Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/0543e3-1bf0-4db3-b01e-a1d6054350d2/1/ykoL6Yw1_hgazdwSxBD8-ctDSFk.roa
File:                     ykoL6Yw1_hgazdwSxBD8-ctDSFk.roa (raw, json)
Hash identifier:          YqQ9BDswI1/tllb0ynCRch8xMH2OE551/Vqt20k8iIE=
Subject key identifier:   CA:4A:0B:E9:8C:35:FE:18:1A:CD:DC:12:C4:10:FC:F9:CB:43:48:59
Certificate issuer:       /CN=36d6044966c57439aaf520310885f81d45275b2a
Certificate serial:       019EC98315D9B73162433E79B07219280B09
Authority key identifier: 36:D6:04:49:66:C5:74:39:AA:F5:20:31:08:85:F8:1D:45:27:5B:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NtYESWbFdDmq9SAxCIX4HUUnWyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/0543e3-1bf0-4db3-b01e-a1d6054350d2/1/ykoL6Yw1_hgazdwSxBD8-ctDSFk.roa
Signing time:             Mon 15 Jun 2026 04:21:11 +0000
ROA not before:           Mon 15 Jun 2026 04:21:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     135067
IP address blocks:        134.168.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/0543e3-1bf0-4db3-b01e-a1d6054350d2/1/NtYESWbFdDmq9SAxCIX4HUUnWyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/0543e3-1bf0-4db3-b01e-a1d6054350d2/1/NtYESWbFdDmq9SAxCIX4HUUnWyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NtYESWbFdDmq9SAxCIX4HUUnWyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:c9:83:15:d9:b7:31:62:43:3e:79:b0:72:19:28:0b:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36d6044966c57439aaf520310885f81d45275b2a
        Validity
            Not Before: Jun 15 04:21:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca4a0be98c35fe181acddc12c410fcf9cb434859
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:71:11:cc:0b:4b:bb:a5:04:1c:7f:5a:91:1c:
                    9d:76:88:c9:7e:83:57:b5:52:b0:cf:6e:5c:0a:e5:
                    41:49:4c:3a:2f:86:c7:85:bb:ee:7b:74:5d:2f:ec:
                    79:bd:db:f5:3b:c8:3b:51:48:de:29:f8:58:6d:b8:
                    a2:5d:a6:31:3e:13:89:bc:3e:8a:d6:27:77:eb:a0:
                    e7:c2:17:6f:13:ed:fc:96:67:6b:0e:7d:2a:a3:d7:
                    86:92:0f:40:d7:c2:58:25:be:a6:f0:6d:f4:8b:b7:
                    68:08:30:d5:05:e1:50:84:84:30:e7:0c:de:35:96:
                    93:52:0b:c1:e1:f2:ee:42:63:ad:20:44:7c:bb:98:
                    8c:d1:9f:cf:28:c1:03:ea:b1:63:ac:fa:d9:94:a6:
                    eb:20:25:be:df:3f:02:66:25:13:87:3c:9f:40:2a:
                    73:53:45:5e:fd:64:bc:b8:a9:31:71:5c:0c:ec:4b:
                    0f:91:4b:ba:36:ca:77:79:9b:6e:f0:84:16:74:2e:
                    44:3e:df:cf:6d:63:ca:53:6a:43:9d:72:20:9d:26:
                    77:a4:a5:b8:04:80:6b:e8:df:27:e2:57:c6:2e:07:
                    c5:18:f1:19:20:fc:a4:f0:00:65:50:19:74:bc:2c:
                    78:07:13:d3:38:28:60:6f:7d:7f:22:d0:cc:1d:9e:
                    3a:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:4A:0B:E9:8C:35:FE:18:1A:CD:DC:12:C4:10:FC:F9:CB:43:48:59
            X509v3 Authority Key Identifier:
                keyid:36:D6:04:49:66:C5:74:39:AA:F5:20:31:08:85:F8:1D:45:27:5B:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NtYESWbFdDmq9SAxCIX4HUUnWyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/0543e3-1bf0-4db3-b01e-a1d6054350d2/1/ykoL6Yw1_hgazdwSxBD8-ctDSFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/0543e3-1bf0-4db3-b01e-a1d6054350d2/1/NtYESWbFdDmq9SAxCIX4HUUnWyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.168.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e5:3d:a1:f6:c5:27:b3:5d:44:99:29:f8:00:0c:4a:b7:51:45:
         68:54:a3:81:39:03:2b:90:83:b7:b4:a1:2e:72:dd:95:42:a6:
         aa:5e:86:d6:5a:0b:89:16:31:8a:fa:a4:95:05:9a:bf:47:6a:
         61:1b:b1:89:2b:f3:0b:75:e7:71:5e:f2:55:78:35:4a:a4:c2:
         4d:3e:b3:4f:28:b0:11:c1:a8:66:bb:85:86:93:60:db:85:21:
         24:7e:e5:3b:f1:0b:67:68:20:ac:17:d1:9f:6b:f8:fa:00:85:
         47:a5:24:2d:e8:37:91:05:48:c8:cf:f8:5b:c4:fe:82:4b:ea:
         e2:ef:6f:39:85:aa:f0:10:ae:85:5d:ee:e2:f3:97:18:db:01:
         ef:c3:18:4c:54:ae:e8:8d:5f:d3:e4:fd:2e:6c:d7:2c:41:a9:
         e8:bc:d2:57:6c:f3:24:ec:f3:26:43:ba:0c:34:25:a9:91:c9:
         1d:6d:e6:a7:37:d0:24:af:23:fb:21:76:37:fa:ff:91:2f:6d:
         e0:ca:3b:7a:ee:b5:27:6c:d1:f5:f0:a6:4a:2c:92:bc:ee:fd:
         fe:de:38:eb:c5:81:72:fb:d2:63:e9:27:e5:5a:84:88:bc:e8:
         4a:86:4a:e2:0c:8d:6a:e9:ca:61:e7:55:f3:8a:1d:8a:85:aa:
         1e:1b:e0:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7JgxXZtzFiQz55sHIZKAsJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2ZDYwNDQ5NjZjNTc0MzlhYWY1MjAzMTA4ODVmODFkNDUy
NzViMmEwHhcNMjYwNjE1MDQyMTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTRhMGJlOThjMzVmZTE4MWFjZGRjMTJjNDEwZmNmOWNiNDM0ODU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA33ERzAtLu6UEHH9akRyddojJfoNX
tVKwz25cCuVBSUw6L4bHhbvue3RdL+x5vdv1O8g7UUjeKfhYbbiiXaYxPhOJvD6K
1id366DnwhdvE+38lmdrDn0qo9eGkg9A18JYJb6m8G30i7doCDDVBeFQhIQw5wze
NZaTUgvB4fLuQmOtIER8u5iM0Z/PKMED6rFjrPrZlKbrICW+3z8CZiUThzyfQCpz
U0Ve/WS8uKkxcVwM7EsPkUu6Nsp3eZtu8IQWdC5EPt/PbWPKU2pDnXIgnSZ3pKW4
BIBr6N8n4lfGLgfFGPEZIPyk8ABlUBl0vCx4BxPTOChgb31/ItDMHZ46SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMpKC+mMNf4YGs3cEsQQ/PnLQ0hZMB8GA1UdIwQY
MBaAFDbWBElmxXQ5qvUgMQiF+B1FJ1sqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnRZRVNXYkZkRG1xOVNBeENJWDRIVVVuV3lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC8wNTQzZTMtMWJmMC00ZGIzLWIwMWUt
YTFkNjA1NDM1MGQyLzEveWtvTDZZdzFfaGdhemR3U3hCRDgtY3REU0ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC8wNTQzZTMtMWJmMC00ZGIzLWIwMWUtYTFkNjA1NDM1MGQy
LzEvTnRZRVNXYkZkRG1xOVNBeENJWDRIVVVuV3lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAhqjvMA0G
CSqGSIb3DQEBCwUAA4IBAQDlPaH2xSezXUSZKfgADEq3UUVoVKOBOQMrkIO3tKEu
ct2VQqaqXobWWguJFjGK+qSVBZq/R2phG7GJK/MLdedxXvJVeDVKpMJNPrNPKLAR
wahmu4WGk2DbhSEkfuU78QtnaCCsF9Gfa/j6AIVHpSQt6DeRBUjIz/hbxP6CS+ri
7285harwEK6FXe7i85cY2wHvwxhMVK7ojV/T5P0ubNcsQanovNJXbPMk7PMmQ7oM
NCWpkckdbeanN9AkryP7IXY3+v+RL23gyjt67rUnbNH18KZKLJK87v3+3jjrxYFy
+9Jj6SflWoSIvOhKhkriDI1q6cph51Xzih2KhaoeG+BJ
-----END CERTIFICATE-----