Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/YaE-516tO0-vxtzgzUQCVeYa6sM.roa
File:                     YaE-516tO0-vxtzgzUQCVeYa6sM.roa (raw, json)
Hash identifier:          yKU5PrBmHLHt75hheXsS4PIrNLFdDNALNLqvpMN9xYM=
Subject key identifier:   61:A1:3E:E7:5E:AD:3B:4F:AF:C6:DC:E0:CD:44:02:55:E6:1A:EA:C3
Certificate issuer:       /CN=10fe683b1d7e47b7c7eda15501627b70920853a1
Certificate serial:       01988B880AA45C5321416111D37F60A0D82C
Authority key identifier: 10:FE:68:3B:1D:7E:47:B7:C7:ED:A1:55:01:62:7B:70:92:08:53:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/YaE-516tO0-vxtzgzUQCVeYa6sM.roa
Signing time:             Fri 08 Aug 2025 21:13:25 +0000
ROA not before:           Fri 08 Aug 2025 21:13:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        158.94.80.0/20 maxlen: 20
                          158.94.96.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:8b:88:0a:a4:5c:53:21:41:61:11:d3:7f:60:a0:d8:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10fe683b1d7e47b7c7eda15501627b70920853a1
        Validity
            Not Before: Aug  8 21:13:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61a13ee75ead3b4fafc6dce0cd440255e61aeac3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:fc:44:91:17:79:10:f7:97:67:81:3a:3d:53:
                    05:b9:e4:79:64:19:20:67:73:9a:c9:1b:d2:1f:eb:
                    a1:0c:ca:69:62:90:16:6f:ea:c4:82:84:bc:a6:7d:
                    52:c2:39:4c:40:c2:3d:65:ef:0c:99:bf:4d:27:7d:
                    ff:f1:e6:a1:f2:2d:6f:4f:66:55:f5:39:34:b9:b5:
                    c5:e0:cb:ae:c4:c2:08:1a:b9:f6:f5:94:65:d5:b2:
                    40:b3:eb:db:8b:b4:49:cc:73:9b:a5:0f:c7:6f:4d:
                    29:1f:f1:0d:d3:b6:40:8d:17:4a:a2:14:cf:4d:ea:
                    f1:77:5e:c9:18:2c:5c:e6:8f:ae:d8:13:66:57:52:
                    47:cb:4f:cf:81:7e:0f:c7:87:47:7b:c7:0c:39:54:
                    de:af:fe:99:e9:6d:94:0f:48:dc:96:f9:f8:b5:50:
                    2c:93:8b:5d:91:7c:fd:6b:da:72:3b:af:93:d8:9a:
                    c2:de:b9:b9:01:b2:cb:1e:9d:4e:64:3f:b9:90:04:
                    6e:84:11:0a:d0:f7:71:ee:cc:13:c1:72:1a:8c:47:
                    af:e8:4f:22:7b:90:79:9c:64:1a:14:99:d3:e5:9b:
                    17:ae:5b:8f:55:08:b1:90:52:41:32:59:66:ea:93:
                    49:3c:88:f7:d1:ee:c2:c0:30:8b:fc:9a:77:f9:59:
                    db:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:A1:3E:E7:5E:AD:3B:4F:AF:C6:DC:E0:CD:44:02:55:E6:1A:EA:C3
            X509v3 Authority Key Identifier:
                keyid:10:FE:68:3B:1D:7E:47:B7:C7:ED:A1:55:01:62:7B:70:92:08:53:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/YaE-516tO0-vxtzgzUQCVeYa6sM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.94.80.0-158.94.127.255

    Signature Algorithm: sha256WithRSAEncryption
         7e:9a:6f:e7:2f:83:ce:ca:d1:3e:07:5c:42:80:05:85:a4:fc:
         66:48:b6:c8:9f:92:cf:fc:5f:1c:e1:ee:81:09:8d:d0:6d:be:
         b7:04:0f:2d:60:1a:77:a9:bf:5b:c1:a2:ff:20:e7:6e:2b:65:
         5a:d5:07:a9:aa:b6:61:b4:84:e9:2b:58:78:b6:24:9b:26:47:
         66:18:21:d5:50:46:21:83:79:d0:3d:88:88:05:8f:e4:5e:53:
         66:e1:ce:29:d2:d0:a6:32:2f:34:c7:cb:d2:79:58:c9:47:30:
         22:b2:c9:5e:d3:0f:af:6e:f9:ae:76:84:fc:c3:22:e9:14:69:
         39:be:ab:a0:47:f9:15:3f:7e:8a:a8:ef:a2:6a:c7:c2:d4:7a:
         a7:eb:8b:95:21:32:ed:09:4b:1c:21:9d:2d:58:8f:17:8b:ad:
         24:bd:37:c2:1e:c5:93:99:7f:6f:33:35:77:16:e1:eb:17:8c:
         a5:30:e2:46:aa:f9:d6:7a:9d:bc:59:b2:8a:d4:97:4e:10:d6:
         ba:a2:b3:61:bb:ee:32:47:2f:09:bc:d3:13:91:8f:13:92:fe:
         ac:a3:f6:0b:b4:a4:e6:17:13:18:9f:bc:c9:50:c6:88:f0:5a:
         67:76:40:8c:0e:ba:0f:9b:c9:00:35:03:64:84:f7:ad:5b:48:
         a7:19:88:4f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZiLiAqkXFMhQWER039goNgsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwZmU2ODNiMWQ3ZTQ3YjdjN2VkYTE1NTAxNjI3YjcwOTIw
ODUzYTEwHhcNMjUwODA4MjExMzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWExM2VlNzVlYWQzYjRmYWZjNmRjZTBjZDQ0MDI1NWU2MWFlYWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPxEkRd5EPeXZ4E6PVMFueR5ZBkg
Z3OayRvSH+uhDMppYpAWb+rEgoS8pn1SwjlMQMI9Ze8Mmb9NJ33/8eah8i1vT2ZV
9Tk0ubXF4MuuxMIIGrn29ZRl1bJAs+vbi7RJzHObpQ/Hb00pH/EN07ZAjRdKohTP
Terxd17JGCxc5o+u2BNmV1JHy0/PgX4Px4dHe8cMOVTer/6Z6W2UD0jclvn4tVAs
k4tdkXz9a9pyO6+T2JrC3rm5AbLLHp1OZD+5kARuhBEK0Pdx7swTwXIajEev6E8i
e5B5nGQaFJnT5ZsXrluPVQixkFJBMllm6pNJPIj30e7CwDCL/Jp3+VnbrQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGGhPuderTtPr8bc4M1EAlXmGurDMB8GA1UdIwQY
MBaAFBD+aDsdfke3x+2hVQFie3CSCFOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVA1b094MS1SN2ZIN2FGVkFXSjdjSklJVTZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9kZTg0YTAtN2I0Yi00NDVkLWEyMTIt
YzRiZWZiMjU2MjJjLzEvWWFFLTUxNnRPMC12eHR6Z3pVUUNWZVlhNnNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9kZTg0YTAtN2I0Yi00NDVkLWEyMTItYzRiZWZiMjU2MjJj
LzEvRVA1b094MS1SN2ZIN2FGVkFXSjdjSklJVTZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBASeXlAD
BAeeXgAwDQYJKoZIhvcNAQELBQADggEBAH6ab+cvg87K0T4HXEKABYWk/GZItsif
ks/8Xxzh7oEJjdBtvrcEDy1gGnepv1vBov8g524rZVrVB6mqtmG0hOkrWHi2JJsm
R2YYIdVQRiGDedA9iIgFj+ReU2bhzinS0KYyLzTHy9J5WMlHMCKyyV7TD69u+a52
hPzDIukUaTm+q6BH+RU/foqo76Jqx8LUeqfri5UhMu0JSxwhnS1YjxeLrSS9N8Ie
xZOZf28zNXcW4esXjKUw4kaq+dZ6nbxZsorUl04Q1rqis2G77jJHLwm80xORjxOS
/qyj9gu0pOYXExifvMlQxojwWmd2QIwOug+byQA1A2SE961bSKcZiE8=
-----END CERTIFICATE-----