Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/ygoxlnzUMwYl-AABOcuWljKAIyY.roa
File:                     ygoxlnzUMwYl-AABOcuWljKAIyY.roa (raw, json)
Hash identifier:          e04wIPkk+nWqjtfdwm12mx1fb/1bKH/GdSMkDDExvgc=
Subject key identifier:   CA:0A:31:96:7C:D4:33:06:25:F8:00:01:39:CB:96:96:32:80:23:26
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       01975877D5E20E8D3AF02D283985926DF674
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/ygoxlnzUMwYl-AABOcuWljKAIyY.roa
Signing time:             Tue 10 Jun 2025 06:12:17 +0000
ROA not before:           Tue 10 Jun 2025 06:12:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        83.137.154.0/24 maxlen: 24
                          88.209.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 15:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:58:77:d5:e2:0e:8d:3a:f0:2d:28:39:85:92:6d:f6:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jun 10 06:12:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ca0a31967cd4330625f8000139cb969632802326
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:84:2c:90:f4:07:90:c4:3f:be:4d:6b:56:96:
                    03:50:2a:9a:4f:7b:25:36:1c:0e:67:e9:32:cc:a7:
                    18:fa:50:a8:c9:5e:b9:09:5f:0e:d2:e0:16:79:63:
                    21:ba:47:e6:6e:cd:15:b9:47:ae:25:8a:f1:92:39:
                    a2:4c:a2:4a:c2:56:8c:ac:94:28:5a:75:8a:72:dc:
                    2e:f0:f6:78:76:65:03:ac:e8:88:b5:51:f7:89:0e:
                    94:09:f0:bb:22:b1:95:8d:6a:d0:15:7c:c1:49:ca:
                    55:b3:9a:74:84:9e:ee:f9:9d:31:c0:e9:3a:7b:d1:
                    e9:bd:d6:f1:61:3a:8f:73:02:64:4c:28:39:6c:a9:
                    a6:0c:00:83:3e:c5:e9:88:81:d2:02:07:46:2e:d6:
                    da:67:53:f9:9b:a9:c9:50:e9:61:b0:9b:9c:c0:fa:
                    03:ef:00:54:5d:76:6d:b0:e3:cc:44:d6:df:46:5e:
                    8a:ac:74:a1:4d:d5:c1:35:af:5b:b4:43:33:b9:ad:
                    94:c3:c0:d0:99:eb:f2:eb:58:ca:d4:92:5b:d9:fa:
                    7b:82:06:97:0a:12:92:44:2b:48:9e:b3:76:43:41:
                    82:03:20:c5:ed:13:3e:e6:27:5a:a5:b1:4e:71:31:
                    e0:ef:b3:4a:dd:1c:8c:10:0b:8d:d0:a1:7a:c1:45:
                    00:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:0A:31:96:7C:D4:33:06:25:F8:00:01:39:CB:96:96:32:80:23:26
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/ygoxlnzUMwYl-AABOcuWljKAIyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.154.0/24
                  88.209.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:33:4a:38:44:d0:3b:fd:55:3d:6d:44:f6:51:88:16:12:44:
         b6:af:eb:51:a5:4a:72:52:e0:d6:65:7e:91:68:af:67:6a:93:
         48:94:0b:2e:af:50:0b:f0:4f:15:01:a8:52:2f:c0:0c:68:80:
         be:8e:eb:82:44:b4:c6:2d:0b:f2:30:01:64:4a:db:02:06:13:
         25:d2:a7:2f:28:17:71:17:33:b3:c5:86:0a:20:ec:de:5a:80:
         b4:a5:4b:ba:25:9f:91:1a:c6:83:89:75:1b:3d:65:da:be:4f:
         75:f0:6b:f8:93:39:16:ff:c1:11:6e:0c:92:2e:ce:37:8f:b0:
         10:de:3d:2d:e1:da:f1:ae:5b:27:15:5f:aa:c9:8b:47:66:44:
         b4:7d:13:33:3b:b7:b7:68:b4:08:9d:d5:35:bc:ad:11:34:9a:
         ca:42:74:c4:90:b0:a4:25:c1:e4:24:91:1b:c5:00:a7:83:6c:
         e0:3c:79:12:6f:c6:44:26:a2:d3:64:9c:d1:1a:3e:ec:97:c7:
         c0:f9:55:47:ea:33:18:64:44:a2:ed:84:84:9f:5d:9c:98:52:
         4b:f8:0d:ee:d5:33:10:d5:70:24:76:14:c4:3c:f5:c6:94:1e:
         dc:c1:ea:a4:1f:d0:ba:88:22:90:45:5e:d2:37:75:71:13:27:
         ae:85:02:dc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdYd9XiDo068C0oOYWSbfZ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUwNjEwMDYxMjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTBhMzE5NjdjZDQzMzA2MjVmODAwMDEzOWNiOTY5NjMyODAyMzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2oQskPQHkMQ/vk1rVpYDUCqaT3sl
NhwOZ+kyzKcY+lCoyV65CV8O0uAWeWMhukfmbs0VuUeuJYrxkjmiTKJKwlaMrJQo
WnWKctwu8PZ4dmUDrOiItVH3iQ6UCfC7IrGVjWrQFXzBScpVs5p0hJ7u+Z0xwOk6
e9HpvdbxYTqPcwJkTCg5bKmmDACDPsXpiIHSAgdGLtbaZ1P5m6nJUOlhsJucwPoD
7wBUXXZtsOPMRNbfRl6KrHShTdXBNa9btEMzua2Uw8DQmevy61jK1JJb2fp7ggaX
ChKSRCtInrN2Q0GCAyDF7RM+5idapbFOcTHg77NK3RyMEAuN0KF6wUUA6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMoKMZZ81DMGJfgAATnLlpYygCMmMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEveWdveGxuelVNd1lsLUFBQk9jdVdsaktBSXlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAU4maAwQA
WNHmMA0GCSqGSIb3DQEBCwUAA4IBAQB0M0o4RNA7/VU9bUT2UYgWEkS2r+tRpUpy
UuDWZX6RaK9napNIlAsur1AL8E8VAahSL8AMaIC+juuCRLTGLQvyMAFkStsCBhMl
0qcvKBdxFzOzxYYKIOzeWoC0pUu6JZ+RGsaDiXUbPWXavk918Gv4kzkW/8ERbgyS
Ls43j7AQ3j0t4drxrlsnFV+qyYtHZkS0fRMzO7e3aLQIndU1vK0RNJrKQnTEkLCk
JcHkJJEbxQCng2zgPHkSb8ZEJqLTZJzRGj7sl8fA+VVH6jMYZESi7YSEn12cmFJL
+A3u1TMQ1XAkdhTEPPXGlB7cweqkH9C6iCKQRV7SN3VxEyeuhQLc
-----END CERTIFICATE-----