Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/yHBye4nlaaxTAtDNDXQDzEX11B8.roa
File:                     yHBye4nlaaxTAtDNDXQDzEX11B8.roa (raw, json)
Hash identifier:          0oqnKR/h/3antDNOJoHgCBtABVjV/H49DAa5RcH6OnE=
Subject key identifier:   C8:70:72:7B:89:E5:69:AC:53:02:D0:CD:0D:74:03:CC:45:F5:D4:1F
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       01999975E0FD9AD4B28A081926124887BABF
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/yHBye4nlaaxTAtDNDXQDzEX11B8.roa
Signing time:             Tue 30 Sep 2025 07:11:03 +0000
ROA not before:           Tue 30 Sep 2025 07:11:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202496
IP address blocks:        2a06:fe44::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 06:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:99:75:e0:fd:9a:d4:b2:8a:08:19:26:12:48:87:ba:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Sep 30 07:11:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c870727b89e569ac5302d0cd0d7403cc45f5d41f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d6:72:64:87:97:63:56:97:f7:a5:c1:3f:5b:
                    42:cf:22:cb:58:bc:da:e2:c8:fb:c8:95:0c:c5:41:
                    f4:a7:dd:bc:1d:84:59:1a:ba:49:e9:9f:56:96:58:
                    ed:77:31:7e:da:78:3f:6d:50:53:15:d9:40:00:11:
                    b7:5c:55:58:7d:84:59:1c:c4:12:7a:98:60:a7:11:
                    25:b7:7a:a9:c9:48:25:6e:ef:bc:76:20:ca:d5:33:
                    51:d2:88:95:3e:b3:1b:b2:69:46:28:db:4e:23:25:
                    a0:5e:21:ec:1e:6a:50:bd:e9:ec:fd:b9:98:89:fb:
                    82:98:2e:1b:e9:4f:de:41:55:ff:cd:97:17:3a:e9:
                    b6:07:2a:05:94:d6:83:38:be:7e:86:94:42:8e:58:
                    5f:4b:18:e2:21:99:68:b2:7f:22:27:c4:b2:95:f9:
                    dc:40:7c:c8:f1:30:89:7d:d2:39:5d:16:70:c8:21:
                    59:c8:45:d4:81:83:2b:e9:bc:6f:b6:dd:19:9b:83:
                    8b:c7:e5:f6:fb:82:1a:e2:d5:55:4b:66:5b:49:a9:
                    a2:b6:1f:61:c5:b2:59:65:13:fc:78:ea:d0:45:23:
                    f6:4a:7e:cd:ee:f8:20:4a:56:1e:ca:5a:ee:46:7b:
                    cd:a6:bb:eb:1a:96:95:ca:fc:53:0d:c0:99:8b:b4:
                    9e:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:70:72:7B:89:E5:69:AC:53:02:D0:CD:0D:74:03:CC:45:F5:D4:1F
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/yHBye4nlaaxTAtDNDXQDzEX11B8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:fe44::/32

    Signature Algorithm: sha256WithRSAEncryption
         04:5f:f2:97:d6:98:4b:37:96:3c:91:4c:2c:7d:cd:d0:b0:15:
         bf:53:be:bf:96:5c:d8:c3:0c:15:0c:12:73:ed:bf:db:c8:e4:
         5c:ec:35:c1:4c:7b:d7:b1:83:d0:98:bd:de:5a:9c:49:5b:97:
         54:77:3f:1a:a1:e8:78:86:48:7a:17:f4:c5:02:53:16:77:28:
         ad:de:a4:58:62:11:98:9e:77:01:b7:b3:93:7d:78:94:4c:f4:
         b3:ee:2e:c3:b3:55:b4:bb:2b:c6:7f:a0:ce:af:2b:4b:a2:e2:
         20:b5:ab:36:e2:10:71:62:b2:f5:ca:22:05:5a:e9:b7:c0:81:
         49:61:92:da:17:0f:c5:04:e7:53:a7:c5:18:8b:af:d1:df:ef:
         d8:92:ae:34:79:c3:45:6e:63:3c:90:a9:1d:24:1e:fb:57:b1:
         03:11:46:be:2f:3d:62:e4:6f:d7:a5:c0:11:42:a7:4a:4c:00:
         0f:80:b2:9a:a8:e2:7a:3c:b5:2c:15:ea:3a:96:bd:e8:04:b0:
         40:4a:02:aa:54:e5:96:c7:ca:b2:4b:99:ed:a8:4f:28:5b:31:
         f9:e4:c7:69:36:54:a1:73:5b:72:f5:34:5a:85:6e:8e:18:49:
         1e:1c:4d:1b:ca:7d:61:3b:a6:8f:99:49:be:60:c3:d8:c5:cc:
         0b:0c:ce:ce
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZmZdeD9mtSyiggZJhJIh7q/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwOTMwMDcxMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODcwNzI3Yjg5ZTU2OWFjNTMwMmQwY2QwZDc0MDNjYzQ1ZjVkNDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNZyZIeXY1aX96XBP1tCzyLLWLza
4sj7yJUMxUH0p928HYRZGrpJ6Z9WlljtdzF+2ng/bVBTFdlAABG3XFVYfYRZHMQS
ephgpxElt3qpyUglbu+8diDK1TNR0oiVPrMbsmlGKNtOIyWgXiHsHmpQvens/bmY
ifuCmC4b6U/eQVX/zZcXOum2ByoFlNaDOL5+hpRCjlhfSxjiIZlosn8iJ8Sylfnc
QHzI8TCJfdI5XRZwyCFZyEXUgYMr6bxvtt0Zm4OLx+X2+4Ia4tVVS2ZbSamith9h
xbJZZRP8eOrQRSP2Sn7N7vggSlYeylruRnvNprvrGpaVyvxTDcCZi7Se/wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMhwcnuJ5WmsUwLQzQ10A8xF9dQfMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEveUhCeWU0bmxhYXhUQXRETkRYUUR6RVgxMUI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgb+RDAN
BgkqhkiG9w0BAQsFAAOCAQEABF/yl9aYSzeWPJFMLH3N0LAVv1O+v5Zc2MMMFQwS
c+2/28jkXOw1wUx717GD0Ji93lqcSVuXVHc/GqHoeIZIehf0xQJTFncord6kWGIR
mJ53Abezk314lEz0s+4uw7NVtLsrxn+gzq8rS6LiILWrNuIQcWKy9coiBVrpt8CB
SWGS2hcPxQTnU6fFGIuv0d/v2JKuNHnDRW5jPJCpHSQe+1exAxFGvi89YuRv16XA
EUKnSkwAD4Cymqjiejy1LBXqOpa96ASwQEoCqlTllsfKskuZ7ahPKFsx+eTHaTZU
oXNbcvU0WoVujhhJHhxNG8p9YTumj5lJvmDD2MXMCwzOzg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:53:04 2025 by rpki-client