Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/USXvFGnAypWHrQsUpHflyE7AkBw.roa
File:                     USXvFGnAypWHrQsUpHflyE7AkBw.roa (raw, json)
Hash identifier:          leJb5YM9g0TdZzX8je+gHf/RsV+l7VFjkyGBSWLgWYo=
Subject key identifier:   51:25:EF:14:69:C0:CA:95:87:AD:0B:14:A4:77:E5:C8:4E:C0:90:1C
Certificate issuer:       /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial:       019E8A5FB0097BF8D865CA0D645B8E464B46
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/USXvFGnAypWHrQsUpHflyE7AkBw.roa
Signing time:             Tue 02 Jun 2026 22:06:27 +0000
ROA not before:           Tue 02 Jun 2026 22:06:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205733
IP address blocks:        153.56.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Jun 2026 14:52:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8a:5f:b0:09:7b:f8:d8:65:ca:0d:64:5b:8e:46:4b:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
        Validity
            Not Before: Jun  2 22:06:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5125ef1469c0ca9587ad0b14a477e5c84ec0901c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:6b:0e:64:ec:5e:da:25:25:ad:c5:ce:d3:aa:
                    e9:fb:7e:75:d9:4b:08:5d:5a:58:f0:37:e7:0d:86:
                    e2:fb:a8:71:f3:8a:4b:ce:30:67:93:3f:f3:77:44:
                    8d:dc:ff:c6:16:8c:04:a6:a1:eb:a6:32:3a:ed:8c:
                    ee:eb:8b:fd:29:a2:1a:ce:bb:cf:4a:49:4e:98:83:
                    56:49:e0:75:62:5b:9d:25:db:f8:86:08:20:d9:f6:
                    b9:7e:0c:2e:3f:b5:98:b6:98:e9:2f:20:97:9b:51:
                    32:eb:7b:b3:60:d5:6e:5e:33:06:71:bf:28:da:a7:
                    10:00:78:26:a0:60:14:ba:49:13:a9:f9:19:8e:72:
                    d7:85:0f:9c:eb:12:c1:18:e9:d8:22:aa:d4:88:0b:
                    1a:58:92:9b:2f:f0:a0:bc:7d:80:5c:93:13:61:17:
                    ab:4d:f4:78:0a:18:59:55:f4:b7:75:f0:0e:2e:cc:
                    b2:7d:0d:89:29:e7:16:10:d9:e7:fe:ad:2d:aa:42:
                    15:93:0a:a1:02:f9:cb:29:25:5a:d3:d1:dc:9c:13:
                    bc:98:bb:22:e6:83:0f:26:62:80:b3:88:97:ee:21:
                    0e:31:27:c7:c2:fc:cc:21:d6:40:fd:44:31:83:81:
                    d1:9a:a2:f8:89:38:0c:d8:6f:61:81:8f:c0:c7:1b:
                    ec:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:25:EF:14:69:C0:CA:95:87:AD:0B:14:A4:77:E5:C8:4E:C0:90:1C
            X509v3 Authority Key Identifier:
                keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/USXvFGnAypWHrQsUpHflyE7AkBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.56.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:96:6f:8c:8f:5a:12:08:c3:22:35:41:b3:b3:d0:d6:9c:9c:
         fe:23:24:d6:df:87:ba:c8:18:60:76:02:77:ed:22:e9:23:a2:
         d7:6d:91:9f:e5:dc:f5:bf:35:5b:6a:84:57:19:2b:39:49:e3:
         26:13:1f:7d:3e:1d:54:c0:57:3f:56:a2:ef:cb:e0:5b:16:d3:
         59:44:97:30:5d:f0:3f:c7:5a:97:fa:47:7f:8b:b4:88:6b:04:
         2f:32:45:ed:3b:9c:5a:56:3c:61:b3:18:fa:b6:cf:3c:64:99:
         13:06:15:49:15:b1:0f:02:e3:a7:29:3e:f0:db:16:1a:8c:a5:
         8f:e5:27:f5:65:93:7d:2e:9f:26:c7:26:9a:a0:09:41:4f:ee:
         98:37:0e:9a:59:c9:80:e7:cb:9b:3b:83:24:2e:cf:1a:1c:e5:
         44:6b:ac:51:82:a5:f8:ff:89:51:ba:68:ed:6d:d4:f7:a3:3e:
         19:20:a4:56:e1:d4:09:8b:2e:23:2e:a0:2c:e3:53:e9:24:dc:
         ac:64:66:b5:b2:e8:ca:34:ab:fb:8d:06:f4:9c:13:03:09:8f:
         c6:41:44:b7:a0:c0:dc:e6:69:0a:73:7a:c0:45:f3:9b:02:d4:
         b6:8f:13:42:22:42:43:81:9a:91:ee:68:f9:e8:80:ec:4c:04:
         a7:61:c6:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6KX7AJe/jYZcoNZFuORktGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTU5Y2U4ODlhZTQyNDExMjFmZTBhMTY1M2U0Yjk1NWYz
ZWRmNGIwHhcNMjYwNjAyMjIwNjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTI1ZWYxNDY5YzBjYTk1ODdhZDBiMTRhNDc3ZTVjODRlYzA5MDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6GsOZOxe2iUlrcXO06rp+3512UsI
XVpY8DfnDYbi+6hx84pLzjBnkz/zd0SN3P/GFowEpqHrpjI67Yzu64v9KaIazrvP
SklOmINWSeB1YludJdv4hggg2fa5fgwuP7WYtpjpLyCXm1Ey63uzYNVuXjMGcb8o
2qcQAHgmoGAUukkTqfkZjnLXhQ+c6xLBGOnYIqrUiAsaWJKbL/CgvH2AXJMTYRer
TfR4ChhZVfS3dfAOLsyyfQ2JKecWENnn/q0tqkIVkwqhAvnLKSVa09HcnBO8mLsi
5oMPJmKAs4iX7iEOMSfHwvzMIdZA/UQxg4HRmqL4iTgM2G9hgY/Axxvs6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFEl7xRpwMqVh60LFKR35chOwJAcMB8GA1UdIwQY
MBaAFOBVnOiJrkJBEh/goWU+S5VfPt9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYt
OTQ0OTk1N2ZkNWE1LzEvVVNYdkZHbkF5cFdIclFzVXBIZmx5RTdBa0J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYtOTQ0OTk1N2ZkNWE1
LzEvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmTioMA0G
CSqGSIb3DQEBCwUAA4IBAQAFlm+Mj1oSCMMiNUGzs9DWnJz+IyTW34e6yBhgdgJ3
7SLpI6LXbZGf5dz1vzVbaoRXGSs5SeMmEx99Ph1UwFc/VqLvy+BbFtNZRJcwXfA/
x1qX+kd/i7SIawQvMkXtO5xaVjxhsxj6ts88ZJkTBhVJFbEPAuOnKT7w2xYajKWP
5Sf1ZZN9Lp8mxyaaoAlBT+6YNw6aWcmA58ubO4MkLs8aHOVEa6xRgqX4/4lRumjt
bdT3oz4ZIKRW4dQJiy4jLqAs41PpJNysZGa1sujKNKv7jQb0nBMDCY/GQUS3oMDc
5mkKc3rARfObAtS2jxNCIkJDgZqR7mj56IDsTASnYcbe
-----END CERTIFICATE-----