Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/yHnvcCyxL9DiNKgoynw0YsPtMEA.roa
File:                     yHnvcCyxL9DiNKgoynw0YsPtMEA.roa (raw, json)
Hash identifier:          3cqBDixt8W2IKnu70ZX2oXW2VcR8MoEC6zWNq0ijnrs=
Subject key identifier:   C8:79:EF:70:2C:B1:2F:D0:E2:34:A8:28:CA:7C:34:62:C3:ED:30:40
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       0197AA9ECA0D2A2EB35A20D7BC1ED5422A30
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/yHnvcCyxL9DiNKgoynw0YsPtMEA.roa
Signing time:             Thu 26 Jun 2025 05:03:42 +0000
ROA not before:           Thu 26 Jun 2025 05:03:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        185.143.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 11:32:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:aa:9e:ca:0d:2a:2e:b3:5a:20:d7:bc:1e:d5:42:2a:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Jun 26 05:03:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c879ef702cb12fd0e234a828ca7c3462c3ed3040
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:a3:2b:b7:e1:b8:d3:c8:fc:11:55:2d:2d:42:
                    d3:1f:e7:ef:be:c0:33:8f:4e:a0:e1:43:a0:35:03:
                    e0:92:ef:be:56:d8:f1:41:5b:69:9b:2f:95:6b:39:
                    71:1a:c7:fa:b1:ff:f9:bb:9f:53:43:a5:26:31:67:
                    f9:d4:3f:23:f6:6e:95:2f:9e:f3:3f:90:d4:b4:7a:
                    d2:32:ac:50:6d:23:c2:93:d9:e4:59:25:b2:89:97:
                    bb:21:e4:76:b8:9b:18:cb:b9:79:41:ba:a1:48:89:
                    51:53:21:4d:a8:87:d3:3c:a9:86:f5:a3:58:d0:69:
                    c9:10:97:93:bd:ed:48:45:1d:e9:8d:f1:5e:23:fd:
                    95:6a:ca:ed:c5:40:2c:c1:94:f5:fa:29:87:a0:38:
                    11:1f:9e:3e:b2:a4:f9:28:93:d6:e8:46:4b:ec:f9:
                    bf:f3:62:d6:4d:ce:8e:3e:ff:76:23:d9:d9:96:64:
                    36:8e:0b:3c:a5:0a:68:03:a1:e6:a9:a0:5c:4b:e1:
                    31:8b:89:4c:7a:dd:b2:a4:e5:5f:96:30:2d:ae:10:
                    4c:47:60:d8:70:6b:3c:bd:f3:6e:e5:07:40:62:74:
                    bd:dd:d0:12:08:f3:53:3b:26:fa:bc:c4:e8:d0:17:
                    6e:3d:ba:9c:e5:b0:54:a9:70:09:bc:11:d1:7a:62:
                    c2:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:79:EF:70:2C:B1:2F:D0:E2:34:A8:28:CA:7C:34:62:C3:ED:30:40
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/yHnvcCyxL9DiNKgoynw0YsPtMEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:e1:11:15:9c:4d:0c:36:6f:63:06:d0:c3:20:6c:bb:ad:4b:
         e0:37:1c:9c:23:17:c0:f8:a9:a9:1a:7f:fa:b2:38:9d:62:0b:
         33:dd:c7:e7:cf:e4:73:ea:0b:16:b7:af:4f:3f:c2:c6:9f:39:
         d7:b2:6a:68:ae:e4:2e:1c:a6:e4:9e:0f:d6:b3:37:fe:6b:57:
         88:4e:2a:6a:38:a1:13:21:54:80:f8:4f:c9:9d:80:04:9e:46:
         69:b3:50:c8:e3:cc:1a:5d:d6:01:8b:a5:11:f6:8e:16:41:c7:
         8f:85:db:39:1f:20:87:59:0a:5a:b4:3d:a4:13:0b:33:07:27:
         c7:8b:b3:52:f9:1a:43:23:53:9b:51:30:2c:f8:61:4b:a4:c9:
         f6:02:db:df:b6:b5:38:3c:64:5d:5f:fa:32:05:81:c0:01:57:
         1c:0b:99:d4:d7:e6:6a:fc:56:65:5f:d2:b7:72:b6:75:aa:b5:
         bf:25:f9:33:53:88:a4:39:8d:5b:e1:04:8a:ed:19:58:cd:50:
         77:05:79:3e:c9:7f:b9:0e:31:2d:24:de:ff:ac:4e:a2:15:1a:
         c2:57:3d:f7:c6:27:65:8d:f5:ff:67:af:1f:f8:c5:5d:3f:7d:
         21:c1:e6:70:6f:4b:aa:bf:a0:9e:22:32:b9:a6:c4:5a:69:a0:
         97:2e:60:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeqnsoNKi6zWiDXvB7VQiowMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUwNjI2MDUwMzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODc5ZWY3MDJjYjEyZmQwZTIzNGE4MjhjYTdjMzQ2MmMzZWQzMDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzaMrt+G408j8EVUtLULTH+fvvsAz
j06g4UOgNQPgku++VtjxQVtpmy+VazlxGsf6sf/5u59TQ6UmMWf51D8j9m6VL57z
P5DUtHrSMqxQbSPCk9nkWSWyiZe7IeR2uJsYy7l5QbqhSIlRUyFNqIfTPKmG9aNY
0GnJEJeTve1IRR3pjfFeI/2VasrtxUAswZT1+imHoDgRH54+sqT5KJPW6EZL7Pm/
82LWTc6OPv92I9nZlmQ2jgs8pQpoA6HmqaBcS+Exi4lMet2ypOVfljAtrhBMR2DY
cGs8vfNu5QdAYnS93dASCPNTOyb6vMTo0BduPbqc5bBUqXAJvBHRemLCSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMh573AssS/Q4jSoKMp8NGLD7TBAMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEveUhudmNDeXhMOURpTktnb3ludzBZc1B0TUVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY9IMA0G
CSqGSIb3DQEBCwUAA4IBAQCR4REVnE0MNm9jBtDDIGy7rUvgNxycIxfA+KmpGn/6
sjidYgsz3cfnz+Rz6gsWt69PP8LGnznXsmporuQuHKbkng/Wszf+a1eITipqOKET
IVSA+E/JnYAEnkZps1DI48waXdYBi6UR9o4WQcePhds5HyCHWQpatD2kEwszByfH
i7NS+RpDI1ObUTAs+GFLpMn2AtvftrU4PGRdX/oyBYHAAVccC5nU1+Zq/FZlX9K3
crZ1qrW/JfkzU4ikOY1b4QSK7RlYzVB3BXk+yX+5DjEtJN7/rE6iFRrCVz33xidl
jfX/Z68f+MVdP30hweZwb0uqv6CeIjK5psRaaaCXLmCE
-----END CERTIFICATE-----