Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/986b51-5db8-4b7c-8605-16500d6c7014/1/YyixRgQkCRlptWPD1EtoXlr--oE.roa
File:                     YyixRgQkCRlptWPD1EtoXlr--oE.roa (raw, json)
Hash identifier:          XOxUCcAQJDI29aG4fQOLmqpsz4BUrXY6zDEjsBxBHik=
Subject key identifier:   63:28:B1:46:04:24:09:19:69:B5:63:C3:D4:4B:68:5E:5A:FE:FA:81
Certificate issuer:       /CN=6140e4b5a6f96ca4e0cca0c3ebd650da8e5f921c
Certificate serial:       019C7A352F4463DE39FCCCCAC9069AEDC7F0
Authority key identifier: 61:40:E4:B5:A6:F9:6C:A4:E0:CC:A0:C3:EB:D6:50:DA:8E:5F:92:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YUDktab5bKTgzKDD69ZQ2o5fkhw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/986b51-5db8-4b7c-8605-16500d6c7014/1/YyixRgQkCRlptWPD1EtoXlr--oE.roa
Signing time:             Fri 20 Feb 2026 08:40:31 +0000
ROA not before:           Fri 20 Feb 2026 08:40:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205968
IP address blocks:        185.199.84.0/22 maxlen: 22
                          2a0a:99c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/986b51-5db8-4b7c-8605-16500d6c7014/1/YUDktab5bKTgzKDD69ZQ2o5fkhw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/986b51-5db8-4b7c-8605-16500d6c7014/1/YUDktab5bKTgzKDD69ZQ2o5fkhw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YUDktab5bKTgzKDD69ZQ2o5fkhw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7a:35:2f:44:63:de:39:fc:cc:ca:c9:06:9a:ed:c7:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6140e4b5a6f96ca4e0cca0c3ebd650da8e5f921c
        Validity
            Not Before: Feb 20 08:40:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6328b1460424091969b563c3d44b685e5afefa81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ea:70:3c:0c:ff:81:00:d8:56:f1:fe:2b:11:
                    71:c8:ae:21:9f:a5:bd:2f:6a:82:b5:0f:6b:0f:9a:
                    60:85:86:64:52:d1:4e:36:51:7b:90:f9:a7:b5:42:
                    9c:75:59:6c:eb:e1:82:47:95:5f:e4:71:d4:0e:cd:
                    bd:75:c4:9e:38:8f:2a:4c:72:90:57:37:52:95:37:
                    cf:f8:f3:84:55:55:9d:cf:09:6a:b8:3b:e5:04:90:
                    43:0d:8a:d4:ae:b2:7a:3c:63:2d:0e:cf:e3:16:4e:
                    2f:4c:5e:c8:42:76:38:df:05:28:3a:06:54:84:df:
                    f0:30:f4:38:7d:7e:8a:58:b7:8e:51:fc:e6:0c:52:
                    6c:d1:b2:99:94:6e:03:4c:b1:00:ac:49:13:db:f7:
                    c7:3b:c0:f9:24:44:07:71:04:5a:dd:93:a5:09:9c:
                    df:cb:12:16:ef:b7:80:c6:60:70:77:fe:58:5d:f9:
                    bb:b7:00:2a:c9:92:3a:53:87:e9:3f:07:ae:e7:c2:
                    de:ac:24:ac:6e:db:01:58:3b:6e:22:6f:2f:09:de:
                    81:c5:96:51:1b:d9:26:87:4b:cf:a9:c2:f7:c7:bf:
                    f9:85:91:62:84:74:c4:6e:0e:49:ff:f1:45:cd:43:
                    20:62:20:3c:71:17:e5:cc:17:6e:1b:58:c6:29:09:
                    de:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:28:B1:46:04:24:09:19:69:B5:63:C3:D4:4B:68:5E:5A:FE:FA:81
            X509v3 Authority Key Identifier:
                keyid:61:40:E4:B5:A6:F9:6C:A4:E0:CC:A0:C3:EB:D6:50:DA:8E:5F:92:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YUDktab5bKTgzKDD69ZQ2o5fkhw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/986b51-5db8-4b7c-8605-16500d6c7014/1/YyixRgQkCRlptWPD1EtoXlr--oE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/986b51-5db8-4b7c-8605-16500d6c7014/1/YUDktab5bKTgzKDD69ZQ2o5fkhw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.84.0/22
                IPv6:
                  2a0a:99c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         99:30:f0:67:4b:4a:8e:65:57:7d:e6:8f:cd:e6:1f:5f:4a:67:
         f4:0c:68:1c:19:1d:5f:4b:cf:df:89:db:b7:9c:0e:4a:c2:51:
         35:02:63:9d:9a:ec:c3:d6:0b:9f:f9:23:f3:59:1d:78:7a:2b:
         a9:44:14:d5:f4:29:25:ac:78:2e:6a:6f:74:26:6f:db:1a:4d:
         e9:62:3d:5f:20:9f:69:a2:be:c5:59:45:e5:50:cf:45:21:5e:
         2f:76:59:35:b3:f0:86:54:97:c8:36:bd:1c:98:03:a2:c9:e3:
         41:92:31:88:eb:0c:32:d7:fb:96:cb:76:3b:2c:16:6b:5d:42:
         b2:a0:7d:96:46:60:3a:52:b6:5b:07:b6:bb:99:1b:48:00:ad:
         17:e7:56:16:ea:0d:1c:b9:0a:ab:ec:e3:26:40:ff:65:59:21:
         5c:00:35:28:c1:5a:81:93:dc:03:e3:43:ff:23:aa:e2:ea:07:
         d9:a6:96:67:43:64:cc:be:43:ff:99:86:83:c3:5a:e4:32:1c:
         44:ab:06:40:ca:0c:38:f8:1d:a6:39:d6:74:32:7d:0d:10:38:
         f7:14:da:b6:a7:80:96:eb:52:11:5d:ea:35:99:cb:b6:4e:68:
         bd:45:94:49:75:5b:a2:09:72:f0:1a:b0:5a:a0:f1:0e:74:8c:
         a4:48:4a:d7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZx6NS9EY945/MzKyQaa7cfwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxNDBlNGI1YTZmOTZjYTRlMGNjYTBjM2ViZDY1MGRhOGU1
ZjkyMWMwHhcNMjYwMjIwMDg0MDMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzI4YjE0NjA0MjQwOTE5NjliNTYzYzNkNDRiNjg1ZTVhZmVmYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkepwPAz/gQDYVvH+KxFxyK4hn6W9
L2qCtQ9rD5pghYZkUtFONlF7kPmntUKcdVls6+GCR5Vf5HHUDs29dcSeOI8qTHKQ
VzdSlTfP+POEVVWdzwlquDvlBJBDDYrUrrJ6PGMtDs/jFk4vTF7IQnY43wUoOgZU
hN/wMPQ4fX6KWLeOUfzmDFJs0bKZlG4DTLEArEkT2/fHO8D5JEQHcQRa3ZOlCZzf
yxIW77eAxmBwd/5YXfm7twAqyZI6U4fpPweu58LerCSsbtsBWDtuIm8vCd6BxZZR
G9kmh0vPqcL3x7/5hZFihHTEbg5J//FFzUMgYiA8cRflzBduG1jGKQnetwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGMosUYEJAkZabVjw9RLaF5a/vqBMB8GA1UdIwQY
MBaAFGFA5LWm+Wyk4Mygw+vWUNqOX5IcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVVEa3RhYjViS1RnektERDY5WlEybzVma2h3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy85ODZiNTEtNWRiOC00YjdjLTg2MDUt
MTY1MDBkNmM3MDE0LzEvWXlpeFJnUWtDUmxwdFdQRDFFdG9YbHItLW9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy85ODZiNTEtNWRiOC00YjdjLTg2MDUtMTY1MDBkNmM3MDE0
LzEvWVVEa3RhYjViS1RnektERDY5WlEybzVma2h3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucdUMA0E
AgACMAcDBQMqCpnAMA0GCSqGSIb3DQEBCwUAA4IBAQCZMPBnS0qOZVd95o/N5h9f
Smf0DGgcGR1fS8/fidu3nA5KwlE1AmOdmuzD1guf+SPzWR14eiupRBTV9CklrHgu
am90Jm/bGk3pYj1fIJ9por7FWUXlUM9FIV4vdlk1s/CGVJfINr0cmAOiyeNBkjGI
6wwy1/uWy3Y7LBZrXUKyoH2WRmA6UrZbB7a7mRtIAK0X51YW6g0cuQqr7OMmQP9l
WSFcADUowVqBk9wD40P/I6ri6gfZppZnQ2TMvkP/mYaDw1rkMhxEqwZAygw4+B2m
OdZ0Mn0NEDj3FNq2p4CW61IRXeo1mcu2Tmi9RZRJdVuiCXLwGrBaoPEOdIykSErX
-----END CERTIFICATE-----