Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/YColBce1P8QV6dzwd3BQxfb0bW8.roa
File:                     YColBce1P8QV6dzwd3BQxfb0bW8.roa (raw, json)
Hash identifier:          Y+U0uh0d0L8YbI91riCmE6Asc9FINzw4Y3Ujz9SWSEY=
Subject key identifier:   60:2A:25:05:C7:B5:3F:C4:15:E9:DC:F0:77:70:50:C5:F6:F4:6D:6F
Certificate issuer:       /CN=47aa878f76b50947cbd7deca04ac832e287b514d
Certificate serial:       0199E843751B492291955FD463EA2FD20AE9
Authority key identifier: 47:AA:87:8F:76:B5:09:47:CB:D7:DE:CA:04:AC:83:2E:28:7B:51:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R6qHj3a1CUfL197KBKyDLih7UU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/YColBce1P8QV6dzwd3BQxfb0bW8.roa
Signing time:             Wed 15 Oct 2025 14:25:58 +0000
ROA not before:           Wed 15 Oct 2025 14:25:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        194.61.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/R6qHj3a1CUfL197KBKyDLih7UU0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/R6qHj3a1CUfL197KBKyDLih7UU0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R6qHj3a1CUfL197KBKyDLih7UU0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 17:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e8:43:75:1b:49:22:91:95:5f:d4:63:ea:2f:d2:0a:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47aa878f76b50947cbd7deca04ac832e287b514d
        Validity
            Not Before: Oct 15 14:25:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=602a2505c7b53fc415e9dcf0777050c5f6f46d6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:d3:1b:66:37:c2:4c:fc:7f:f5:a4:52:87:50:
                    c2:4f:6e:b3:3c:43:db:ec:f4:78:63:2f:f1:ba:08:
                    ea:bb:db:eb:c5:9b:90:7e:6e:c5:04:67:88:47:2b:
                    2f:cf:ba:09:03:3e:d3:9e:11:da:a6:55:72:a5:b9:
                    79:3d:21:88:c4:63:05:c4:61:f4:9a:b7:82:e0:4e:
                    92:1f:07:81:2c:b3:96:25:d6:e7:92:30:9b:10:7b:
                    d7:b8:27:2e:30:0c:d6:f8:ca:aa:51:b2:1a:f7:2f:
                    37:67:d5:bb:0f:d4:4d:a8:c6:4c:d5:7f:35:a9:ce:
                    74:98:f7:76:72:74:20:38:e4:cf:84:d9:c2:be:0f:
                    de:f2:f3:50:e6:7b:b2:8f:11:0c:de:47:44:4c:ee:
                    0b:42:4b:3b:10:06:b1:3d:d9:54:29:aa:ae:87:c7:
                    f4:72:30:6a:27:b1:4d:c7:58:47:ae:c4:e2:f9:a9:
                    e6:f7:58:90:dd:48:94:09:25:63:c4:de:92:8b:c6:
                    be:b8:2b:67:ee:51:f1:a3:c4:b6:03:f6:8e:8c:89:
                    24:e3:65:f6:c1:9f:45:fe:d3:d5:cb:ff:b0:bf:d8:
                    a7:04:81:fe:c8:ad:ca:0e:a7:e1:72:11:30:02:b5:
                    34:b6:c6:a0:dd:9e:89:d3:ec:1a:6f:a1:64:53:57:
                    6c:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:2A:25:05:C7:B5:3F:C4:15:E9:DC:F0:77:70:50:C5:F6:F4:6D:6F
            X509v3 Authority Key Identifier:
                keyid:47:AA:87:8F:76:B5:09:47:CB:D7:DE:CA:04:AC:83:2E:28:7B:51:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R6qHj3a1CUfL197KBKyDLih7UU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/YColBce1P8QV6dzwd3BQxfb0bW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/R6qHj3a1CUfL197KBKyDLih7UU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:7b:58:1f:dd:d3:6f:2e:8e:cb:a4:ae:6d:5f:91:34:bc:5b:
         96:23:57:e1:3a:12:29:92:e5:38:10:0f:12:8a:6f:1b:e3:56:
         fb:cc:a4:61:9a:5b:46:86:da:c6:16:23:48:0c:cc:e3:da:ec:
         2d:14:30:49:11:de:6f:86:49:2b:d6:e8:c2:ab:58:82:9e:57:
         74:3a:53:f7:d2:94:27:45:b0:15:b8:aa:5c:d5:d4:6b:27:90:
         80:6f:51:e1:27:5b:1a:39:5b:af:b7:9e:fc:37:b7:24:26:71:
         d4:bd:05:61:1f:75:7f:aa:22:bc:cd:6c:7c:c9:7b:fd:15:67:
         c6:98:85:00:78:6c:73:fb:bf:1e:e9:96:a3:2c:81:27:c0:f8:
         f3:45:2d:2d:51:7e:d0:a4:1d:8f:9f:f1:c7:81:34:ca:5a:16:
         8c:7b:9f:c2:8e:20:d5:5d:22:ae:c1:1b:f4:6d:33:ec:8d:e6:
         89:f2:05:b2:af:95:b0:a8:e7:ee:29:cd:a6:57:e0:34:6b:de:
         72:01:7c:b5:50:59:9d:4b:a6:f0:af:56:dd:5f:7d:3a:39:15:
         a2:0c:36:e3:b6:86:1b:87:6e:c0:35:0f:02:b1:2e:61:56:1f:
         0c:70:d6:e2:4b:c1:6d:cf:96:f5:fa:97:da:ba:05:44:0d:52:
         75:c0:6b:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnoQ3UbSSKRlV/UY+ov0grpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3YWE4NzhmNzZiNTA5NDdjYmQ3ZGVjYTA0YWM4MzJlMjg3
YjUxNGQwHhcNMjUxMDE1MTQyNTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDJhMjUwNWM3YjUzZmM0MTVlOWRjZjA3NzcwNTBjNWY2ZjQ2ZDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNMbZjfCTPx/9aRSh1DCT26zPEPb
7PR4Yy/xugjqu9vrxZuQfm7FBGeIRysvz7oJAz7TnhHaplVypbl5PSGIxGMFxGH0
mreC4E6SHweBLLOWJdbnkjCbEHvXuCcuMAzW+MqqUbIa9y83Z9W7D9RNqMZM1X81
qc50mPd2cnQgOOTPhNnCvg/e8vNQ5nuyjxEM3kdETO4LQks7EAaxPdlUKaquh8f0
cjBqJ7FNx1hHrsTi+anm91iQ3UiUCSVjxN6Si8a+uCtn7lHxo8S2A/aOjIkk42X2
wZ9F/tPVy/+wv9inBIH+yK3KDqfhchEwArU0tsag3Z6J0+wab6FkU1dsiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGAqJQXHtT/EFenc8HdwUMX29G1vMB8GA1UdIwQY
MBaAFEeqh492tQlHy9feygSsgy4oe1FNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjZxSGozYTFDVWZMMTk3S0JLeURMaWg3VVUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jMWFiMjYtMjhiMC00NjM3LWI1MWIt
Mzk5MmM1NGUxODdiLzEvWUNvbEJjZTFQOFFWNmR6d2QzQlF4ZmIwYlc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jMWFiMjYtMjhiMC00NjM3LWI1MWItMzk5MmM1NGUxODdi
LzEvUjZxSGozYTFDVWZMMTk3S0JLeURMaWg3VVUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwj1qMA0G
CSqGSIb3DQEBCwUAA4IBAQA9e1gf3dNvLo7LpK5tX5E0vFuWI1fhOhIpkuU4EA8S
im8b41b7zKRhmltGhtrGFiNIDMzj2uwtFDBJEd5vhkkr1ujCq1iCnld0OlP30pQn
RbAVuKpc1dRrJ5CAb1HhJ1saOVuvt578N7ckJnHUvQVhH3V/qiK8zWx8yXv9FWfG
mIUAeGxz+78e6ZajLIEnwPjzRS0tUX7QpB2Pn/HHgTTKWhaMe5/CjiDVXSKuwRv0
bTPsjeaJ8gWyr5WwqOfuKc2mV+A0a95yAXy1UFmdS6bwr1bdX306ORWiDDbjtoYb
h27ANQ8CsS5hVh8McNbiS8Ftz5b1+pfaugVEDVJ1wGtC
-----END CERTIFICATE-----