Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/228efe-ff30-4328-a915-0f3b6f96990b/1/YgG0lEHEtjr1mC92HjSEXF6DaCY.roa
File:                     YgG0lEHEtjr1mC92HjSEXF6DaCY.roa (raw, json)
Hash identifier:          U16htSk1oaeIqosXWc0EGaYjohQFI01/iP1fxjLlYZE=
Subject key identifier:   62:01:B4:94:41:C4:B6:3A:F5:98:2F:76:1E:34:84:5C:5E:83:68:26
Certificate issuer:       /CN=e8159b68ce41368a99fe1079ec54c36c9bb1bf94
Certificate serial:       0198A832E587A58F2B6E6C058198DFDFB043
Authority key identifier: E8:15:9B:68:CE:41:36:8A:99:FE:10:79:EC:54:C3:6C:9B:B1:BF:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6BWbaM5BNoqZ_hB57FTDbJuxv5Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/228efe-ff30-4328-a915-0f3b6f96990b/1/YgG0lEHEtjr1mC92HjSEXF6DaCY.roa
Signing time:             Thu 14 Aug 2025 10:49:24 +0000
ROA not before:           Thu 14 Aug 2025 10:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204366
IP address blocks:        185.250.65.0/24 maxlen: 24
                          185.250.66.0/24 maxlen: 24
                          185.250.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/228efe-ff30-4328-a915-0f3b6f96990b/1/6BWbaM5BNoqZ_hB57FTDbJuxv5Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/228efe-ff30-4328-a915-0f3b6f96990b/1/6BWbaM5BNoqZ_hB57FTDbJuxv5Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6BWbaM5BNoqZ_hB57FTDbJuxv5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 10:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a8:32:e5:87:a5:8f:2b:6e:6c:05:81:98:df:df:b0:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8159b68ce41368a99fe1079ec54c36c9bb1bf94
        Validity
            Not Before: Aug 14 10:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6201b49441c4b63af5982f761e34845c5e836826
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:15:8c:b9:f3:3e:3c:d7:29:1e:8a:24:b1:65:
                    2c:53:1c:24:ca:74:7f:ec:ac:f1:f0:74:dd:e1:5f:
                    67:7c:62:81:a8:9e:78:4b:82:d4:1b:02:8c:37:cd:
                    b2:bb:ea:bd:3c:a7:b0:2b:6f:66:e4:16:a6:2c:7b:
                    e7:0d:e9:69:f9:71:ae:92:bf:b6:4f:44:e3:01:1b:
                    9f:de:24:1c:b1:c4:41:c6:14:bf:57:6a:f8:6b:55:
                    54:45:a8:d7:01:c8:57:5f:f0:32:4f:27:b2:46:4c:
                    65:88:19:cc:af:e0:ee:5b:26:c8:87:36:ea:95:cf:
                    e0:37:9d:9e:91:7d:b4:60:10:ad:bc:48:50:88:b4:
                    bd:03:91:ef:1e:14:57:20:8a:29:8c:ee:1a:f6:6f:
                    4d:d8:bb:df:42:af:32:c7:50:80:8c:f3:b4:d2:81:
                    56:fc:20:07:08:16:25:b6:d0:e8:26:91:c0:5b:20:
                    16:48:7d:7a:d6:f8:16:2f:1f:a8:ed:a6:5a:95:13:
                    34:c9:53:90:1c:f4:5e:c7:ed:de:35:b2:e9:e5:c6:
                    dd:d8:de:58:52:10:1a:e0:84:cd:2f:68:2b:b1:63:
                    aa:01:43:b1:55:2a:ba:ac:26:21:5b:d6:f5:d8:e0:
                    41:6f:18:86:e5:5f:f4:37:88:c0:d5:2c:bc:d2:1a:
                    89:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:01:B4:94:41:C4:B6:3A:F5:98:2F:76:1E:34:84:5C:5E:83:68:26
            X509v3 Authority Key Identifier:
                keyid:E8:15:9B:68:CE:41:36:8A:99:FE:10:79:EC:54:C3:6C:9B:B1:BF:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6BWbaM5BNoqZ_hB57FTDbJuxv5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/228efe-ff30-4328-a915-0f3b6f96990b/1/YgG0lEHEtjr1mC92HjSEXF6DaCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/228efe-ff30-4328-a915-0f3b6f96990b/1/6BWbaM5BNoqZ_hB57FTDbJuxv5Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.65.0-185.250.67.255

    Signature Algorithm: sha256WithRSAEncryption
         9b:b5:bc:3d:d3:5d:e7:99:32:2e:28:cc:26:fa:6e:8d:42:e7:
         5c:be:9f:3a:7b:38:35:c8:1e:3d:22:23:75:00:f0:80:c3:68:
         0c:da:a5:da:7c:a6:56:02:cb:13:01:38:7b:ec:80:3f:73:de:
         41:c7:63:0e:d8:f3:77:e8:4e:75:f2:60:74:c8:aa:d2:33:12:
         a3:23:d7:06:41:d7:15:ef:26:41:bd:16:77:14:b2:59:4b:19:
         83:fc:44:c7:6a:42:84:3b:07:f9:83:c1:34:72:95:14:09:a7:
         b9:39:a6:96:40:35:64:23:0b:17:70:ae:c2:e0:2f:9a:e9:d4:
         56:7f:25:c1:18:bc:76:07:83:26:f9:20:02:3b:42:76:c4:3a:
         06:61:94:ab:24:48:ad:d8:b5:2d:8d:97:89:56:f2:b2:e2:2f:
         72:43:56:11:30:b6:45:a3:0f:05:2a:e6:bc:68:7e:f9:84:14:
         31:42:2c:3f:1a:ac:17:49:17:17:7b:a9:48:e9:92:1c:4f:1c:
         75:94:a4:65:51:cf:83:2f:43:b0:c5:8c:23:f7:2b:20:34:bf:
         23:37:9f:c7:34:3b:84:04:a3:92:4f:2f:99:95:6e:e6:86:64:
         38:1a:43:8d:11:5d:77:75:33:5e:77:a5:55:d5:b6:07:89:15:
         c7:80:f2:60
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZioMuWHpY8rbmwFgZjf37BDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MTU5YjY4Y2U0MTM2OGE5OWZlMTA3OWVjNTRjMzZjOWJi
MWJmOTQwHhcNMjUwODE0MTA0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjAxYjQ5NDQxYzRiNjNhZjU5ODJmNzYxZTM0ODQ1YzVlODM2ODI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBWMufM+PNcpHooksWUsUxwkynR/
7Kzx8HTd4V9nfGKBqJ54S4LUGwKMN82yu+q9PKewK29m5BamLHvnDelp+XGukr+2
T0TjARuf3iQcscRBxhS/V2r4a1VURajXAchXX/AyTyeyRkxliBnMr+DuWybIhzbq
lc/gN52ekX20YBCtvEhQiLS9A5HvHhRXIIopjO4a9m9N2LvfQq8yx1CAjPO00oFW
/CAHCBYlttDoJpHAWyAWSH161vgWLx+o7aZalRM0yVOQHPRex+3eNbLp5cbd2N5Y
UhAa4ITNL2grsWOqAUOxVSq6rCYhW9b12OBBbxiG5V/0N4jA1Sy80hqJiwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGIBtJRBxLY69Zgvdh40hFxeg2gmMB8GA1UdIwQY
MBaAFOgVm2jOQTaKmf4QeexUw2ybsb+UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkJXYmFNNUJOb3FaX2hCNTdGVERiSnV4djVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8yMjhlZmUtZmYzMC00MzI4LWE5MTUt
MGYzYjZmOTY5OTBiLzEvWWdHMGxFSEV0anIxbUM5MkhqU0VYRjZEYUNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8yMjhlZmUtZmYzMC00MzI4LWE5MTUtMGYzYjZmOTY5OTBi
LzEvNkJXYmFNNUJOb3FaX2hCNTdGVERiSnV4djVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5+kED
BAK5+kAwDQYJKoZIhvcNAQELBQADggEBAJu1vD3TXeeZMi4ozCb6bo1C51y+nzp7
ODXIHj0iI3UA8IDDaAzapdp8plYCyxMBOHvsgD9z3kHHYw7Y83foTnXyYHTIqtIz
EqMj1wZB1xXvJkG9FncUsllLGYP8RMdqQoQ7B/mDwTRylRQJp7k5ppZANWQjCxdw
rsLgL5rp1FZ/JcEYvHYHgyb5IAI7QnbEOgZhlKskSK3YtS2Nl4lW8rLiL3JDVhEw
tkWjDwUq5rxofvmEFDFCLD8arBdJFxd7qUjpkhxPHHWUpGVRz4MvQ7DFjCP3KyA0
vyM3n8c0O4QEo5JPL5mVbuaGZDgaQ40RXXd1M153pVXVtgeJFceA8mA=
-----END CERTIFICATE-----