Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/Y72V-mPUtkPMzOcUtEbrhdYjFXM.roa
File:                     Y72V-mPUtkPMzOcUtEbrhdYjFXM.roa (raw, json)
Hash identifier:          IxbYeGjmmxw3vx1ysPlJvhxU9D7BWMWOG39yWL47F+k=
Subject key identifier:   63:BD:95:FA:63:D4:B6:43:CC:CC:E7:14:B4:46:EB:85:D6:23:15:73
Certificate issuer:       /CN=b914961f67f22c61e84a66c8ad9c1a8ce51d099b
Certificate serial:       01994E6266F1F11FC66E02F238766528F3F3
Authority key identifier: B9:14:96:1F:67:F2:2C:61:E8:4A:66:C8:AD:9C:1A:8C:E5:1D:09:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/Y72V-mPUtkPMzOcUtEbrhdYjFXM.roa
Signing time:             Mon 15 Sep 2025 17:18:15 +0000
ROA not before:           Mon 15 Sep 2025 17:18:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60508
IP address blocks:        212.163.60.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4e:62:66:f1:f1:1f:c6:6e:02:f2:38:76:65:28:f3:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b914961f67f22c61e84a66c8ad9c1a8ce51d099b
        Validity
            Not Before: Sep 15 17:18:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63bd95fa63d4b643cccce714b446eb85d6231573
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:bf:d5:2f:38:e8:f0:c3:c7:18:6c:d7:39:7f:
                    63:35:8f:b3:cc:ef:60:52:74:3c:27:de:68:44:53:
                    10:e5:9a:e3:53:f7:40:18:8d:7c:c9:28:2d:8b:22:
                    fc:79:3b:ee:be:05:f9:58:21:dc:fe:1d:65:d9:f7:
                    23:9d:ba:4d:d8:a4:71:37:29:ec:70:9f:2f:f8:64:
                    eb:40:9d:57:5d:8f:1c:ac:f6:43:1b:c7:73:a2:76:
                    51:1e:1e:05:70:5a:58:d3:d1:c6:72:0e:d2:eb:20:
                    18:0b:70:f8:49:91:85:75:f6:f5:3b:a2:10:95:e3:
                    44:f6:07:10:6c:ed:a0:1c:7a:55:b6:6c:bb:f8:61:
                    58:32:54:7e:3c:83:c5:04:ef:46:09:19:c3:bd:2e:
                    55:3e:1c:1b:42:56:fa:d1:e4:95:c6:cd:2f:a9:4a:
                    48:83:bb:11:61:0f:90:6a:8a:5a:63:7b:4d:6f:88:
                    d3:22:7c:09:23:f0:17:9c:9a:23:ad:b3:1c:4b:4f:
                    7f:08:36:44:6b:6a:32:f9:b0:ec:2d:12:54:90:be:
                    cb:84:b7:02:1b:eb:e3:33:64:e3:96:5d:f8:8f:66:
                    68:8d:bf:25:96:8b:03:ae:2d:a4:03:e3:9b:e4:85:
                    42:ae:8f:50:5b:db:f9:07:8f:d0:de:4a:46:07:0f:
                    58:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:BD:95:FA:63:D4:B6:43:CC:CC:E7:14:B4:46:EB:85:D6:23:15:73
            X509v3 Authority Key Identifier:
                keyid:B9:14:96:1F:67:F2:2C:61:E8:4A:66:C8:AD:9C:1A:8C:E5:1D:09:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/Y72V-mPUtkPMzOcUtEbrhdYjFXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.163.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:0c:71:b6:71:ec:83:44:67:ef:18:77:ae:70:a0:e5:40:b1:
         21:a8:d0:1c:03:68:4e:a5:7a:46:61:b3:bb:5b:7d:d2:b9:57:
         ef:88:a1:c5:34:46:60:d1:fd:7c:de:b2:aa:98:18:92:0d:51:
         da:56:dc:85:bf:bc:11:dd:c1:13:ed:69:f6:6b:25:98:b3:3c:
         32:30:41:fb:41:91:be:30:6e:7e:fe:00:39:48:99:b4:5c:d5:
         f7:a2:cb:2a:f1:aa:cd:87:f0:2b:9d:6e:15:a2:cb:50:f7:f1:
         c3:fa:4a:62:2b:bf:71:37:8f:82:46:b7:55:23:f7:4f:1c:7b:
         93:9b:69:c8:42:89:a8:c5:ff:61:cb:6b:0a:dc:bc:ff:8f:e1:
         e7:48:d6:f8:fc:de:ac:3e:fd:14:03:5e:55:e4:89:8b:bc:1a:
         b2:d0:36:de:a6:39:22:f0:45:42:e2:d9:5e:c8:b6:5e:45:1e:
         99:28:63:5d:0a:d3:ea:d0:28:5f:cf:78:0a:e0:a5:d3:75:41:
         6c:3a:42:9a:ef:a5:0f:28:70:9d:b1:79:65:0f:0d:49:7a:71:
         78:73:ef:65:0c:75:1a:4d:ef:4e:39:8d:11:d3:9b:72:45:eb:
         45:3f:f0:10:81:8f:73:70:dc:ea:5c:1e:84:cd:5d:dd:c8:dc:
         7e:65:7f:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlOYmbx8R/GbgLyOHZlKPPzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MTQ5NjFmNjdmMjJjNjFlODRhNjZjOGFkOWMxYThjZTUx
ZDA5OWIwHhcNMjUwOTE1MTcxODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2JkOTVmYTYzZDRiNjQzY2NjY2U3MTRiNDQ2ZWI4NWQ2MjMxNTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxL/VLzjo8MPHGGzXOX9jNY+zzO9g
UnQ8J95oRFMQ5ZrjU/dAGI18ySgtiyL8eTvuvgX5WCHc/h1l2fcjnbpN2KRxNyns
cJ8v+GTrQJ1XXY8crPZDG8dzonZRHh4FcFpY09HGcg7S6yAYC3D4SZGFdfb1O6IQ
leNE9gcQbO2gHHpVtmy7+GFYMlR+PIPFBO9GCRnDvS5VPhwbQlb60eSVxs0vqUpI
g7sRYQ+QaopaY3tNb4jTInwJI/AXnJojrbMcS09/CDZEa2oy+bDsLRJUkL7LhLcC
G+vjM2Tjll34j2Zojb8llosDri2kA+Ob5IVCro9QW9v5B4/Q3kpGBw9YawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGO9lfpj1LZDzMznFLRG64XWIxVzMB8GA1UdIwQY
MBaAFLkUlh9n8ixh6EpmyK2cGozlHQmbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVJTV0gyZnlMR0hvU21iSXJad2FqT1VkQ1pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wOTE3YTctOWViZC00NWI5LTlkZTIt
Mjc0NzNjYTYxMmRlLzEvWTcyVi1tUFV0a1BNek9jVXRFYnJoZFlqRlhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wOTE3YTctOWViZC00NWI5LTlkZTItMjc0NzNjYTYxMmRl
LzEvdVJTV0gyZnlMR0hvU21iSXJad2FqT1VkQ1pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1KM8MA0G
CSqGSIb3DQEBCwUAA4IBAQBMDHG2ceyDRGfvGHeucKDlQLEhqNAcA2hOpXpGYbO7
W33SuVfviKHFNEZg0f183rKqmBiSDVHaVtyFv7wR3cET7Wn2ayWYszwyMEH7QZG+
MG5+/gA5SJm0XNX3ossq8arNh/ArnW4VostQ9/HD+kpiK79xN4+CRrdVI/dPHHuT
m2nIQomoxf9hy2sK3Lz/j+HnSNb4/N6sPv0UA15V5ImLvBqy0Dbepjki8EVC4tle
yLZeRR6ZKGNdCtPq0Chfz3gK4KXTdUFsOkKa76UPKHCdsXllDw1JenF4c+9lDHUa
Te9OOY0R05tyRetFP/AQgY9zcNzqXB6EzV3dyNx+ZX+Q
-----END CERTIFICATE-----