Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/AibR1r1pXRkaQn5qFf7scVd1RDI.roa
File:                     AibR1r1pXRkaQn5qFf7scVd1RDI.roa (raw, json)
Hash identifier:          qzOWkpydAZtsN3Xi8/Y/7ngExjBFr7BtjOcVBL7m8u0=
Subject key identifier:   02:26:D1:D6:BD:69:5D:19:1A:42:7E:6A:15:FE:EC:71:57:75:44:32
Certificate issuer:       /CN=6c3250a5c1bdab74b1bd23c01c54a8d70b6def20
Certificate serial:       019E4EDD7531FBFF4D69BFD77DED939F8804
Authority key identifier: 6C:32:50:A5:C1:BD:AB:74:B1:BD:23:C0:1C:54:A8:D7:0B:6D:EF:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bDJQpcG9q3SxvSPAHFSo1wtt7yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/AibR1r1pXRkaQn5qFf7scVd1RDI.roa
Signing time:             Fri 22 May 2026 08:46:36 +0000
ROA not before:           Fri 22 May 2026 08:46:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2914
IP address blocks:        212.102.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/bDJQpcG9q3SxvSPAHFSo1wtt7yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/bDJQpcG9q3SxvSPAHFSo1wtt7yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bDJQpcG9q3SxvSPAHFSo1wtt7yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 May 2026 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4e:dd:75:31:fb:ff:4d:69:bf:d7:7d:ed:93:9f:88:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c3250a5c1bdab74b1bd23c01c54a8d70b6def20
        Validity
            Not Before: May 22 08:46:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0226d1d6bd695d191a427e6a15feec7157754432
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:1c:cd:35:98:56:dd:fb:f5:58:b6:57:78:3d:
                    92:f1:95:bb:ca:da:d1:d0:65:54:41:69:68:ea:20:
                    00:7b:a6:05:2c:28:79:23:97:3e:a6:fe:14:7b:c8:
                    cb:85:7c:0c:32:5f:89:ec:36:ea:5a:97:45:20:47:
                    d8:64:b4:96:54:05:03:c9:a2:23:ff:8f:82:67:86:
                    a0:ae:ea:3d:fd:ce:a4:8c:df:51:2a:fb:a5:34:8c:
                    6e:88:32:e5:80:e2:f6:a7:10:b2:98:4d:67:b1:71:
                    5b:0e:79:d5:22:43:46:67:e7:6d:c7:5a:fd:9b:f1:
                    f4:4e:b6:d5:ab:91:b9:31:b0:55:20:ca:b4:5d:a9:
                    44:fc:ec:15:99:b5:f8:ae:73:7d:0d:14:c6:34:e4:
                    31:b3:0e:fd:02:70:ae:b8:53:20:a4:6e:0c:63:99:
                    e3:f3:43:c5:0f:58:ff:b2:5e:c5:9d:89:f5:4c:21:
                    da:4e:a6:1c:d0:c6:9e:af:72:42:56:d9:6c:cc:7e:
                    01:8e:76:2e:97:52:f0:a8:b4:86:00:9f:ba:5a:51:
                    76:d0:ee:b7:bb:b8:a3:50:33:e7:f6:3a:af:8d:4f:
                    57:bf:98:40:97:79:f3:6a:b1:d9:77:59:9f:c5:67:
                    dd:b9:18:fc:b0:36:b2:51:95:97:5b:c2:2d:86:a8:
                    be:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:26:D1:D6:BD:69:5D:19:1A:42:7E:6A:15:FE:EC:71:57:75:44:32
            X509v3 Authority Key Identifier:
                keyid:6C:32:50:A5:C1:BD:AB:74:B1:BD:23:C0:1C:54:A8:D7:0B:6D:EF:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bDJQpcG9q3SxvSPAHFSo1wtt7yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/AibR1r1pXRkaQn5qFf7scVd1RDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/bDJQpcG9q3SxvSPAHFSo1wtt7yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.102.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:78:b8:2c:bf:6f:7b:e0:f9:cb:7a:7b:c1:32:aa:a0:5e:3b:
         cd:71:90:33:1c:95:82:bb:db:06:74:b3:a0:11:63:7e:22:1d:
         ba:81:f9:45:41:a6:35:10:27:74:ae:0e:f7:98:36:f8:d0:86:
         55:4f:f6:bd:a2:09:47:88:46:1d:5a:f0:fb:d4:80:3d:6a:ce:
         68:45:01:ab:93:cb:0b:3c:5a:c0:d3:a1:52:02:d2:bc:1f:45:
         99:82:04:79:c6:41:52:63:43:7d:52:c1:f5:be:ac:e8:4b:60:
         22:3f:b9:2b:4c:17:74:fa:e6:85:37:3b:bf:e0:85:ab:b1:e9:
         11:ec:0d:a9:49:47:73:18:2d:6e:e9:e8:0b:20:8c:ce:1e:93:
         71:22:03:46:b4:df:a9:a1:de:dd:d7:69:66:d0:86:8f:9a:a1:
         db:8f:c0:4f:23:54:fa:df:8b:38:35:e7:0b:bc:cc:77:36:93:
         c5:4f:e8:c4:b1:7a:c1:5d:8c:34:7e:5b:97:35:9e:08:9c:70:
         b9:94:9c:f3:c8:93:51:46:65:20:7e:6b:6e:bc:66:09:78:42:
         0a:ec:59:8b:53:cf:41:d9:2c:4f:4d:98:a6:ac:77:c5:b8:75:
         be:5c:95:af:ec:9c:44:6f:8c:46:16:b4:9e:4c:7b:54:39:9b:
         b6:6b:71:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5O3XUx+/9Nab/Xfe2Tn4gEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMzI1MGE1YzFiZGFiNzRiMWJkMjNjMDFjNTRhOGQ3MGI2
ZGVmMjAwHhcNMjYwNTIyMDg0NjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjI2ZDFkNmJkNjk1ZDE5MWE0MjdlNmExNWZlZWM3MTU3NzU0NDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRzNNZhW3fv1WLZXeD2S8ZW7ytrR
0GVUQWlo6iAAe6YFLCh5I5c+pv4Ue8jLhXwMMl+J7DbqWpdFIEfYZLSWVAUDyaIj
/4+CZ4agruo9/c6kjN9RKvulNIxuiDLlgOL2pxCymE1nsXFbDnnVIkNGZ+dtx1r9
m/H0TrbVq5G5MbBVIMq0XalE/OwVmbX4rnN9DRTGNOQxsw79AnCuuFMgpG4MY5nj
80PFD1j/sl7FnYn1TCHaTqYc0Maer3JCVtlszH4BjnYul1LwqLSGAJ+6WlF20O63
u7ijUDPn9jqvjU9Xv5hAl3nzarHZd1mfxWfduRj8sDayUZWXW8Ithqi+jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAIm0da9aV0ZGkJ+ahX+7HFXdUQyMB8GA1UdIwQY
MBaAFGwyUKXBvat0sb0jwBxUqNcLbe8gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkRKUXBjRzlxM1N4dlNQQUhGU28xd3R0N3lBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS83MjRjOTctZjE0OS00NDZmLWJiZjEt
MjU0NDY4M2FhMTI1LzEvQWliUjFyMXBYUmthUW41cUZmN3NjVmQxUkRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS83MjRjOTctZjE0OS00NDZmLWJiZjEtMjU0NDY4M2FhMTI1
LzEvYkRKUXBjRzlxM1N4dlNQQUhGU28xd3R0N3lBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Gb7MA0G
CSqGSIb3DQEBCwUAA4IBAQBbeLgsv2974PnLenvBMqqgXjvNcZAzHJWCu9sGdLOg
EWN+Ih26gflFQaY1ECd0rg73mDb40IZVT/a9oglHiEYdWvD71IA9as5oRQGrk8sL
PFrA06FSAtK8H0WZggR5xkFSY0N9UsH1vqzoS2AiP7krTBd0+uaFNzu/4IWrsekR
7A2pSUdzGC1u6egLIIzOHpNxIgNGtN+pod7d12lm0IaPmqHbj8BPI1T634s4NecL
vMx3NpPFT+jEsXrBXYw0fluXNZ4InHC5lJzzyJNRRmUgfmtuvGYJeEIK7FmLU89B
2SxPTZimrHfFuHW+XJWv7JxEb4xGFrSeTHtUOZu2a3FM
-----END CERTIFICATE-----