 Authority Key Identifier:
                keyid:D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/Yw1DL4n3FWC67KL8P9tumDcnyZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:c4:5a:a1:46:b3:b1:82:5b:2e:30:17:55:90:7d:55:ec:44:
         31:ef:73:fb:de:81:76:c4:24:0d:50:41:a8:b0:43:c2:44:a7:
         a6:f6:ce:ca:f6:1c:22:c4:1f:ce:3a:c5:9d:1e:0e:38:08:59:
         8a:23:23:10:8e:6f:cd:1d:7c:4b:9c:b7:d9:35:18:8a:95:a1:
         fa:18:12:cd:88:e4:65:43:83:e3:8e:3e:23:dd:57:45:de:b5:
         12:63:22:4a:a5:9a:b2:09:c4:66:67:3e:f5:37:e4:4d:43:94:
         46:96:78:56:b0:62:1e:a3:ad:5e:f8:87:04:bd:ce:81:36:d1:
         f7:dd:5b:d9:78:9d:61:a5:f3:17:78:c8:27:cb:6e:b8:e0:07:
         5e:b4:79:e9:51:f8:b6:36:18:f0:b1:67:88:12:7c:22:b1:30:
         e3:e0:0a:1b:55:46:ca:a0:f7:f1:7e:6b:3f:5f:23:c4:19:ff:
         e8:b5:31:f3:75:2f:d4:35:be:6d:05:47:4d:67:db:c2:e3:63:
         fc:43:9a:2d:56:8d:2e:9c:20:7f:68:7a:6f:0f:49:2a:58:cb:
         4e:ff:bd:59:2c:e7:a8:bf:45:8f:b6:98:65:ad:ab:0f:70:75:
         68:bc:c1:a7:9a:57:71:a6:05:43:31:cc:6f:aa:6c:86:39:7e:
         9f:2e:a2:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdWFheSDY/zXt2y87yrPJQUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWEzZmJjNzhlMzEyMjkxNTdjNzhiNmQyM2E2NWViMmUz
NTNkY2UwHhcNMjUwNjA5MTkwNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzBkNDMyZjg5ZjcxNTYwYmFlY2EyZmMzZmRiNmU5ODM3MjdjOTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1LIVz32a1GLe8Voet34dVyNjGlzn
/0yKTNKPxS52CEyyW2vSAGtLNKIJr5wLUpMTzJGVPXxN01/jOgA09EIDaV1z25LU
/sRRWris2UNlwSdEmvCTM2/bSnXr0hDMDkSEdYTkUTL5MZgDGyIMt3SUELKnStpK
iFqYsOpA1KTe6o9SXutO1unhIAmMA8no+mKuiyvLd+psIDj7SVDbOmwEUa+zLgmc
4a3nyF/tsjGV1dUCMQEn9dTEfAhBcUR+215jvb6dV7b0VLyb3s3lB02wQXzlDPVz
04hI3jANuBiXYs1CGh4+5zpe+giHL/fWTZrWI1p9PIuJOPlDso3siSk+pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGMNQy+J9xVguuyi/D/bbpg3J8mRMB8GA1UdIwQY
MBaAFNaqP7x44xIpFXx4ttI6ZesuNT3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2Mt
ODI3NmM4YWFjNTBlLzEvWXcxREw0bjNGV0M2N0tMOFA5dHVtRGNueVpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2MtODI3NmM4YWFjNTBl
LzEvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudu+MA0G
CSqGSIb3DQEBCwUAA4IBAQDExFqhRrOxglsuMBdVkH1V7EQx73P73oF2xCQNUEGo
sEPCRKem9s7K9hwixB/OOsWdHg44CFmKIyMQjm/NHXxLnLfZNRiKlaH6GBLNiORl
Q4Pjjj4j3VdF3rUSYyJKpZqyCcRmZz71N+RNQ5RGlnhWsGIeo61e+IcEvc6BNtH3
3VvZeJ1hpfMXeMgny2644AdetHnpUfi2NhjwsWeIEnwisTDj4AobVUbKoPfxfms/
XyPEGf/otTHzdS/UNb5tBUdNZ9vC42P8Q5otVo0unCB/aHpvD0kqWMtO/71ZLOeo
v0WPtphlrasPcHVovMGnmldxpgVDMcxvqmyGOX6fLqK7
-----END CERTIFICATE-----