Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/YsXyfEzn_ZKBLDMzG1UU4GMwlcI.roa
File:                     YsXyfEzn_ZKBLDMzG1UU4GMwlcI.roa (raw, json)
Hash identifier:          +hKZsJUinqgBcHuQ7dq/U5cKUb4tJ0uT1WCFtVOANwo=
Subject key identifier:   62:C5:F2:7C:4C:E7:FD:92:81:2C:33:33:1B:55:14:E0:63:30:95:C2
Certificate issuer:       /CN=a124ccdd70f3ec762cbd65e04dd6f76be236a8a7
Certificate serial:       0197B539538B73CE966DCB1E55F28252768F
Authority key identifier: A1:24:CC:DD:70:F3:EC:76:2C:BD:65:E0:4D:D6:F7:6B:E2:36:A8:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oSTM3XDz7HYsvWXgTdb3a-I2qKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/YsXyfEzn_ZKBLDMzG1UU4GMwlcI.roa
Signing time:             Sat 28 Jun 2025 06:28:42 +0000
ROA not before:           Sat 28 Jun 2025 06:28:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400992
IP address blocks:        185.143.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/oSTM3XDz7HYsvWXgTdb3a-I2qKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/oSTM3XDz7HYsvWXgTdb3a-I2qKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oSTM3XDz7HYsvWXgTdb3a-I2qKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b5:39:53:8b:73:ce:96:6d:cb:1e:55:f2:82:52:76:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a124ccdd70f3ec762cbd65e04dd6f76be236a8a7
        Validity
            Not Before: Jun 28 06:28:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=62c5f27c4ce7fd92812c33331b5514e0633095c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:aa:a0:2f:e3:d3:ea:dc:f4:be:fa:c4:f5:f9:
                    bd:fb:53:19:6d:96:9b:1f:9e:0d:86:bc:c5:18:a0:
                    c0:da:82:04:4a:ed:41:35:1e:43:4b:4b:92:99:5d:
                    71:57:cf:0d:80:2a:cc:14:28:8b:f2:89:0a:ca:e7:
                    11:51:bc:7e:06:61:bf:ee:c1:84:c0:00:c2:33:94:
                    41:a9:a4:c4:b1:d6:04:ff:68:53:c9:aa:2e:18:84:
                    02:48:aa:6c:fb:94:8f:c7:9a:a0:39:9a:92:17:6d:
                    c8:32:ab:25:f2:66:7f:52:c7:26:53:25:4a:6d:f6:
                    7b:57:f5:45:16:aa:f8:d5:7c:35:a7:58:d5:cc:3e:
                    9c:5e:67:b9:af:b3:36:3a:c6:c9:cc:80:df:f5:01:
                    c9:fb:02:02:ba:9b:e4:16:4b:68:91:ab:c5:b4:5f:
                    85:1a:2a:b6:32:ae:92:c5:44:43:35:a2:b3:26:79:
                    f6:ce:85:d7:22:5e:84:fb:26:b2:1f:8b:6d:a8:ff:
                    b9:5e:ee:32:79:ec:1b:a7:71:64:4c:04:14:df:5e:
                    38:16:34:f8:2f:90:25:d0:cf:16:cc:c3:5b:81:00:
                    2a:e0:2f:1b:de:0c:15:cb:7e:4c:31:a9:0c:49:1f:
                    d1:ed:42:b7:2f:b4:00:85:4a:39:9c:1a:be:0a:7e:
                    a5:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:C5:F2:7C:4C:E7:FD:92:81:2C:33:33:1B:55:14:E0:63:30:95:C2
            X509v3 Authority Key Identifier:
                keyid:A1:24:CC:DD:70:F3:EC:76:2C:BD:65:E0:4D:D6:F7:6B:E2:36:A8:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oSTM3XDz7HYsvWXgTdb3a-I2qKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/YsXyfEzn_ZKBLDMzG1UU4GMwlcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/oSTM3XDz7HYsvWXgTdb3a-I2qKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:b6:6a:04:2b:d7:67:5d:6a:b1:90:6e:27:81:4e:0b:bf:81:
         2b:8c:1e:13:75:99:1d:aa:9c:4b:dd:c5:00:63:a1:f6:fc:e6:
         23:f1:2a:d4:8c:31:37:cb:96:fd:e5:a3:8f:01:21:10:4d:5e:
         1e:50:26:ec:82:51:4d:01:fd:8c:77:09:fc:97:9c:7b:d3:d1:
         27:9e:65:9f:2a:d2:45:43:a7:bc:d3:22:dd:2e:30:1f:62:66:
         75:44:99:be:dd:b0:b1:a3:80:ad:f6:8b:d6:73:0d:da:9b:e4:
         8b:44:ae:ca:3c:8f:d5:47:57:06:7d:ab:f6:40:c3:57:93:fa:
         8b:46:b1:3f:cf:f3:21:b3:46:5e:4b:e6:58:a0:ac:ff:d8:3d:
         cb:e1:4a:d7:79:c4:81:4e:37:8d:68:2f:7d:8a:48:2e:16:0c:
         66:ad:da:ea:27:d7:f6:9b:ad:f8:c9:af:32:e4:1f:c3:cd:f6:
         ab:8c:8f:2f:06:75:b2:b2:bc:e8:5b:dc:3c:4d:34:d2:00:ac:
         c0:20:cc:3d:d6:e4:9d:b7:c7:b1:c2:52:6f:bd:3b:35:40:93:
         5e:b3:e5:08:46:b9:db:83:51:13:fa:cd:d5:1f:39:0e:eb:3c:
         a6:81:54:9e:76:e3:af:aa:e1:af:74:a1:93:a5:d5:16:bf:7c:
         a5:86:86:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZe1OVOLc86WbcseVfKCUnaPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExMjRjY2RkNzBmM2VjNzYyY2JkNjVlMDRkZDZmNzZiZTIz
NmE4YTcwHhcNMjUwNjI4MDYyODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmM1ZjI3YzRjZTdmZDkyODEyYzMzMzMxYjU1MTRlMDYzMzA5NWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqqgL+PT6tz0vvrE9fm9+1MZbZab
H54NhrzFGKDA2oIESu1BNR5DS0uSmV1xV88NgCrMFCiL8okKyucRUbx+BmG/7sGE
wADCM5RBqaTEsdYE/2hTyaouGIQCSKps+5SPx5qgOZqSF23IMqsl8mZ/UscmUyVK
bfZ7V/VFFqr41Xw1p1jVzD6cXme5r7M2OsbJzIDf9QHJ+wICupvkFktokavFtF+F
Giq2Mq6SxURDNaKzJnn2zoXXIl6E+yayH4ttqP+5Xu4yeewbp3FkTAQU3144FjT4
L5Al0M8WzMNbgQAq4C8b3gwVy35MMakMSR/R7UK3L7QAhUo5nBq+Cn6lWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGLF8nxM5/2SgSwzMxtVFOBjMJXCMB8GA1UdIwQY
MBaAFKEkzN1w8+x2LL1l4E3W92viNqinMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1NUTTNYRHo3SFlzdldYZ1RkYjNhLUkycUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9iNjk0YjgtODIxMS00YzA2LTljODEt
N2IzNTM5N2FmMmY3LzEvWXNYeWZFem5fWktCTERNekcxVVU0R013bGNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9iNjk0YjgtODIxMS00YzA2LTljODEtN2IzNTM5N2FmMmY3
LzEvb1NUTTNYRHo3SFlzdldYZ1RkYjNhLUkycUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY/uMA0G
CSqGSIb3DQEBCwUAA4IBAQAmtmoEK9dnXWqxkG4ngU4Lv4ErjB4TdZkdqpxL3cUA
Y6H2/OYj8SrUjDE3y5b95aOPASEQTV4eUCbsglFNAf2Mdwn8l5x709EnnmWfKtJF
Q6e80yLdLjAfYmZ1RJm+3bCxo4Ct9ovWcw3am+SLRK7KPI/VR1cGfav2QMNXk/qL
RrE/z/Mhs0ZeS+ZYoKz/2D3L4UrXecSBTjeNaC99ikguFgxmrdrqJ9f2m634ya8y
5B/DzfarjI8vBnWysrzoW9w8TTTSAKzAIMw91uSdt8exwlJvvTs1QJNes+UIRrnb
g1ET+s3VHzkO6zymgVSeduOvquGvdKGTpdUWv3ylhoa4
-----END CERTIFICATE-----