Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/Y6RzVEbNuSJFZDnPKE-dNo9qBTk.roa
File:                     Y6RzVEbNuSJFZDnPKE-dNo9qBTk.roa (raw, json)
Hash identifier:          /QlKU5isyFeroSYNudLnY2VR5IH9Gv3a1HxxhjO2OQQ=
Subject key identifier:   63:A4:73:54:46:CD:B9:22:45:64:39:CF:28:4F:9D:36:8F:6A:05:39
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       01982DD70F861507EF020B99E5A1F954D2E0
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/Y6RzVEbNuSJFZDnPKE-dNo9qBTk.roa
Signing time:             Mon 21 Jul 2025 16:35:25 +0000
ROA not before:           Mon 21 Jul 2025 16:35:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137235
IP address blocks:        212.100.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 19:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2d:d7:0f:86:15:07:ef:02:0b:99:e5:a1:f9:54:d2:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: Jul 21 16:35:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63a4735446cdb922456439cf284f9d368f6a0539
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:c8:a1:da:dc:3f:42:e9:98:3d:32:22:c3:53:
                    28:d4:5e:6d:2d:a8:a4:35:3d:fe:d8:01:85:60:0f:
                    05:8c:af:73:b8:e6:37:11:a6:61:a4:c1:b6:70:e8:
                    fd:44:b0:d6:b0:67:c6:d6:68:c5:26:1f:00:af:47:
                    2b:5e:4b:d9:d1:3f:89:77:e6:02:d4:0e:41:e6:07:
                    ce:85:51:fb:f2:2d:48:04:d1:d8:03:30:b8:5f:41:
                    48:d1:ac:80:01:6a:77:ef:1d:12:6b:57:33:f7:d9:
                    49:2c:87:41:6c:bc:83:bf:bb:e4:cf:58:77:e0:31:
                    ae:05:b2:f0:cd:91:e3:6d:39:20:2f:0d:1e:1a:3e:
                    76:2f:63:3c:52:e0:08:f4:64:0c:c8:f5:8b:26:7b:
                    96:13:08:c1:53:2d:69:da:4b:35:3d:ec:4c:8f:fa:
                    72:ce:f2:6c:2e:06:79:42:91:ab:f5:82:f1:67:f6:
                    2b:5c:a2:31:85:1a:d5:1d:b0:8e:b5:1b:8b:94:e7:
                    0d:89:c5:4e:a8:4d:10:e7:51:48:b0:62:cf:9d:ab:
                    00:5d:4c:6a:ae:82:0d:70:ee:b0:53:fe:f8:ca:ca:
                    aa:3a:04:52:9e:52:cc:ca:10:65:95:bb:7c:cc:94:
                    95:ef:3a:b2:fa:76:66:f4:73:3b:6d:c7:1c:df:ce:
                    ba:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:A4:73:54:46:CD:B9:22:45:64:39:CF:28:4F:9D:36:8F:6A:05:39
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/Y6RzVEbNuSJFZDnPKE-dNo9qBTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:94:4e:08:1d:05:ce:b3:92:0f:05:87:42:50:bc:98:a6:6e:
         1f:33:13:be:37:74:1a:56:3f:93:a5:b0:80:e7:db:1b:e2:df:
         e2:d7:7b:55:00:e4:05:74:1b:32:9b:ed:0e:46:ef:e1:30:a3:
         4c:4a:73:0d:3f:96:7f:5c:68:96:c2:ca:26:f8:b2:fc:49:24:
         09:04:fb:23:90:bb:81:c6:32:56:55:fa:18:20:89:92:74:cc:
         ea:17:63:93:64:10:38:c8:96:9c:de:ed:cd:f8:4c:6c:29:93:
         3c:ed:4a:86:e1:ff:29:2a:08:95:48:ff:df:69:29:1e:72:e9:
         32:77:b6:cd:17:f7:35:3e:39:28:1b:4c:61:fb:5c:48:aa:3d:
         b5:0d:5c:84:7b:d2:7f:53:c7:31:c2:82:f2:bd:d1:6e:69:0f:
         58:8b:bd:8f:18:99:a5:c4:ac:4d:30:c0:b6:93:70:01:89:0e:
         d1:b6:65:a9:1a:67:48:d2:70:85:a4:26:46:18:1b:1c:da:68:
         b6:33:65:a3:ce:80:38:35:06:79:2c:90:64:a1:a0:3c:72:fd:
         af:e6:a7:40:40:87:7c:4c:68:6c:42:08:23:18:7b:39:57:c5:
         f8:e7:c2:ae:eb:5e:39:ce:d5:eb:f7:81:58:90:54:39:08:27:
         a3:b0:f7:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgt1w+GFQfvAguZ5aH5VNLgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjUwNzIxMTYzNTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2E0NzM1NDQ2Y2RiOTIyNDU2NDM5Y2YyODRmOWQzNjhmNmEwNTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8ih2tw/QumYPTIiw1Mo1F5tLaik
NT3+2AGFYA8FjK9zuOY3EaZhpMG2cOj9RLDWsGfG1mjFJh8Ar0crXkvZ0T+Jd+YC
1A5B5gfOhVH78i1IBNHYAzC4X0FI0ayAAWp37x0Sa1cz99lJLIdBbLyDv7vkz1h3
4DGuBbLwzZHjbTkgLw0eGj52L2M8UuAI9GQMyPWLJnuWEwjBUy1p2ks1PexMj/py
zvJsLgZ5QpGr9YLxZ/YrXKIxhRrVHbCOtRuLlOcNicVOqE0Q51FIsGLPnasAXUxq
roINcO6wU/74ysqqOgRSnlLMyhBllbt8zJSV7zqy+nZm9HM7bccc38663wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGOkc1RGzbkiRWQ5zyhPnTaPagU5MB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvWTZSelZFYk51U0pGWkRuUEtFLWRObzlxQlRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQtNGFiOWU4YWEzMjYy
LzEvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GSqMA0G
CSqGSIb3DQEBCwUAA4IBAQCDlE4IHQXOs5IPBYdCULyYpm4fMxO+N3QaVj+TpbCA
59sb4t/i13tVAOQFdBsym+0ORu/hMKNMSnMNP5Z/XGiWwsom+LL8SSQJBPsjkLuB
xjJWVfoYIImSdMzqF2OTZBA4yJac3u3N+ExsKZM87UqG4f8pKgiVSP/faSkecuky
d7bNF/c1PjkoG0xh+1xIqj21DVyEe9J/U8cxwoLyvdFuaQ9Yi72PGJmlxKxNMMC2
k3ABiQ7RtmWpGmdI0nCFpCZGGBsc2mi2M2WjzoA4NQZ5LJBkoaA8cv2v5qdAQId8
TGhsQggjGHs5V8X458Ku6145ztXr94FYkFQ5CCejsPcs
-----END CERTIFICATE-----