Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/YALm6m5SWbzZ8AfsEzj-ygddQPE.roa
File:                     YALm6m5SWbzZ8AfsEzj-ygddQPE.roa (raw, json)
Hash identifier:          VOv+iOuB0dLMvQoN1guUP5/ShM+RSeq3EMRboWH8Yzo=
Subject key identifier:   60:02:E6:EA:6E:52:59:BC:D9:F0:07:EC:13:38:FE:CA:07:5D:40:F1
Certificate issuer:       /CN=2eebb691b24f2879253e3a6a45e0b5c52673b09d
Certificate serial:       019C569294E3ABAA741FB34F69EF131B26CC
Authority key identifier: 2E:EB:B6:91:B2:4F:28:79:25:3E:3A:6A:45:E0:B5:C5:26:73:B0:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Luu2kbJPKHklPjpqReC1xSZzsJ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/YALm6m5SWbzZ8AfsEzj-ygddQPE.roa
Signing time:             Fri 13 Feb 2026 10:36:12 +0000
ROA not before:           Fri 13 Feb 2026 10:36:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202799
IP address blocks:        89.19.219.0/24 maxlen: 24
                          89.19.220.0/24 maxlen: 24
                          89.19.221.0/24 maxlen: 24
                          89.19.222.0/24 maxlen: 24
                          89.19.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/Luu2kbJPKHklPjpqReC1xSZzsJ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/Luu2kbJPKHklPjpqReC1xSZzsJ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Luu2kbJPKHklPjpqReC1xSZzsJ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 07:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:56:92:94:e3:ab:aa:74:1f:b3:4f:69:ef:13:1b:26:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2eebb691b24f2879253e3a6a45e0b5c52673b09d
        Validity
            Not Before: Feb 13 10:36:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6002e6ea6e5259bcd9f007ec1338feca075d40f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:0d:14:fb:bd:59:09:26:a2:ef:aa:4e:e4:3c:
                    f6:fa:0f:70:f8:c4:05:d0:be:de:4b:2b:4e:d1:06:
                    39:2e:f0:d0:cc:24:b8:6b:85:8b:57:3a:c0:06:86:
                    6f:6a:3d:9a:33:01:67:ea:e7:cc:bb:63:0d:42:3a:
                    c6:f8:98:c3:58:34:04:db:e3:14:87:54:9f:21:e6:
                    35:f8:4a:a8:f0:62:82:23:0d:e8:80:a0:dc:67:74:
                    ff:c3:08:6d:5f:db:28:78:55:47:24:ec:c9:34:f1:
                    00:19:f8:a7:77:1b:e1:09:db:88:76:8b:d1:8b:c2:
                    81:a5:11:3b:1b:a0:67:0c:de:14:9f:25:59:24:57:
                    ee:f3:95:a1:31:b5:44:b8:8e:86:26:ab:53:f6:0e:
                    73:eb:42:74:48:1c:eb:d8:ca:61:b3:7d:a0:ed:72:
                    48:9b:e0:7a:7e:06:e6:b4:78:0e:f9:f4:0d:5e:e0:
                    14:ec:80:99:f8:c3:71:cc:d8:85:42:50:06:7e:61:
                    bd:c7:99:6c:ec:fa:fc:48:c1:eb:67:9a:79:44:49:
                    76:4e:af:7e:fc:91:99:03:07:71:05:64:20:98:da:
                    84:aa:58:9c:9c:73:11:bc:ee:ad:bf:e3:f4:8a:15:
                    f6:22:1f:c9:f1:df:4c:ae:a4:71:71:56:71:90:42:
                    19:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:02:E6:EA:6E:52:59:BC:D9:F0:07:EC:13:38:FE:CA:07:5D:40:F1
            X509v3 Authority Key Identifier:
                keyid:2E:EB:B6:91:B2:4F:28:79:25:3E:3A:6A:45:E0:B5:C5:26:73:B0:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Luu2kbJPKHklPjpqReC1xSZzsJ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/YALm6m5SWbzZ8AfsEzj-ygddQPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/Luu2kbJPKHklPjpqReC1xSZzsJ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.19.219.0-89.19.223.255

    Signature Algorithm: sha256WithRSAEncryption
         31:98:12:cf:d2:7a:f4:03:47:a9:65:5d:62:c1:f5:13:b9:51:
         03:70:fe:84:00:94:2b:c9:a8:cd:c6:26:38:45:c4:21:c4:84:
         72:20:a7:4c:35:74:30:ec:8c:65:47:fa:a9:a3:9f:3f:34:b6:
         62:55:fa:eb:c5:f2:fc:64:9a:8a:eb:f4:05:4a:fa:b5:0d:b7:
         89:77:80:69:a4:1d:27:45:cb:d3:1a:1f:e8:1e:cd:c9:04:de:
         fe:a2:3f:7e:ad:38:65:26:cc:7c:2f:e4:3e:c0:c9:89:4a:d4:
         25:e8:85:a3:2a:c7:ed:cb:6d:2b:87:69:37:61:64:f3:52:60:
         1b:93:a5:0d:cf:33:30:37:bc:6f:c2:9d:a7:dd:bb:8d:71:87:
         3a:8d:76:d4:d3:b4:cc:1f:47:65:43:2d:b0:22:1e:47:a5:d3:
         5e:16:96:39:36:9c:e0:cb:8b:3e:0d:f0:05:ad:6d:7d:86:a9:
         86:f1:65:b9:b9:7e:46:ec:00:b2:73:15:fe:ae:6c:b8:f3:51:
         9f:5b:16:b7:8e:b9:09:77:3b:82:8d:cc:11:81:28:ec:0a:7d:
         d5:97:7c:eb:b9:38:ba:df:0a:59:33:0d:fe:62:43:29:13:87:
         ca:c0:3d:6f:a4:6f:5b:a8:e2:42:61:fd:5d:89:98:7b:0c:b3:
         45:69:00:ed
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZxWkpTjq6p0H7NPae8TGybMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZWJiNjkxYjI0ZjI4NzkyNTNlM2E2YTQ1ZTBiNWM1MjY3
M2IwOWQwHhcNMjYwMjEzMTAzNjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDAyZTZlYTZlNTI1OWJjZDlmMDA3ZWMxMzM4ZmVjYTA3NWQ0MGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxA0U+71ZCSai76pO5Dz2+g9w+MQF
0L7eSytO0QY5LvDQzCS4a4WLVzrABoZvaj2aMwFn6ufMu2MNQjrG+JjDWDQE2+MU
h1SfIeY1+Eqo8GKCIw3ogKDcZ3T/wwhtX9soeFVHJOzJNPEAGfindxvhCduIdovR
i8KBpRE7G6BnDN4UnyVZJFfu85WhMbVEuI6GJqtT9g5z60J0SBzr2Mphs32g7XJI
m+B6fgbmtHgO+fQNXuAU7ICZ+MNxzNiFQlAGfmG9x5ls7Pr8SMHrZ5p5REl2Tq9+
/JGZAwdxBWQgmNqEqlicnHMRvO6tv+P0ihX2Ih/J8d9MrqRxcVZxkEIZRwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGAC5upuUlm82fAH7BM4/soHXUDxMB8GA1UdIwQY
MBaAFC7rtpGyTyh5JT46akXgtcUmc7CdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHV1MmtiSlBLSGtsUGpwcVJlQzF4U1p6c0owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xMzBkOTUtNTY0MS00YWRhLTgwYzAt
ZGEzZTExOTJjZGY2LzEvWUFMbTZtNVNXYnpaOEFmc0V6ai15Z2RkUVBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xMzBkOTUtNTY0MS00YWRhLTgwYzAtZGEzZTExOTJjZGY2
LzEvTHV1MmtiSlBLSGtsUGpwcVJlQzF4U1p6c0owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABZE9sD
BAVZE8AwDQYJKoZIhvcNAQELBQADggEBADGYEs/SevQDR6llXWLB9RO5UQNw/oQA
lCvJqM3GJjhFxCHEhHIgp0w1dDDsjGVH+qmjnz80tmJV+uvF8vxkmorr9AVK+rUN
t4l3gGmkHSdFy9MaH+gezckE3v6iP36tOGUmzHwv5D7AyYlK1CXohaMqx+3LbSuH
aTdhZPNSYBuTpQ3PMzA3vG/Cnafdu41xhzqNdtTTtMwfR2VDLbAiHkel014Wljk2
nODLiz4N8AWtbX2GqYbxZbm5fkbsALJzFf6ubLjzUZ9bFreOuQl3O4KNzBGBKOwK
fdWXfOu5OLrfClkzDf5iQykTh8rAPW+kb1uo4kJh/V2JmHsMs0VpAO0=
-----END CERTIFICATE-----