Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Ky8s4Lu3M8j3F784s3VxKx1e75k.roa
File:                     Ky8s4Lu3M8j3F784s3VxKx1e75k.roa (raw, json)
Hash identifier:          9Gc23uMOAcwKEfyzeLAFLWHetYWPfkRMND3EMrVpfX0=
Subject key identifier:   2B:2F:2C:E0:BB:B7:33:C8:F7:17:BF:38:B3:75:71:2B:1D:5E:EF:99
Certificate issuer:       /CN=1a4dc22595fc1f588fbc4dde07c1c394998f33a7
Certificate serial:       019DBAF980CDB0480D2372A8F7FC2FF64C1E
Authority key identifier: 1A:4D:C2:25:95:FC:1F:58:8F:BC:4D:DE:07:C1:C3:94:99:8F:33:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Ky8s4Lu3M8j3F784s3VxKx1e75k.roa
Signing time:             Thu 23 Apr 2026 15:33:26 +0000
ROA not before:           Thu 23 Apr 2026 15:33:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198410
IP address blocks:        153.56.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ba:f9:80:cd:b0:48:0d:23:72:a8:f7:fc:2f:f6:4c:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a4dc22595fc1f588fbc4dde07c1c394998f33a7
        Validity
            Not Before: Apr 23 15:33:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2b2f2ce0bbb733c8f717bf38b375712b1d5eef99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:a4:67:20:32:af:1e:27:41:7e:b8:7c:81:58:
                    69:37:e5:63:d8:10:0c:13:b1:18:97:ce:2e:ed:97:
                    20:1a:b8:91:af:ec:f6:28:56:2b:a3:a6:10:bf:5c:
                    72:68:2c:16:6d:a4:e6:f8:c4:c3:ab:25:2f:af:d9:
                    90:dc:29:25:6b:d7:55:99:7e:d1:91:a9:98:f6:a6:
                    71:01:3e:10:5f:e9:a6:7c:d3:57:22:9a:ab:42:e8:
                    6d:9b:7d:3e:7e:d6:15:29:b7:b3:1a:27:ee:bf:24:
                    96:8c:75:6f:4a:15:a6:10:56:11:3e:8c:80:35:5d:
                    66:74:de:ad:de:e6:ef:91:38:2e:5c:6e:12:3a:66:
                    5e:4f:f6:81:1c:8d:e3:17:e4:58:74:37:c9:a9:5b:
                    ac:fc:62:e1:ee:d3:4c:43:65:a9:0a:c2:7c:cb:b8:
                    1e:af:cd:0d:ff:ed:b6:87:23:9b:f9:be:97:c0:bf:
                    6d:cf:40:96:0c:d3:24:c5:88:30:21:14:c0:f1:5e:
                    97:32:ea:e3:b3:00:02:f9:24:83:16:44:ff:39:79:
                    a3:f3:7d:02:92:19:c9:16:e3:92:63:c1:22:a7:6c:
                    8b:20:1b:8c:7c:b5:71:b1:95:49:b3:a9:b0:4d:db:
                    79:27:b4:bd:3d:08:c2:97:7c:b4:e9:ae:d1:ce:8c:
                    67:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:2F:2C:E0:BB:B7:33:C8:F7:17:BF:38:B3:75:71:2B:1D:5E:EF:99
            X509v3 Authority Key Identifier:
                keyid:1A:4D:C2:25:95:FC:1F:58:8F:BC:4D:DE:07:C1:C3:94:99:8F:33:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Ky8s4Lu3M8j3F784s3VxKx1e75k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.56.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:49:a0:5f:89:53:cf:51:a6:fd:f8:6e:46:1c:ed:fa:ac:fc:
         2a:6c:0d:a4:bb:43:1b:6d:1e:51:04:99:b6:61:06:ac:2b:08:
         3b:48:4a:18:73:ee:70:96:0b:5c:77:b1:d1:e0:6d:59:e5:f2:
         ec:bf:2e:37:e8:26:1a:26:51:98:1f:f6:65:7b:8c:bf:50:59:
         65:c8:d4:20:bd:45:45:51:8f:bb:65:f2:1e:c7:fa:09:f8:ba:
         f6:81:86:5f:3c:fd:64:46:ef:c2:ec:43:0a:61:80:bf:82:ba:
         7e:f0:3f:10:1b:e4:cc:52:1f:ea:09:8c:0f:1b:d7:de:9b:4b:
         81:dd:da:35:74:5f:c3:0f:30:a3:b4:66:be:59:5c:96:ae:a8:
         12:d1:1d:fb:d4:b6:38:8f:10:24:5a:94:8f:4b:d7:ea:7f:84:
         b0:9b:eb:18:07:3f:cf:da:0f:f3:5b:88:15:a5:8f:c8:94:51:
         2d:28:b4:c7:6a:5d:92:8a:d7:45:fc:33:52:81:8d:7b:ed:24:
         72:c5:7c:b5:8e:eb:ed:6e:ee:de:ff:05:8c:e7:12:0d:44:c8:
         6c:7f:0f:59:4a:c8:b8:0a:db:ac:c0:73:0c:66:7c:10:06:ac:
         07:dc:61:2d:29:6e:da:d5:87:fb:68:66:4d:ce:83:9a:e2:b1:
         66:09:25:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ26+YDNsEgNI3Ko9/wv9kweMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNGRjMjI1OTVmYzFmNTg4ZmJjNGRkZTA3YzFjMzk0OTk4
ZjMzYTcwHhcNMjYwNDIzMTUzMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjJmMmNlMGJiYjczM2M4ZjcxN2JmMzhiMzc1NzEyYjFkNWVlZjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6RnIDKvHidBfrh8gVhpN+Vj2BAM
E7EYl84u7ZcgGriRr+z2KFYro6YQv1xyaCwWbaTm+MTDqyUvr9mQ3Ckla9dVmX7R
kamY9qZxAT4QX+mmfNNXIpqrQuhtm30+ftYVKbezGifuvySWjHVvShWmEFYRPoyA
NV1mdN6t3ubvkTguXG4SOmZeT/aBHI3jF+RYdDfJqVus/GLh7tNMQ2WpCsJ8y7ge
r80N/+22hyOb+b6XwL9tz0CWDNMkxYgwIRTA8V6XMurjswAC+SSDFkT/OXmj830C
khnJFuOSY8Eip2yLIBuMfLVxsZVJs6mwTdt5J7S9PQjCl3y06a7RzoxnYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCsvLOC7tzPI9xe/OLN1cSsdXu+ZMB8GA1UdIwQY
MBaAFBpNwiWV/B9Yj7xN3gfBw5SZjzOnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2szQ0paWDhIMWlQdkUzZUI4SERsSm1QTTZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8wZjEyZjItOGEyYi00MzQ2LWI2YjYt
MmI3OGIxOWI1YTg3LzEvS3k4czRMdTNNOGozRjc4NHMzVnhLeDFlNzVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8wZjEyZjItOGEyYi00MzQ2LWI2YjYtMmI3OGIxOWI1YTg3
LzEvR2szQ0paWDhIMWlQdkUzZUI4SERsSm1QTTZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmTiDMA0G
CSqGSIb3DQEBCwUAA4IBAQA/SaBfiVPPUab9+G5GHO36rPwqbA2ku0MbbR5RBJm2
YQasKwg7SEoYc+5wlgtcd7HR4G1Z5fLsvy436CYaJlGYH/Zle4y/UFllyNQgvUVF
UY+7ZfIex/oJ+Lr2gYZfPP1kRu/C7EMKYYC/grp+8D8QG+TMUh/qCYwPG9fem0uB
3do1dF/DDzCjtGa+WVyWrqgS0R371LY4jxAkWpSPS9fqf4Swm+sYBz/P2g/zW4gV
pY/IlFEtKLTHal2SitdF/DNSgY177SRyxXy1juvtbu7e/wWM5xINRMhsfw9ZSsi4
CtuswHMMZnwQBqwH3GEtKW7a1Yf7aGZNzoOa4rFmCSVN
-----END CERTIFICATE-----