Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/Y-G-2eU8guxGK6-egpUuNnN5bxQ.roa
File:                     Y-G-2eU8guxGK6-egpUuNnN5bxQ.roa (raw, json)
Hash identifier:          JW4itdi7iIIqZg7XFpTOGoDZRoJgyjCRWVBtmPDf1+s=
Subject key identifier:   63:E1:BE:D9:E5:3C:82:EC:46:2B:AF:9E:82:95:2E:36:73:79:6F:14
Certificate issuer:       /CN=ed30a131718560a34ab3493884e858ec431f6ad1
Certificate serial:       01987B586CAD5AFC955E6E331C62EE07E2A4
Authority key identifier: ED:30:A1:31:71:85:60:A3:4A:B3:49:38:84:E8:58:EC:43:1F:6A:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/Y-G-2eU8guxGK6-egpUuNnN5bxQ.roa
Signing time:             Tue 05 Aug 2025 17:47:29 +0000
ROA not before:           Tue 05 Aug 2025 17:47:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42337
IP address blocks:        185.231.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7b:58:6c:ad:5a:fc:95:5e:6e:33:1c:62:ee:07:e2:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed30a131718560a34ab3493884e858ec431f6ad1
        Validity
            Not Before: Aug  5 17:47:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63e1bed9e53c82ec462baf9e82952e3673796f14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:52:98:df:04:fe:81:4f:84:2c:79:6d:e3:82:
                    11:87:f8:7e:28:fe:84:c1:f7:d7:52:8f:b0:7f:b1:
                    d3:67:c5:d2:35:39:da:f9:54:8d:80:fa:5a:6e:31:
                    a6:e1:2b:21:62:15:17:28:06:68:6b:c9:8a:59:8b:
                    0b:bf:cc:a1:2d:19:57:60:cc:a4:32:b1:91:68:4b:
                    bd:15:23:7f:6f:07:83:e4:25:43:c9:40:6b:05:ab:
                    84:24:6c:a4:e1:b7:ca:d8:10:a8:86:75:5c:68:64:
                    8c:7f:63:85:be:f7:99:b7:36:ae:0a:1b:35:84:ae:
                    b0:13:4c:d7:57:c9:e6:07:3b:1b:6d:34:58:6d:37:
                    fd:a5:c7:c7:27:52:b7:1a:97:79:e9:0a:88:7b:f4:
                    46:e6:06:38:26:da:c8:b8:f2:47:e9:6f:0d:c6:45:
                    6e:98:67:36:3d:79:45:93:9c:26:23:fc:5a:ab:1c:
                    25:36:a5:a4:2b:6e:0d:47:64:9f:81:60:1a:7f:0a:
                    92:ea:05:d3:5a:3e:d7:5e:ef:5f:88:e4:99:86:3b:
                    a9:de:18:4c:d5:18:13:c8:2a:e1:60:25:02:0e:46:
                    6f:cc:13:52:15:b3:32:1d:f4:b3:4b:75:4b:88:dd:
                    23:cc:89:30:82:bb:f8:33:00:dc:0b:89:de:70:17:
                    54:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:E1:BE:D9:E5:3C:82:EC:46:2B:AF:9E:82:95:2E:36:73:79:6F:14
            X509v3 Authority Key Identifier:
                keyid:ED:30:A1:31:71:85:60:A3:4A:B3:49:38:84:E8:58:EC:43:1F:6A:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/Y-G-2eU8guxGK6-egpUuNnN5bxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:c6:fe:ec:f0:74:09:7c:2e:cd:22:11:8f:0d:7a:19:88:8b:
         74:da:15:be:b9:b0:43:a2:f6:4a:74:f6:4a:1d:00:95:e1:1f:
         ea:dd:1b:83:e4:3b:10:38:42:ad:4d:a8:f3:cd:6a:92:0c:b7:
         04:86:0a:6f:f7:ff:60:88:63:42:50:87:1f:29:14:b7:49:83:
         60:63:33:91:63:38:93:5f:61:9e:cf:05:1e:a5:6d:33:c9:ae:
         f2:40:b3:d2:68:67:14:ad:bf:7a:47:b1:ce:dd:e5:2a:87:5c:
         34:bd:44:2f:ac:fa:fc:50:8a:6b:2a:41:96:bf:d2:ad:11:14:
         2f:ea:0c:54:7e:8f:f1:29:a8:e4:9f:be:98:02:ca:8a:a4:00:
         c4:3c:a0:a8:c8:61:b9:8b:75:2c:b4:63:29:b2:2a:d3:ec:81:
         57:97:99:9c:da:30:89:81:e1:3f:da:81:9a:0b:a0:9a:eb:d0:
         82:36:cc:02:81:b9:ee:92:6e:06:38:2a:d0:0f:59:43:cb:1d:
         f4:6d:6d:f6:20:0e:3d:99:30:df:e2:1d:ff:11:dc:87:06:18:
         15:7a:f4:1f:1e:84:22:60:f5:14:0a:fe:ed:88:d9:59:1a:bc:
         02:f3:28:6a:a1:08:7e:80:f2:88:9e:7c:28:85:3d:26:51:ad:
         fe:14:d3:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh7WGytWvyVXm4zHGLuB+KkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkMzBhMTMxNzE4NTYwYTM0YWIzNDkzODg0ZTg1OGVjNDMx
ZjZhZDEwHhcNMjUwODA1MTc0NzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2UxYmVkOWU1M2M4MmVjNDYyYmFmOWU4Mjk1MmUzNjczNzk2ZjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlKY3wT+gU+ELHlt44IRh/h+KP6E
wffXUo+wf7HTZ8XSNTna+VSNgPpabjGm4SshYhUXKAZoa8mKWYsLv8yhLRlXYMyk
MrGRaEu9FSN/bweD5CVDyUBrBauEJGyk4bfK2BCohnVcaGSMf2OFvveZtzauChs1
hK6wE0zXV8nmBzsbbTRYbTf9pcfHJ1K3Gpd56QqIe/RG5gY4JtrIuPJH6W8NxkVu
mGc2PXlFk5wmI/xaqxwlNqWkK24NR2SfgWAafwqS6gXTWj7XXu9fiOSZhjup3hhM
1RgTyCrhYCUCDkZvzBNSFbMyHfSzS3VLiN0jzIkwgrv4MwDcC4necBdU7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGPhvtnlPILsRiuvnoKVLjZzeW8UMB8GA1UdIwQY
MBaAFO0woTFxhWCjSrNJOIToWOxDH2rRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1RDaE1YR0ZZS05LczBrNGhPaFk3RU1mYXRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi81YjA3MDItMTZlNy00NjI3LWFlMTkt
NGIzYjFiNjNiNmFiLzEvWS1HLTJlVThndXhHSzYtZWdwVXVObk41YnhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi81YjA3MDItMTZlNy00NjI3LWFlMTktNGIzYjFiNjNiNmFi
LzEvN1RDaE1YR0ZZS05LczBrNGhPaFk3RU1mYXRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuedxMA0G
CSqGSIb3DQEBCwUAA4IBAQAJxv7s8HQJfC7NIhGPDXoZiIt02hW+ubBDovZKdPZK
HQCV4R/q3RuD5DsQOEKtTajzzWqSDLcEhgpv9/9giGNCUIcfKRS3SYNgYzORYziT
X2GezwUepW0zya7yQLPSaGcUrb96R7HO3eUqh1w0vUQvrPr8UIprKkGWv9KtERQv
6gxUfo/xKajkn76YAsqKpADEPKCoyGG5i3UstGMpsirT7IFXl5mc2jCJgeE/2oGa
C6Ca69CCNswCgbnukm4GOCrQD1lDyx30bW32IA49mTDf4h3/EdyHBhgVevQfHoQi
YPUUCv7tiNlZGrwC8yhqoQh+gPKInnwohT0mUa3+FNM3
-----END CERTIFICATE-----