Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/YahDmohiSAbupO4pyQbF5JsUr_U.roa
File:                     YahDmohiSAbupO4pyQbF5JsUr_U.roa (raw, json)
Hash identifier:          7XssqAlsGbNOMEn1S3yiheROEDNC0UVbD5IP+8hqNdU=
Subject key identifier:   61:A8:43:9A:88:62:48:06:EE:A4:EE:29:C9:06:C5:E4:9B:14:AF:F5
Certificate issuer:       /CN=b6f3db35659133315d2fcf93058dce350a4cb17a
Certificate serial:       01993CE5783BD358D9007A35FC3D0CA7603A
Authority key identifier: B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/YahDmohiSAbupO4pyQbF5JsUr_U.roa
Signing time:             Fri 12 Sep 2025 07:48:15 +0000
ROA not before:           Fri 12 Sep 2025 07:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15461
IP address blocks:        194.44.38.0/23 maxlen: 23
                          194.44.179.0/24 maxlen: 24
                          213.174.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:3c:e5:78:3b:d3:58:d9:00:7a:35:fc:3d:0c:a7:60:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6f3db35659133315d2fcf93058dce350a4cb17a
        Validity
            Not Before: Sep 12 07:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61a8439a88624806eea4ee29c906c5e49b14aff5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:62:26:ad:9f:b4:e7:b7:b5:47:75:62:fd:16:
                    c7:12:22:cc:a4:d6:47:34:03:a3:b9:d0:44:f4:9a:
                    a6:75:77:a5:30:ec:b2:00:cb:61:9a:6a:7e:ae:e8:
                    0c:b7:da:73:a2:33:d0:5b:ef:90:b5:ed:15:37:d7:
                    f0:c5:ca:01:da:2c:bb:32:0c:ee:e2:e6:d1:26:1b:
                    04:d3:b9:3e:8f:5a:17:78:ab:4a:9d:f4:11:21:88:
                    ee:00:ce:1d:5e:c9:5a:f1:29:89:55:0b:4b:b9:29:
                    8e:0e:b3:74:38:30:6d:59:3d:cb:2f:7e:26:f4:ff:
                    a4:b0:ff:88:e6:73:8c:3f:51:4d:77:60:d8:32:7c:
                    6c:9d:5a:e0:71:1d:46:54:19:c9:2f:d8:53:a6:fe:
                    53:27:b1:44:94:51:e6:9d:7b:9c:3c:32:bb:ae:db:
                    4a:24:ec:91:6f:15:fd:05:6f:60:07:16:fd:60:de:
                    9b:c2:04:d3:0e:96:08:87:3c:89:bd:45:45:1b:75:
                    ee:e6:6c:d4:48:7d:9d:72:3c:60:e3:17:97:a9:34:
                    a6:d9:88:99:5e:b3:54:9b:fd:7e:4f:7e:13:80:ee:
                    8e:74:71:ac:3c:68:b0:9e:06:49:82:8f:49:87:c6:
                    0e:1d:e7:8e:f2:b5:3e:f6:4d:af:14:b1:35:7a:99:
                    5b:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:A8:43:9A:88:62:48:06:EE:A4:EE:29:C9:06:C5:E4:9B:14:AF:F5
            X509v3 Authority Key Identifier:
                keyid:B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/YahDmohiSAbupO4pyQbF5JsUr_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.44.38.0/23
                  194.44.179.0/24
                  213.174.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:bf:0b:db:a7:4b:b3:61:f9:9a:c7:e9:cd:71:78:f9:17:fa:
         c4:1f:39:13:e3:d4:93:9b:31:73:63:9d:d6:04:ae:2e:c3:27:
         51:b3:52:9d:5c:b8:20:b1:f3:04:5c:77:e3:7c:05:82:7e:41:
         15:69:f6:26:53:04:68:f2:c8:20:a2:ca:a4:ac:b9:6f:64:0d:
         fd:8e:4c:62:de:d7:6b:87:17:14:c6:72:f8:50:a6:01:4d:fa:
         a4:eb:4c:94:59:88:af:36:f0:91:bf:4d:9b:95:7d:05:38:22:
         d0:1e:83:9b:00:24:93:91:1b:80:a0:c4:35:dd:43:94:d2:de:
         e3:fb:b7:64:de:0c:37:84:49:e2:b7:19:d7:54:5d:3b:98:d3:
         cf:b1:df:2f:f9:a6:66:68:be:52:85:5e:a6:8b:bf:a3:43:63:
         b8:19:70:43:5b:92:7e:ea:ed:39:e6:9e:e4:a3:fe:20:5b:34:
         1e:93:31:a0:ce:84:7b:b2:96:08:e0:ce:f7:d9:83:c5:dc:e1:
         4a:04:4b:74:9f:d6:64:70:09:3b:f7:8b:47:5f:49:9f:24:d1:
         db:ce:fb:04:4b:49:f7:eb:e6:98:16:75:3a:b5:c5:7f:10:d4:
         27:21:78:c0:35:4d:60:4b:6d:3e:e4:ae:5e:54:17:c6:b1:e8:
         38:56:12:eb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZk85Xg701jZAHo1/D0Mp2A6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZjNkYjM1NjU5MTMzMzE1ZDJmY2Y5MzA1OGRjZTM1MGE0
Y2IxN2EwHhcNMjUwOTEyMDc0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWE4NDM5YTg4NjI0ODA2ZWVhNGVlMjljOTA2YzVlNDliMTRhZmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomImrZ+057e1R3Vi/RbHEiLMpNZH
NAOjudBE9JqmdXelMOyyAMthmmp+rugMt9pzojPQW++Qte0VN9fwxcoB2iy7Mgzu
4ubRJhsE07k+j1oXeKtKnfQRIYjuAM4dXsla8SmJVQtLuSmODrN0ODBtWT3LL34m
9P+ksP+I5nOMP1FNd2DYMnxsnVrgcR1GVBnJL9hTpv5TJ7FElFHmnXucPDK7rttK
JOyRbxX9BW9gBxb9YN6bwgTTDpYIhzyJvUVFG3Xu5mzUSH2dcjxg4xeXqTSm2YiZ
XrNUm/1+T34TgO6OdHGsPGiwngZJgo9Jh8YOHeeO8rU+9k2vFLE1eplbVQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGGoQ5qIYkgG7qTuKckGxeSbFK/1MB8GA1UdIwQY
MBaAFLbz2zVlkTMxXS/PkwWNzjUKTLF6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQt
NTQ5ZWU2ZDMwZmI2LzEvWWFoRG1vaGlTQWJ1cE80cHlRYkY1SnNVcl9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQtNTQ5ZWU2ZDMwZmI2
LzEvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBwiwmAwQA
wiyzAwQA1a4dMA0GCSqGSIb3DQEBCwUAA4IBAQBuvwvbp0uzYfmax+nNcXj5F/rE
HzkT49STmzFzY53WBK4uwydRs1KdXLggsfMEXHfjfAWCfkEVafYmUwRo8sggosqk
rLlvZA39jkxi3tdrhxcUxnL4UKYBTfqk60yUWYivNvCRv02blX0FOCLQHoObACST
kRuAoMQ13UOU0t7j+7dk3gw3hEnitxnXVF07mNPPsd8v+aZmaL5ShV6mi7+jQ2O4
GXBDW5J+6u055p7ko/4gWzQekzGgzoR7spYI4M732YPF3OFKBEt0n9ZkcAk794tH
X0mfJNHbzvsES0n36+aYFnU6tcV/ENQnIXjANU1gS20+5K5eVBfGseg4VhLr
-----END CERTIFICATE-----