Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/672fdd-cc7c-4449-9f55-023995906c46/1/mYGac8UdKtYiejjIP-FXgbBItOo.roa
File:                     mYGac8UdKtYiejjIP-FXgbBItOo.roa (raw, json)
Hash identifier:          zhSZcg/Pm9sDKqIKNxnWpvUr1PBvScF8Xahp3flsYl4=
Subject key identifier:   99:81:9A:73:C5:1D:2A:D6:22:7A:38:C8:3F:E1:57:81:B0:48:B4:EA
Certificate issuer:       /CN=60bff94704e4a475374e170cbe17365fa89fe07b
Certificate serial:       019C719DCDF0D1B36A3572D2B3D79FA80692
Authority key identifier: 60:BF:F9:47:04:E4:A4:75:37:4E:17:0C:BE:17:36:5F:A8:9F:E0:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YL_5RwTkpHU3ThcMvhc2X6if4Hs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/672fdd-cc7c-4449-9f55-023995906c46/1/mYGac8UdKtYiejjIP-FXgbBItOo.roa
Signing time:             Wed 18 Feb 2026 16:38:12 +0000
ROA not before:           Wed 18 Feb 2026 16:38:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210423
IP address blocks:        79.108.232.0/21 maxlen: 24
                          185.225.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/672fdd-cc7c-4449-9f55-023995906c46/1/YL_5RwTkpHU3ThcMvhc2X6if4Hs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/672fdd-cc7c-4449-9f55-023995906c46/1/YL_5RwTkpHU3ThcMvhc2X6if4Hs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YL_5RwTkpHU3ThcMvhc2X6if4Hs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:71:9d:cd:f0:d1:b3:6a:35:72:d2:b3:d7:9f:a8:06:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60bff94704e4a475374e170cbe17365fa89fe07b
        Validity
            Not Before: Feb 18 16:38:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=99819a73c51d2ad6227a38c83fe15781b048b4ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:bc:5d:4e:d0:59:1c:c8:b2:e8:07:a4:e3:09:
                    50:17:92:23:9a:82:13:f5:0f:26:8c:8d:0e:6a:1a:
                    35:7c:6d:8d:49:ae:e4:5a:6c:fe:05:c4:a1:8b:ee:
                    6a:21:f4:35:00:bc:3a:e7:12:84:4d:59:72:af:f8:
                    3a:31:86:4b:53:9e:54:66:bb:94:82:1a:10:37:18:
                    12:a9:a0:18:06:ec:03:83:2a:44:ae:c3:ca:9a:73:
                    57:c0:80:d4:f1:fb:72:c4:79:67:7d:e0:79:b4:be:
                    1c:d7:94:fb:c1:6d:68:52:29:9c:e1:0d:62:99:e2:
                    0f:22:c3:4c:2f:f8:08:14:62:83:d0:07:01:7a:98:
                    8b:1f:23:77:24:15:31:4d:a6:a9:1e:03:85:ed:91:
                    00:41:f3:26:e8:6a:d5:56:2e:2b:f6:0c:b3:58:5a:
                    1b:73:c0:b9:e2:81:b2:c4:89:e4:ef:8b:1e:11:b4:
                    7d:48:4f:7b:d5:f2:c1:43:86:fc:cb:cb:8a:da:ae:
                    23:d4:4d:96:da:cd:7e:08:47:15:50:c2:44:1d:e1:
                    52:bd:73:6b:84:f7:b9:a9:f2:60:30:db:3d:85:0e:
                    52:4f:ac:7b:df:83:56:9a:c1:09:c4:d2:4c:65:d3:
                    97:3f:96:67:cc:24:0f:5c:de:87:55:7a:a0:9b:6e:
                    53:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:81:9A:73:C5:1D:2A:D6:22:7A:38:C8:3F:E1:57:81:B0:48:B4:EA
            X509v3 Authority Key Identifier:
                keyid:60:BF:F9:47:04:E4:A4:75:37:4E:17:0C:BE:17:36:5F:A8:9F:E0:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YL_5RwTkpHU3ThcMvhc2X6if4Hs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/672fdd-cc7c-4449-9f55-023995906c46/1/mYGac8UdKtYiejjIP-FXgbBItOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/672fdd-cc7c-4449-9f55-023995906c46/1/YL_5RwTkpHU3ThcMvhc2X6if4Hs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.108.232.0/21
                  185.225.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:fd:5a:b5:a4:a7:a4:8f:7b:b6:a6:fc:db:02:67:af:53:79:
         a3:31:e0:2c:1c:73:87:24:08:b3:a6:ee:11:be:f3:2b:cb:17:
         cc:86:cc:50:59:bb:4b:7a:3e:e6:ca:2a:1c:05:ad:5a:04:ac:
         1b:dd:19:a8:bd:da:62:1a:ec:3c:19:7f:24:d9:21:c4:cd:0a:
         54:c1:a8:31:8b:f0:9f:2a:f8:a4:75:e2:2f:b4:6f:94:e5:b7:
         e7:a4:1b:7f:b3:0d:0a:83:76:35:d3:bc:0c:94:e1:07:46:16:
         6f:4a:bb:71:3c:de:70:c0:cf:a5:26:c0:ab:ba:3d:77:6d:f4:
         82:f1:e6:87:c8:fd:18:9a:77:16:77:c2:af:94:20:21:21:bc:
         bd:61:2b:12:f5:18:74:8c:9b:53:91:75:b7:04:27:2b:62:b0:
         12:f4:3c:bf:fb:f4:ba:d4:99:38:78:79:2c:e4:38:4c:87:92:
         69:51:7e:e5:ac:9d:5c:38:9c:4b:60:fc:d9:64:7c:26:a7:8f:
         23:c7:55:8c:14:25:6e:b2:8d:3a:99:b0:a3:48:f2:ab:68:19:
         58:ce:62:ac:98:b7:a2:1b:7f:93:ec:c9:44:24:06:4f:83:c8:
         44:e3:bb:f1:1c:c4:60:41:9d:95:48:5c:51:3d:9f:32:29:b3:
         c0:84:df:e6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxxnc3w0bNqNXLSs9efqAaSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYmZmOTQ3MDRlNGE0NzUzNzRlMTcwY2JlMTczNjVmYTg5
ZmUwN2IwHhcNMjYwMjE4MTYzODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTgxOWE3M2M1MWQyYWQ2MjI3YTM4YzgzZmUxNTc4MWIwNDhiNGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLxdTtBZHMiy6Aek4wlQF5IjmoIT
9Q8mjI0Oaho1fG2NSa7kWmz+BcShi+5qIfQ1ALw65xKETVlyr/g6MYZLU55UZruU
ghoQNxgSqaAYBuwDgypErsPKmnNXwIDU8ftyxHlnfeB5tL4c15T7wW1oUimc4Q1i
meIPIsNML/gIFGKD0AcBepiLHyN3JBUxTaapHgOF7ZEAQfMm6GrVVi4r9gyzWFob
c8C54oGyxInk74seEbR9SE971fLBQ4b8y8uK2q4j1E2W2s1+CEcVUMJEHeFSvXNr
hPe5qfJgMNs9hQ5ST6x734NWmsEJxNJMZdOXP5ZnzCQPXN6HVXqgm25TYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJmBmnPFHSrWIno4yD/hV4GwSLTqMB8GA1UdIwQY
MBaAFGC/+UcE5KR1N04XDL4XNl+on+B7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUxfNVJ3VGtwSFUzVGhjTXZoYzJYNmlmNEhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NzJmZGQtY2M3Yy00NDQ5LTlmNTUt
MDIzOTk1OTA2YzQ2LzEvbVlHYWM4VWRLdFlpZWpqSVAtRlhnYkJJdE9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NzJmZGQtY2M3Yy00NDQ5LTlmNTUtMDIzOTk1OTA2YzQ2
LzEvWUxfNVJ3VGtwSFUzVGhjTXZoYzJYNmlmNEhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDT2zoAwQA
ueF+MA0GCSqGSIb3DQEBCwUAA4IBAQBy/Vq1pKekj3u2pvzbAmevU3mjMeAsHHOH
JAizpu4RvvMryxfMhsxQWbtLej7myiocBa1aBKwb3RmovdpiGuw8GX8k2SHEzQpU
wagxi/CfKvikdeIvtG+U5bfnpBt/sw0Kg3Y107wMlOEHRhZvSrtxPN5wwM+lJsCr
uj13bfSC8eaHyP0YmncWd8KvlCAhIby9YSsS9Rh0jJtTkXW3BCcrYrAS9Dy/+/S6
1Jk4eHks5DhMh5JpUX7lrJ1cOJxLYPzZZHwmp48jx1WMFCVuso06mbCjSPKraBlY
zmKsmLeiG3+T7MlEJAZPg8hE47vxHMRgQZ2VSFxRPZ8yKbPAhN/m
-----END CERTIFICATE-----