Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/YvicbJSaO1cu2LDGpSKQyliJwfg.roa
File:                     YvicbJSaO1cu2LDGpSKQyliJwfg.roa (raw, json)
Hash identifier:          3hnGgMjrvoKT8lmn/R1KfqP6jufLzQA2+e5I5/qs0wU=
Subject key identifier:   62:F8:9C:6C:94:9A:3B:57:2E:D8:B0:C6:A5:22:90:CA:58:89:C1:F8
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0198ADD41200B2B91DF108710EFC3D355A42
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/YvicbJSaO1cu2LDGpSKQyliJwfg.roa
Signing time:             Fri 15 Aug 2025 13:03:33 +0000
ROA not before:           Fri 15 Aug 2025 13:03:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214309
IP address blocks:        212.193.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ad:d4:12:00:b2:b9:1d:f1:08:71:0e:fc:3d:35:5a:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Aug 15 13:03:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=62f89c6c949a3b572ed8b0c6a52290ca5889c1f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:2f:5d:66:ca:74:ae:98:2d:f4:a0:ed:e5:a8:
                    97:18:d2:cc:be:2f:6b:73:42:cb:4b:72:43:e0:8e:
                    c1:b8:a9:e4:1a:99:ed:87:d0:b4:c3:a6:70:95:10:
                    c2:ad:eb:da:23:81:e2:53:e1:72:06:d2:a5:95:33:
                    d0:89:3d:58:c0:a2:8b:32:c0:af:22:e3:d3:f7:d7:
                    95:ae:86:07:73:6e:bb:92:26:ed:8e:2d:27:35:06:
                    68:d4:dd:20:47:81:99:93:f7:26:c8:08:32:97:36:
                    16:81:d6:69:fe:62:94:53:10:1d:1a:82:58:24:7f:
                    98:27:ad:fc:ba:24:d7:83:45:ec:9c:ad:7c:6c:12:
                    9c:c9:21:32:7a:10:2a:c9:b9:dc:c3:92:78:d4:cb:
                    d9:a4:bc:d6:ed:61:ed:9f:0e:0e:e6:14:58:dc:50:
                    cc:6c:28:40:d4:6f:55:e8:a1:88:17:63:77:22:b5:
                    38:86:4b:14:b4:e2:62:f1:81:2b:1a:22:8d:10:e3:
                    fd:c5:a2:6f:fb:68:d7:39:f3:46:90:93:d4:5b:74:
                    18:84:17:25:7a:28:2b:de:77:69:35:d5:c0:cc:93:
                    8d:f6:c0:df:04:28:28:44:55:f2:2b:ab:5c:cb:4a:
                    e7:95:f2:8e:e1:88:d0:61:13:85:a1:99:00:7b:4c:
                    df:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:F8:9C:6C:94:9A:3B:57:2E:D8:B0:C6:A5:22:90:CA:58:89:C1:F8
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/YvicbJSaO1cu2LDGpSKQyliJwfg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.193.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:c4:5e:77:22:94:c9:2c:be:99:5d:9d:1e:86:a3:51:61:fc:
         f9:56:df:fb:81:1f:f7:a1:83:39:00:8e:de:7b:43:b6:f1:f0:
         9e:a7:ba:ed:63:c7:09:01:85:02:4e:87:d3:6a:dc:d5:af:b4:
         70:37:6d:d8:ed:65:2a:d0:65:4f:66:52:11:8a:8c:55:2a:ae:
         a2:5c:47:32:68:ac:bd:2c:f3:ec:d8:5c:71:c9:16:04:5e:d5:
         31:ad:10:92:26:5a:50:42:45:38:9d:02:4b:bc:28:3b:8b:58:
         82:76:19:2c:8e:fb:ad:8a:dc:b3:f4:7b:71:a8:94:48:bf:d1:
         a3:ed:5a:36:28:aa:8c:51:9c:02:48:40:c0:03:ef:98:b1:7c:
         67:92:97:39:0c:95:0f:e5:dd:e2:dc:14:84:6a:5b:34:df:1e:
         00:fd:0c:bd:3a:94:ad:fc:db:87:4e:48:88:08:cb:3d:7d:97:
         dd:14:53:c5:6d:3d:6f:d0:69:f3:09:dc:9b:04:cd:66:2e:86:
         14:d2:ae:80:d2:1f:a1:36:89:25:75:37:c6:c8:2d:3e:c3:57:
         41:a1:a7:a5:d6:5d:99:7f:8b:19:17:e0:84:9a:1c:03:85:4c:
         46:ac:f6:4e:13:4f:82:84:23:ad:aa:e9:c2:cb:aa:2b:eb:b1:
         9e:b3:b6:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZit1BIAsrkd8QhxDvw9NVpCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwODE1MTMwMzMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmY4OWM2Yzk0OWEzYjU3MmVkOGIwYzZhNTIyOTBjYTU4ODljMWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoC9dZsp0rpgt9KDt5aiXGNLMvi9r
c0LLS3JD4I7BuKnkGpnth9C0w6ZwlRDCrevaI4HiU+FyBtKllTPQiT1YwKKLMsCv
IuPT99eVroYHc267kibtji0nNQZo1N0gR4GZk/cmyAgylzYWgdZp/mKUUxAdGoJY
JH+YJ638uiTXg0XsnK18bBKcySEyehAqybncw5J41MvZpLzW7WHtnw4O5hRY3FDM
bChA1G9V6KGIF2N3IrU4hksUtOJi8YErGiKNEOP9xaJv+2jXOfNGkJPUW3QYhBcl
eigr3ndpNdXAzJON9sDfBCgoRFXyK6tcy0rnlfKO4YjQYROFoZkAe0zfuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGL4nGyUmjtXLtiwxqUikMpYicH4MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvWXZpY2JKU2FPMWN1MkxER3BTS1F5bGlKd2ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MESMA0G
CSqGSIb3DQEBCwUAA4IBAQA2xF53IpTJLL6ZXZ0ehqNRYfz5Vt/7gR/3oYM5AI7e
e0O28fCep7rtY8cJAYUCTofTatzVr7RwN23Y7WUq0GVPZlIRioxVKq6iXEcyaKy9
LPPs2FxxyRYEXtUxrRCSJlpQQkU4nQJLvCg7i1iCdhksjvutityz9HtxqJRIv9Gj
7Vo2KKqMUZwCSEDAA++YsXxnkpc5DJUP5d3i3BSEals03x4A/Qy9OpSt/NuHTkiI
CMs9fZfdFFPFbT1v0GnzCdybBM1mLoYU0q6A0h+hNokldTfGyC0+w1dBoael1l2Z
f4sZF+CEmhwDhUxGrPZOE0+ChCOtqunCy6or67Ges7ZS
-----END CERTIFICATE-----