Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/yk3NAuQ0NoST9PEW0vgb3LGhviE.roa
File:                     yk3NAuQ0NoST9PEW0vgb3LGhviE.roa (raw, json)
Hash identifier:          VQ5a/vSth0KQuphYV4DJB31TjGhP1sRfoX91QXXY+ws=
Subject key identifier:   CA:4D:CD:02:E4:34:36:84:93:F4:F1:16:D2:F8:1B:DC:B1:A1:BE:21
Certificate issuer:       /CN=ebaf0d20f98e3a20550c996d74292688f0d2279d
Certificate serial:       019CCC955D8B0FC33DA35BCBE51AF31388C4
Authority key identifier: EB:AF:0D:20:F9:8E:3A:20:55:0C:99:6D:74:29:26:88:F0:D2:27:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/668NIPmOOiBVDJltdCkmiPDSJ50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/yk3NAuQ0NoST9PEW0vgb3LGhviE.roa
Signing time:             Sun 08 Mar 2026 08:34:26 +0000
ROA not before:           Sun 08 Mar 2026 08:34:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2914
IP address blocks:        64.178.96.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/668NIPmOOiBVDJltdCkmiPDSJ50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Mar 2026 11:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:cc:95:5d:8b:0f:c3:3d:a3:5b:cb:e5:1a:f3:13:88:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebaf0d20f98e3a20550c996d74292688f0d2279d
        Validity
            Not Before: Mar  8 08:34:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca4dcd02e434368493f4f116d2f81bdcb1a1be21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:28:90:66:2d:f3:65:82:c0:ba:5a:bb:0d:e4:
                    68:80:c9:b4:b7:86:d1:07:9f:a0:bd:ce:df:e7:2d:
                    25:12:4f:2e:46:5f:53:c3:a6:31:03:4b:49:a4:98:
                    cf:ca:33:9d:fd:f1:a5:17:bf:69:e1:41:8b:30:1d:
                    ef:98:22:df:e6:8b:c7:42:ea:70:ae:3f:5f:d1:3e:
                    0b:41:6b:52:7e:c1:55:d7:db:a7:81:86:41:05:81:
                    eb:f6:df:10:43:d6:e7:7b:b4:4c:f2:ef:73:d1:07:
                    74:c6:10:88:f6:72:68:13:b7:d1:c1:a5:dc:5a:7a:
                    2d:64:fb:a1:d6:f7:53:cc:32:49:9e:bf:02:71:cd:
                    f8:db:fa:be:ce:ed:21:ae:8e:a5:e6:bd:31:80:18:
                    36:1e:0c:c4:aa:2c:45:f1:9b:ce:4f:82:07:f6:8e:
                    51:e8:44:23:f3:b2:ab:4e:d0:7c:2a:f0:d1:6c:70:
                    ed:2b:13:bd:29:7d:b2:1b:ea:c9:a4:53:ad:b7:7f:
                    cd:51:ff:42:38:14:37:12:3c:bf:1c:58:7e:8a:56:
                    9a:70:7e:5e:90:64:b8:5b:15:9a:26:db:67:0f:c4:
                    97:7d:ac:1a:27:3e:6c:b9:81:7b:f6:fd:c4:90:ae:
                    d9:01:c9:8d:50:a2:1b:1c:96:48:be:6a:f7:75:4d:
                    7b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:4D:CD:02:E4:34:36:84:93:F4:F1:16:D2:F8:1B:DC:B1:A1:BE:21
            X509v3 Authority Key Identifier:
                keyid:EB:AF:0D:20:F9:8E:3A:20:55:0C:99:6D:74:29:26:88:F0:D2:27:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/668NIPmOOiBVDJltdCkmiPDSJ50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/yk3NAuQ0NoST9PEW0vgb3LGhviE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.178.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         42:72:2d:20:f9:4a:12:b8:49:f9:58:ec:ca:ab:5f:6c:72:5e:
         e5:e6:6c:00:54:80:48:d2:74:cf:ba:e4:69:7f:fe:6d:37:ad:
         90:44:8c:c5:48:24:02:23:f7:b8:67:7d:13:22:1b:0f:ea:04:
         9b:0d:15:00:58:47:6b:0b:de:03:ce:3a:7f:de:98:81:de:ba:
         1e:8f:76:e7:04:11:79:57:ec:cd:b3:a8:ee:64:b3:a9:e6:45:
         d5:94:6f:bc:65:8a:9b:7f:83:dc:5f:41:8d:c7:da:a4:9a:e5:
         7d:90:ab:b0:86:83:b2:45:56:bc:65:8c:a2:1b:ae:bf:99:f9:
         ea:98:b8:d1:7e:b5:1b:51:a3:5c:bc:43:7c:1b:ef:1d:12:5f:
         6d:c4:bf:aa:8b:b3:29:48:fd:90:d6:d7:6b:97:da:bd:d5:53:
         69:e4:03:b4:bf:dc:da:9e:b8:41:6d:af:62:5a:37:57:c3:b0:
         f7:9f:3f:91:e7:2b:b5:dd:e1:44:ce:2d:fb:f7:c8:47:c4:8c:
         f8:7f:b9:a8:2f:1c:20:ca:9b:40:34:84:20:3d:fc:12:97:3e:
         ae:af:33:d5:12:06:54:49:8f:e6:ee:f5:32:96:10:0a:0d:da:
         22:fb:de:d0:bd:b5:3f:a0:49:de:ed:05:74:c3:60:4b:aa:5c:
         90:f6:b9:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzMlV2LD8M9o1vL5RrzE4jEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYWYwZDIwZjk4ZTNhMjA1NTBjOTk2ZDc0MjkyNjg4ZjBk
MjI3OWQwHhcNMjYwMzA4MDgzNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTRkY2QwMmU0MzQzNjg0OTNmNGYxMTZkMmY4MWJkY2IxYTFiZTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyyiQZi3zZYLAulq7DeRogMm0t4bR
B5+gvc7f5y0lEk8uRl9Tw6YxA0tJpJjPyjOd/fGlF79p4UGLMB3vmCLf5ovHQupw
rj9f0T4LQWtSfsFV19ungYZBBYHr9t8QQ9bne7RM8u9z0Qd0xhCI9nJoE7fRwaXc
WnotZPuh1vdTzDJJnr8Ccc342/q+zu0hro6l5r0xgBg2HgzEqixF8ZvOT4IH9o5R
6EQj87KrTtB8KvDRbHDtKxO9KX2yG+rJpFOtt3/NUf9COBQ3Ejy/HFh+ilaacH5e
kGS4WxWaJttnD8SXfawaJz5suYF79v3EkK7ZAcmNUKIbHJZIvmr3dU172wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMpNzQLkNDaEk/TxFtL4G9yxob4hMB8GA1UdIwQY
MBaAFOuvDSD5jjogVQyZbXQpJojw0iedMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjY4TklQbU9PaUJWREpsdGRDa21pUERTSjUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9kMGJlMDYtZWY1Zi00NDE4LWFmMWMt
MzIwOTM2Mjg4ZTk1LzEveWszTkF1UTBOb1NUOVBFVzB2Z2IzTEdodmlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9kMGJlMDYtZWY1Zi00NDE4LWFmMWMtMzIwOTM2Mjg4ZTk1
LzEvNjY4TklQbU9PaUJWREpsdGRDa21pUERTSjUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEQLJgMA0G
CSqGSIb3DQEBCwUAA4IBAQBCci0g+UoSuEn5WOzKq19scl7l5mwAVIBI0nTPuuRp
f/5tN62QRIzFSCQCI/e4Z30TIhsP6gSbDRUAWEdrC94Dzjp/3piB3roej3bnBBF5
V+zNs6juZLOp5kXVlG+8ZYqbf4PcX0GNx9qkmuV9kKuwhoOyRVa8ZYyiG66/mfnq
mLjRfrUbUaNcvEN8G+8dEl9txL+qi7MpSP2Q1tdrl9q91VNp5AO0v9zanrhBba9i
WjdXw7D3nz+R5yu13eFEzi3798hHxIz4f7moLxwgyptANIQgPfwSlz6urzPVEgZU
SY/m7vUylhAKDdoi+97QvbU/oEne7QV0w2BLqlyQ9rl2
-----END CERTIFICATE-----