Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/YG1SHXQnm2DIKFrkeIBeo0l1VIc.roa
File:                     YG1SHXQnm2DIKFrkeIBeo0l1VIc.roa (raw, json)
Hash identifier:          75MZgqmwxj4r9GeKQtfLEj1Cfocxtb4kbB4EhFRRLYY=
Subject key identifier:   60:6D:52:1D:74:27:9B:60:C8:28:5A:E4:78:80:5E:A3:49:75:54:87
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       019DEA059C5BBAC05783CD2831C0E2280381
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/YG1SHXQnm2DIKFrkeIBeo0l1VIc.roa
Signing time:             Sat 02 May 2026 18:48:49 +0000
ROA not before:           Sat 02 May 2026 18:48:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200283
IP address blocks:        188.132.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 09:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ea:05:9c:5b:ba:c0:57:83:cd:28:31:c0:e2:28:03:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: May  2 18:48:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=606d521d74279b60c8285ae478805ea349755487
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:56:a3:2e:a4:e6:98:da:32:46:34:d2:91:45:
                    ef:ae:9d:7e:9d:1c:48:6f:f0:c1:61:df:e8:18:4d:
                    b4:56:1e:56:e8:7a:8f:d5:29:28:9a:76:d3:fd:92:
                    2a:3c:5e:f5:da:31:aa:57:e6:8f:57:c6:a9:aa:0a:
                    0f:59:0e:cb:6a:ac:4b:c8:f2:23:49:9c:6d:2b:95:
                    e5:de:16:a0:38:7a:97:a9:70:1f:33:ce:98:9d:e3:
                    f6:b8:05:75:d3:bb:14:d6:a3:34:7c:0c:1f:24:7e:
                    04:a6:77:d5:f2:26:3b:7b:9c:f0:6e:23:59:15:28:
                    12:60:fa:53:60:c4:61:ff:6e:d3:9e:cb:cb:da:91:
                    3e:de:c9:3d:4c:37:0c:11:de:4b:e4:a2:71:b8:c1:
                    64:03:67:6f:84:e5:84:95:f0:ee:23:38:72:87:12:
                    cd:af:42:15:b9:9c:fc:cb:a4:77:1e:f0:d4:a6:24:
                    9a:94:a8:71:59:8c:95:8b:e6:de:88:73:89:71:3c:
                    d2:37:2a:98:8b:da:35:3e:18:74:da:d5:7d:99:2c:
                    fd:b1:d6:3a:ae:7b:46:a3:e4:cb:55:eb:ba:bb:9a:
                    f4:47:4a:d2:54:d9:bd:e7:97:d2:9c:16:28:9c:47:
                    cf:48:a2:d3:d7:ba:a0:f4:32:73:f9:40:85:e1:fb:
                    e4:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:6D:52:1D:74:27:9B:60:C8:28:5A:E4:78:80:5E:A3:49:75:54:87
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/YG1SHXQnm2DIKFrkeIBeo0l1VIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.132.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:2f:81:4a:df:d6:87:5e:f5:51:5e:d0:64:72:36:27:93:be:
         7d:f9:e0:d6:7d:06:fd:ba:c9:47:4a:74:d4:1a:5a:c6:69:48:
         3b:7f:36:e4:0d:9d:78:a7:0a:98:ba:1a:34:91:ef:8b:74:ed:
         00:2b:12:15:11:2a:a9:7f:ea:83:a5:e1:bc:94:fe:60:43:cd:
         ac:ac:0e:5c:0c:57:1c:bf:a9:89:4e:72:47:76:81:81:dd:32:
         18:f5:05:1d:9b:7c:27:c7:e9:94:f6:45:dd:71:33:c4:c6:95:
         b5:18:c4:4e:a5:02:27:7c:47:28:25:bd:5f:43:4b:0f:35:9f:
         4c:2d:1a:6c:71:25:05:04:e2:3d:0d:55:de:ca:14:f0:5c:d2:
         91:ad:25:c4:8f:a8:ce:85:a5:76:78:b3:28:88:5d:86:d6:7f:
         1f:6f:de:a7:5e:21:7e:ef:cf:fb:d7:41:e7:8a:ba:33:cf:b4:
         62:ae:5f:43:32:d5:6d:c8:18:99:a6:44:91:4c:b2:c9:be:8a:
         a9:a4:ac:fd:d2:8a:7b:e9:af:a6:0f:c9:db:15:4b:3c:33:dd:
         93:aa:05:76:ee:a7:c4:73:98:14:2d:51:8c:c4:b7:0c:94:f1:
         72:3a:96:ca:c7:1c:fa:e5:d1:14:5d:7a:ae:54:44:df:f6:b9:
         12:2d:73:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3qBZxbusBXg80oMcDiKAOBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjYwNTAyMTg0ODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDZkNTIxZDc0Mjc5YjYwYzgyODVhZTQ3ODgwNWVhMzQ5NzU1NDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA21ajLqTmmNoyRjTSkUXvrp1+nRxI
b/DBYd/oGE20Vh5W6HqP1SkomnbT/ZIqPF712jGqV+aPV8apqgoPWQ7LaqxLyPIj
SZxtK5Xl3hagOHqXqXAfM86YneP2uAV107sU1qM0fAwfJH4EpnfV8iY7e5zwbiNZ
FSgSYPpTYMRh/27TnsvL2pE+3sk9TDcMEd5L5KJxuMFkA2dvhOWElfDuIzhyhxLN
r0IVuZz8y6R3HvDUpiSalKhxWYyVi+beiHOJcTzSNyqYi9o1Phh02tV9mSz9sdY6
rntGo+TLVeu6u5r0R0rSVNm955fSnBYonEfPSKLT17qg9DJz+UCF4fvkwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGBtUh10J5tgyCha5HiAXqNJdVSHMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvWUcxU0hYUW5tMkRJS0Zya2VJQmVvMGwxVkljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvISAMA0G
CSqGSIb3DQEBCwUAA4IBAQCJL4FK39aHXvVRXtBkcjYnk759+eDWfQb9uslHSnTU
GlrGaUg7fzbkDZ14pwqYuho0ke+LdO0AKxIVESqpf+qDpeG8lP5gQ82srA5cDFcc
v6mJTnJHdoGB3TIY9QUdm3wnx+mU9kXdcTPExpW1GMROpQInfEcoJb1fQ0sPNZ9M
LRpscSUFBOI9DVXeyhTwXNKRrSXEj6jOhaV2eLMoiF2G1n8fb96nXiF+78/710Hn
irozz7Rirl9DMtVtyBiZpkSRTLLJvoqppKz90op76a+mD8nbFUs8M92TqgV27qfE
c5gULVGMxLcMlPFyOpbKxxz65dEUXXquVETf9rkSLXMw
-----END CERTIFICATE-----