Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/ab55ce-75ff-439b-bcb5-dda350b11f02/1/YKi780qn6FW-vZj0d6XHQOHrqbQ.roa
File:                     YKi780qn6FW-vZj0d6XHQOHrqbQ.roa (raw, json)
Hash identifier:          rMq2q15Snxkciksk+EVkOAWKgQLfpaX7NQt2oMI5MCA=
Subject key identifier:   60:A8:BB:F3:4A:A7:E8:55:BE:BD:98:F4:77:A5:C7:40:E1:EB:A9:B4
Certificate issuer:       /CN=c53f4388aadf0ae4ff5ee7bd37263c9f1e8467c7
Certificate serial:       019DFC3FCA27FB5B1E497A895F9996CD3BA5
Authority key identifier: C5:3F:43:88:AA:DF:0A:E4:FF:5E:E7:BD:37:26:3C:9F:1E:84:67:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xT9DiKrfCuT_Xue9NyY8nx6EZ8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/ab55ce-75ff-439b-bcb5-dda350b11f02/1/YKi780qn6FW-vZj0d6XHQOHrqbQ.roa
Signing time:             Wed 06 May 2026 07:45:32 +0000
ROA not before:           Wed 06 May 2026 07:45:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1299
IP address blocks:        176.226.0.0/18 maxlen: 24
                          176.226.64.0/18 maxlen: 24
                          2a0a:f641::/33 maxlen: 48
                          2a0a:f641:8000::/33 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/ab55ce-75ff-439b-bcb5-dda350b11f02/1/xT9DiKrfCuT_Xue9NyY8nx6EZ8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/ab55ce-75ff-439b-bcb5-dda350b11f02/1/xT9DiKrfCuT_Xue9NyY8nx6EZ8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xT9DiKrfCuT_Xue9NyY8nx6EZ8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 01:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fc:3f:ca:27:fb:5b:1e:49:7a:89:5f:99:96:cd:3b:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c53f4388aadf0ae4ff5ee7bd37263c9f1e8467c7
        Validity
            Not Before: May  6 07:45:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=60a8bbf34aa7e855bebd98f477a5c740e1eba9b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:64:28:2b:1a:9e:a7:8c:ef:5b:16:db:ce:80:
                    52:27:95:02:7f:a4:20:c0:27:66:7d:0e:7c:88:8e:
                    20:e4:fc:7b:cd:37:ef:55:5f:cc:e7:84:29:23:14:
                    85:51:79:db:da:81:f7:5e:c3:ec:bf:e4:42:1f:94:
                    53:14:3d:ae:0a:2d:ca:93:59:12:69:0d:af:e8:ab:
                    2f:33:4d:74:3c:14:e1:33:4f:ce:73:02:8d:86:a9:
                    5d:5c:4f:dd:9e:e4:6c:1e:d7:38:2b:05:f3:4f:f2:
                    f3:92:86:45:ca:5e:da:68:12:37:49:a6:2b:09:82:
                    35:9c:23:ca:19:58:49:5c:ca:06:72:4d:1d:b6:6b:
                    9f:fb:63:b9:4d:df:aa:0c:2f:b5:12:a6:06:c2:e9:
                    f7:b2:d8:c2:dc:c8:2b:67:06:f8:e3:0a:84:e1:5e:
                    5d:57:ff:aa:e6:74:63:bc:0b:a1:57:e2:03:88:c6:
                    2d:1f:d0:22:0f:1e:72:9b:3f:3b:66:3e:71:af:35:
                    b2:5e:b4:cd:a0:9b:a7:e3:a7:6c:06:6f:fb:68:39:
                    bf:f6:95:8c:27:22:32:c0:32:20:8b:b3:08:b9:9f:
                    47:80:c6:94:cb:3f:cd:68:a3:85:96:6f:04:24:af:
                    06:6d:47:5a:4c:af:71:57:4b:2a:97:51:1c:d3:7e:
                    c8:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:A8:BB:F3:4A:A7:E8:55:BE:BD:98:F4:77:A5:C7:40:E1:EB:A9:B4
            X509v3 Authority Key Identifier:
                keyid:C5:3F:43:88:AA:DF:0A:E4:FF:5E:E7:BD:37:26:3C:9F:1E:84:67:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xT9DiKrfCuT_Xue9NyY8nx6EZ8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/ab55ce-75ff-439b-bcb5-dda350b11f02/1/YKi780qn6FW-vZj0d6XHQOHrqbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/ab55ce-75ff-439b-bcb5-dda350b11f02/1/xT9DiKrfCuT_Xue9NyY8nx6EZ8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.226.0.0/17
                IPv6:
                  2a0a:f641::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:6b:6c:a5:2a:19:09:1c:a5:6f:ba:ac:73:a4:05:de:ec:59:
         8a:07:5b:f8:7d:81:5f:70:f8:cd:fc:9b:76:01:e2:5d:3f:d0:
         35:73:bc:cb:09:08:fc:00:3a:3e:6b:9c:78:7e:68:55:ab:14:
         be:cd:e2:44:64:56:43:54:41:5d:e9:53:fd:c0:ed:30:17:b9:
         f7:c1:3a:e4:a3:30:9a:68:22:9c:22:51:fb:fb:3b:fa:54:fc:
         f6:2c:13:e1:20:69:88:52:0e:38:3a:de:20:8b:7f:d1:9e:8a:
         47:4d:50:6a:72:87:1d:eb:4b:4f:6d:a8:a1:72:41:3d:2b:ad:
         1d:fb:1c:2f:5c:b9:c1:a3:28:9d:f1:55:dd:42:28:1b:ef:e7:
         41:b6:4a:43:b2:de:a5:0a:a7:25:3f:13:f6:2f:cb:c1:94:72:
         3e:01:16:af:e8:f8:ca:3e:82:08:ff:52:8a:f2:a2:81:56:e8:
         e3:fd:c7:c0:22:59:40:a4:97:e3:6f:06:1e:c4:6f:c1:f7:fc:
         c0:4c:09:f3:8f:a5:b1:d4:55:47:bb:4d:f7:8c:fb:49:53:76:
         1d:6f:7c:fc:88:84:f4:89:46:d1:a8:9e:6d:f3:c9:3f:2d:9f:
         ee:b1:c2:c2:62:ed:81:19:a1:0c:00:78:13:50:7b:67:44:65:
         f3:c9:9a:7d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ38P8on+1seSXqJX5mWzTulMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1M2Y0Mzg4YWFkZjBhZTRmZjVlZTdiZDM3MjYzYzlmMWU4
NDY3YzcwHhcNMjYwNTA2MDc0NTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGE4YmJmMzRhYTdlODU1YmViZDk4ZjQ3N2E1Yzc0MGUxZWJhOWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWQoKxqep4zvWxbbzoBSJ5UCf6Qg
wCdmfQ58iI4g5Px7zTfvVV/M54QpIxSFUXnb2oH3XsPsv+RCH5RTFD2uCi3Kk1kS
aQ2v6KsvM010PBThM0/OcwKNhqldXE/dnuRsHtc4KwXzT/LzkoZFyl7aaBI3SaYr
CYI1nCPKGVhJXMoGck0dtmuf+2O5Td+qDC+1EqYGwun3stjC3MgrZwb44wqE4V5d
V/+q5nRjvAuhV+IDiMYtH9AiDx5ymz87Zj5xrzWyXrTNoJun46dsBm/7aDm/9pWM
JyIywDIgi7MIuZ9HgMaUyz/NaKOFlm8EJK8GbUdaTK9xV0sql1Ec037ImwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGCou/NKp+hVvr2Y9Helx0Dh66m0MB8GA1UdIwQY
MBaAFMU/Q4iq3wrk/17nvTcmPJ8ehGfHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFQ5RGlLcmZDdVRfWHVlOU55WThueDZFWjhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9hYjU1Y2UtNzVmZi00MzliLWJjYjUt
ZGRhMzUwYjExZjAyLzEvWUtpNzgwcW42RlctdlpqMGQ2WEhRT0hycWJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9hYjU1Y2UtNzVmZi00MzliLWJjYjUtZGRhMzUwYjExZjAy
LzEveFQ5RGlLcmZDdVRfWHVlOU55WThueDZFWjhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQHsOIAMA0E
AgACMAcDBQAqCvZBMA0GCSqGSIb3DQEBCwUAA4IBAQBra2ylKhkJHKVvuqxzpAXe
7FmKB1v4fYFfcPjN/Jt2AeJdP9A1c7zLCQj8ADo+a5x4fmhVqxS+zeJEZFZDVEFd
6VP9wO0wF7n3wTrkozCaaCKcIlH7+zv6VPz2LBPhIGmIUg44Ot4gi3/RnopHTVBq
cocd60tPbaihckE9K60d+xwvXLnBoyid8VXdQigb7+dBtkpDst6lCqclPxP2L8vB
lHI+ARav6PjKPoII/1KK8qKBVujj/cfAIllApJfjbwYexG/B9/zATAnzj6Wx1FVH
u033jPtJU3Ydb3z8iIT0iUbRqJ5t88k/LZ/uscLCYu2BGaEMAHgTUHtnRGXzyZp9
-----END CERTIFICATE-----