Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/yvdzEW3FCK_DR-G02lkQQdbRQAI.roa
File:                     yvdzEW3FCK_DR-G02lkQQdbRQAI.roa (raw, json)
Hash identifier:          DbDzmQr+k0pfrpn1+9Hus5Xe2dZiBM7iMvSkJABKzQQ=
Subject key identifier:   CA:F7:73:11:6D:C5:08:AF:C3:47:E1:B4:DA:59:10:41:D6:D1:40:02
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       01983658314F11091D1906A3411895351AE4
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/yvdzEW3FCK_DR-G02lkQQdbRQAI.roa
Signing time:             Wed 23 Jul 2025 08:13:26 +0000
ROA not before:           Wed 23 Jul 2025 08:13:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12312
IP address blocks:        194.68.152.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 06:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:36:58:31:4f:11:09:1d:19:06:a3:41:18:95:35:1a:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jul 23 08:13:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=caf773116dc508afc347e1b4da591041d6d14002
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b5:f9:99:0e:73:f0:ff:3f:13:b0:98:c5:2f:
                    26:9f:e8:eb:88:43:4e:eb:d5:82:f1:8f:08:26:26:
                    df:54:57:d4:28:f7:82:3b:4b:35:e3:90:74:76:4e:
                    30:d2:4b:10:23:87:78:bb:86:5b:a2:89:47:69:96:
                    52:04:1c:5c:40:5a:0f:b3:38:53:2f:2d:6c:b3:4d:
                    c8:8e:19:aa:60:ec:65:e2:0f:69:35:ca:e0:1b:06:
                    7e:6b:4e:2e:53:b3:c2:2f:a3:18:e2:5d:7e:bb:09:
                    ed:90:0a:3d:6e:f9:1d:4f:bc:3b:2d:dc:db:f9:c4:
                    a6:b2:b2:f2:58:ae:57:35:73:99:20:fc:6e:b0:04:
                    e9:53:1c:7a:81:cd:65:4a:fa:0f:fc:a5:a2:03:22:
                    42:a0:db:3f:8d:24:d8:96:57:1a:99:0c:88:ac:bb:
                    66:fd:d1:d4:be:ec:5b:65:9b:23:c0:d1:a8:7d:4b:
                    5b:11:b6:00:31:05:ec:81:a9:2f:6a:cc:de:68:c1:
                    55:23:51:3f:a9:11:a6:27:9d:48:b7:54:64:c0:16:
                    05:99:d3:59:e3:39:e3:8f:6d:6c:71:a5:3c:d4:0a:
                    92:1c:14:5c:29:50:a5:fe:a0:a7:fd:e8:b2:ba:bd:
                    3b:04:df:88:4a:e1:94:5a:fb:f9:af:3e:ef:57:90:
                    1b:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:F7:73:11:6D:C5:08:AF:C3:47:E1:B4:DA:59:10:41:D6:D1:40:02
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/yvdzEW3FCK_DR-G02lkQQdbRQAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.68.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2d:1d:e2:f9:8e:05:d7:fd:26:37:e6:0a:fa:50:9e:06:ea:9b:
         cf:74:42:ab:80:92:3f:2e:bd:5b:59:bc:1f:85:af:3f:0c:bc:
         17:8f:2d:25:71:2a:49:c4:d6:0e:6e:25:a8:95:e3:d8:b9:9c:
         5f:b7:90:f6:a4:ce:d3:fe:e8:31:3c:5e:63:70:42:77:75:62:
         b4:56:8e:66:c5:6d:ec:de:89:6a:33:b2:9a:56:83:c4:4f:23:
         dd:ac:f6:82:12:fd:a5:0e:11:b6:9f:df:64:e7:fb:3a:53:d9:
         9f:2f:77:68:66:4a:13:70:c4:22:d3:e9:93:b4:f5:e9:0a:da:
         6d:70:4f:dc:4b:c2:7c:5e:30:8a:d4:24:d3:e0:89:02:46:be:
         7a:bb:21:10:e4:d4:35:73:e9:21:f6:36:50:5f:7d:4e:2e:ec:
         2f:99:3e:aa:2d:7f:03:29:51:5e:5f:c1:1d:91:bb:11:c0:a4:
         eb:c8:e1:4c:63:b3:63:25:a1:41:bd:c5:82:dc:cd:02:c9:c3:
         b5:aa:70:4f:33:1f:86:08:b0:e3:28:44:0d:8e:97:08:65:28:
         39:49:f0:24:c7:5e:cb:1d:31:c7:2f:f7:b6:f9:1e:ce:c9:e9:
         7c:17:a1:69:15:6d:93:78:b0:f9:0f:47:a9:bc:bd:c1:b3:9b:
         fe:37:43:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZg2WDFPEQkdGQajQRiVNRrkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwNzIzMDgxMzI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWY3NzMxMTZkYzUwOGFmYzM0N2UxYjRkYTU5MTA0MWQ2ZDE0MDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurX5mQ5z8P8/E7CYxS8mn+jriENO
69WC8Y8IJibfVFfUKPeCO0s145B0dk4w0ksQI4d4u4ZboolHaZZSBBxcQFoPszhT
Ly1ss03IjhmqYOxl4g9pNcrgGwZ+a04uU7PCL6MY4l1+uwntkAo9bvkdT7w7Ldzb
+cSmsrLyWK5XNXOZIPxusATpUxx6gc1lSvoP/KWiAyJCoNs/jSTYllcamQyIrLtm
/dHUvuxbZZsjwNGofUtbEbYAMQXsgakvaszeaMFVI1E/qRGmJ51It1RkwBYFmdNZ
4znjj21scaU81AqSHBRcKVCl/qCn/eiyur07BN+ISuGUWvv5rz7vV5AbmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMr3cxFtxQivw0fhtNpZEEHW0UACMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEveXZkekVXM0ZDS19EUi1HMDJsa1FRZGJSUUFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwkSYMA0G
CSqGSIb3DQEBCwUAA4IBAQAtHeL5jgXX/SY35gr6UJ4G6pvPdEKrgJI/Lr1bWbwf
ha8/DLwXjy0lcSpJxNYObiWolePYuZxft5D2pM7T/ugxPF5jcEJ3dWK0Vo5mxW3s
3olqM7KaVoPETyPdrPaCEv2lDhG2n99k5/s6U9mfL3doZkoTcMQi0+mTtPXpCtpt
cE/cS8J8XjCK1CTT4IkCRr56uyEQ5NQ1c+kh9jZQX31OLuwvmT6qLX8DKVFeX8Ed
kbsRwKTryOFMY7NjJaFBvcWC3M0CycO1qnBPMx+GCLDjKEQNjpcIZSg5SfAkx17L
HTHHL/e2+R7Oyel8F6FpFW2TeLD5D0epvL3Bs5v+N0M/
-----END CERTIFICATE-----