Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/yGCnvxgCyXwx49hD9VXIdTQinr4.roa
File:                     yGCnvxgCyXwx49hD9VXIdTQinr4.roa (raw, json)
Hash identifier:          R0GWLFctuLdH9pM10rtgW4/R6oZFjcxyRhEiFyXt+X0=
Subject key identifier:   C8:60:A7:BF:18:02:C9:7C:31:E3:D8:43:F5:55:C8:75:34:22:9E:BE
Certificate issuer:       /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial:       019C1F33C06F21A5DFC42BC142D5129289F8
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/yGCnvxgCyXwx49hD9VXIdTQinr4.roa
Signing time:             Mon 02 Feb 2026 16:33:31 +0000
ROA not before:           Mon 02 Feb 2026 16:33:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     46450
IP address blocks:        135.132.0.0/19 maxlen: 24
                          135.132.96.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:1f:33:c0:6f:21:a5:df:c4:2b:c1:42:d5:12:92:89:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
        Validity
            Not Before: Feb  2 16:33:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c860a7bf1802c97c31e3d843f555c87534229ebe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:8c:86:cb:54:e6:10:ca:c4:34:52:d9:a2:61:
                    fa:74:ef:05:13:87:93:e6:a5:55:64:9f:f2:b5:15:
                    8d:cd:c2:ac:43:d5:d0:3a:d0:75:23:62:8d:de:d3:
                    cb:1a:23:d9:c8:17:db:2d:45:8c:5a:0d:91:9c:24:
                    db:1c:33:7a:25:c4:ab:0f:fb:bf:7a:1e:e6:83:8f:
                    c5:10:f5:21:92:56:a2:a7:e2:45:0d:95:5a:30:50:
                    45:f1:9a:0d:ac:39:d6:a1:a5:c1:06:c3:cd:cb:1a:
                    48:85:e4:da:15:8b:08:22:18:f3:8a:19:21:67:7e:
                    5e:e8:52:39:fa:7f:09:ac:4f:02:ee:47:2c:36:45:
                    a3:86:c3:35:e8:d4:28:ca:11:28:12:05:dc:7d:b4:
                    73:ac:15:cb:5e:58:43:80:fc:df:41:11:13:3f:dc:
                    2d:78:d7:41:a2:2e:e8:ef:a1:04:f6:47:ee:fe:ee:
                    b8:96:e6:2b:5e:f8:a1:62:2a:c8:0e:15:4a:68:f7:
                    6f:07:44:42:3b:35:f3:95:50:4a:64:af:92:30:02:
                    21:9e:3e:57:54:f0:e5:75:f8:fd:2b:b5:54:02:5f:
                    ed:79:85:f1:9a:d6:ac:b9:04:09:80:35:1c:dc:69:
                    97:da:85:79:21:be:60:00:56:58:97:34:fc:7d:6d:
                    2d:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:60:A7:BF:18:02:C9:7C:31:E3:D8:43:F5:55:C8:75:34:22:9E:BE
            X509v3 Authority Key Identifier:
                keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/yGCnvxgCyXwx49hD9VXIdTQinr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  135.132.0.0/19
                  135.132.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         7a:62:83:c4:ce:7e:8a:2c:72:93:b2:29:ae:b7:75:45:05:0f:
         d8:0f:0f:55:71:44:f1:98:3c:9b:b5:5f:7c:f8:7b:5e:74:4c:
         f3:f0:f5:fe:ff:29:95:cf:36:c7:ea:98:e9:ac:75:fa:97:f9:
         f6:91:af:53:b4:7e:cd:e0:d1:8e:8a:f3:52:df:3f:05:2f:4d:
         b3:f2:56:df:e9:1b:90:4c:d7:61:06:06:ce:91:b6:ef:5f:76:
         a6:d3:68:cd:ff:b3:41:a7:99:ba:f1:d4:81:cc:ee:b3:e2:c0:
         f7:a5:81:5c:4c:c7:cb:54:70:1a:b1:86:90:4e:2c:5d:57:80:
         15:ca:f0:cb:81:3a:d2:dd:31:a9:55:21:6a:4a:21:cd:3b:ea:
         71:bd:5f:a7:1a:54:ee:2a:be:f6:3c:75:a3:73:59:9b:2d:d1:
         9c:af:6f:50:65:ed:95:ea:43:e6:5c:38:b4:20:0b:e5:78:dc:
         17:e4:d2:ea:f2:10:87:54:84:c4:36:c7:4e:37:ec:8b:7d:20:
         47:92:f6:16:4c:42:fb:24:aa:b5:0c:da:e4:6e:41:87:49:20:
         32:dc:98:0e:bb:de:09:dc:c7:6c:2c:43:4f:2d:12:68:56:40:
         17:ec:d7:f7:2d:2d:c0:54:86:28:ab:d9:92:ef:b2:2e:89:39:
         d1:90:90:44
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZwfM8BvIaXfxCvBQtUSkon4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjYwMjAyMTYzMzMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODYwYTdiZjE4MDJjOTdjMzFlM2Q4NDNmNTU1Yzg3NTM0MjI5ZWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6YyGy1TmEMrENFLZomH6dO8FE4eT
5qVVZJ/ytRWNzcKsQ9XQOtB1I2KN3tPLGiPZyBfbLUWMWg2RnCTbHDN6JcSrD/u/
eh7mg4/FEPUhklaip+JFDZVaMFBF8ZoNrDnWoaXBBsPNyxpIheTaFYsIIhjzihkh
Z35e6FI5+n8JrE8C7kcsNkWjhsM16NQoyhEoEgXcfbRzrBXLXlhDgPzfQRETP9wt
eNdBoi7o76EE9kfu/u64luYrXvihYirIDhVKaPdvB0RCOzXzlVBKZK+SMAIhnj5X
VPDldfj9K7VUAl/teYXxmtasuQQJgDUc3GmX2oV5Ib5gAFZYlzT8fW0tvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMhgp78YAsl8MePYQ/VVyHU0Ip6+MB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEveUdDbnZ4Z0N5WHd4NDloRDlWWElkVFFpbnI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFh4QAAwQF
h4RgMA0GCSqGSIb3DQEBCwUAA4IBAQB6YoPEzn6KLHKTsimut3VFBQ/YDw9VcUTx
mDybtV98+HtedEzz8PX+/ymVzzbH6pjprHX6l/n2ka9TtH7N4NGOivNS3z8FL02z
8lbf6RuQTNdhBgbOkbbvX3am02jN/7NBp5m68dSBzO6z4sD3pYFcTMfLVHAasYaQ
TixdV4AVyvDLgTrS3TGpVSFqSiHNO+pxvV+nGlTuKr72PHWjc1mbLdGcr29QZe2V
6kPmXDi0IAvleNwX5NLq8hCHVITENsdON+yLfSBHkvYWTEL7JKq1DNrkbkGHSSAy
3JgOu94J3MdsLENPLRJoVkAX7Nf3LS3AVIYoq9mS77IuiTnRkJBE
-----END CERTIFICATE-----