Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/635888-6957-4bde-b158-4fe6727e9b25/1/YbvUchYoA_bu09aSOz-6tMAAuU4.roa
File:                     YbvUchYoA_bu09aSOz-6tMAAuU4.roa (raw, json)
Hash identifier:          bjKWT2iklnBdt7HvATs3TG/mYrHaacKRb0DiNP6GNP0=
Subject key identifier:   61:BB:D4:72:16:28:03:F6:EE:D3:D6:92:3B:3F:BA:B4:C0:00:B9:4E
Certificate issuer:       /CN=b0cec1c1799ce61503f908ad8490920fb898942a
Certificate serial:       019D1A5D9C5DB3AD87196AEBB20945AD9AAF
Authority key identifier: B0:CE:C1:C1:79:9C:E6:15:03:F9:08:AD:84:90:92:0F:B8:98:94:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sM7BwXmc5hUD-QithJCSD7iYlCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/635888-6957-4bde-b158-4fe6727e9b25/1/YbvUchYoA_bu09aSOz-6tMAAuU4.roa
Signing time:             Mon 23 Mar 2026 11:03:55 +0000
ROA not before:           Mon 23 Mar 2026 11:03:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211161
IP address blocks:        2a13:5fc0::/32 maxlen: 48
                          2a13:5fc0::1/128 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/635888-6957-4bde-b158-4fe6727e9b25/1/sM7BwXmc5hUD-QithJCSD7iYlCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/635888-6957-4bde-b158-4fe6727e9b25/1/sM7BwXmc5hUD-QithJCSD7iYlCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sM7BwXmc5hUD-QithJCSD7iYlCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 08:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1a:5d:9c:5d:b3:ad:87:19:6a:eb:b2:09:45:ad:9a:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0cec1c1799ce61503f908ad8490920fb898942a
        Validity
            Not Before: Mar 23 11:03:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=61bbd472162803f6eed3d6923b3fbab4c000b94e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:9e:a0:11:50:75:fa:67:47:9c:e2:55:c7:e6:
                    14:e7:0f:43:f2:17:cd:48:28:6e:31:ae:bc:34:ab:
                    71:7c:55:57:56:14:7a:9b:cf:6b:3a:47:e4:7f:db:
                    da:fb:a6:59:44:d0:23:d8:ca:84:90:fc:9d:7f:0e:
                    5a:78:7e:83:0c:84:6f:11:c3:94:01:35:92:23:ba:
                    65:cb:cd:ec:a2:92:aa:4f:7d:2d:de:c1:92:85:7c:
                    84:19:43:fc:72:ff:66:9f:4c:3a:77:ff:a3:65:c3:
                    95:c9:c2:e1:65:57:07:41:cd:29:59:cb:21:17:b8:
                    26:4f:23:51:cd:ae:31:d0:4c:3a:f8:b1:3d:87:d4:
                    71:b2:69:a8:d4:82:96:6f:a8:8e:5b:ee:cb:7b:55:
                    27:20:e4:b3:bc:ce:39:da:3f:f2:cf:34:47:4f:43:
                    b5:e2:27:00:49:93:9f:fd:74:49:40:a6:bd:12:38:
                    6a:2b:b1:1d:dc:33:4b:33:d0:08:71:7a:25:c9:96:
                    02:cc:a5:fd:0d:ff:81:be:05:13:ad:06:59:f7:1c:
                    e4:b3:f4:ec:2b:ba:63:8e:75:2f:ed:76:ef:9f:30:
                    a0:4b:4f:41:98:46:3d:06:2a:bf:2d:ce:91:78:03:
                    09:db:e3:9b:39:1d:52:91:eb:1a:88:fa:6a:37:b3:
                    f0:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:BB:D4:72:16:28:03:F6:EE:D3:D6:92:3B:3F:BA:B4:C0:00:B9:4E
            X509v3 Authority Key Identifier:
                keyid:B0:CE:C1:C1:79:9C:E6:15:03:F9:08:AD:84:90:92:0F:B8:98:94:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sM7BwXmc5hUD-QithJCSD7iYlCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/635888-6957-4bde-b158-4fe6727e9b25/1/YbvUchYoA_bu09aSOz-6tMAAuU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/635888-6957-4bde-b158-4fe6727e9b25/1/sM7BwXmc5hUD-QithJCSD7iYlCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:5fc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         0d:48:0c:fd:39:4e:dd:56:72:27:8a:3d:80:61:94:df:4c:98:
         a3:1d:95:b5:7a:62:dc:67:f1:60:56:74:3d:4f:b1:b9:bf:d9:
         a7:f8:4e:5e:39:72:fb:fd:40:ea:cc:12:1b:59:e0:4d:ce:99:
         45:60:6b:e0:5e:d1:cc:4e:80:ab:8d:52:77:21:b7:e3:b3:4b:
         aa:93:0b:75:1d:96:b8:52:62:46:5b:9c:56:6b:87:60:fa:41:
         cb:2c:73:6c:e5:33:db:52:49:c1:f1:ba:42:b5:24:d5:a9:47:
         e7:1b:5b:7c:19:9b:de:88:11:57:b3:fa:a3:0c:90:09:63:a1:
         5c:bb:c9:35:7e:58:1a:54:11:d9:aa:bb:16:94:17:48:b3:35:
         7f:08:2c:d1:22:f9:46:6e:ee:d0:3b:22:40:99:5e:b4:19:f8:
         ed:dd:0c:d7:40:13:35:9b:00:82:86:58:c2:fb:aa:58:0c:6f:
         12:75:6b:52:63:53:b5:53:a1:3e:d9:69:a2:37:bf:5a:bc:2d:
         a4:8b:66:9c:08:a8:fb:1d:56:c5:3a:ad:9b:e2:ce:5a:a9:c2:
         e2:ba:4a:d1:d4:fb:70:d7:1f:12:e7:34:46:56:88:c6:98:96:
         03:84:64:ce:d4:a5:77:48:52:3c:9f:ce:9d:a6:84:9f:7b:f0:
         d0:41:71:cd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ0aXZxds62HGWrrsglFrZqvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwY2VjMWMxNzk5Y2U2MTUwM2Y5MDhhZDg0OTA5MjBmYjg5
ODk0MmEwHhcNMjYwMzIzMTEwMzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWJiZDQ3MjE2MjgwM2Y2ZWVkM2Q2OTIzYjNmYmFiNGMwMDBiOTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZ6gEVB1+mdHnOJVx+YU5w9D8hfN
SChuMa68NKtxfFVXVhR6m89rOkfkf9va+6ZZRNAj2MqEkPydfw5aeH6DDIRvEcOU
ATWSI7ply83sopKqT30t3sGShXyEGUP8cv9mn0w6d/+jZcOVycLhZVcHQc0pWcsh
F7gmTyNRza4x0Ew6+LE9h9Rxsmmo1IKWb6iOW+7Le1UnIOSzvM452j/yzzRHT0O1
4icASZOf/XRJQKa9EjhqK7Ed3DNLM9AIcXolyZYCzKX9Df+BvgUTrQZZ9xzks/Ts
K7pjjnUv7XbvnzCgS09BmEY9Biq/Lc6ReAMJ2+ObOR1SkesaiPpqN7PwFQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGG71HIWKAP27tPWkjs/urTAALlOMB8GA1UdIwQY
MBaAFLDOwcF5nOYVA/kIrYSQkg+4mJQqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc003QndYbWM1aFVELVFpdGhKQ1NEN2lZbENvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy82MzU4ODgtNjk1Ny00YmRlLWIxNTgt
NGZlNjcyN2U5YjI1LzEvWWJ2VWNoWW9BX2J1MDlhU096LTZ0TUFBdVU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy82MzU4ODgtNjk1Ny00YmRlLWIxNTgtNGZlNjcyN2U5YjI1
LzEvc003QndYbWM1aFVELVFpdGhKQ1NEN2lZbENvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhNfwDAN
BgkqhkiG9w0BAQsFAAOCAQEADUgM/TlO3VZyJ4o9gGGU30yYox2VtXpi3GfxYFZ0
PU+xub/Zp/hOXjly+/1A6swSG1ngTc6ZRWBr4F7RzE6Aq41SdyG347NLqpMLdR2W
uFJiRlucVmuHYPpByyxzbOUz21JJwfG6QrUk1alH5xtbfBmb3ogRV7P6owyQCWOh
XLvJNX5YGlQR2aq7FpQXSLM1fwgs0SL5Rm7u0DsiQJletBn47d0M10ATNZsAgoZY
wvuqWAxvEnVrUmNTtVOhPtlpoje/WrwtpItmnAio+x1WxTqtm+LOWqnC4rpK0dT7
cNcfEuc0RlaIxpiWA4RkztSld0hSPJ/OnaaEn3vw0EFxzQ==
-----END CERTIFICATE-----