Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/7c4e32-6c20-41c1-a85f-fdd3a815abb8/1/YZ1rgmmdGJTdnaDAgDl2-yE974E.roa
File:                     YZ1rgmmdGJTdnaDAgDl2-yE974E.roa (raw, json)
Hash identifier:          Lb3bg3bm9QZky/VWwidZy1sN1eo2ThSodX/AgWbvOtQ=
Subject key identifier:   61:9D:6B:82:69:9D:18:94:DD:9D:A0:C0:80:39:76:FB:21:3D:EF:81
Certificate issuer:       /CN=c5338efce4494f5b925f0e9af73651c1cbf1e04c
Certificate serial:       01991460AC7BA3BEC496FAA0CD44566571D6
Authority key identifier: C5:33:8E:FC:E4:49:4F:5B:92:5F:0E:9A:F7:36:51:C1:CB:F1:E0:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xTOO_ORJT1uSXw6a9zZRwcvx4Ew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/7c4e32-6c20-41c1-a85f-fdd3a815abb8/1/YZ1rgmmdGJTdnaDAgDl2-yE974E.roa
Signing time:             Thu 04 Sep 2025 10:58:23 +0000
ROA not before:           Thu 04 Sep 2025 10:58:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205672
IP address blocks:        195.137.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/7c4e32-6c20-41c1-a85f-fdd3a815abb8/1/xTOO_ORJT1uSXw6a9zZRwcvx4Ew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/7c4e32-6c20-41c1-a85f-fdd3a815abb8/1/xTOO_ORJT1uSXw6a9zZRwcvx4Ew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xTOO_ORJT1uSXw6a9zZRwcvx4Ew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 04:02:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:14:60:ac:7b:a3:be:c4:96:fa:a0:cd:44:56:65:71:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5338efce4494f5b925f0e9af73651c1cbf1e04c
        Validity
            Not Before: Sep  4 10:58:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=619d6b82699d1894dd9da0c0803976fb213def81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:03:ba:91:52:a5:92:d5:40:93:81:5a:30:0e:
                    42:b1:a3:66:3d:77:79:e4:62:da:63:f3:fc:1f:82:
                    49:9c:88:a5:05:f5:c6:de:ca:3a:4c:64:8c:f8:e4:
                    8c:97:06:ba:c1:03:2d:cf:fd:c8:56:94:1f:d6:a0:
                    51:52:c1:ee:c5:da:66:28:fa:ac:a4:60:78:21:53:
                    1a:54:ad:3d:07:a9:0a:f7:05:8f:91:31:4f:ac:8b:
                    ec:3e:27:d2:0a:cc:c7:07:27:b8:13:eb:94:44:25:
                    26:4a:93:a4:4c:29:47:16:08:2e:ed:00:96:d5:5a:
                    4e:51:3b:13:38:a0:7d:c7:b1:97:4e:5d:57:48:22:
                    2e:43:08:44:eb:55:23:0f:3c:0a:d8:80:a2:aa:20:
                    85:8d:0b:71:2b:ea:14:af:4a:33:53:72:62:9f:8f:
                    3c:9e:b4:a5:7f:22:8f:3b:e9:8b:67:c7:c6:ab:9c:
                    c4:e6:0c:32:cb:84:9d:65:6a:a7:85:ac:41:cb:d0:
                    74:f4:0b:e2:0d:a1:28:a9:61:a4:44:c1:9a:a5:28:
                    80:0d:5c:59:d4:9d:79:3b:88:21:7a:71:0e:57:b8:
                    5c:bc:e8:db:f7:43:76:4f:78:90:7d:85:2d:96:8c:
                    ba:f9:c8:f9:08:b3:bc:dd:ba:f2:d7:c1:c3:d0:df:
                    d9:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:9D:6B:82:69:9D:18:94:DD:9D:A0:C0:80:39:76:FB:21:3D:EF:81
            X509v3 Authority Key Identifier:
                keyid:C5:33:8E:FC:E4:49:4F:5B:92:5F:0E:9A:F7:36:51:C1:CB:F1:E0:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xTOO_ORJT1uSXw6a9zZRwcvx4Ew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/7c4e32-6c20-41c1-a85f-fdd3a815abb8/1/YZ1rgmmdGJTdnaDAgDl2-yE974E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/7c4e32-6c20-41c1-a85f-fdd3a815abb8/1/xTOO_ORJT1uSXw6a9zZRwcvx4Ew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.137.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:3c:ef:39:78:be:bb:ae:a6:a8:e8:e8:f0:69:61:12:33:e0:
         31:83:ec:8d:13:ec:2b:83:48:b4:fc:b4:b8:35:c8:58:79:31:
         1e:55:de:35:f8:f8:69:e8:8a:c2:98:03:bb:44:0a:73:a0:11:
         1b:d0:55:6d:3a:06:dc:33:19:fb:9d:eb:45:2f:24:2d:a0:5c:
         03:ff:41:9c:c3:d2:e4:4b:e0:a7:e3:d9:29:4f:ff:b5:9b:cd:
         aa:3e:33:87:95:10:c5:3e:f3:fa:08:f2:0a:c2:bb:98:90:f3:
         b4:37:6c:69:19:9d:31:95:fc:d5:ba:45:5d:3b:37:12:78:4d:
         a4:9a:12:59:9b:14:85:fb:b6:f4:c4:be:61:06:cf:af:1c:c1:
         4b:e7:5e:cd:40:e3:ae:6d:c1:66:a0:3a:0e:cf:8a:89:e0:fb:
         bd:ec:1c:0a:5e:7f:aa:d0:50:a7:16:5c:80:96:96:5f:1b:02:
         e9:4e:e2:3f:05:ca:7f:26:82:fc:de:46:bb:bf:52:76:35:a8:
         9f:5c:f7:3a:e5:43:00:32:1a:51:ae:6d:7f:05:2a:3d:68:29:
         c9:9c:d7:50:8c:01:49:84:38:dc:ae:ab:bf:82:77:c6:99:68:
         49:dd:73:c1:a6:83:af:e4:41:2a:c8:0a:2d:4d:c2:97:fd:33:
         37:11:f1:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkUYKx7o77ElvqgzURWZXHWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1MzM4ZWZjZTQ0OTRmNWI5MjVmMGU5YWY3MzY1MWMxY2Jm
MWUwNGMwHhcNMjUwOTA0MTA1ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTlkNmI4MjY5OWQxODk0ZGQ5ZGEwYzA4MDM5NzZmYjIxM2RlZjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzAO6kVKlktVAk4FaMA5CsaNmPXd5
5GLaY/P8H4JJnIilBfXG3so6TGSM+OSMlwa6wQMtz/3IVpQf1qBRUsHuxdpmKPqs
pGB4IVMaVK09B6kK9wWPkTFPrIvsPifSCszHBye4E+uURCUmSpOkTClHFggu7QCW
1VpOUTsTOKB9x7GXTl1XSCIuQwhE61UjDzwK2ICiqiCFjQtxK+oUr0ozU3Jin488
nrSlfyKPO+mLZ8fGq5zE5gwyy4SdZWqnhaxBy9B09AviDaEoqWGkRMGapSiADVxZ
1J15O4ghenEOV7hcvOjb90N2T3iQfYUtloy6+cj5CLO83bry18HD0N/ZXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGGda4JpnRiU3Z2gwIA5dvshPe+BMB8GA1UdIwQY
MBaAFMUzjvzkSU9bkl8Omvc2UcHL8eBMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFRPT19PUkpUMXVTWHc2YTl6WlJ3Y3Z4NEV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS83YzRlMzItNmMyMC00MWMxLWE4NWYt
ZmRkM2E4MTVhYmI4LzEvWVoxcmdtbWRHSlRkbmFEQWdEbDIteUU5NzRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS83YzRlMzItNmMyMC00MWMxLWE4NWYtZmRkM2E4MTVhYmI4
LzEveFRPT19PUkpUMXVTWHc2YTl6WlJ3Y3Z4NEV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4miMA0G
CSqGSIb3DQEBCwUAA4IBAQBaPO85eL67rqao6OjwaWESM+Axg+yNE+wrg0i0/LS4
NchYeTEeVd41+Php6IrCmAO7RApzoBEb0FVtOgbcMxn7netFLyQtoFwD/0Gcw9Lk
S+Cn49kpT/+1m82qPjOHlRDFPvP6CPIKwruYkPO0N2xpGZ0xlfzVukVdOzcSeE2k
mhJZmxSF+7b0xL5hBs+vHMFL517NQOOubcFmoDoOz4qJ4Pu97BwKXn+q0FCnFlyA
lpZfGwLpTuI/Bcp/JoL83ka7v1J2NaifXPc65UMAMhpRrm1/BSo9aCnJnNdQjAFJ
hDjcrqu/gnfGmWhJ3XPBpoOv5EEqyAotTcKX/TM3EfGy
-----END CERTIFICATE-----