Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/JYf2VJpHmRVEzNLa8FSxGlMFrG8.roa
File:                     JYf2VJpHmRVEzNLa8FSxGlMFrG8.roa (raw, json)
Hash identifier:          vdXXIyeKsFvWBG+HbbGuLa5wF5IPhtyQO7wpuZX4h1s=
Subject key identifier:   25:87:F6:54:9A:47:99:15:44:CC:D2:DA:F0:54:B1:1A:53:05:AC:6F
Certificate issuer:       /CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
Certificate serial:       019DD098C8EA398B56978ED01B869AD83761
Authority key identifier: 62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/JYf2VJpHmRVEzNLa8FSxGlMFrG8.roa
Signing time:             Mon 27 Apr 2026 20:19:27 +0000
ROA not before:           Mon 27 Apr 2026 20:19:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207461
IP address blocks:        132.243.66.0/24 maxlen: 24
                          132.243.67.0/24 maxlen: 24
                          132.243.72.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d0:98:c8:ea:39:8b:56:97:8e:d0:1b:86:9a:d8:37:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
        Validity
            Not Before: Apr 27 20:19:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2587f6549a47991544ccd2daf054b11a5305ac6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:ae:a4:1d:41:d4:ea:96:ef:5f:30:07:7d:3d:
                    b4:aa:c0:3e:f0:fa:8f:5b:f2:ec:42:df:8b:f9:64:
                    fe:e3:94:a4:e5:52:bf:39:3b:bf:af:bc:ae:85:ae:
                    9f:e4:cb:82:49:25:3c:da:2d:1c:5f:95:a9:47:51:
                    80:ba:ff:84:13:c7:c1:07:f0:b0:ca:97:13:aa:45:
                    ea:5b:20:0c:be:f0:2a:15:d3:92:79:df:d3:27:16:
                    8a:99:4b:f8:a2:59:6b:94:4e:ab:bd:3a:ee:87:8d:
                    a8:55:41:0b:a5:53:e8:af:88:ad:5d:17:40:4a:6b:
                    78:67:32:47:11:b2:32:37:fb:e2:35:47:41:00:16:
                    6b:61:05:3a:dc:70:5b:5e:59:79:75:81:a9:a1:11:
                    be:db:87:ec:31:a3:57:26:30:9d:c6:72:f5:aa:b2:
                    d6:4e:6a:c8:bb:06:f5:f6:4c:75:fc:18:1a:1b:13:
                    37:76:d6:f7:91:61:9b:7f:fc:65:c2:13:35:d5:d4:
                    d6:d1:1d:56:41:f7:e1:3e:2c:30:9d:4a:1e:ab:8e:
                    95:e2:5b:a4:f0:19:0c:43:e3:39:f7:5d:4b:f1:b1:
                    c8:2b:08:1b:56:08:69:41:10:c2:84:37:b8:b5:29:
                    f1:9f:fc:6d:b8:14:82:2c:c8:4a:a3:df:f5:51:7a:
                    52:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:87:F6:54:9A:47:99:15:44:CC:D2:DA:F0:54:B1:1A:53:05:AC:6F
            X509v3 Authority Key Identifier:
                keyid:62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/JYf2VJpHmRVEzNLa8FSxGlMFrG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.243.66.0/23
                  132.243.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:f9:2d:3a:2e:17:e2:30:fb:31:d0:a5:cf:e7:c2:a3:f9:22:
         d9:59:f7:6f:2b:46:53:af:79:ba:d6:dc:34:dd:3f:19:b6:d4:
         ba:43:cc:bf:75:fc:69:04:b7:25:51:02:44:63:35:6f:ae:e5:
         a9:6b:08:fb:b4:de:ae:3b:53:85:86:22:2f:f1:64:7f:01:df:
         1f:e6:45:49:2e:ef:e0:2c:5e:20:5b:b7:39:a8:7e:ba:60:1b:
         35:2e:d6:a0:77:f3:21:76:cb:a0:7f:2d:18:36:e8:df:a9:be:
         85:70:ef:23:45:0b:97:20:cb:9d:9c:9d:f3:cd:1d:92:f1:c8:
         e2:cd:00:5b:e2:f9:bf:ac:27:fd:51:06:ca:94:f8:d0:5b:db:
         e8:47:d2:b2:b6:05:25:69:f3:f2:67:c8:2f:af:75:6b:dc:fd:
         2b:cf:93:df:08:8d:44:51:97:96:d9:4a:ac:70:5c:1e:c4:a1:
         01:10:97:19:9f:9e:4b:3c:71:46:e4:ec:f8:7d:b8:4e:2c:76:
         c0:49:e7:03:76:00:98:bb:8b:02:4b:ef:46:59:70:ac:c1:a0:
         ab:64:f3:06:34:75:44:2f:6a:36:af:b4:b2:2c:5c:85:13:d0:
         d2:88:67:61:fc:f7:1d:a1:02:41:ba:86:d5:65:db:57:a9:b5:
         15:2e:23:32
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3QmMjqOYtWl47QG4aa2DdhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYTE1Y2M4ODY1OWY1NzhjYzE1OWM1MmIzYTdlOWVjNTgx
OWZiMjAwHhcNMjYwNDI3MjAxOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTg3ZjY1NDlhNDc5OTE1NDRjY2QyZGFmMDU0YjExYTUzMDVhYzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2q6kHUHU6pbvXzAHfT20qsA+8PqP
W/LsQt+L+WT+45Sk5VK/OTu/r7yuha6f5MuCSSU82i0cX5WpR1GAuv+EE8fBB/Cw
ypcTqkXqWyAMvvAqFdOSed/TJxaKmUv4ollrlE6rvTruh42oVUELpVPor4itXRdA
Smt4ZzJHEbIyN/viNUdBABZrYQU63HBbXll5dYGpoRG+24fsMaNXJjCdxnL1qrLW
TmrIuwb19kx1/BgaGxM3dtb3kWGbf/xlwhM11dTW0R1WQffhPiwwnUoeq46V4luk
8BkMQ+M5911L8bHIKwgbVghpQRDChDe4tSnxn/xtuBSCLMhKo9/1UXpSBwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCWH9lSaR5kVRMzS2vBUsRpTBaxvMB8GA1UdIwQY
MBaAFGKhXMiGWfV4zBWcUrOn6exYGfsgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAt
NDI2OWI1NmJmN2Q0LzEvSllmMlZKcEhtUlZFek5MYThGU3hHbE1Gckc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAtNDI2OWI1NmJmN2Q0
LzEvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBhPNCAwQC
hPNIMA0GCSqGSIb3DQEBCwUAA4IBAQBb+S06LhfiMPsx0KXP58Kj+SLZWfdvK0ZT
r3m61tw03T8ZttS6Q8y/dfxpBLclUQJEYzVvruWpawj7tN6uO1OFhiIv8WR/Ad8f
5kVJLu/gLF4gW7c5qH66YBs1Ltagd/Mhdsugfy0YNujfqb6FcO8jRQuXIMudnJ3z
zR2S8cjizQBb4vm/rCf9UQbKlPjQW9voR9KytgUlafPyZ8gvr3Vr3P0rz5PfCI1E
UZeW2UqscFwexKEBEJcZn55LPHFG5Oz4fbhOLHbASecDdgCYu4sCS+9GWXCswaCr
ZPMGNHVEL2o2r7SyLFyFE9DSiGdh/PcdoQJBuobVZdtXqbUVLiMy
-----END CERTIFICATE-----