Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/YhuGwBeadZN2oq4AXd_5KjSIMy4.roa
File:                     YhuGwBeadZN2oq4AXd_5KjSIMy4.roa (raw, json)
Hash identifier:          rdPe/qveT2+THdErHu0EeJPtwnywZQPs8hhSf6g9F60=
Subject key identifier:   62:1B:86:C0:17:9A:75:93:76:A2:AE:00:5D:DF:F9:2A:34:88:33:2E
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       0197FD8173E1D7FF6CF26433B4A449A404A4
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/YhuGwBeadZN2oq4AXd_5KjSIMy4.roa
Signing time:             Sat 12 Jul 2025 07:20:08 +0000
ROA not before:           Sat 12 Jul 2025 07:20:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215496
IP address blocks:        85.133.208.0/23 maxlen: 24
                          85.133.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 11:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:fd:81:73:e1:d7:ff:6c:f2:64:33:b4:a4:49:a4:04:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Jul 12 07:20:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=621b86c0179a759376a2ae005ddff92a3488332e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:69:69:9a:ea:8c:6c:8f:79:6f:a5:7f:aa:fd:
                    9b:b7:8f:8c:da:06:7b:f8:ae:be:88:5e:61:12:2a:
                    8f:ef:47:c1:29:76:cd:45:f2:7f:ad:0a:45:2c:aa:
                    bf:89:a6:cf:42:90:de:84:4c:c3:d9:d2:62:9b:64:
                    4c:34:6d:41:a6:e3:3b:fb:6c:35:99:85:a5:de:54:
                    bb:a8:0c:d4:21:aa:a9:18:bc:ed:16:f4:a3:17:e2:
                    39:9e:a9:da:47:a6:e9:c7:ce:68:c3:e6:8b:6d:51:
                    6b:c3:39:df:34:7f:fe:0f:4d:56:b5:6a:53:f0:28:
                    f9:ee:66:a0:ce:8e:6f:3b:3e:0e:9a:d2:c3:24:0b:
                    63:53:78:ed:0d:db:7d:c9:7c:f4:6a:cb:7a:6a:1a:
                    0f:7f:48:ca:32:eb:95:0f:45:21:fe:3a:1a:05:d6:
                    bf:00:16:ef:67:b8:a6:6d:72:cc:f5:a3:64:69:bd:
                    00:d7:43:c6:c4:8d:bb:76:d4:8a:b4:7e:42:f9:ac:
                    90:51:7d:fd:64:27:f1:f0:83:67:de:df:c9:cb:81:
                    3e:0c:52:9a:d9:a4:a7:7f:04:ec:ab:b9:48:36:26:
                    98:6d:c3:ac:cc:89:ff:d2:02:6e:e5:b3:f8:07:88:
                    1c:fd:d4:8d:1e:31:d4:18:15:55:dc:71:75:7b:33:
                    00:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:1B:86:C0:17:9A:75:93:76:A2:AE:00:5D:DF:F9:2A:34:88:33:2E
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/YhuGwBeadZN2oq4AXd_5KjSIMy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.208.0/23
                  85.133.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:69:fc:a8:7a:4a:7f:3a:7c:f7:61:a8:ef:0e:e6:bb:f1:af:
         e6:25:7d:b8:cb:ba:4b:b3:fc:22:0d:eb:cc:40:be:96:47:6b:
         a8:7e:b5:06:f2:25:37:af:7e:1e:da:06:6d:54:28:ef:46:01:
         c0:98:db:8e:b8:c4:11:5d:b8:ee:cc:1f:2d:d9:d8:d0:ee:20:
         80:f7:1d:1c:55:8b:0b:58:e4:87:eb:99:1c:53:28:b0:e6:1c:
         20:41:7e:2e:f5:08:e4:31:81:35:4f:2b:ac:aa:31:96:d6:d4:
         c0:c8:cb:1b:73:c3:ea:99:8f:cc:5e:da:f7:8c:f4:3a:74:3c:
         cb:d6:0c:bc:22:cb:a7:ae:2a:72:ad:3e:a9:d9:02:a5:f6:42:
         8d:cd:13:f9:4a:18:82:31:79:61:cf:a0:01:1f:fd:fc:8f:56:
         ff:92:a6:6e:01:b8:43:ef:bd:a3:07:e1:55:19:fa:b5:71:1c:
         9c:8b:27:bf:a3:ce:d5:de:62:63:61:38:9e:d4:32:0d:62:d3:
         9f:37:23:2e:1f:8a:51:85:95:e3:b8:68:ca:64:02:0b:4f:5a:
         fe:82:d4:0e:d0:e4:5c:a7:ca:c2:2f:d7:99:a6:bf:47:50:64:
         1e:b7:90:54:2b:b3:9f:20:f9:e9:81:70:12:e7:7f:e2:e0:a7:
         ee:dd:6e:a9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZf9gXPh1/9s8mQztKRJpASkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjUwNzEyMDcyMDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjFiODZjMDE3OWE3NTkzNzZhMmFlMDA1ZGRmZjkyYTM0ODgzMzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5WlpmuqMbI95b6V/qv2bt4+M2gZ7
+K6+iF5hEiqP70fBKXbNRfJ/rQpFLKq/iabPQpDehEzD2dJim2RMNG1BpuM7+2w1
mYWl3lS7qAzUIaqpGLztFvSjF+I5nqnaR6bpx85ow+aLbVFrwznfNH/+D01WtWpT
8Cj57magzo5vOz4OmtLDJAtjU3jtDdt9yXz0ast6ahoPf0jKMuuVD0Uh/joaBda/
ABbvZ7imbXLM9aNkab0A10PGxI27dtSKtH5C+ayQUX39ZCfx8INn3t/Jy4E+DFKa
2aSnfwTsq7lINiaYbcOszIn/0gJu5bP4B4gc/dSNHjHUGBVV3HF1ezMAiwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGIbhsAXmnWTdqKuAF3f+So0iDMuMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvWWh1R3dCZWFkWk4yb3E0QVhkXzVLalNJTXk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBVYXQAwQA
VYXjMA0GCSqGSIb3DQEBCwUAA4IBAQB0afyoekp/Onz3YajvDua78a/mJX24y7pL
s/wiDevMQL6WR2uofrUG8iU3r34e2gZtVCjvRgHAmNuOuMQRXbjuzB8t2djQ7iCA
9x0cVYsLWOSH65kcUyiw5hwgQX4u9QjkMYE1TyusqjGW1tTAyMsbc8PqmY/MXtr3
jPQ6dDzL1gy8IsunripyrT6p2QKl9kKNzRP5ShiCMXlhz6ABH/38j1b/kqZuAbhD
772jB+FVGfq1cRyciye/o87V3mJjYTie1DINYtOfNyMuH4pRhZXjuGjKZAILT1r+
gtQO0ORcp8rCL9eZpr9HUGQet5BUK7OfIPnpgXAS53/i4Kfu3W6p
-----END CERTIFICATE-----