Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/DyDiidWZS3iA7B2blKmA9bXsSRk.roa
File:                     DyDiidWZS3iA7B2blKmA9bXsSRk.roa (raw, json)
Hash identifier:          8Th9ZjmszvDIlprvR+a1tMmoJ0kkYSailEtQfsqFMeY=
Subject key identifier:   0F:20:E2:89:D5:99:4B:78:80:EC:1D:9B:94:A9:80:F5:B5:EC:49:19
Certificate issuer:       /CN=10fe683b1d7e47b7c7eda15501627b70920853a1
Certificate serial:       01988B88076DE099B22C8716A29AAAB776FF
Authority key identifier: 10:FE:68:3B:1D:7E:47:B7:C7:ED:A1:55:01:62:7B:70:92:08:53:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/DyDiidWZS3iA7B2blKmA9bXsSRk.roa
Signing time:             Fri 08 Aug 2025 21:13:24 +0000
ROA not before:           Fri 08 Aug 2025 21:13:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        158.94.32.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:8b:88:07:6d:e0:99:b2:2c:87:16:a2:9a:aa:b7:76:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10fe683b1d7e47b7c7eda15501627b70920853a1
        Validity
            Not Before: Aug  8 21:13:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f20e289d5994b7880ec1d9b94a980f5b5ec4919
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:cd:f7:0f:3e:77:a9:7f:47:40:84:d9:1f:07:
                    aa:62:4c:9d:84:39:59:f0:bf:f0:3b:bf:f4:af:cb:
                    3c:71:db:b0:b3:ad:06:9b:5f:36:af:a6:7b:ef:93:
                    26:57:47:06:79:a1:6b:df:f8:e1:c5:87:df:73:5f:
                    1e:ae:1e:fd:fd:c4:ad:3b:77:e6:16:62:91:6f:40:
                    d2:36:6e:03:1f:6b:b1:0f:43:4f:4c:4d:b5:40:33:
                    c5:e8:6b:c9:fe:c6:be:44:90:f4:a8:89:99:b9:79:
                    1f:a3:cc:ac:d2:82:f1:e1:6e:45:8d:51:6d:ef:a6:
                    cb:3d:c2:01:e4:98:76:b9:93:e7:0a:5e:80:00:e9:
                    66:03:f0:ad:a0:e1:ef:ef:c3:fa:46:83:8d:c1:d3:
                    8e:b8:95:81:6b:85:f2:7a:26:99:fd:cc:dd:2d:3b:
                    a3:91:be:da:d4:6b:fd:59:45:08:21:56:05:7a:87:
                    9c:77:a4:37:47:bd:7b:52:77:3d:42:41:ac:1a:80:
                    dd:8b:73:81:39:71:7a:3b:d6:45:bf:2a:b2:7a:e1:
                    d2:50:c6:be:3b:ef:4c:1e:52:93:98:aa:cc:8d:3d:
                    a6:5f:82:8f:07:04:de:0d:8e:19:30:bc:d6:b0:28:
                    92:ab:8f:74:fb:b2:3d:4b:1d:e8:ec:04:51:5e:5d:
                    66:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:20:E2:89:D5:99:4B:78:80:EC:1D:9B:94:A9:80:F5:B5:EC:49:19
            X509v3 Authority Key Identifier:
                keyid:10:FE:68:3B:1D:7E:47:B7:C7:ED:A1:55:01:62:7B:70:92:08:53:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/DyDiidWZS3iA7B2blKmA9bXsSRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.94.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         49:12:2b:4a:5a:7c:34:6d:46:5d:ce:27:2c:ab:d7:cb:ef:01:
         26:77:62:d6:5a:31:53:a2:ba:d4:2d:dc:84:a8:14:47:00:30:
         1c:11:b6:3b:84:96:b0:ea:c6:81:0f:9a:b8:e2:3e:6f:02:6f:
         11:ae:dc:71:4a:4d:99:fa:96:cf:58:b4:39:62:9f:71:b0:f6:
         7c:1a:1a:cc:53:fb:c4:a4:ab:12:98:aa:42:7e:e1:d4:e7:04:
         6e:cd:ec:7a:5c:00:16:71:73:71:4a:83:5c:cd:63:46:c4:4f:
         98:74:a9:61:12:20:48:43:50:07:00:5a:db:6f:82:30:fe:3b:
         44:c9:7c:23:5b:74:05:4d:67:28:12:fd:02:86:38:53:4a:3e:
         34:2b:f5:cf:e7:19:15:dd:b4:81:a3:a6:73:10:70:07:1b:4d:
         84:76:88:95:3a:2f:91:7e:32:4c:57:09:8f:e0:34:7c:b4:e2:
         8c:45:93:24:c3:5e:01:72:07:5a:5b:fe:6b:5d:de:b6:e6:e2:
         24:27:c7:a8:52:12:e5:b8:ae:12:55:9d:6e:03:67:5d:db:00:
         89:97:a6:ac:4a:e3:bd:3f:0e:69:3f:0d:a4:39:14:9e:6b:9b:
         1b:76:10:17:0a:3d:82:60:62:c3:5d:2a:50:c7:df:ee:63:c2:
         e4:42:10:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiLiAdt4JmyLIcWopqqt3b/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwZmU2ODNiMWQ3ZTQ3YjdjN2VkYTE1NTAxNjI3YjcwOTIw
ODUzYTEwHhcNMjUwODA4MjExMzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjIwZTI4OWQ1OTk0Yjc4ODBlYzFkOWI5NGE5ODBmNWI1ZWM0OTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvM33Dz53qX9HQITZHweqYkydhDlZ
8L/wO7/0r8s8cduws60Gm182r6Z775MmV0cGeaFr3/jhxYffc18erh79/cStO3fm
FmKRb0DSNm4DH2uxD0NPTE21QDPF6GvJ/sa+RJD0qImZuXkfo8ys0oLx4W5FjVFt
76bLPcIB5Jh2uZPnCl6AAOlmA/CtoOHv78P6RoONwdOOuJWBa4XyeiaZ/czdLTuj
kb7a1Gv9WUUIIVYFeoecd6Q3R717Unc9QkGsGoDdi3OBOXF6O9ZFvyqyeuHSUMa+
O+9MHlKTmKrMjT2mX4KPBwTeDY4ZMLzWsCiSq490+7I9Sx3o7ARRXl1m+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA8g4onVmUt4gOwdm5SpgPW17EkZMB8GA1UdIwQY
MBaAFBD+aDsdfke3x+2hVQFie3CSCFOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVA1b094MS1SN2ZIN2FGVkFXSjdjSklJVTZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9kZTg0YTAtN2I0Yi00NDVkLWEyMTIt
YzRiZWZiMjU2MjJjLzEvRHlEaWlkV1pTM2lBN0IyYmxLbUE5YlhzU1JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9kZTg0YTAtN2I0Yi00NDVkLWEyMTItYzRiZWZiMjU2MjJj
LzEvRVA1b094MS1SN2ZIN2FGVkFXSjdjSklJVTZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEnl4gMA0G
CSqGSIb3DQEBCwUAA4IBAQBJEitKWnw0bUZdzicsq9fL7wEmd2LWWjFTorrULdyE
qBRHADAcEbY7hJaw6saBD5q44j5vAm8RrtxxSk2Z+pbPWLQ5Yp9xsPZ8GhrMU/vE
pKsSmKpCfuHU5wRuzex6XAAWcXNxSoNczWNGxE+YdKlhEiBIQ1AHAFrbb4Iw/jtE
yXwjW3QFTWcoEv0ChjhTSj40K/XP5xkV3bSBo6ZzEHAHG02EdoiVOi+RfjJMVwmP
4DR8tOKMRZMkw14BcgdaW/5rXd625uIkJ8eoUhLluK4SVZ1uA2dd2wCJl6asSuO9
Pw5pPw2kORSea5sbdhAXCj2CYGLDXSpQx9/uY8LkQhB/
-----END CERTIFICATE-----