Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/d63f8e-4b1a-48bf-87eb-29fa47b68093/1/yulW-otMfkyGmJLnHI79DDPaQLw.roa
File:                     yulW-otMfkyGmJLnHI79DDPaQLw.roa (raw, json)
Hash identifier:          WE2VgpQHWy+IPNQdlSJJR+Md9SJ/EE1J8coUpGG6dmI=
Subject key identifier:   CA:E9:56:FA:8B:4C:7E:4C:86:98:92:E7:1C:8E:FD:0C:33:DA:40:BC
Certificate issuer:       /CN=0b453b410d3586a6237a951eef3b03f4c44118f0
Certificate serial:       01983C1635B88076AC5C34E360F20FC548E3
Authority key identifier: 0B:45:3B:41:0D:35:86:A6:23:7A:95:1E:EF:3B:03:F4:C4:41:18:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C0U7QQ01hqYjepUe7zsD9MRBGPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/d63f8e-4b1a-48bf-87eb-29fa47b68093/1/yulW-otMfkyGmJLnHI79DDPaQLw.roa
Signing time:             Thu 24 Jul 2025 10:59:05 +0000
ROA not before:           Thu 24 Jul 2025 10:59:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209847
IP address blocks:        146.19.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/d63f8e-4b1a-48bf-87eb-29fa47b68093/1/C0U7QQ01hqYjepUe7zsD9MRBGPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/d63f8e-4b1a-48bf-87eb-29fa47b68093/1/C0U7QQ01hqYjepUe7zsD9MRBGPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C0U7QQ01hqYjepUe7zsD9MRBGPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 19:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:3c:16:35:b8:80:76:ac:5c:34:e3:60:f2:0f:c5:48:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b453b410d3586a6237a951eef3b03f4c44118f0
        Validity
            Not Before: Jul 24 10:59:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cae956fa8b4c7e4c869892e71c8efd0c33da40bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:06:7e:2c:17:27:27:0a:63:3a:28:8d:fb:b1:
                    9b:9b:fb:38:26:ab:3a:de:2b:23:de:36:58:96:0e:
                    ed:7e:94:44:f1:f8:d5:ac:65:2d:8a:e6:d6:50:c7:
                    a1:b9:a9:5e:41:90:64:37:72:6f:55:5b:94:21:f0:
                    a8:69:52:12:04:eb:6e:c2:a8:57:51:62:6e:13:a6:
                    e7:f3:f3:ef:6d:cc:d8:9e:ca:d9:2c:37:c9:45:33:
                    7c:aa:a9:5c:0f:13:61:27:4d:ee:0c:a4:ea:0b:14:
                    f6:1e:79:64:c0:75:82:d6:9a:62:43:cb:35:85:e2:
                    5e:60:7e:5b:ea:5c:74:00:4f:8f:ec:ff:d3:27:e0:
                    02:b4:ed:27:c9:dd:16:ac:2c:23:be:e3:39:ab:18:
                    a6:e7:20:f6:7f:ea:ff:4f:87:3d:23:18:17:c7:fb:
                    33:81:f4:f3:29:05:47:ac:cd:1c:ec:35:ce:f2:1f:
                    ce:3d:26:9b:d3:5e:3c:e2:85:25:be:50:72:6e:10:
                    5b:37:87:07:0c:1b:6a:94:9c:6f:47:b0:94:06:d4:
                    f8:4f:9a:c3:2a:36:70:4c:14:05:4d:51:1a:ef:b2:
                    06:f6:c1:06:30:ce:18:f4:11:5e:b3:20:f4:09:9d:
                    23:2c:36:0f:27:e4:d9:27:44:c7:ab:2c:c9:fd:84:
                    ad:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:E9:56:FA:8B:4C:7E:4C:86:98:92:E7:1C:8E:FD:0C:33:DA:40:BC
            X509v3 Authority Key Identifier:
                keyid:0B:45:3B:41:0D:35:86:A6:23:7A:95:1E:EF:3B:03:F4:C4:41:18:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C0U7QQ01hqYjepUe7zsD9MRBGPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/d63f8e-4b1a-48bf-87eb-29fa47b68093/1/yulW-otMfkyGmJLnHI79DDPaQLw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/d63f8e-4b1a-48bf-87eb-29fa47b68093/1/C0U7QQ01hqYjepUe7zsD9MRBGPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:9f:df:04:b2:1e:52:fe:a6:49:1c:7a:24:12:38:a2:3c:ac:
         67:55:98:a8:3c:d4:91:17:29:f0:65:56:b9:44:d4:e5:6c:ea:
         da:ee:c4:18:84:a7:ab:a1:a4:2f:08:89:0a:dc:ac:88:b7:09:
         1d:e1:39:16:9d:79:df:8a:bb:a7:14:57:3f:a2:5a:6b:dc:2d:
         2b:93:f2:b6:51:3c:c0:04:46:4a:e7:49:a7:79:3f:b0:75:82:
         a3:6f:8a:7b:30:ef:02:51:56:1d:0b:f2:65:e7:e8:32:54:40:
         fe:23:2f:33:00:93:0b:d2:15:0c:7c:1d:68:da:35:6e:5d:17:
         bd:cd:f4:3f:ad:9f:1b:c2:1b:f2:ef:89:7c:a9:18:7b:a9:6b:
         c7:5d:ac:5a:3f:5c:3b:9a:a4:8d:cf:1a:af:61:11:6b:e6:62:
         d7:cd:fc:81:f0:2e:b1:20:9e:cf:39:09:2b:a8:5d:c3:17:67:
         57:00:4a:aa:09:86:eb:eb:20:aa:6a:64:75:a2:60:aa:53:29:
         b3:51:a5:cf:28:80:c3:23:a7:10:09:e9:f5:5e:83:f3:e8:fb:
         47:62:ae:6c:6f:62:40:7e:66:52:00:3e:1f:31:81:f2:85:32:
         b3:5b:fe:32:73:d1:e4:4e:bc:cf:17:14:7c:2b:e2:6f:e4:b4:
         4a:0e:d5:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZg8FjW4gHasXDTjYPIPxUjjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNDUzYjQxMGQzNTg2YTYyMzdhOTUxZWVmM2IwM2Y0YzQ0
MTE4ZjAwHhcNMjUwNzI0MTA1OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWU5NTZmYThiNGM3ZTRjODY5ODkyZTcxYzhlZmQwYzMzZGE0MGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQZ+LBcnJwpjOiiN+7Gbm/s4Jqs6
3isj3jZYlg7tfpRE8fjVrGUtiubWUMehualeQZBkN3JvVVuUIfCoaVISBOtuwqhX
UWJuE6bn8/PvbczYnsrZLDfJRTN8qqlcDxNhJ03uDKTqCxT2HnlkwHWC1ppiQ8s1
heJeYH5b6lx0AE+P7P/TJ+ACtO0nyd0WrCwjvuM5qxim5yD2f+r/T4c9IxgXx/sz
gfTzKQVHrM0c7DXO8h/OPSab01484oUlvlBybhBbN4cHDBtqlJxvR7CUBtT4T5rD
KjZwTBQFTVEa77IG9sEGMM4Y9BFesyD0CZ0jLDYPJ+TZJ0THqyzJ/YStwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMrpVvqLTH5MhpiS5xyO/Qwz2kC8MB8GA1UdIwQY
MBaAFAtFO0ENNYamI3qVHu87A/TEQRjwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzBVN1FRMDFocVlqZXBVZTd6c0Q5TVJCR1BBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9kNjNmOGUtNGIxYS00OGJmLTg3ZWIt
MjlmYTQ3YjY4MDkzLzEveXVsVy1vdE1ma3lHbUpMbkhJNzlERFBhUUx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9kNjNmOGUtNGIxYS00OGJmLTg3ZWItMjlmYTQ3YjY4MDkz
LzEvQzBVN1FRMDFocVlqZXBVZTd6c0Q5TVJCR1BBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhNQMA0G
CSqGSIb3DQEBCwUAA4IBAQAUn98Esh5S/qZJHHokEjiiPKxnVZioPNSRFynwZVa5
RNTlbOra7sQYhKeroaQvCIkK3KyItwkd4TkWnXnfirunFFc/olpr3C0rk/K2UTzA
BEZK50mneT+wdYKjb4p7MO8CUVYdC/Jl5+gyVED+Iy8zAJML0hUMfB1o2jVuXRe9
zfQ/rZ8bwhvy74l8qRh7qWvHXaxaP1w7mqSNzxqvYRFr5mLXzfyB8C6xIJ7POQkr
qF3DF2dXAEqqCYbr6yCqamR1omCqUymzUaXPKIDDI6cQCen1XoPz6PtHYq5sb2JA
fmZSAD4fMYHyhTKzW/4yc9HkTrzPFxR8K+Jv5LRKDtX7
-----END CERTIFICATE-----