Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/ypmavnqvu_W9zQRg6Gg-JJzPWuo.roa
File:                     ypmavnqvu_W9zQRg6Gg-JJzPWuo.roa (raw, json)
Hash identifier:          fqXVduQC4poRFtSslY402JFlPaNtxOCGa3HMgFby69w=
Subject key identifier:   CA:99:9A:BE:7A:AF:BB:F5:BD:CD:04:60:E8:68:3E:24:9C:CF:5A:EA
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       01977755C1B9B5B1500AD79C5C9734DF8629
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/ypmavnqvu_W9zQRg6Gg-JJzPWuo.roa
Signing time:             Mon 16 Jun 2025 06:03:18 +0000
ROA not before:           Mon 16 Jun 2025 06:03:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35277
IP address blocks:        5.189.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:77:55:c1:b9:b5:b1:50:0a:d7:9c:5c:97:34:df:86:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jun 16 06:03:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ca999abe7aafbbf5bdcd0460e8683e249ccf5aea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:46:08:90:84:38:73:3a:24:8e:c0:17:e9:eb:
                    8a:16:fb:49:8b:c5:ab:74:39:4c:b0:50:c4:ab:e2:
                    89:9b:30:d2:4e:5b:1a:77:92:c8:01:88:73:0d:26:
                    b7:25:37:2f:f4:80:a7:6f:e6:0c:4c:05:8f:e6:3e:
                    98:d2:14:04:ab:48:80:ea:c0:a1:64:b1:42:9c:50:
                    b8:a9:bf:93:f9:b0:8b:6c:c9:5b:a0:85:8a:6f:42:
                    c2:45:cc:5a:29:46:87:bc:cd:f8:eb:e2:43:71:d0:
                    e9:a0:e9:de:13:93:89:4d:18:ab:8a:2c:63:36:42:
                    0e:bc:a3:ab:a3:7b:4d:b2:15:bc:70:83:da:90:21:
                    ff:75:45:bd:2c:be:d5:1c:03:3c:03:a7:60:9f:f9:
                    95:31:f9:d8:8e:de:e7:a9:6a:43:6e:c3:36:47:03:
                    4a:0a:66:b1:11:83:eb:c4:fe:c2:bf:84:af:17:5d:
                    06:d7:35:92:95:d1:a3:b8:7d:c5:91:a6:97:7d:0a:
                    e3:e0:f2:4d:61:ef:66:38:cd:c6:cd:2b:46:b6:f1:
                    4b:49:99:ae:42:e5:27:1e:6f:2a:de:42:29:79:fa:
                    f3:4c:fe:39:2a:bb:94:92:b6:16:0d:71:a2:c6:fb:
                    01:7a:b2:5e:4c:d2:76:c1:9b:70:2b:d8:17:2f:c4:
                    a7:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:99:9A:BE:7A:AF:BB:F5:BD:CD:04:60:E8:68:3E:24:9C:CF:5A:EA
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/ypmavnqvu_W9zQRg6Gg-JJzPWuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.189.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:0f:8a:cc:59:2a:8e:62:8c:44:90:56:96:b1:17:1d:1a:f8:
         74:a8:c1:78:23:4a:e0:bb:31:75:46:d2:d6:fb:c8:88:da:45:
         98:83:17:5c:30:82:d0:2d:b6:2d:fd:51:a8:4e:eb:95:1f:77:
         89:df:21:42:49:73:e3:d5:09:65:b1:5b:3a:00:72:ff:af:b1:
         bc:c1:2d:9b:8e:38:50:6c:a8:f1:84:2e:c4:2a:72:1d:99:dd:
         68:cb:bb:7a:4f:6e:d4:5b:27:ef:99:f3:81:ae:1c:08:88:5e:
         9b:32:7f:9c:f7:b8:24:d2:d2:b1:2d:a4:c3:c1:21:e2:59:c0:
         c4:4b:12:da:70:22:3d:9f:2f:89:18:4a:67:c6:47:1b:ca:e7:
         6b:e2:f3:46:ad:0b:16:65:c5:dd:71:53:1f:dc:aa:59:74:57:
         49:d5:08:1f:49:00:d2:41:58:3d:f7:ad:eb:f4:5c:4a:d6:2e:
         4f:f3:14:ec:36:e9:2d:b7:0e:80:37:e1:a6:d8:a9:47:2b:7a:
         c5:e7:cc:eb:92:f0:2a:99:99:4b:2a:a2:d3:2d:86:d0:af:60:
         58:ed:a3:20:f5:70:f2:01:1c:34:10:06:ce:2c:ac:bf:83:36:
         44:5d:28:3a:b4:a0:82:45:fc:e8:8e:00:77:95:f5:7d:e8:64:
         2e:68:6d:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd3VcG5tbFQCtecXJc034YpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjUwNjE2MDYwMzE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTk5OWFiZTdhYWZiYmY1YmRjZDA0NjBlODY4M2UyNDljY2Y1YWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUYIkIQ4czokjsAX6euKFvtJi8Wr
dDlMsFDEq+KJmzDSTlsad5LIAYhzDSa3JTcv9ICnb+YMTAWP5j6Y0hQEq0iA6sCh
ZLFCnFC4qb+T+bCLbMlboIWKb0LCRcxaKUaHvM346+JDcdDpoOneE5OJTRiriixj
NkIOvKOro3tNshW8cIPakCH/dUW9LL7VHAM8A6dgn/mVMfnYjt7nqWpDbsM2RwNK
CmaxEYPrxP7Cv4SvF10G1zWSldGjuH3FkaaXfQrj4PJNYe9mOM3GzStGtvFLSZmu
QuUnHm8q3kIpefrzTP45KruUkrYWDXGixvsBerJeTNJ2wZtwK9gXL8Sn+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMqZmr56r7v1vc0EYOhoPiScz1rqMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEveXBtYXZucXZ1X1c5elFSZzZHZy1KSnpQV3VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABb38MA0G
CSqGSIb3DQEBCwUAA4IBAQBOD4rMWSqOYoxEkFaWsRcdGvh0qMF4I0rguzF1RtLW
+8iI2kWYgxdcMILQLbYt/VGoTuuVH3eJ3yFCSXPj1QllsVs6AHL/r7G8wS2bjjhQ
bKjxhC7EKnIdmd1oy7t6T27UWyfvmfOBrhwIiF6bMn+c97gk0tKxLaTDwSHiWcDE
SxLacCI9ny+JGEpnxkcbyudr4vNGrQsWZcXdcVMf3KpZdFdJ1QgfSQDSQVg9963r
9FxK1i5P8xTsNukttw6AN+Gm2KlHK3rF58zrkvAqmZlLKqLTLYbQr2BY7aMg9XDy
ARw0EAbOLKy/gzZEXSg6tKCCRfzojgB3lfV96GQuaG1r
-----END CERTIFICATE-----