Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/YQyoZSZ38L_KFryMEYkBnAZJoIU.roa
File:                     YQyoZSZ38L_KFryMEYkBnAZJoIU.roa (raw, json)
Hash identifier:          rlsyW+kzGTKRfz2CZKaaatgyY9ylPHrd5KVR/xTE2Pc=
Subject key identifier:   61:0C:A8:65:26:77:F0:BF:CA:16:BC:8C:11:89:01:9C:06:49:A0:85
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       0199734E6EC46E15B3B8B5BE578AD699976E
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/YQyoZSZ38L_KFryMEYkBnAZJoIU.roa
Signing time:             Mon 22 Sep 2025 21:22:24 +0000
ROA not before:           Mon 22 Sep 2025 21:22:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135391
IP address blocks:        45.155.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 18:26:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:73:4e:6e:c4:6e:15:b3:b8:b5:be:57:8a:d6:99:97:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Sep 22 21:22:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=610ca8652677f0bfca16bc8c1189019c0649a085
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ed:d5:0b:9b:fc:a0:ec:61:d5:35:3e:2b:86:
                    53:4a:e4:53:b3:d1:b9:33:b9:71:98:09:14:bf:58:
                    f9:73:ef:5f:25:48:14:70:44:49:cf:ee:18:4c:78:
                    04:7b:0b:c2:a0:5c:fa:9b:85:22:b0:53:5c:c3:94:
                    52:c1:af:e9:cb:0d:e0:71:17:aa:af:7d:70:40:50:
                    71:1f:39:14:27:09:9f:5a:10:18:1d:f1:fe:8d:c2:
                    f6:89:29:38:13:a0:08:e5:75:06:25:54:24:7b:9e:
                    f9:67:4b:69:cb:57:3f:77:2a:80:24:d1:9c:c1:72:
                    96:ac:69:82:74:90:67:67:21:d8:26:48:f9:4f:10:
                    1e:28:a2:67:ad:26:d6:6d:c2:95:30:70:1f:2b:e2:
                    27:d7:5f:68:69:90:90:bf:ad:cd:8a:66:ce:6c:d5:
                    40:00:c1:d0:bf:00:e0:ba:69:f4:0b:71:f5:5e:b3:
                    0b:71:13:c7:2f:6c:b1:1f:93:bc:b7:ac:8d:34:b6:
                    49:10:f0:9a:3c:48:95:b6:d3:90:9f:63:eb:50:af:
                    3e:04:3f:c6:f0:c0:06:11:47:63:32:99:63:a6:71:
                    95:a5:24:50:c7:c7:b2:2e:41:15:98:6c:2f:0f:a8:
                    72:d5:00:36:da:76:c4:a2:b2:07:1c:2d:2c:bc:a6:
                    25:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:0C:A8:65:26:77:F0:BF:CA:16:BC:8C:11:89:01:9C:06:49:A0:85
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/YQyoZSZ38L_KFryMEYkBnAZJoIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:a1:45:a4:1a:ce:59:0f:20:73:84:58:b7:4e:d6:a7:29:a2:
         0d:05:89:47:a1:26:b1:39:f3:7d:a2:96:85:6f:76:34:77:54:
         c4:88:0d:63:58:a7:67:c9:17:23:26:d5:49:97:22:2c:df:e3:
         13:dc:65:c4:04:ef:d2:e9:55:dd:25:49:7c:a8:14:9b:96:55:
         36:e0:49:4b:a2:a9:71:5f:5a:8b:d2:8b:8b:70:66:87:b2:c3:
         ec:8f:d9:1a:3b:62:db:17:58:15:8d:22:66:ee:1a:b8:ae:ee:
         2f:d8:34:9b:e0:76:94:01:ab:fa:51:65:c7:d3:c4:41:9d:1d:
         fc:4a:09:d4:db:ed:11:b1:1d:cc:48:d2:7e:5d:e9:dd:16:48:
         39:15:bc:c0:1f:d7:c2:b7:e9:1f:b6:97:76:5e:12:d0:9e:66:
         c5:c6:d8:ec:47:da:1c:28:3d:99:d6:bf:4f:6f:f7:66:7b:75:
         1e:5c:c3:d7:70:c6:4b:e2:96:e4:61:8c:13:1f:43:01:e5:06:
         d5:39:c9:8e:af:07:34:38:11:1d:de:17:4f:cf:d1:df:49:ec:
         b4:4a:c0:e3:e4:50:55:32:3a:ea:c7:35:cd:a6:01:e9:9d:a4:
         44:27:47:4a:ea:40:96:51:11:6a:18:dc:d1:7b:2a:38:de:8b:
         5a:cc:b5:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlzTm7EbhWzuLW+V4rWmZduMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjUwOTIyMjEyMjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTBjYTg2NTI2NzdmMGJmY2ExNmJjOGMxMTg5MDE5YzA2NDlhMDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqu3VC5v8oOxh1TU+K4ZTSuRTs9G5
M7lxmAkUv1j5c+9fJUgUcERJz+4YTHgEewvCoFz6m4UisFNcw5RSwa/pyw3gcReq
r31wQFBxHzkUJwmfWhAYHfH+jcL2iSk4E6AI5XUGJVQke575Z0tpy1c/dyqAJNGc
wXKWrGmCdJBnZyHYJkj5TxAeKKJnrSbWbcKVMHAfK+In119oaZCQv63NimbObNVA
AMHQvwDgumn0C3H1XrMLcRPHL2yxH5O8t6yNNLZJEPCaPEiVttOQn2PrUK8+BD/G
8MAGEUdjMpljpnGVpSRQx8eyLkEVmGwvD6hy1QA22nbEorIHHC0svKYleQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGEMqGUmd/C/yha8jBGJAZwGSaCFMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvWVF5b1pTWjM4TF9LRnJ5TUVZa0JuQVpKb0lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZv9MA0G
CSqGSIb3DQEBCwUAA4IBAQCzoUWkGs5ZDyBzhFi3TtanKaINBYlHoSaxOfN9opaF
b3Y0d1TEiA1jWKdnyRcjJtVJlyIs3+MT3GXEBO/S6VXdJUl8qBSbllU24ElLoqlx
X1qL0ouLcGaHssPsj9kaO2LbF1gVjSJm7hq4ru4v2DSb4HaUAav6UWXH08RBnR38
SgnU2+0RsR3MSNJ+XendFkg5FbzAH9fCt+kftpd2XhLQnmbFxtjsR9ocKD2Z1r9P
b/dme3UeXMPXcMZL4pbkYYwTH0MB5QbVOcmOrwc0OBEd3hdPz9HfSey0SsDj5FBV
MjrqxzXNpgHpnaREJ0dK6kCWURFqGNzReyo43otazLXD
-----END CERTIFICATE-----