Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/yp-8gzIUS28UkdIriaZE9SvxySU.roa
File:                     yp-8gzIUS28UkdIriaZE9SvxySU.roa (raw, json)
Hash identifier:          +iP77Exrci+Xrmn096jgn0pyK47AsH9ERkphbh20fcM=
Subject key identifier:   CA:9F:BC:83:32:14:4B:6F:14:91:D2:2B:89:A6:44:F5:2B:F1:C9:25
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       0199B9F627E8AC61FBD7A946BC6EE58716F1
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/yp-8gzIUS28UkdIriaZE9SvxySU.roa
Signing time:             Mon 06 Oct 2025 14:39:01 +0000
ROA not before:           Mon 06 Oct 2025 14:39:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61580
IP address blocks:        2.21.67.0/24 maxlen: 24
                          2.22.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 05:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b9:f6:27:e8:ac:61:fb:d7:a9:46:bc:6e:e5:87:16:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Oct  6 14:39:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ca9fbc8332144b6f1491d22b89a644f52bf1c925
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:75:45:d5:01:00:bb:34:13:6c:a9:f5:16:79:
                    72:d7:19:bf:ab:5b:59:a2:11:2f:64:7a:c3:98:37:
                    4a:46:bf:7b:0f:95:d8:d6:e0:05:87:cb:7c:b8:82:
                    91:83:ea:9e:1e:da:7c:78:ef:0b:ed:39:cb:be:93:
                    5b:7b:a8:3c:9d:c8:4b:d2:f1:41:7c:76:13:9a:01:
                    25:4e:61:ca:c6:3a:db:88:b0:d5:ec:62:f8:0c:ad:
                    e7:ac:fb:1d:10:ff:86:93:67:fc:fc:f9:55:95:7d:
                    35:36:1d:02:45:39:ba:7c:43:e3:ee:a3:52:bb:5f:
                    19:cb:d4:b8:f0:63:76:f2:94:f0:eb:9e:93:60:2f:
                    20:0a:23:93:af:28:0b:5d:5d:8f:96:9c:25:4d:a7:
                    c6:2b:dc:15:b3:00:7a:60:e4:91:c2:c6:63:26:33:
                    78:00:81:3c:09:dc:c0:a3:b3:99:6c:9c:64:74:01:
                    aa:40:a8:c7:cf:84:da:e3:cc:d9:5b:b4:e6:ab:24:
                    29:bb:be:35:77:d4:e4:4b:66:f1:85:f4:ca:35:cc:
                    63:09:63:c9:b0:e6:54:a8:38:0b:db:14:6b:51:d2:
                    9d:9a:6f:3f:48:79:7c:66:04:1b:04:e6:7b:20:90:
                    40:02:cc:6c:35:91:5a:5d:f6:00:c8:c9:5e:76:7b:
                    b5:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:9F:BC:83:32:14:4B:6F:14:91:D2:2B:89:A6:44:F5:2B:F1:C9:25
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/yp-8gzIUS28UkdIriaZE9SvxySU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.21.67.0/24
                  2.22.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:86:dd:c0:8b:df:0b:79:ad:73:56:45:de:05:5e:26:aa:09:
         62:34:31:27:ab:f6:ce:d3:29:10:51:94:14:2f:8f:92:0f:4b:
         c0:d9:6b:b5:14:c8:ab:1c:a6:c7:79:9b:15:37:c9:fe:95:24:
         df:4b:10:72:6b:dd:cd:01:7c:2b:d8:27:9f:14:46:84:24:02:
         e2:e2:46:ea:2d:39:bc:89:c9:09:1e:38:14:9e:75:31:dc:05:
         c1:dd:77:82:5a:ec:0f:8b:0c:3b:19:11:50:39:30:67:b8:39:
         16:c4:07:84:e7:b8:1c:26:8e:b7:cf:c9:b0:c3:40:35:e9:a9:
         b5:04:2c:fc:72:9d:81:1a:3b:99:aa:7f:ba:97:80:aa:ce:06:
         c2:1d:8d:7a:0c:b5:0d:99:b3:f4:c2:02:52:ad:00:ac:c6:17:
         80:44:3b:3f:70:63:26:f6:23:3e:16:55:e7:da:c2:42:6e:ea:
         a1:4d:9c:b9:23:70:7f:53:22:3a:ce:db:4e:fd:ee:f7:d0:3d:
         8f:0c:42:10:81:f3:9b:42:d4:00:4c:67:c3:1e:98:bf:7b:79:
         2f:43:84:dd:2a:1e:47:3e:0b:a3:4d:ee:ab:da:c3:81:d8:53:
         79:3a:81:36:1c:42:7b:aa:35:51:81:cd:0f:bf:bf:84:ad:51:
         79:53:a3:c8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZm59iforGH716lGvG7lhxbxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjUxMDA2MTQzOTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTlmYmM4MzMyMTQ0YjZmMTQ5MWQyMmI4OWE2NDRmNTJiZjFjOTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXVF1QEAuzQTbKn1Fnly1xm/q1tZ
ohEvZHrDmDdKRr97D5XY1uAFh8t8uIKRg+qeHtp8eO8L7TnLvpNbe6g8nchL0vFB
fHYTmgElTmHKxjrbiLDV7GL4DK3nrPsdEP+Gk2f8/PlVlX01Nh0CRTm6fEPj7qNS
u18Zy9S48GN28pTw656TYC8gCiOTrygLXV2PlpwlTafGK9wVswB6YOSRwsZjJjN4
AIE8CdzAo7OZbJxkdAGqQKjHz4Ta48zZW7TmqyQpu741d9TkS2bxhfTKNcxjCWPJ
sOZUqDgL2xRrUdKdmm8/SHl8ZgQbBOZ7IJBAAsxsNZFaXfYAyMlednu1fwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMqfvIMyFEtvFJHSK4mmRPUr8cklMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEveXAtOGd6SVVTMjhVa2RJcmlhWkU5U3Z4eVNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhVDAwQA
AhYzMA0GCSqGSIb3DQEBCwUAA4IBAQCnht3Ai98Lea1zVkXeBV4mqgliNDEnq/bO
0ykQUZQUL4+SD0vA2Wu1FMirHKbHeZsVN8n+lSTfSxBya93NAXwr2CefFEaEJALi
4kbqLTm8ickJHjgUnnUx3AXB3XeCWuwPiww7GRFQOTBnuDkWxAeE57gcJo63z8mw
w0A16am1BCz8cp2BGjuZqn+6l4CqzgbCHY16DLUNmbP0wgJSrQCsxheARDs/cGMm
9iM+FlXn2sJCbuqhTZy5I3B/UyI6zttO/e730D2PDEIQgfObQtQATGfDHpi/e3kv
Q4TdKh5HPgujTe6r2sOB2FN5OoE2HEJ7qjVRgc0Pv7+ErVF5U6PI
-----END CERTIFICATE-----