Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/37423c-ebdd-4ea8-814c-333896a00e6f/1/YmZt4lZpU1shOLgdiFA_T_0pQ3I.roa
File:                     YmZt4lZpU1shOLgdiFA_T_0pQ3I.roa (raw, json)
Hash identifier:          8M2UJGawHMzsPICg3lHqbXgWNZSlB+7GA+dfuiGAbhQ=
Subject key identifier:   62:66:6D:E2:56:69:53:5B:21:38:B8:1D:88:50:3F:4F:FD:29:43:72
Certificate issuer:       /CN=8218514aaadfa03846ba1f6d39f1f9e437c63c41
Certificate serial:       019B79EC9C53B6671D39357D37D7CCE5089C
Authority key identifier: 82:18:51:4A:AA:DF:A0:38:46:BA:1F:6D:39:F1:F9:E4:37:C6:3C:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ghhRSqrfoDhGuh9tOfH55DfGPEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/37423c-ebdd-4ea8-814c-333896a00e6f/1/YmZt4lZpU1shOLgdiFA_T_0pQ3I.roa
Signing time:             Thu 01 Jan 2026 14:18:28 +0000
ROA not before:           Thu 01 Jan 2026 14:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198743
IP address blocks:        192.68.51.0/24 maxlen: 24
                          2001:67c:2870::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/37423c-ebdd-4ea8-814c-333896a00e6f/1/ghhRSqrfoDhGuh9tOfH55DfGPEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/37423c-ebdd-4ea8-814c-333896a00e6f/1/ghhRSqrfoDhGuh9tOfH55DfGPEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ghhRSqrfoDhGuh9tOfH55DfGPEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:9c:53:b6:67:1d:39:35:7d:37:d7:cc:e5:08:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8218514aaadfa03846ba1f6d39f1f9e437c63c41
        Validity
            Not Before: Jan  1 14:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=62666de25669535b2138b81d88503f4ffd294372
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:9b:61:44:a4:44:d5:31:6f:e1:88:a6:ae:d9:
                    f6:f6:26:81:88:e6:0d:bd:26:c8:ad:ce:38:62:e6:
                    94:ab:ca:68:8a:9e:dc:ee:38:9a:01:de:91:3c:ba:
                    20:b0:41:87:d7:4d:fa:75:59:ad:f9:ba:f7:39:bb:
                    e9:ca:f7:2d:38:35:98:8b:42:9d:55:80:24:ad:66:
                    36:58:e2:38:33:e2:5d:4d:d9:62:aa:37:44:ec:6b:
                    c2:63:50:b8:1c:c1:02:2e:f3:e5:2a:f2:cc:09:78:
                    54:ea:12:d3:6d:12:fe:82:1e:43:6f:a3:f6:f8:01:
                    8e:ff:7a:33:49:a9:df:02:6c:f7:47:a0:52:47:18:
                    04:ee:f3:56:20:19:f4:a0:4f:fc:d8:00:b0:64:bd:
                    2e:fb:be:71:d0:8d:42:57:43:21:31:0f:72:e8:29:
                    13:06:34:bb:d6:69:39:f4:56:fa:4b:f9:d9:19:de:
                    77:fa:ce:3d:f2:b8:50:dd:e0:a4:b4:73:e2:1b:c6:
                    d5:be:62:3c:88:56:08:ad:66:ca:3b:61:cc:22:7e:
                    c3:0f:e1:2b:f9:95:8a:f7:c3:a8:95:38:fb:21:fe:
                    67:95:a4:4f:83:4e:b8:2a:66:48:ec:8e:59:a6:65:
                    08:51:b6:de:2e:5f:4e:e0:37:58:37:e8:47:56:a3:
                    af:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:66:6D:E2:56:69:53:5B:21:38:B8:1D:88:50:3F:4F:FD:29:43:72
            X509v3 Authority Key Identifier:
                keyid:82:18:51:4A:AA:DF:A0:38:46:BA:1F:6D:39:F1:F9:E4:37:C6:3C:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ghhRSqrfoDhGuh9tOfH55DfGPEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/37423c-ebdd-4ea8-814c-333896a00e6f/1/YmZt4lZpU1shOLgdiFA_T_0pQ3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/37423c-ebdd-4ea8-814c-333896a00e6f/1/ghhRSqrfoDhGuh9tOfH55DfGPEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.68.51.0/24
                IPv6:
                  2001:67c:2870::/48

    Signature Algorithm: sha256WithRSAEncryption
         c9:14:25:32:cb:46:75:94:dd:4c:b8:eb:26:5b:c7:e4:6c:2b:
         f8:8f:63:54:e5:e2:76:40:cb:a4:89:6e:59:37:ba:8a:8d:cc:
         87:9a:eb:86:0a:d7:b7:5e:a7:42:f1:ae:8c:03:4d:10:80:fd:
         ca:f9:5b:22:2a:d3:97:80:22:04:8a:4b:07:26:8b:4c:88:ef:
         43:f7:a7:a6:82:87:17:99:f1:65:15:60:d3:4f:df:71:88:26:
         83:42:ee:49:14:00:1d:82:7f:5b:ea:10:f2:34:e0:aa:de:87:
         2b:df:d8:e1:1e:69:42:cc:04:1f:d0:47:6e:52:64:2b:da:32:
         46:b1:be:85:b6:d7:c9:01:89:3e:c6:1e:8e:2a:7f:2c:c6:63:
         73:2f:b7:bd:af:27:e6:02:8d:28:ef:50:a2:ba:74:c3:cf:4a:
         d0:68:8f:20:62:61:27:bd:e3:6e:43:03:7a:06:f4:08:e1:51:
         e2:40:8f:34:90:ac:59:4a:ca:74:b5:f0:85:88:8d:7c:44:6d:
         fd:8f:47:a5:d3:ac:c9:d6:8e:bf:8e:bb:8f:3b:5b:be:0d:c9:
         cf:ec:29:dd:2b:3c:17:82:e2:cd:29:7a:47:fb:96:17:ee:23:
         0d:4e:b3:f4:21:d0:9e:c1:bf:6e:31:49:0e:1c:97:de:86:72:
         13:3a:ba:95
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt57JxTtmcdOTV9N9fM5QicMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyMTg1MTRhYWFkZmEwMzg0NmJhMWY2ZDM5ZjFmOWU0Mzdj
NjNjNDEwHhcNMjYwMTAxMTQxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjY2NmRlMjU2Njk1MzViMjEzOGI4MWQ4ODUwM2Y0ZmZkMjk0MzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJthRKRE1TFv4Yimrtn29iaBiOYN
vSbIrc44YuaUq8poip7c7jiaAd6RPLogsEGH1036dVmt+br3ObvpyvctODWYi0Kd
VYAkrWY2WOI4M+JdTdliqjdE7GvCY1C4HMECLvPlKvLMCXhU6hLTbRL+gh5Db6P2
+AGO/3ozSanfAmz3R6BSRxgE7vNWIBn0oE/82ACwZL0u+75x0I1CV0MhMQ9y6CkT
BjS71mk59Fb6S/nZGd53+s498rhQ3eCktHPiG8bVvmI8iFYIrWbKO2HMIn7DD+Er
+ZWK98OolTj7If5nlaRPg064KmZI7I5ZpmUIUbbeLl9O4DdYN+hHVqOvmwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGJmbeJWaVNbITi4HYhQP0/9KUNyMB8GA1UdIwQY
MBaAFIIYUUqq36A4RrofbTnx+eQ3xjxBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2hoUlNxcmZvRGhHdWg5dE9mSDU1RGZHUEVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS8zNzQyM2MtZWJkZC00ZWE4LTgxNGMt
MzMzODk2YTAwZTZmLzEvWW1adDRsWnBVMXNoT0xnZGlGQV9UXzBwUTNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS8zNzQyM2MtZWJkZC00ZWE4LTgxNGMtMzMzODk2YTAwZTZm
LzEvZ2hoUlNxcmZvRGhHdWg5dE9mSDU1RGZHUEVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwEQzMA8E
AgACMAkDBwAgAQZ8KHAwDQYJKoZIhvcNAQELBQADggEBAMkUJTLLRnWU3Uy46yZb
x+RsK/iPY1Tl4nZAy6SJblk3uoqNzIea64YK17dep0LxrowDTRCA/cr5WyIq05eA
IgSKSwcmi0yI70P3p6aChxeZ8WUVYNNP33GIJoNC7kkUAB2Cf1vqEPI04Krehyvf
2OEeaULMBB/QR25SZCvaMkaxvoW218kBiT7GHo4qfyzGY3Mvt72vJ+YCjSjvUKK6
dMPPStBojyBiYSe9425DA3oG9AjhUeJAjzSQrFlKynS18IWIjXxEbf2PR6XTrMnW
jr+Ou487W74Nyc/sKd0rPBeC4s0pekf7lhfuIw1Os/Qh0J7Bv24xSQ4cl96GchM6
upU=
-----END CERTIFICATE-----