Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/f4b733-29ad-4d56-b9d2-5d48bcd7c1dc/1/ReFkwY7yC_OqL_QtCLEERfe4ZYU.roa
File:                     ReFkwY7yC_OqL_QtCLEERfe4ZYU.roa (raw, json)
Hash identifier:          Uu5Ab9ANIRps6JfvpwU04cQY7DufU/VQnwBZqhMdO3Q=
Subject key identifier:   45:E1:64:C1:8E:F2:0B:F3:AA:2F:F4:2D:08:B1:04:45:F7:B8:65:85
Certificate issuer:       /CN=666034ca6a16bbd0144abdf5cf2458f968b1589c
Certificate serial:       019DF911E28AE56222EF423DFAE02CEED24E
Authority key identifier: 66:60:34:CA:6A:16:BB:D0:14:4A:BD:F5:CF:24:58:F9:68:B1:58:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZmA0ymoWu9AUSr31zyRY-WixWJw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/f4b733-29ad-4d56-b9d2-5d48bcd7c1dc/1/ReFkwY7yC_OqL_QtCLEERfe4ZYU.roa
Signing time:             Tue 05 May 2026 16:56:32 +0000
ROA not before:           Tue 05 May 2026 16:56:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206977
IP address blocks:        37.61.64.0/22 maxlen: 22
                          37.61.64.0/24 maxlen: 24
                          37.61.65.0/24 maxlen: 24
                          37.61.66.0/24 maxlen: 24
                          37.61.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/f4b733-29ad-4d56-b9d2-5d48bcd7c1dc/1/ZmA0ymoWu9AUSr31zyRY-WixWJw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/f4b733-29ad-4d56-b9d2-5d48bcd7c1dc/1/ZmA0ymoWu9AUSr31zyRY-WixWJw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZmA0ymoWu9AUSr31zyRY-WixWJw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f9:11:e2:8a:e5:62:22:ef:42:3d:fa:e0:2c:ee:d2:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=666034ca6a16bbd0144abdf5cf2458f968b1589c
        Validity
            Not Before: May  5 16:56:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=45e164c18ef20bf3aa2ff42d08b10445f7b86585
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:55:68:4a:95:04:b5:3c:bb:5c:b2:fe:a5:42:
                    8f:53:a0:ac:bf:fe:94:eb:53:82:c7:16:7c:8c:4d:
                    8b:30:fb:9f:b3:b5:9f:95:ed:45:0e:e1:af:5e:a3:
                    f8:77:42:0c:3c:c6:3f:30:97:65:94:e7:62:6b:05:
                    58:0e:e4:08:6e:c5:14:7f:00:ac:50:d0:ea:cf:36:
                    92:b3:8b:75:cf:21:30:cd:bf:73:fb:61:71:86:cb:
                    8d:e0:d8:ac:f7:34:b6:13:c7:bd:fc:06:b5:3e:da:
                    25:3b:35:0c:51:12:0e:99:32:36:4f:6c:c0:f2:a4:
                    95:9c:7b:76:0b:33:b1:b9:fd:6a:dd:3e:1c:a3:90:
                    a9:04:40:47:98:f2:54:ed:a6:4a:a0:3a:e3:ec:c5:
                    0c:e2:49:4a:20:54:fa:48:31:cc:b1:b1:f9:cb:b3:
                    d2:47:59:d8:70:c3:1c:31:15:16:ca:77:54:0b:60:
                    33:9c:ec:74:71:94:56:8d:c5:f0:de:d5:fb:5f:1a:
                    91:7d:64:db:d6:40:15:44:b6:24:80:97:9f:e4:3b:
                    84:e0:74:54:2e:88:23:05:71:f2:fc:29:fc:23:a0:
                    65:c5:1d:b8:ff:c2:d3:8e:dd:ef:5f:5a:93:78:20:
                    cb:ee:11:e6:50:a9:25:a3:62:fb:ae:ee:b4:32:30:
                    a5:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:E1:64:C1:8E:F2:0B:F3:AA:2F:F4:2D:08:B1:04:45:F7:B8:65:85
            X509v3 Authority Key Identifier:
                keyid:66:60:34:CA:6A:16:BB:D0:14:4A:BD:F5:CF:24:58:F9:68:B1:58:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZmA0ymoWu9AUSr31zyRY-WixWJw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/f4b733-29ad-4d56-b9d2-5d48bcd7c1dc/1/ReFkwY7yC_OqL_QtCLEERfe4ZYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/f4b733-29ad-4d56-b9d2-5d48bcd7c1dc/1/ZmA0ymoWu9AUSr31zyRY-WixWJw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.61.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:fa:4d:57:3b:7c:61:a6:43:c6:b0:a5:9f:b4:f5:93:fa:3d:
         f4:90:29:b9:da:f6:0a:b8:f4:7d:e5:e6:28:59:dc:f9:b9:91:
         06:3e:36:34:5f:7b:10:fe:37:50:59:3f:7b:98:3f:82:40:0f:
         83:5d:a0:f2:62:49:18:81:4b:4d:af:8a:d9:cc:60:c2:8d:00:
         32:d3:11:eb:2e:b6:e9:06:11:97:39:38:1b:43:c4:b4:27:8f:
         be:0a:da:b8:15:2a:24:8a:d8:9e:b4:d7:98:5a:1d:73:06:34:
         5b:90:85:ee:04:85:ca:ee:0b:dc:79:fb:5d:4e:cb:65:2a:fe:
         01:37:7d:99:64:0a:34:c0:4a:54:25:99:64:cd:37:36:24:8a:
         3b:b2:8e:e3:75:38:e0:49:cc:3d:8f:2e:24:34:70:0b:0e:b2:
         36:27:37:68:2e:4f:d0:dc:b0:89:6b:38:5f:1f:91:17:44:c5:
         86:38:ee:af:54:35:ed:6e:4c:b5:74:b6:75:05:92:2c:94:93:
         2f:1b:4a:3f:a5:81:bc:bd:aa:a2:52:2f:d5:c5:68:13:fd:bc:
         92:6b:f8:7e:94:01:bf:23:f0:9d:83:b8:8f:fb:3b:24:9a:e7:
         cd:56:8b:47:0b:31:09:fb:eb:c6:ff:84:a2:41:f7:03:8a:c8:
         9c:59:50:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ35EeKK5WIi70I9+uAs7tJOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NjAzNGNhNmExNmJiZDAxNDRhYmRmNWNmMjQ1OGY5Njhi
MTU4OWMwHhcNMjYwNTA1MTY1NjMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWUxNjRjMThlZjIwYmYzYWEyZmY0MmQwOGIxMDQ0NWY3Yjg2NTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlVoSpUEtTy7XLL+pUKPU6Csv/6U
61OCxxZ8jE2LMPufs7Wfle1FDuGvXqP4d0IMPMY/MJdllOdiawVYDuQIbsUUfwCs
UNDqzzaSs4t1zyEwzb9z+2FxhsuN4Nis9zS2E8e9/Aa1PtolOzUMURIOmTI2T2zA
8qSVnHt2CzOxuf1q3T4co5CpBEBHmPJU7aZKoDrj7MUM4klKIFT6SDHMsbH5y7PS
R1nYcMMcMRUWyndUC2AznOx0cZRWjcXw3tX7XxqRfWTb1kAVRLYkgJef5DuE4HRU
LogjBXHy/Cn8I6BlxR24/8LTjt3vX1qTeCDL7hHmUKklo2L7ru60MjClJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEXhZMGO8gvzqi/0LQixBEX3uGWFMB8GA1UdIwQY
MBaAFGZgNMpqFrvQFEq99c8kWPlosVicMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm1BMHltb1d1OUFVU3IzMXp5UlktV2l4V0p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9mNGI3MzMtMjlhZC00ZDU2LWI5ZDIt
NWQ0OGJjZDdjMWRjLzEvUmVGa3dZN3lDX09xTF9RdENMRUVSZmU0WllVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9mNGI3MzMtMjlhZC00ZDU2LWI5ZDItNWQ0OGJjZDdjMWRj
LzEvWm1BMHltb1d1OUFVU3IzMXp5UlktV2l4V0p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJT1AMA0G
CSqGSIb3DQEBCwUAA4IBAQCD+k1XO3xhpkPGsKWftPWT+j30kCm52vYKuPR95eYo
Wdz5uZEGPjY0X3sQ/jdQWT97mD+CQA+DXaDyYkkYgUtNr4rZzGDCjQAy0xHrLrbp
BhGXOTgbQ8S0J4++Ctq4FSokitietNeYWh1zBjRbkIXuBIXK7gvceftdTstlKv4B
N32ZZAo0wEpUJZlkzTc2JIo7so7jdTjgScw9jy4kNHALDrI2JzdoLk/Q3LCJazhf
H5EXRMWGOO6vVDXtbky1dLZ1BZIslJMvG0o/pYG8vaqiUi/VxWgT/bySa/h+lAG/
I/Cdg7iP+zskmufNVotHCzEJ++vG/4SiQfcDisicWVBZ
-----END CERTIFICATE-----