Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/YBSv0iw09hq8oP_eaT8Z-uxPu8c.roa
File:                     YBSv0iw09hq8oP_eaT8Z-uxPu8c.roa (raw, json)
Hash identifier:          dR8Ur+4i86TlUj5xnDDc+Wj6ylUDKKDfSLF4b439enc=
Subject key identifier:   60:14:AF:D2:2C:34:F6:1A:BC:A0:FF:DE:69:3F:19:FA:EC:4F:BB:C7
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019DD3968428D43B500AC625E526A0A299E2
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/YBSv0iw09hq8oP_eaT8Z-uxPu8c.roa
Signing time:             Tue 28 Apr 2026 10:15:49 +0000
ROA not before:           Tue 28 Apr 2026 10:15:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216070
IP address blocks:        89.125.21.0/24 maxlen: 24
                          89.125.22.0/24 maxlen: 24
                          89.125.23.0/24 maxlen: 24
                          176.126.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d3:96:84:28:d4:3b:50:0a:c6:25:e5:26:a0:a2:99:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr 28 10:15:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6014afd22c34f61abca0ffde693f19faec4fbbc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:92:8f:a5:54:0b:4b:70:dd:e2:4b:d9:53:28:
                    fc:eb:cb:9d:64:5e:a0:9d:22:e5:8e:09:1a:1c:f2:
                    bf:45:ee:d2:93:f0:a8:c7:29:51:14:22:17:95:61:
                    d0:c2:9f:a0:99:27:22:f1:b5:dd:9e:fc:0b:60:bb:
                    f2:0c:5f:c8:a7:7b:b8:14:20:55:3f:42:0e:9a:21:
                    05:0e:56:48:cc:53:39:85:cd:df:67:2d:3d:82:f0:
                    db:76:a4:d2:ff:7d:63:ed:d3:f0:03:2e:2e:95:2e:
                    7b:c5:f4:be:cf:2c:41:5b:50:8a:6d:41:cd:9e:27:
                    96:92:f1:eb:0b:a6:5f:62:3a:7f:2a:2a:63:c9:0c:
                    6b:12:38:1a:78:85:23:da:de:5c:a4:6f:14:4e:8d:
                    b2:b5:36:ee:c1:73:b3:ec:b0:f3:83:6a:87:b9:8c:
                    aa:76:84:44:ea:b4:1c:78:13:19:5a:07:ec:12:9f:
                    c4:d0:48:ea:e8:2d:48:e6:32:f7:65:45:6a:77:5b:
                    11:be:eb:33:14:be:5a:8d:2c:1a:ff:2e:3e:2b:78:
                    62:25:20:84:8d:27:84:74:a3:a7:45:eb:39:21:ba:
                    4b:33:d9:cc:9f:40:be:30:fd:82:f7:d9:5c:d8:77:
                    31:67:77:e6:5b:e8:01:44:54:5e:b6:c8:bf:3f:66:
                    71:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:14:AF:D2:2C:34:F6:1A:BC:A0:FF:DE:69:3F:19:FA:EC:4F:BB:C7
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/YBSv0iw09hq8oP_eaT8Z-uxPu8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.125.21.0-89.125.23.255
                  176.126.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:a1:d9:8b:b6:1c:db:45:4d:e3:1c:ee:ba:6f:98:1a:ff:83:
         77:b4:47:fc:65:8a:ca:ef:04:f1:7e:32:d3:4f:81:d3:5d:e1:
         9e:fc:04:c0:15:82:27:62:db:97:77:fa:33:52:9f:95:00:a9:
         d3:e0:b2:14:00:c7:04:a9:b1:c8:d5:a4:5e:d3:8a:88:4b:56:
         45:ab:53:c7:d7:40:ef:a6:56:b1:da:d6:4a:6a:f4:45:fa:a8:
         74:70:f5:34:5f:87:01:0a:66:87:4c:d1:c2:ae:4b:25:24:9e:
         d5:fa:24:24:ba:38:46:f7:5c:ea:7d:e9:7b:f1:3c:2d:43:69:
         3a:24:04:74:75:6a:fe:c0:08:53:da:18:c5:30:ae:9d:c4:82:
         a1:99:2a:01:7c:02:36:3a:9e:59:fe:1b:de:b2:48:3d:b5:ae:
         63:3a:77:85:96:73:86:fe:bc:8a:2a:e6:40:1a:a3:48:d6:d2:
         75:3c:2f:3f:00:89:a4:4e:a3:44:18:72:55:16:b9:7e:5f:ba:
         19:30:6a:f6:05:43:37:49:6f:f8:0d:ae:8c:77:81:4b:b8:22:
         b1:ba:fc:bd:39:56:02:e3:8e:d9:6d:b2:0d:28:98:47:4b:17:
         de:7c:4c:51:00:2c:0a:b1:b8:cd:6b:1a:b5:7f:eb:1d:6a:32:
         46:99:72:30
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ3TloQo1DtQCsYl5SagopniMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNDI4MTAxNTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDE0YWZkMjJjMzRmNjFhYmNhMGZmZGU2OTNmMTlmYWVjNGZiYmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZKPpVQLS3Dd4kvZUyj868udZF6g
nSLljgkaHPK/Re7Sk/CoxylRFCIXlWHQwp+gmSci8bXdnvwLYLvyDF/Ip3u4FCBV
P0IOmiEFDlZIzFM5hc3fZy09gvDbdqTS/31j7dPwAy4ulS57xfS+zyxBW1CKbUHN
nieWkvHrC6ZfYjp/KipjyQxrEjgaeIUj2t5cpG8UTo2ytTbuwXOz7LDzg2qHuYyq
doRE6rQceBMZWgfsEp/E0Ejq6C1I5jL3ZUVqd1sRvuszFL5ajSwa/y4+K3hiJSCE
jSeEdKOnRes5IbpLM9nMn0C+MP2C99lc2HcxZ3fmW+gBRFRetsi/P2ZxuQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGAUr9IsNPYavKD/3mk/GfrsT7vHMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvWUJTdjBpdzA5aHE4b1BfZWFUOFotdXhQdThjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABZfRUD
BANZfRADBACwfq4wDQYJKoZIhvcNAQELBQADggEBAEGh2Yu2HNtFTeMc7rpvmBr/
g3e0R/xlisrvBPF+MtNPgdNd4Z78BMAVgidi25d3+jNSn5UAqdPgshQAxwSpscjV
pF7TiohLVkWrU8fXQO+mVrHa1kpq9EX6qHRw9TRfhwEKZodM0cKuSyUkntX6JCS6
OEb3XOp96XvxPC1DaTokBHR1av7ACFPaGMUwrp3EgqGZKgF8AjY6nln+G96ySD21
rmM6d4WWc4b+vIoq5kAao0jW0nU8Lz8AiaROo0QYclUWuX5fuhkwavYFQzdJb/gN
rox3gUu4IrG6/L05VgLjjtltsg0omEdLF958TFEALAqxuM1rGrV/6x1qMkaZcjA=
-----END CERTIFICATE-----