Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/wymauMyBuObkHcbqyELmxjQb01A.roa
File:                     wymauMyBuObkHcbqyELmxjQb01A.roa (raw, json)
Hash identifier:          HxJBpDrPaBDtEaSkhWhZ9cERTihSHcWb9s0UVwiCrmI=
Subject key identifier:   C3:29:9A:B8:CC:81:B8:E6:E4:1D:C6:EA:C8:42:E6:C6:34:1B:D3:50
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       0197F58080251375A7B90F1327E326448800
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/wymauMyBuObkHcbqyELmxjQb01A.roa
Signing time:             Thu 10 Jul 2025 18:02:08 +0000
ROA not before:           Thu 10 Jul 2025 18:02:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.210.168.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 06:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f5:80:80:25:13:75:a7:b9:0f:13:27:e3:26:44:88:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Jul 10 18:02:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c3299ab8cc81b8e6e41dc6eac842e6c6341bd350
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:c4:98:c5:b2:ee:60:b4:2b:e9:2b:bc:6f:c2:
                    3a:cc:6e:84:6e:70:08:08:42:a8:7a:86:de:1a:ef:
                    31:4b:1e:22:7c:75:4f:69:4f:d1:73:55:4a:17:dd:
                    a4:da:02:04:cb:be:2d:46:e8:55:1a:e0:ef:68:17:
                    6d:35:9d:d3:c8:2d:1f:89:c0:97:5c:ab:68:62:ce:
                    c8:84:12:45:4c:66:17:16:fb:5c:6d:6a:45:39:a8:
                    f4:fb:46:d6:b4:23:b4:9c:4a:66:93:99:3f:c6:77:
                    3a:46:d0:8b:e0:44:0b:ba:fe:ce:10:4d:f6:69:29:
                    f0:e4:02:0e:b2:57:50:c6:b0:05:cf:14:79:fb:8c:
                    1d:ff:e0:24:fc:77:d8:5e:1d:19:77:3b:7a:99:02:
                    98:a3:81:65:8d:34:ca:0e:b8:f4:22:da:2b:b7:5c:
                    e6:74:f0:f3:8a:2c:ce:d7:0d:c1:04:86:d8:1b:8a:
                    db:96:17:85:91:4d:d3:a1:0d:35:e4:ce:f1:c3:42:
                    d2:d7:77:e5:d1:1d:97:17:cd:1f:29:af:a3:ab:79:
                    c5:d9:1c:66:c6:1a:15:be:92:65:21:fa:b1:3c:a3:
                    b9:ae:e9:1e:89:a0:09:71:ad:5f:1f:60:ff:aa:25:
                    3b:b4:bc:7e:75:70:d0:58:47:a7:a5:7a:a5:b6:d1:
                    36:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:29:9A:B8:CC:81:B8:E6:E4:1D:C6:EA:C8:42:E6:C6:34:1B:D3:50
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/wymauMyBuObkHcbqyELmxjQb01A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a2:1b:25:74:83:d5:66:23:5f:85:9f:f1:e0:7f:f5:90:f2:89:
         94:0c:32:0a:49:56:d0:87:7a:b5:e3:67:95:15:9f:7a:f2:1b:
         27:fe:87:6f:1c:9c:b3:ed:62:32:e5:03:54:3d:0f:83:05:35:
         e1:2c:b4:2c:98:75:9d:1e:61:3b:3b:2d:3e:af:78:6c:53:4c:
         75:1b:c9:4b:1e:f8:67:6b:34:70:10:9e:24:6a:5c:e5:16:7f:
         a1:f2:8f:93:65:7f:81:e5:5e:87:c7:fc:d8:d8:f2:42:49:57:
         30:57:76:56:c7:7d:6d:f7:57:55:32:43:29:7c:a0:70:a2:50:
         0a:81:58:53:96:0d:c1:84:c8:54:6c:aa:fb:66:54:21:f5:68:
         ef:8c:3d:9b:48:3a:e4:e1:11:27:74:99:a1:1a:ca:b6:bb:f8:
         1b:55:51:c2:4d:39:13:bc:27:79:3d:d2:48:41:33:55:3c:93:
         85:bc:bc:9f:53:16:bb:ca:2b:d5:10:cf:04:9c:2a:8e:6e:e0:
         88:c5:03:1e:8a:91:b8:45:16:12:e7:57:fb:ed:a7:ae:e8:db:
         2a:0b:14:69:b9:aa:8f:83:7a:24:4d:97:d5:05:c5:4f:24:cf:
         d8:25:11:05:e2:d8:d1:95:9d:9c:73:ae:c2:4a:36:84:d7:07:
         79:0d:18:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf1gIAlE3WnuQ8TJ+MmRIgAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjUwNzEwMTgwMjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzI5OWFiOGNjODFiOGU2ZTQxZGM2ZWFjODQyZTZjNjM0MWJkMzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0MSYxbLuYLQr6Su8b8I6zG6EbnAI
CEKoeobeGu8xSx4ifHVPaU/Rc1VKF92k2gIEy74tRuhVGuDvaBdtNZ3TyC0ficCX
XKtoYs7IhBJFTGYXFvtcbWpFOaj0+0bWtCO0nEpmk5k/xnc6RtCL4EQLuv7OEE32
aSnw5AIOsldQxrAFzxR5+4wd/+Ak/HfYXh0Zdzt6mQKYo4FljTTKDrj0Itort1zm
dPDziizO1w3BBIbYG4rblheFkU3ToQ015M7xw0LS13fl0R2XF80fKa+jq3nF2Rxm
xhoVvpJlIfqxPKO5rukeiaAJca1fH2D/qiU7tLx+dXDQWEenpXqlttE2CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMMpmrjMgbjm5B3G6shC5sY0G9NQMB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvd3ltYXVNeUJ1T2JrSGNicXlFTG14alFiMDFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudKoMA0G
CSqGSIb3DQEBCwUAA4IBAQCiGyV0g9VmI1+Fn/Hgf/WQ8omUDDIKSVbQh3q142eV
FZ968hsn/odvHJyz7WIy5QNUPQ+DBTXhLLQsmHWdHmE7Oy0+r3hsU0x1G8lLHvhn
azRwEJ4kalzlFn+h8o+TZX+B5V6Hx/zY2PJCSVcwV3ZWx31t91dVMkMpfKBwolAK
gVhTlg3BhMhUbKr7ZlQh9WjvjD2bSDrk4REndJmhGsq2u/gbVVHCTTkTvCd5PdJI
QTNVPJOFvLyfUxa7yivVEM8EnCqObuCIxQMeipG4RRYS51f77aeu6NsqCxRpuaqP
g3okTZfVBcVPJM/YJREF4tjRlZ2cc67CSjaE1wd5DRgK
-----END CERTIFICATE-----