Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/uy5tSKWMk77XGidmdX5X51c2n2Q.roa
File:                     uy5tSKWMk77XGidmdX5X51c2n2Q.roa (raw, json)
Hash identifier:          zLzI8G6xgHVV8C2xBsfYSCIHtqR4kIla9juQQRtmqGs=
Subject key identifier:   BB:2E:6D:48:A5:8C:93:BE:D7:1A:27:66:75:7E:57:E7:57:36:9F:64
Certificate issuer:       /CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Certificate serial:       019C896386AD7C74AEF037D5D7B2986140C3
Authority key identifier: 62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/uy5tSKWMk77XGidmdX5X51c2n2Q.roa
Signing time:             Mon 23 Feb 2026 07:25:26 +0000
ROA not before:           Mon 23 Feb 2026 07:25:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39855
IP address blocks:        158.173.60.0/22 maxlen: 24
                          185.82.88.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:89:63:86:ad:7c:74:ae:f0:37:d5:d7:b2:98:61:40:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
        Validity
            Not Before: Feb 23 07:25:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bb2e6d48a58c93bed71a2766757e57e757369f64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ae:b9:91:41:24:f8:d1:82:77:ce:f1:ee:72:
                    e3:b0:f2:8d:60:4a:47:25:f8:a5:16:ec:f7:54:78:
                    51:ad:33:f8:e8:0d:24:4b:01:6e:57:0b:0c:9b:7c:
                    1f:56:ee:82:8a:46:0d:1c:d9:b2:e8:ba:7b:be:1e:
                    ac:7a:27:ad:68:da:09:2f:fe:2b:43:67:db:40:47:
                    6c:ec:04:f4:c0:26:4f:a4:4f:57:35:ea:73:a7:23:
                    ac:a6:e1:37:76:4b:5d:b3:a4:46:ed:28:9d:05:65:
                    53:45:14:f6:06:46:1b:63:19:d8:93:2d:80:01:e9:
                    c7:31:7d:3f:fe:a0:8f:2f:42:0a:96:7f:a8:5e:c9:
                    d5:b0:9c:5a:c3:92:21:36:bd:d9:f3:dc:b5:8f:75:
                    18:55:b8:f6:6d:c6:38:db:7a:8f:83:7d:c9:49:98:
                    0f:f3:67:3d:41:68:e7:de:97:97:75:1f:35:3a:41:
                    72:c7:00:72:3a:be:3e:33:52:20:d9:55:f3:29:16:
                    23:c2:cb:46:8b:83:f3:44:e4:c1:1b:24:66:11:e2:
                    55:1c:1f:97:3e:13:66:5d:df:f2:0e:36:cb:a0:f2:
                    aa:40:5a:77:f3:7b:12:13:cb:c3:c8:05:1f:d9:b3:
                    ae:55:ed:93:64:72:9b:5c:a7:b0:16:1d:e5:fb:84:
                    8a:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:2E:6D:48:A5:8C:93:BE:D7:1A:27:66:75:7E:57:E7:57:36:9F:64
            X509v3 Authority Key Identifier:
                keyid:62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/uy5tSKWMk77XGidmdX5X51c2n2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.60.0/22
                  185.82.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:e0:e4:11:ae:43:d1:99:49:b8:eb:c7:b6:bc:84:bc:7a:2f:
         6a:25:cd:c2:71:d7:38:b4:8b:6d:a7:3c:4c:0e:80:ba:e8:12:
         0e:5e:4a:9b:f5:2d:bb:c1:ae:d3:bf:ab:a8:e8:98:9d:6e:26:
         3a:fc:47:f1:3f:d2:63:a5:3e:8b:e7:ec:c9:fa:a0:7d:df:9d:
         ae:fd:fa:04:32:65:fd:32:43:93:b5:1d:e2:9d:64:b2:17:7e:
         fa:48:79:07:47:fa:71:34:94:99:35:0d:e1:8f:0c:7a:12:04:
         c0:ac:95:26:42:da:cd:16:16:4c:17:ce:98:fb:1a:94:98:78:
         89:b2:c8:97:7f:20:ae:a1:75:43:8b:4e:2d:a9:3a:63:d7:78:
         85:16:8d:89:b8:01:4a:be:15:10:ea:f7:a3:9f:85:23:06:78:
         97:94:2c:4c:79:6e:0e:dd:a8:57:a3:81:c8:46:9b:8d:69:00:
         b8:a1:4a:05:b9:5b:88:c5:b5:97:15:8c:cd:30:56:99:fb:eb:
         48:25:ad:f4:63:e0:da:aa:5c:cb:2f:c0:bb:41:c1:0f:d8:ab:
         d4:6f:7b:2c:93:71:d0:95:ae:df:26:3e:3d:c4:3b:9a:78:dc:
         58:14:e4:9e:10:c7:17:bc:24:70:7a:7c:29:02:fb:0c:db:3a:
         5f:3a:37:62
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyJY4atfHSu8DfV17KYYUDDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmEyOGI3YzYzZWY2YWIyMTRhNTJjZmE3YzNlNzhkYjlh
NDA4MjMwHhcNMjYwMjIzMDcyNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjJlNmQ0OGE1OGM5M2JlZDcxYTI3NjY3NTdlNTdlNzU3MzY5ZjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsK65kUEk+NGCd87x7nLjsPKNYEpH
JfilFuz3VHhRrTP46A0kSwFuVwsMm3wfVu6CikYNHNmy6Lp7vh6seietaNoJL/4r
Q2fbQEds7AT0wCZPpE9XNepzpyOspuE3dktds6RG7SidBWVTRRT2BkYbYxnYky2A
AenHMX0//qCPL0IKln+oXsnVsJxaw5IhNr3Z89y1j3UYVbj2bcY423qPg33JSZgP
82c9QWjn3peXdR81OkFyxwByOr4+M1Ig2VXzKRYjwstGi4PzROTBGyRmEeJVHB+X
PhNmXd/yDjbLoPKqQFp383sSE8vDyAUf2bOuVe2TZHKbXKewFh3l+4SK7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLsubUiljJO+1xonZnV+V+dXNp9kMB8GA1UdIwQY
MBaAFGJqKLfGPvarIUpSz6fD5425pAgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUt
ZDJjZDI2YjY5ZGYxLzEvdXk1dFNLV01rNzdYR2lkbWRYNVg1MWMybjJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUtZDJjZDI2YjY5ZGYx
LzEvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCnq08AwQC
uVJYMA0GCSqGSIb3DQEBCwUAA4IBAQBM4OQRrkPRmUm468e2vIS8ei9qJc3Ccdc4
tIttpzxMDoC66BIOXkqb9S27wa7Tv6uo6JidbiY6/EfxP9JjpT6L5+zJ+qB9352u
/foEMmX9MkOTtR3inWSyF376SHkHR/pxNJSZNQ3hjwx6EgTArJUmQtrNFhZMF86Y
+xqUmHiJssiXfyCuoXVDi04tqTpj13iFFo2JuAFKvhUQ6vejn4UjBniXlCxMeW4O
3ahXo4HIRpuNaQC4oUoFuVuIxbWXFYzNMFaZ++tIJa30Y+DaqlzLL8C7QcEP2KvU
b3ssk3HQla7fJj49xDuaeNxYFOSeEMcXvCRwenwpAvsM2zpfOjdi
-----END CERTIFICATE-----