Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/bd0556-3f33-46de-9291-3b34420d90d2/1/YVLbsPphUzr0gk62ZWqr-AU_xYs.roa
File:                     YVLbsPphUzr0gk62ZWqr-AU_xYs.roa (raw, json)
Hash identifier:          40/VqOwzeKbDNYjqt9gFE2PfKWEcwlXPJGHdZ1QMGtM=
Subject key identifier:   61:52:DB:B0:FA:61:53:3A:F4:82:4E:B6:65:6A:AB:F8:05:3F:C5:8B
Certificate issuer:       /CN=29574576e9cea38ea3f6eeb26c8327528a0a1bff
Certificate serial:       019C65EB1C770F3CDAE23B89BDF0C93D2631
Authority key identifier: 29:57:45:76:E9:CE:A3:8E:A3:F6:EE:B2:6C:83:27:52:8A:0A:1B:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KVdFdunOo46j9u6ybIMnUooKG_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/bd0556-3f33-46de-9291-3b34420d90d2/1/YVLbsPphUzr0gk62ZWqr-AU_xYs.roa
Signing time:             Mon 16 Feb 2026 10:07:12 +0000
ROA not before:           Mon 16 Feb 2026 10:07:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215441
IP address blocks:        185.234.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/bd0556-3f33-46de-9291-3b34420d90d2/1/KVdFdunOo46j9u6ybIMnUooKG_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/bd0556-3f33-46de-9291-3b34420d90d2/1/KVdFdunOo46j9u6ybIMnUooKG_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KVdFdunOo46j9u6ybIMnUooKG_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:65:eb:1c:77:0f:3c:da:e2:3b:89:bd:f0:c9:3d:26:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29574576e9cea38ea3f6eeb26c8327528a0a1bff
        Validity
            Not Before: Feb 16 10:07:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6152dbb0fa61533af4824eb6656aabf8053fc58b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:1c:39:f4:9b:de:e7:94:22:a7:d3:ff:0f:a2:
                    cb:b0:52:46:de:32:18:2f:74:69:db:7c:f3:1a:79:
                    0b:b9:a9:4b:38:94:8b:e6:3f:d2:66:91:e2:79:d2:
                    69:72:5a:7e:39:b7:28:37:a4:74:92:09:3a:b2:95:
                    95:14:19:74:23:f4:c2:5d:c8:5a:73:c6:a6:de:01:
                    c0:6e:de:76:70:c3:5e:e3:61:0f:7c:fa:b0:cd:d7:
                    15:83:d2:e5:2a:5f:76:86:1a:12:d7:d5:ab:d0:f9:
                    32:65:e9:f8:78:d3:93:5d:4d:05:a4:ee:76:d4:bc:
                    93:06:6b:d2:c6:c9:46:3f:66:42:7f:8f:2a:ec:5a:
                    98:63:23:ef:1c:33:6d:8d:f2:55:71:01:7f:e3:10:
                    94:55:e6:83:cc:8a:e4:6c:18:94:e9:90:a6:19:ac:
                    92:01:e1:2a:c3:dd:e3:4b:e2:f6:69:a4:93:8e:2d:
                    b1:7f:3e:bf:a8:3b:7a:c7:95:97:24:56:73:ea:0b:
                    f9:7d:38:0b:5e:1e:1d:ff:5d:4a:93:1d:6f:d5:6a:
                    9e:fc:6f:0c:b1:a6:51:44:b8:bd:92:13:fb:43:df:
                    ba:6e:d0:f3:b6:b4:a3:f0:c1:96:e1:0a:f2:65:59:
                    d5:af:94:23:ba:2a:91:7d:f0:72:b0:ab:13:ec:c6:
                    6c:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:52:DB:B0:FA:61:53:3A:F4:82:4E:B6:65:6A:AB:F8:05:3F:C5:8B
            X509v3 Authority Key Identifier:
                keyid:29:57:45:76:E9:CE:A3:8E:A3:F6:EE:B2:6C:83:27:52:8A:0A:1B:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KVdFdunOo46j9u6ybIMnUooKG_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/bd0556-3f33-46de-9291-3b34420d90d2/1/YVLbsPphUzr0gk62ZWqr-AU_xYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/bd0556-3f33-46de-9291-3b34420d90d2/1/KVdFdunOo46j9u6ybIMnUooKG_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:ed:a5:7d:57:52:9b:a5:64:43:c8:e5:6a:8b:95:0c:30:c0:
         dd:c9:8a:b7:97:41:99:1e:be:b5:6e:c3:e1:4a:e7:41:f7:95:
         ad:58:2d:91:f6:90:25:13:03:ec:bf:d7:f9:dd:1c:e3:e8:27:
         f1:95:c0:59:ca:a2:65:b8:64:d6:7e:67:6a:c7:43:5d:78:a8:
         ef:f6:8d:48:ca:14:ab:13:61:fe:9f:7b:91:44:8a:aa:f2:44:
         fa:10:02:17:df:d3:47:2b:f1:04:0e:6c:7e:bd:ae:50:b9:d6:
         74:00:79:a3:d8:44:fb:db:83:e1:e3:df:b7:f5:9a:2c:da:b5:
         ff:78:76:07:ac:7a:fe:cc:ec:c9:0c:fc:32:80:f9:e6:e1:e7:
         6e:b5:18:5f:cc:e1:2d:89:01:40:05:f9:14:6c:d9:50:92:0e:
         72:f8:89:26:ab:a1:ad:f5:c7:04:5a:af:b9:15:6c:86:74:23:
         f8:02:aa:b2:00:64:12:41:67:01:a6:45:79:a1:ff:2d:18:9a:
         8c:b6:c7:53:1f:21:c4:12:12:8a:1d:59:a2:ce:e9:01:e2:b1:
         6d:7e:23:3c:bc:6c:92:cd:19:5c:d3:ba:7c:e5:f1:a1:2c:4b:
         41:0d:1e:7a:67:5c:f2:23:2b:7c:91:84:c1:87:7d:4e:53:d1:
         dd:42:da:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxl6xx3Dzza4juJvfDJPSYxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NTc0NTc2ZTljZWEzOGVhM2Y2ZWViMjZjODMyNzUyOGEw
YTFiZmYwHhcNMjYwMjE2MTAwNzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTUyZGJiMGZhNjE1MzNhZjQ4MjRlYjY2NTZhYWJmODA1M2ZjNThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBw59Jve55Qip9P/D6LLsFJG3jIY
L3Rp23zzGnkLualLOJSL5j/SZpHiedJpclp+ObcoN6R0kgk6spWVFBl0I/TCXcha
c8am3gHAbt52cMNe42EPfPqwzdcVg9LlKl92hhoS19Wr0PkyZen4eNOTXU0FpO52
1LyTBmvSxslGP2ZCf48q7FqYYyPvHDNtjfJVcQF/4xCUVeaDzIrkbBiU6ZCmGayS
AeEqw93jS+L2aaSTji2xfz6/qDt6x5WXJFZz6gv5fTgLXh4d/11Kkx1v1Wqe/G8M
saZRRLi9khP7Q9+6btDztrSj8MGW4QryZVnVr5QjuiqRffBysKsT7MZscQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGFS27D6YVM69IJOtmVqq/gFP8WLMB8GA1UdIwQY
MBaAFClXRXbpzqOOo/busmyDJ1KKChv/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1ZkRmR1bk9vNDZqOXU2eWJJTW5Vb29LR184LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9iZDA1NTYtM2YzMy00NmRlLTkyOTEt
M2IzNDQyMGQ5MGQyLzEvWVZMYnNQcGhVenIwZ2s2MlpXcXItQVVfeFlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9iZDA1NTYtM2YzMy00NmRlLTkyOTEtM2IzNDQyMGQ5MGQy
LzEvS1ZkRmR1bk9vNDZqOXU2eWJJTW5Vb29LR184LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueoKMA0G
CSqGSIb3DQEBCwUAA4IBAQBh7aV9V1KbpWRDyOVqi5UMMMDdyYq3l0GZHr61bsPh
SudB95WtWC2R9pAlEwPsv9f53Rzj6CfxlcBZyqJluGTWfmdqx0NdeKjv9o1IyhSr
E2H+n3uRRIqq8kT6EAIX39NHK/EEDmx+va5QudZ0AHmj2ET724Ph49+39Zos2rX/
eHYHrHr+zOzJDPwygPnm4edutRhfzOEtiQFABfkUbNlQkg5y+Ikmq6Gt9ccEWq+5
FWyGdCP4AqqyAGQSQWcBpkV5of8tGJqMtsdTHyHEEhKKHVmizukB4rFtfiM8vGyS
zRlc07p85fGhLEtBDR56Z1zyIyt8kYTBh31OU9HdQtrv
-----END CERTIFICATE-----