Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/YqK1nXW8w2q_X2z3lSICRsWfjFw.roa
File:                     YqK1nXW8w2q_X2z3lSICRsWfjFw.roa (raw, json)
Hash identifier:          l725tDRDqMSX597l+gr9+lU8fQNlGlVTOUy4mlZEjNw=
Subject key identifier:   62:A2:B5:9D:75:BC:C3:6A:BF:5F:6C:F7:95:22:02:46:C5:9F:8C:5C
Certificate issuer:       /CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
Certificate serial:       0198CCE6A4DCCA62C4A555BD656E5F2CAAD5
Authority key identifier: B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/YqK1nXW8w2q_X2z3lSICRsWfjFw.roa
Signing time:             Thu 21 Aug 2025 13:52:04 +0000
ROA not before:           Thu 21 Aug 2025 13:52:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9123
IP address blocks:        80.90.178.0/24 maxlen: 24
                          80.90.180.0/22 maxlen: 24
                          80.90.184.0/22 maxlen: 24
                          80.90.188.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 10:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:cc:e6:a4:dc:ca:62:c4:a5:55:bd:65:6e:5f:2c:aa:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
        Validity
            Not Before: Aug 21 13:52:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=62a2b59d75bcc36abf5f6cf795220246c59f8c5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:3a:0b:6a:09:de:93:8b:cf:7c:e8:01:74:88:
                    c1:3e:3c:31:7e:4d:2b:fa:8b:55:f5:ef:dd:33:22:
                    cf:fb:2f:6b:69:56:2a:e8:4c:f3:1b:eb:fe:81:f8:
                    03:5c:a6:eb:d6:03:e0:d8:85:7d:03:7c:78:f0:c7:
                    71:8e:69:26:e6:05:e1:96:f4:e6:3c:36:8d:39:db:
                    b8:41:f5:12:6e:99:dd:db:88:4e:99:1e:6d:d1:3e:
                    00:b1:a7:2e:ff:f6:7f:98:ea:db:02:02:10:4a:f1:
                    d7:aa:9d:7d:8a:d3:26:14:c0:8b:5d:b3:88:41:7a:
                    29:c9:e7:2b:6d:d2:e4:31:68:4e:1e:80:9d:70:ce:
                    40:8b:69:e4:e9:f8:fc:f0:54:09:c3:79:59:a2:65:
                    fb:3e:54:6e:64:2b:83:65:e0:5e:57:e2:e6:91:67:
                    dc:1a:c3:b2:30:76:b3:56:8f:3f:24:1b:1f:9a:bd:
                    5b:16:6b:5a:7c:e1:95:ac:66:80:2c:3b:fd:8b:78:
                    1c:65:c3:19:84:fe:6b:cc:45:b0:2a:ea:0c:9c:0c:
                    37:ef:86:29:41:63:3e:66:e1:28:65:de:f6:bd:af:
                    e2:cf:10:04:f5:99:f2:12:ad:e6:3f:b4:86:28:de:
                    12:52:f7:a8:da:92:ac:8b:fa:0f:17:58:e5:66:6f:
                    83:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:A2:B5:9D:75:BC:C3:6A:BF:5F:6C:F7:95:22:02:46:C5:9F:8C:5C
            X509v3 Authority Key Identifier:
                keyid:B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/YqK1nXW8w2q_X2z3lSICRsWfjFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.90.178.0/24
                  80.90.180.0-80.90.191.255

    Signature Algorithm: sha256WithRSAEncryption
         cf:21:45:16:93:e8:af:79:54:a3:77:b7:6b:ad:22:24:61:45:
         1c:60:12:af:45:59:65:90:31:e3:20:55:4e:ba:cb:66:ad:fb:
         2a:9f:7a:10:16:5f:68:a9:36:be:7b:40:5b:0c:b5:b0:f8:32:
         74:6e:db:d8:b6:9e:90:fe:14:9c:55:26:76:83:66:ae:40:19:
         ca:a0:84:ad:36:2c:da:1b:4d:86:4b:f9:cf:5d:1b:58:86:fe:
         a0:be:53:17:55:36:23:f7:4a:45:c1:d3:e2:ad:ee:71:56:87:
         2b:22:2c:23:c4:9e:c9:70:88:92:51:a3:db:5a:95:45:16:9c:
         61:ee:d2:42:eb:db:57:0b:05:03:20:0e:a2:44:dc:6e:19:bc:
         53:c4:cd:65:34:69:c4:f7:9e:68:c6:f9:35:72:e4:1e:e7:3c:
         ce:c7:ad:0b:7a:64:33:d1:fd:5e:ef:55:e8:36:33:bb:0d:30:
         f7:92:e9:3e:89:a5:15:75:68:a7:20:20:e8:a3:84:d5:b6:36:
         cb:a3:7e:85:01:97:3c:80:21:66:04:35:58:40:f7:38:2c:16:
         99:3d:e1:94:ff:c0:1e:ac:76:ce:ad:60:15:59:ad:36:93:c0:
         58:ed:57:02:05:95:76:64:bf:ff:0f:50:4a:30:6e:a5:a5:69:
         03:24:63:08
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZjM5qTcymLEpVW9ZW5fLKrVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZWE4OTM2ZjhlNTMwNjNiNGIzYmRmMGYzYjE1YjJhZTY2
N2VmMTMwHhcNMjUwODIxMTM1MjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmEyYjU5ZDc1YmNjMzZhYmY1ZjZjZjc5NTIyMDI0NmM1OWY4YzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojoLagnek4vPfOgBdIjBPjwxfk0r
+otV9e/dMyLP+y9raVYq6EzzG+v+gfgDXKbr1gPg2IV9A3x48Mdxjmkm5gXhlvTm
PDaNOdu4QfUSbpnd24hOmR5t0T4Asacu//Z/mOrbAgIQSvHXqp19itMmFMCLXbOI
QXopyecrbdLkMWhOHoCdcM5Ai2nk6fj88FQJw3lZomX7PlRuZCuDZeBeV+LmkWfc
GsOyMHazVo8/JBsfmr1bFmtafOGVrGaALDv9i3gcZcMZhP5rzEWwKuoMnAw374Yp
QWM+ZuEoZd72va/izxAE9ZnyEq3mP7SGKN4SUveo2pKsi/oPF1jlZm+DywIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGKitZ11vMNqv19s95UiAkbFn4xcMB8GA1UdIwQY
MBaAFLnqiTb45TBjtLO98POxWyrmZ+8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEt
YjI1MDk5N2ZjNzVkLzEvWXFLMW5YVzh3MnFfWDJ6M2xTSUNSc1dmakZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEtYjI1MDk5N2ZjNzVk
LzEvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAUFqyMAwD
BAJQWrQDBAZQWoAwDQYJKoZIhvcNAQELBQADggEBAM8hRRaT6K95VKN3t2utIiRh
RRxgEq9FWWWQMeMgVU66y2at+yqfehAWX2ipNr57QFsMtbD4MnRu29i2npD+FJxV
JnaDZq5AGcqghK02LNobTYZL+c9dG1iG/qC+UxdVNiP3SkXB0+Kt7nFWhysiLCPE
nslwiJJRo9talUUWnGHu0kLr21cLBQMgDqJE3G4ZvFPEzWU0acT3nmjG+TVy5B7n
PM7HrQt6ZDPR/V7vVeg2M7sNMPeS6T6JpRV1aKcgIOijhNW2NsujfoUBlzyAIWYE
NVhA9zgsFpk94ZT/wB6sds6tYBVZrTaTwFjtVwIFlXZkv/8PUEowbqWlaQMkYwg=
-----END CERTIFICATE-----