Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/fyxZLGtBW9e59RZ3aEwSKlhWT4w.roa
File:                     fyxZLGtBW9e59RZ3aEwSKlhWT4w.roa (raw, json)
Hash identifier:          itxLmMXkodUFbwqD5SmQmqHBd8MyF3lpLKdM1WEIZu0=
Subject key identifier:   7F:2C:59:2C:6B:41:5B:D7:B9:F5:16:77:68:4C:12:2A:58:56:4F:8C
Certificate issuer:       /CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
Certificate serial:       019C953383DA49A97DF3841ADF38EB989CDF
Authority key identifier: F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/fyxZLGtBW9e59RZ3aEwSKlhWT4w.roa
Signing time:             Wed 25 Feb 2026 14:28:26 +0000
ROA not before:           Wed 25 Feb 2026 14:28:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202226
IP address blocks:        193.202.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:95:33:83:da:49:a9:7d:f3:84:1a:df:38:eb:98:9c:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
        Validity
            Not Before: Feb 25 14:28:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7f2c592c6b415bd7b9f51677684c122a58564f8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:2b:17:54:21:42:a0:79:cf:d5:37:09:fe:9e:
                    11:37:2a:76:0b:ad:fa:44:09:35:b6:99:10:84:81:
                    4d:92:89:b8:7b:8e:95:64:6e:a3:54:69:18:b3:a0:
                    3b:c3:c0:f0:99:68:62:78:36:77:eb:08:8b:7d:45:
                    89:5c:49:f3:9f:8c:d9:b2:da:dc:be:ed:6f:15:42:
                    42:e9:fd:5f:27:ed:c3:81:14:00:31:7c:cd:53:58:
                    1f:ac:3f:88:7a:d7:20:d8:6b:e0:b1:68:89:6d:dc:
                    28:62:74:bb:c9:2d:10:7e:fb:cb:85:fe:4f:75:9b:
                    77:37:ba:77:63:a2:6d:1b:83:88:d6:56:30:92:bf:
                    11:a6:39:3d:73:63:f6:64:4d:d8:1e:00:92:2f:c5:
                    45:b7:94:91:5c:56:da:90:b4:0f:31:a9:68:76:5a:
                    06:cc:c2:95:aa:f4:64:d5:66:de:78:81:94:0e:b2:
                    9b:e1:5d:2a:d4:c2:e0:16:25:9c:ec:65:03:1b:4e:
                    e2:8b:d5:de:d7:24:b7:3f:9f:a7:81:94:01:50:dd:
                    31:2d:f2:07:f9:da:de:e7:ef:9b:c3:2c:ca:28:25:
                    0b:e2:81:1c:22:de:8a:1f:ca:88:93:a2:00:e8:8a:
                    41:55:e3:e9:a1:a6:2f:9a:6b:94:47:c6:3b:3c:6e:
                    21:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:2C:59:2C:6B:41:5B:D7:B9:F5:16:77:68:4C:12:2A:58:56:4F:8C
            X509v3 Authority Key Identifier:
                keyid:F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/fyxZLGtBW9e59RZ3aEwSKlhWT4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.202.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:91:fc:22:78:68:22:8a:df:5a:64:43:05:87:5b:3f:ac:4f:
         f4:8e:fc:44:f1:20:33:f5:49:71:11:56:e4:05:49:00:5e:76:
         ed:f7:ba:9b:93:15:ae:56:32:d9:81:3a:64:ab:d1:36:a7:fb:
         52:15:89:b0:77:df:1b:be:62:28:fc:d9:82:6b:77:86:e1:d2:
         a2:fa:89:2c:57:60:e3:ad:e6:49:03:61:de:0b:55:b9:8f:84:
         8a:8a:74:f2:a1:6a:3d:40:c6:f7:b8:9e:22:84:d6:81:ef:a1:
         a7:32:39:fb:58:8f:23:64:8c:eb:5e:7f:f9:39:5f:65:6a:3d:
         8f:e0:06:27:b4:b3:e6:01:c6:2b:a9:3f:ff:26:cf:28:5a:19:
         fb:c1:bf:71:b5:79:28:52:e9:49:10:37:02:da:1c:e3:c4:17:
         47:1e:3f:59:ee:6c:04:fb:3d:b2:aa:81:ed:27:5f:06:b2:cd:
         75:ac:82:ea:86:5a:74:bb:05:f7:98:2b:af:6e:3d:cf:dc:bb:
         04:b7:19:f2:a9:8e:3b:21:ea:74:52:1c:7d:c9:59:35:5e:45:
         93:c4:b8:b0:b3:c4:40:4d:f5:4f:4d:46:90:ee:9c:f2:b9:17:
         82:49:fa:8f:2e:02:a3:da:c1:b7:6e:7b:8b:c7:a9:01:53:a7:
         18:d4:22:72
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZyVM4PaSal984Qa3zjrmJzfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NjUxYjExOTRmMTJlOThlNzBkM2RhNzhlZmU0ZGQyNDY3
Y2Q0MjMwHhcNMjYwMjI1MTQyODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjJjNTkyYzZiNDE1YmQ3YjlmNTE2Nzc2ODRjMTIyYTU4NTY0ZjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxisXVCFCoHnP1TcJ/p4RNyp2C636
RAk1tpkQhIFNkom4e46VZG6jVGkYs6A7w8DwmWhieDZ36wiLfUWJXEnzn4zZstrc
vu1vFUJC6f1fJ+3DgRQAMXzNU1gfrD+Ietcg2GvgsWiJbdwoYnS7yS0QfvvLhf5P
dZt3N7p3Y6JtG4OI1lYwkr8Rpjk9c2P2ZE3YHgCSL8VFt5SRXFbakLQPMalodloG
zMKVqvRk1WbeeIGUDrKb4V0q1MLgFiWc7GUDG07ii9Xe1yS3P5+ngZQBUN0xLfIH
+dre5++bwyzKKCUL4oEcIt6KH8qIk6IA6IpBVePpoaYvmmuUR8Y7PG4hcwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFH8sWSxrQVvXufUWd2hMEipYVk+MMB8GA1UdIwQY
MBaAFPhlGxGU8S6Y5w09p47+TdJGfNQjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1HVWJFWlR4THBqbkRUMm5qdjVOMGtaODFDTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjli
LWExYjdjZWVmYTE2Yy8xL2Z5eFpMR3RCVzllNTlSWjNhRXdTS2xoV1Q0dy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjliLWExYjdjZWVmYTE2
Yy8xLzEtR1ViRVpUeExwam5EVDJuanY1TjBrWjgxQ00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADBylQw
DQYJKoZIhvcNAQELBQADggEBABiR/CJ4aCKK31pkQwWHWz+sT/SO/ETxIDP1SXER
VuQFSQBedu33upuTFa5WMtmBOmSr0Tan+1IVibB33xu+Yij82YJrd4bh0qL6iSxX
YOOt5kkDYd4LVbmPhIqKdPKhaj1Axve4niKE1oHvoacyOftYjyNkjOtef/k5X2Vq
PY/gBie0s+YBxiupP/8mzyhaGfvBv3G1eShS6UkQNwLaHOPEF0ceP1nubAT7PbKq
ge0nXwayzXWsguqGWnS7BfeYK69uPc/cuwS3GfKpjjsh6nRSHH3JWTVeRZPEuLCz
xEBN9U9NRpDunPK5F4JJ+o8uAqPawbdue4vHqQFTpxjUInI=
-----END CERTIFICATE-----