Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/yDLDs_9-xCJNS7Lq59X6rTIHpaM.roa
File:                     yDLDs_9-xCJNS7Lq59X6rTIHpaM.roa (raw, json)
Hash identifier:          mZAephRDHWr1NJfSrOQS8hE88/V7vwaKpzI1ny1rx80=
Subject key identifier:   C8:32:C3:B3:FF:7E:C4:22:4D:4B:B2:EA:E7:D5:FA:AD:32:07:A5:A3
Certificate issuer:       /CN=addd2a815060aa7e621a2094349758b2036896f0
Certificate serial:       0197EE73FE8DA72A5081573C24617CC6DF92
Authority key identifier: AD:DD:2A:81:50:60:AA:7E:62:1A:20:94:34:97:58:B2:03:68:96:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rd0qgVBgqn5iGiCUNJdYsgNolvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/yDLDs_9-xCJNS7Lq59X6rTIHpaM.roa
Signing time:             Wed 09 Jul 2025 09:11:08 +0000
ROA not before:           Wed 09 Jul 2025 09:11:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21445
IP address blocks:        188.119.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/rd0qgVBgqn5iGiCUNJdYsgNolvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/rd0qgVBgqn5iGiCUNJdYsgNolvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rd0qgVBgqn5iGiCUNJdYsgNolvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 00:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ee:73:fe:8d:a7:2a:50:81:57:3c:24:61:7c:c6:df:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=addd2a815060aa7e621a2094349758b2036896f0
        Validity
            Not Before: Jul  9 09:11:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c832c3b3ff7ec4224d4bb2eae7d5faad3207a5a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:99:6d:7c:ff:8a:87:25:70:d0:38:de:5d:6f:
                    c4:17:a2:97:79:a9:90:cc:c7:04:bc:f5:b0:dd:93:
                    ba:48:55:07:b4:8b:8d:51:44:b2:e7:a8:49:df:21:
                    0a:7f:71:d1:e2:c9:cb:c6:ff:76:12:78:e0:e2:ec:
                    a6:1f:73:63:ee:9b:b7:ca:14:46:9e:b4:e9:33:4b:
                    57:87:75:d5:f6:4d:3c:f9:d8:ff:f0:5a:57:ea:57:
                    01:ab:95:ff:22:73:a6:7b:23:15:0a:01:6e:da:6a:
                    9c:9f:79:3a:1f:5a:b0:cb:6f:f6:84:dc:ee:aa:5c:
                    76:5c:23:3b:6c:4d:41:59:47:95:e4:7e:0a:d9:05:
                    35:ad:1f:fd:69:dd:ab:09:99:df:2a:b9:80:9f:15:
                    c7:11:0e:bc:50:83:f9:de:0f:9f:c3:02:ac:12:2a:
                    86:dc:06:0e:da:1c:16:8a:50:ff:e5:eb:f8:86:30:
                    b3:1d:68:8c:bd:e0:94:2a:c7:4c:5c:7b:86:d9:41:
                    f0:b2:28:35:77:87:1d:ba:03:f0:bc:e8:92:15:56:
                    f8:c7:bd:bd:c4:de:25:4d:01:68:87:e9:ec:bd:1f:
                    5a:b4:0c:4a:ec:94:96:ee:1c:a8:af:71:51:fa:17:
                    48:eb:67:13:76:44:4b:20:eb:c8:55:71:fd:51:77:
                    05:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:32:C3:B3:FF:7E:C4:22:4D:4B:B2:EA:E7:D5:FA:AD:32:07:A5:A3
            X509v3 Authority Key Identifier:
                keyid:AD:DD:2A:81:50:60:AA:7E:62:1A:20:94:34:97:58:B2:03:68:96:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rd0qgVBgqn5iGiCUNJdYsgNolvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/yDLDs_9-xCJNS7Lq59X6rTIHpaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/rd0qgVBgqn5iGiCUNJdYsgNolvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.119.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:f4:7c:56:ba:79:08:3a:14:04:3e:b9:36:31:3b:a9:31:18:
         18:81:79:92:1e:43:17:a4:25:75:70:e4:02:f9:e3:76:ae:01:
         e3:43:69:b7:a6:64:fb:0f:a4:c3:24:c0:76:4b:ce:41:f1:d0:
         bc:a4:0f:18:3a:6d:6d:88:8a:fc:15:d5:67:36:b7:39:7b:a3:
         e0:42:55:c2:10:bd:0b:7a:4c:45:0b:1a:df:aa:a3:44:56:13:
         a5:16:11:95:6b:44:b3:c3:b8:a6:5d:bf:53:34:61:ed:4e:81:
         57:8d:c4:4f:7d:12:6e:15:f5:cf:b8:00:34:f5:a2:5a:70:67:
         4c:6b:62:a6:22:9a:d5:29:d2:01:78:7b:70:04:12:dc:a6:50:
         60:b8:68:42:0b:1e:14:4a:d0:41:8e:17:a0:7e:a5:41:20:af:
         00:d5:eb:ed:89:1a:ae:67:22:7a:cc:3f:c9:23:3c:58:08:69:
         16:88:79:b7:28:54:e8:db:4f:9a:7d:db:ce:79:4e:46:4a:f7:
         46:9a:08:d8:03:b7:00:d2:5b:fa:13:6d:dc:6e:39:e8:f8:73:
         e8:2b:11:69:90:42:d4:cc:01:05:0a:04:08:6b:49:98:c5:0c:
         ea:a4:fd:90:d6:35:77:69:93:e8:6f:0b:01:42:29:13:72:61:
         0d:95:d6:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfuc/6NpypQgVc8JGF8xt+SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZGQyYTgxNTA2MGFhN2U2MjFhMjA5NDM0OTc1OGIyMDM2
ODk2ZjAwHhcNMjUwNzA5MDkxMTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODMyYzNiM2ZmN2VjNDIyNGQ0YmIyZWFlN2Q1ZmFhZDMyMDdhNWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJltfP+KhyVw0DjeXW/EF6KXeamQ
zMcEvPWw3ZO6SFUHtIuNUUSy56hJ3yEKf3HR4snLxv92Enjg4uymH3Nj7pu3yhRG
nrTpM0tXh3XV9k08+dj/8FpX6lcBq5X/InOmeyMVCgFu2mqcn3k6H1qwy2/2hNzu
qlx2XCM7bE1BWUeV5H4K2QU1rR/9ad2rCZnfKrmAnxXHEQ68UIP53g+fwwKsEiqG
3AYO2hwWilD/5ev4hjCzHWiMveCUKsdMXHuG2UHwsig1d4cdugPwvOiSFVb4x729
xN4lTQFoh+nsvR9atAxK7JSW7hyor3FR+hdI62cTdkRLIOvIVXH9UXcFwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMgyw7P/fsQiTUuy6ufV+q0yB6WjMB8GA1UdIwQY
MBaAFK3dKoFQYKp+YhoglDSXWLIDaJbwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmQwcWdWQmdxbjVpR2lDVU5KZFlzZ05vbHZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9lNGZhNDgtM2JlOC00ZmEzLWE0MzYt
OGEwZDBiZjBiNTc3LzEveURMRHNfOS14Q0pOUzdMcTU5WDZyVElIcGFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9lNGZhNDgtM2JlOC00ZmEzLWE0MzYtOGEwZDBiZjBiNTc3
LzEvcmQwcWdWQmdxbjVpR2lDVU5KZFlzZ05vbHZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvHdNMA0G
CSqGSIb3DQEBCwUAA4IBAQAr9HxWunkIOhQEPrk2MTupMRgYgXmSHkMXpCV1cOQC
+eN2rgHjQ2m3pmT7D6TDJMB2S85B8dC8pA8YOm1tiIr8FdVnNrc5e6PgQlXCEL0L
ekxFCxrfqqNEVhOlFhGVa0Szw7imXb9TNGHtToFXjcRPfRJuFfXPuAA09aJacGdM
a2KmIprVKdIBeHtwBBLcplBguGhCCx4UStBBjhegfqVBIK8A1evtiRquZyJ6zD/J
IzxYCGkWiHm3KFTo20+afdvOeU5GSvdGmgjYA7cA0lv6E23cbjno+HPoKxFpkELU
zAEFCgQIa0mYxQzqpP2Q1jV3aZPobwsBQikTcmENldb7
-----END CERTIFICATE-----