Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/52476d-a794-47d5-8f50-aeda824678d4/1/YzB7lmnaxe6KzTZ2IQfFLWEotnY.roa
File:                     YzB7lmnaxe6KzTZ2IQfFLWEotnY.roa (raw, json)
Hash identifier:          E0OkGaGBq/geU/X0+E6JxDiI+vPM6+Zn92glPSSxcDs=
Subject key identifier:   63:30:7B:96:69:DA:C5:EE:8A:CD:36:76:21:07:C5:2D:61:28:B6:76
Certificate issuer:       /CN=72bd0e36e1c202304a35133b11666625e5d6e5ef
Certificate serial:       019B77C662915416674D457B863B7C20E164
Authority key identifier: 72:BD:0E:36:E1:C2:02:30:4A:35:13:3B:11:66:66:25:E5:D6:E5:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cr0ONuHCAjBKNRM7EWZmJeXW5e8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/52476d-a794-47d5-8f50-aeda824678d4/1/YzB7lmnaxe6KzTZ2IQfFLWEotnY.roa
Signing time:             Thu 01 Jan 2026 04:17:28 +0000
ROA not before:           Thu 01 Jan 2026 04:17:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207297
IP address blocks:        193.135.29.0/24 maxlen: 24
                          2a10:1c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/52476d-a794-47d5-8f50-aeda824678d4/1/cr0ONuHCAjBKNRM7EWZmJeXW5e8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/52476d-a794-47d5-8f50-aeda824678d4/1/cr0ONuHCAjBKNRM7EWZmJeXW5e8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cr0ONuHCAjBKNRM7EWZmJeXW5e8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:62:91:54:16:67:4d:45:7b:86:3b:7c:20:e1:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72bd0e36e1c202304a35133b11666625e5d6e5ef
        Validity
            Not Before: Jan  1 04:17:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=63307b9669dac5ee8acd36762107c52d6128b676
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:b8:f1:f2:53:5e:bb:4f:75:18:ac:20:55:5b:
                    ef:c5:0e:c3:1a:8f:ce:f8:66:b4:2d:18:d9:ae:4a:
                    03:70:53:51:70:0e:07:91:b2:1d:71:2f:c9:11:09:
                    f9:fc:c5:52:cf:e1:4f:8f:b8:b2:3e:3d:23:37:d4:
                    04:93:90:75:42:0b:bf:d4:ea:5e:a5:5e:52:9e:4c:
                    96:b6:54:7d:e3:bc:9a:c5:a7:0c:fc:3e:72:96:28:
                    5a:b0:42:8f:3e:b9:e1:2d:00:dc:22:25:e2:63:43:
                    f9:a3:2b:32:5a:2f:9a:64:cd:8d:e0:c0:4f:c7:0a:
                    90:23:90:36:f4:86:dd:a3:32:ae:08:8b:b3:11:bc:
                    16:49:5d:fc:d6:cb:83:ba:df:e9:6a:94:46:78:86:
                    c9:de:f3:7a:ae:18:39:d1:01:d1:6e:be:ce:28:22:
                    9c:ef:ff:4b:83:31:3a:ee:8d:37:92:24:4a:fe:d4:
                    c9:9d:e5:a5:9d:32:39:d3:0f:9e:0d:93:7e:6e:94:
                    e4:5d:31:b7:c6:ee:7a:2b:ea:d6:4c:b7:d7:8d:ac:
                    16:43:b4:33:97:10:58:82:e7:a5:39:7f:7c:db:5c:
                    d4:7c:12:69:36:83:8c:45:f9:45:be:08:ed:c6:00:
                    18:83:4e:2f:4e:fc:74:30:b7:bf:52:09:de:ed:07:
                    99:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:30:7B:96:69:DA:C5:EE:8A:CD:36:76:21:07:C5:2D:61:28:B6:76
            X509v3 Authority Key Identifier:
                keyid:72:BD:0E:36:E1:C2:02:30:4A:35:13:3B:11:66:66:25:E5:D6:E5:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cr0ONuHCAjBKNRM7EWZmJeXW5e8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/52476d-a794-47d5-8f50-aeda824678d4/1/YzB7lmnaxe6KzTZ2IQfFLWEotnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/52476d-a794-47d5-8f50-aeda824678d4/1/cr0ONuHCAjBKNRM7EWZmJeXW5e8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.135.29.0/24
                IPv6:
                  2a10:1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         be:e0:59:01:71:16:a1:67:28:10:90:3d:11:c7:2c:ae:40:52:
         cb:04:35:1f:83:92:d1:d3:65:bd:15:2e:78:05:4a:a5:4c:74:
         4a:61:86:c6:57:dd:a3:43:64:14:c1:bc:66:4a:d3:ca:ae:69:
         96:84:8e:56:af:7b:b2:3e:06:b7:17:58:7f:bf:87:14:a7:53:
         a9:f0:17:fa:b5:a9:ea:2b:2f:90:8b:83:1d:3a:32:51:fd:73:
         bc:9c:39:ea:a1:81:26:e9:72:34:77:a9:6f:7f:8a:d1:e3:b6:
         13:73:86:54:de:79:76:bc:b4:fc:a3:81:2c:25:17:49:79:3d:
         50:29:0a:a5:8a:b0:35:a5:c7:e8:9c:46:6b:5c:f4:06:2a:37:
         4e:c2:1e:80:07:c6:b2:56:52:7f:42:e1:66:5b:d9:6e:05:ab:
         56:c8:bb:12:d6:09:25:4b:c5:5d:e3:15:43:75:ad:0a:62:88:
         20:b3:23:10:a1:ac:75:ed:78:84:cd:fe:db:eb:cc:99:29:1c:
         d7:6b:ef:ef:34:4b:93:52:ec:3d:49:13:ff:c3:b2:34:c4:d8:
         8e:73:92:43:88:5a:8d:94:77:7a:f4:50:ef:5a:87:80:a0:17:
         b9:58:f2:7e:18:a6:90:28:0f:b8:9d:be:6b:61:9c:f9:21:21:
         f5:2a:20:e0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt3xmKRVBZnTUV7hjt8IOFkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYmQwZTM2ZTFjMjAyMzA0YTM1MTMzYjExNjY2NjI1ZTVk
NmU1ZWYwHhcNMjYwMTAxMDQxNzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzMwN2I5NjY5ZGFjNWVlOGFjZDM2NzYyMTA3YzUyZDYxMjhiNjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2rjx8lNeu091GKwgVVvvxQ7DGo/O
+Ga0LRjZrkoDcFNRcA4HkbIdcS/JEQn5/MVSz+FPj7iyPj0jN9QEk5B1Qgu/1Ope
pV5SnkyWtlR947yaxacM/D5ylihasEKPPrnhLQDcIiXiY0P5oysyWi+aZM2N4MBP
xwqQI5A29IbdozKuCIuzEbwWSV381suDut/papRGeIbJ3vN6rhg50QHRbr7OKCKc
7/9LgzE67o03kiRK/tTJneWlnTI50w+eDZN+bpTkXTG3xu56K+rWTLfXjawWQ7Qz
lxBYguelOX9821zUfBJpNoOMRflFvgjtxgAYg04vTvx0MLe/Ugne7QeZqQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGMwe5Zp2sXuis02diEHxS1hKLZ2MB8GA1UdIwQY
MBaAFHK9DjbhwgIwSjUTOxFmZiXl1uXvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3IwT051SENBakJLTlJNN0VXWm1KZVhXNWU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC81MjQ3NmQtYTc5NC00N2Q1LThmNTAt
YWVkYTgyNDY3OGQ0LzEvWXpCN2xtbmF4ZTZLelRaMklRZkZMV0VvdG5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC81MjQ3NmQtYTc5NC00N2Q1LThmNTAtYWVkYTgyNDY3OGQ0
LzEvY3IwT051SENBakJLTlJNN0VXWm1KZVhXNWU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwYcdMA0E
AgACMAcDBQMqEAHAMA0GCSqGSIb3DQEBCwUAA4IBAQC+4FkBcRahZygQkD0Rxyyu
QFLLBDUfg5LR02W9FS54BUqlTHRKYYbGV92jQ2QUwbxmStPKrmmWhI5Wr3uyPga3
F1h/v4cUp1Op8Bf6tanqKy+Qi4MdOjJR/XO8nDnqoYEm6XI0d6lvf4rR47YTc4ZU
3nl2vLT8o4EsJRdJeT1QKQqlirA1pcfonEZrXPQGKjdOwh6AB8ayVlJ/QuFmW9lu
BatWyLsS1gklS8Vd4xVDda0KYoggsyMQoax17XiEzf7b68yZKRzXa+/vNEuTUuw9
SRP/w7I0xNiOc5JDiFqNlHd69FDvWoeAoBe5WPJ+GKaQKA+4nb5rYZz5ISH1KiDg
-----END CERTIFICATE-----