Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/yhkT5XzZpAmnjY7coPIpXDHuJAI.roa
File:                     yhkT5XzZpAmnjY7coPIpXDHuJAI.roa (raw, json)
Hash identifier:          6iNoO8OHR2zmEhVLRrjxRAckiwEzNj30NB2+mLeIXs4=
Subject key identifier:   CA:19:13:E5:7C:D9:A4:09:A7:8D:8E:DC:A0:F2:29:5C:31:EE:24:02
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019D2BAB4479437799EE188DAD9D5D0C3EE2
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/yhkT5XzZpAmnjY7coPIpXDHuJAI.roa
Signing time:             Thu 26 Mar 2026 19:42:17 +0000
ROA not before:           Thu 26 Mar 2026 19:42:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198037
IP address blocks:        150.251.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Mar 2026 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2b:ab:44:79:43:77:99:ee:18:8d:ad:9d:5d:0c:3e:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Mar 26 19:42:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca1913e57cd9a409a78d8edca0f2295c31ee2402
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:26:e8:55:30:dd:a2:1f:c2:29:a9:70:43:39:
                    ba:8a:4f:e6:29:85:05:cd:31:60:65:b9:ef:0d:f6:
                    91:43:e9:61:3c:47:7d:3f:d1:e2:a5:ea:69:f3:30:
                    76:34:1e:90:4d:d5:5f:ef:ec:fd:50:a6:48:67:b8:
                    15:81:cc:5a:4d:36:00:e6:6d:cc:ae:ba:d3:a8:93:
                    63:fb:ff:7a:ee:11:7e:85:ec:17:23:e9:19:f5:eb:
                    af:1b:a9:e6:7c:be:42:80:5f:0d:40:9c:d5:b0:0b:
                    0e:54:ea:c9:08:95:97:46:cd:e1:8b:79:a5:73:98:
                    eb:24:1c:15:f4:b6:5c:39:12:1c:99:4a:0a:51:80:
                    c9:92:19:af:d3:a9:69:73:98:dc:d9:e6:39:5d:50:
                    43:29:7e:e0:45:8a:87:ae:5b:a1:b2:c2:03:50:82:
                    1f:54:5f:5f:bd:32:eb:df:f7:5e:25:f6:17:cb:e4:
                    56:ff:86:dc:4c:f9:3e:1e:8d:86:8a:7c:6c:d3:48:
                    9b:fb:b6:d0:dd:e0:d8:63:14:ab:d3:0d:5c:ec:dd:
                    fb:b2:32:cb:ad:33:a5:ef:0d:f2:9f:00:24:6d:32:
                    54:1f:b0:4e:4a:18:ce:cd:fc:60:43:51:ba:bd:8c:
                    91:37:9b:69:86:7a:44:9c:cf:f4:9b:e9:a2:a8:dd:
                    c6:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:19:13:E5:7C:D9:A4:09:A7:8D:8E:DC:A0:F2:29:5C:31:EE:24:02
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/yhkT5XzZpAmnjY7coPIpXDHuJAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.251.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:ab:3c:83:67:ba:16:23:48:95:2e:56:8b:91:5f:70:8a:fd:
         21:52:e1:9e:cb:81:df:dc:7a:4a:f2:a1:40:eb:93:bb:ec:0f:
         24:3e:7d:c7:26:0f:1a:14:b3:af:cd:bf:64:bd:d4:74:7a:aa:
         2a:0b:bd:09:75:a3:25:cc:f1:78:8b:05:01:a2:2b:80:48:e0:
         f7:37:f7:4a:0c:67:38:24:53:cc:81:84:ff:86:53:a5:cc:c6:
         9f:f2:5c:48:f8:52:49:56:08:1c:30:f3:f4:10:99:15:94:3c:
         0e:c5:b9:be:7a:38:8f:09:69:54:b6:db:cd:13:7d:bf:94:1c:
         d3:bd:4c:35:f1:0e:4b:f2:e2:64:da:f8:64:96:96:ff:1a:d7:
         93:1d:42:0b:c9:a5:c7:60:a6:41:e9:0a:08:32:53:9a:19:e2:
         96:ea:b2:d9:a5:82:ea:0e:a4:ed:71:c3:da:2c:31:ef:e1:a4:
         df:31:e7:e2:e8:f3:9a:25:85:55:72:b6:79:54:56:d0:78:f8:
         a6:ff:79:ff:c6:7a:86:19:99:86:a1:0d:b3:44:0e:7f:ce:27:
         f2:e5:98:fd:c3:da:77:fa:ce:31:92:f0:dc:23:09:88:56:2a:
         b1:a2:cb:90:3d:04:f4:f3:71:30:a9:44:99:b7:60:ee:dc:5e:
         3c:19:65:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0rq0R5Q3eZ7hiNrZ1dDD7iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwMzI2MTk0MjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTE5MTNlNTdjZDlhNDA5YTc4ZDhlZGNhMGYyMjk1YzMxZWUyNDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCboVTDdoh/CKalwQzm6ik/mKYUF
zTFgZbnvDfaRQ+lhPEd9P9Hipepp8zB2NB6QTdVf7+z9UKZIZ7gVgcxaTTYA5m3M
rrrTqJNj+/967hF+hewXI+kZ9euvG6nmfL5CgF8NQJzVsAsOVOrJCJWXRs3hi3ml
c5jrJBwV9LZcORIcmUoKUYDJkhmv06lpc5jc2eY5XVBDKX7gRYqHrluhssIDUIIf
VF9fvTLr3/deJfYXy+RW/4bcTPk+Ho2Ginxs00ib+7bQ3eDYYxSr0w1c7N37sjLL
rTOl7w3ynwAkbTJUH7BOShjOzfxgQ1G6vYyRN5tphnpEnM/0m+miqN3GiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMoZE+V82aQJp42O3KDyKVwx7iQCMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEveWhrVDVYelpwQW1ualk3Y29QSXBYREh1SkFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlvuKMA0G
CSqGSIb3DQEBCwUAA4IBAQCFqzyDZ7oWI0iVLlaLkV9wiv0hUuGey4Hf3HpK8qFA
65O77A8kPn3HJg8aFLOvzb9kvdR0eqoqC70JdaMlzPF4iwUBoiuASOD3N/dKDGc4
JFPMgYT/hlOlzMaf8lxI+FJJVggcMPP0EJkVlDwOxbm+ejiPCWlUttvNE32/lBzT
vUw18Q5L8uJk2vhklpb/GteTHUILyaXHYKZB6QoIMlOaGeKW6rLZpYLqDqTtccPa
LDHv4aTfMefi6POaJYVVcrZ5VFbQePim/3n/xnqGGZmGoQ2zRA5/zify5Zj9w9p3
+s4xkvDcIwmIViqxosuQPQT083EwqUSZt2Du3F48GWW7
-----END CERTIFICATE-----