Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/53fbe6-c415-44a1-8311-c86253380779/1/Yz3FCqH3QHthq81f1DJuXfruXjM.roa
File:                     Yz3FCqH3QHthq81f1DJuXfruXjM.roa (raw, json)
Hash identifier:          EtlM1emQtHiqLpDRSd/JKMYJURZgwq+EqF92luYX6xQ=
Subject key identifier:   63:3D:C5:0A:A1:F7:40:7B:61:AB:CD:5F:D4:32:6E:5D:FA:EE:5E:33
Certificate issuer:       /CN=461b265381f4948b189287d5a62c92aa9054efaf
Certificate serial:       019CD71CBEB4A0013FECC330A14BB0B99558
Authority key identifier: 46:1B:26:53:81:F4:94:8B:18:92:87:D5:A6:2C:92:AA:90:54:EF:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RhsmU4H0lIsYkofVpiySqpBU768.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/53fbe6-c415-44a1-8311-c86253380779/1/Yz3FCqH3QHthq81f1DJuXfruXjM.roa
Signing time:             Tue 10 Mar 2026 09:38:31 +0000
ROA not before:           Tue 10 Mar 2026 09:38:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     680
IP address blocks:        141.56.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/53fbe6-c415-44a1-8311-c86253380779/1/RhsmU4H0lIsYkofVpiySqpBU768.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/53fbe6-c415-44a1-8311-c86253380779/1/RhsmU4H0lIsYkofVpiySqpBU768.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RhsmU4H0lIsYkofVpiySqpBU768.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Mar 2026 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d7:1c:be:b4:a0:01:3f:ec:c3:30:a1:4b:b0:b9:95:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=461b265381f4948b189287d5a62c92aa9054efaf
        Validity
            Not Before: Mar 10 09:38:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=633dc50aa1f7407b61abcd5fd4326e5dfaee5e33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e1:2a:47:f0:1e:87:c8:aa:f7:a6:6e:5d:a9:
                    07:32:c9:38:15:ad:3f:64:44:0b:38:43:6b:d4:16:
                    a7:9f:c6:3e:a2:b4:9b:fb:26:7f:0c:a7:2f:0d:88:
                    c0:a6:09:ec:42:52:d7:f8:79:7b:bf:b2:bd:b6:47:
                    ea:f9:b2:82:22:3d:0c:9c:4a:7d:24:d4:3d:0f:5a:
                    64:24:85:60:81:a6:f5:66:8a:19:5b:08:90:57:8a:
                    fe:59:1a:67:08:51:42:08:1b:2d:f1:4d:c0:22:7d:
                    84:32:ea:55:7c:c1:41:5f:22:7e:d7:8f:04:48:22:
                    73:1b:d7:af:91:f4:a8:2f:fc:96:f7:6f:df:f9:a5:
                    cc:06:82:cc:61:d3:88:09:1a:2a:1b:e3:56:00:30:
                    52:cd:4b:1f:89:3e:74:91:0f:ba:54:1f:c0:b0:d2:
                    25:e3:40:30:c0:c9:88:02:2c:7b:f0:6f:d6:b3:49:
                    7a:43:79:fc:c5:20:0f:2b:3a:98:1d:7b:ac:fe:ea:
                    23:6e:f7:95:c4:99:d2:56:ec:e2:49:08:2e:8c:d0:
                    38:24:b5:e2:32:77:f3:bd:a5:65:69:16:08:93:03:
                    87:84:38:12:0d:2c:80:a8:7e:95:1a:02:70:26:ae:
                    03:ac:0e:58:c2:0c:e1:a3:3a:b1:c4:62:65:df:50:
                    52:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:3D:C5:0A:A1:F7:40:7B:61:AB:CD:5F:D4:32:6E:5D:FA:EE:5E:33
            X509v3 Authority Key Identifier:
                keyid:46:1B:26:53:81:F4:94:8B:18:92:87:D5:A6:2C:92:AA:90:54:EF:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RhsmU4H0lIsYkofVpiySqpBU768.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/53fbe6-c415-44a1-8311-c86253380779/1/Yz3FCqH3QHthq81f1DJuXfruXjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/53fbe6-c415-44a1-8311-c86253380779/1/RhsmU4H0lIsYkofVpiySqpBU768.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.56.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c0:41:23:99:38:64:8c:9e:9a:c9:d1:03:eb:89:90:23:19:b1:
         77:62:e4:3c:a0:ab:9f:99:59:91:6f:5a:8f:00:0b:58:80:0c:
         48:76:b3:39:d4:42:99:8d:92:f7:8d:f7:65:cf:92:58:e9:7f:
         14:7e:62:0d:17:cf:55:fd:11:b5:15:6a:3b:62:a8:6c:d9:f0:
         e6:fa:62:eb:fd:7c:2f:19:40:51:fc:4b:ad:b0:92:3c:48:b7:
         cf:4a:00:a6:93:c2:c1:ba:37:42:c6:de:f0:12:a4:3c:ab:db:
         a0:04:3d:48:e3:14:6e:f3:8d:0f:de:d8:77:7f:a4:71:84:6e:
         8a:d0:71:91:bf:f9:19:95:10:f1:09:21:58:9c:25:83:ee:07:
         76:cd:0f:40:9d:f7:eb:6a:23:7a:9c:cf:be:e3:99:c5:10:e1:
         a5:32:91:97:15:98:62:23:39:0e:a1:37:cf:5b:fa:4e:7b:c9:
         43:d1:9b:07:aa:5d:8f:cb:db:6b:4a:88:58:25:d5:07:12:ea:
         9f:64:e2:98:d3:47:b1:7d:36:18:73:c7:c2:e2:fc:e1:d0:74:
         7f:72:4d:a8:88:7a:5c:07:fe:9d:f2:48:aa:ef:84:06:fe:04:
         f9:53:f0:da:81:c7:43:e0:f3:4c:6b:cf:b2:cb:d6:d2:ce:2e:
         b1:47:ee:78
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZzXHL60oAE/7MMwoUuwuZVYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2MWIyNjUzODFmNDk0OGIxODkyODdkNWE2MmM5MmFhOTA1
NGVmYWYwHhcNMjYwMzEwMDkzODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzNkYzUwYWExZjc0MDdiNjFhYmNkNWZkNDMyNmU1ZGZhZWU1ZTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+EqR/Aeh8iq96ZuXakHMsk4Fa0/
ZEQLOENr1Bann8Y+orSb+yZ/DKcvDYjApgnsQlLX+Hl7v7K9tkfq+bKCIj0MnEp9
JNQ9D1pkJIVggab1ZooZWwiQV4r+WRpnCFFCCBst8U3AIn2EMupVfMFBXyJ+148E
SCJzG9evkfSoL/yW92/f+aXMBoLMYdOICRoqG+NWADBSzUsfiT50kQ+6VB/AsNIl
40AwwMmIAix78G/Ws0l6Q3n8xSAPKzqYHXus/uojbveVxJnSVuziSQgujNA4JLXi
MnfzvaVlaRYIkwOHhDgSDSyAqH6VGgJwJq4DrA5YwgzhozqxxGJl31BSJQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFGM9xQqh90B7YavNX9Qybl367l4zMB8GA1UdIwQY
MBaAFEYbJlOB9JSLGJKH1aYskqqQVO+vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmhzbVU0SDBsSXNZa29mVnBpeVNxcEJVNzY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi81M2ZiZTYtYzQxNS00NGExLTgzMTEt
Yzg2MjUzMzgwNzc5LzEvWXozRkNxSDNRSHRocTgxZjFESnVYZnJ1WGpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi81M2ZiZTYtYzQxNS00NGExLTgzMTEtYzg2MjUzMzgwNzc5
LzEvUmhzbVU0SDBsSXNZa29mVnBpeVNxcEJVNzY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjTgwDQYJ
KoZIhvcNAQELBQADggEBAMBBI5k4ZIyemsnRA+uJkCMZsXdi5Dygq5+ZWZFvWo8A
C1iADEh2sznUQpmNkveN92XPkljpfxR+Yg0Xz1X9EbUVajtiqGzZ8Ob6Yuv9fC8Z
QFH8S62wkjxIt89KAKaTwsG6N0LG3vASpDyr26AEPUjjFG7zjQ/e2Hd/pHGEborQ
cZG/+RmVEPEJIVicJYPuB3bND0Cd9+tqI3qcz77jmcUQ4aUykZcVmGIjOQ6hN89b
+k57yUPRmweqXY/L22tKiFgl1QcS6p9k4pjTR7F9Nhhzx8Li/OHQdH9yTaiIelwH
/p3ySKrvhAb+BPlT8NqBx0Pg80xrz7LL1tLOLrFH7ng=
-----END CERTIFICATE-----