Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/yv3344YyJiI3tK3pUymZvPmVgpQ.roa
File:                     yv3344YyJiI3tK3pUymZvPmVgpQ.roa (raw, json)
Hash identifier:          kIh2BMTCOOIxdGUWWLL+bxr8RKa/SCiGjCgLbKM6DAk=
Subject key identifier:   CA:FD:F7:E3:86:32:26:22:37:B4:AD:E9:53:29:99:BC:F9:95:82:94
Certificate issuer:       /CN=ffb2627672877d0f6de9bc4e7e186eedd1356110
Certificate serial:       019C9B368410B8E95E899431EA22833D2540
Authority key identifier: FF:B2:62:76:72:87:7D:0F:6D:E9:BC:4E:7E:18:6E:ED:D1:35:61:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/yv3344YyJiI3tK3pUymZvPmVgpQ.roa
Signing time:             Thu 26 Feb 2026 18:29:26 +0000
ROA not before:           Thu 26 Feb 2026 18:29:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202656
IP address blocks:        185.147.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9b:36:84:10:b8:e9:5e:89:94:31:ea:22:83:3d:25:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffb2627672877d0f6de9bc4e7e186eedd1356110
        Validity
            Not Before: Feb 26 18:29:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cafdf7e38632262237b4ade9532999bcf9958294
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:3a:eb:a4:12:50:03:2e:26:4e:84:57:95:a0:
                    0c:14:cf:ea:7f:8d:05:20:1e:00:57:28:1a:03:5e:
                    45:13:dc:b4:68:bc:2d:1a:2f:bd:7c:eb:a6:42:e8:
                    34:65:98:f2:52:6e:18:c2:26:ba:41:84:4f:4c:c9:
                    c3:53:8a:56:92:77:b5:c5:1f:aa:af:99:a8:ef:22:
                    5b:b1:18:d2:f0:ad:42:59:07:40:f1:3c:39:9c:57:
                    a8:5a:4b:e1:71:90:8e:2e:a2:48:39:44:04:35:a9:
                    a2:0a:a8:d8:91:3d:56:a5:62:95:96:b3:d8:bf:8a:
                    65:79:66:69:6c:0b:00:1c:c2:58:d6:0a:45:18:dd:
                    c1:d8:d4:3d:a6:37:2c:37:e2:87:56:9d:1e:2a:41:
                    c9:c6:55:07:96:65:10:fc:78:53:aa:57:c4:41:81:
                    a4:db:12:68:c8:bb:d7:73:c6:f7:73:49:7a:8f:46:
                    fe:bf:a9:25:7b:fe:06:53:f2:59:74:d6:53:18:4f:
                    e4:d9:14:ed:55:bb:29:37:a2:93:0a:b4:f8:f3:cc:
                    6d:39:c7:cc:6a:f6:81:a7:8f:2a:c3:e3:ca:b3:69:
                    51:7e:1d:8f:a3:4e:a6:81:cd:95:25:cd:29:53:ac:
                    26:15:af:99:e6:01:b2:a5:17:59:2c:5e:de:f1:68:
                    fc:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:FD:F7:E3:86:32:26:22:37:B4:AD:E9:53:29:99:BC:F9:95:82:94
            X509v3 Authority Key Identifier:
                keyid:FF:B2:62:76:72:87:7D:0F:6D:E9:BC:4E:7E:18:6E:ED:D1:35:61:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/yv3344YyJiI3tK3pUymZvPmVgpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:8d:ab:fa:99:6a:cb:85:cc:03:d7:48:33:48:c3:90:f9:d2:
         5c:90:eb:64:87:8c:19:6b:98:5d:88:48:8a:69:b1:a0:65:be:
         87:3f:cc:75:a3:05:4d:59:90:0e:b2:69:5e:2a:18:5c:45:08:
         ee:df:a4:38:de:25:d3:cf:66:db:f9:1b:f5:5a:26:8b:de:a3:
         58:be:bf:98:88:42:d8:b7:8c:45:2e:6c:54:8e:df:54:48:56:
         16:ea:aa:7c:19:2c:3b:da:3e:74:d8:4e:74:a3:57:92:54:91:
         e7:94:d5:63:3b:36:54:20:b4:4f:64:64:16:26:64:ac:e3:38:
         96:d3:fa:69:e6:88:29:19:c9:73:f5:0e:86:2f:1c:63:f3:1c:
         5f:d6:6a:ed:ff:5e:1e:13:f3:a3:d6:c4:ea:fc:eb:ba:b4:22:
         2d:f0:99:71:62:2b:c8:2e:d7:f5:53:a3:de:d6:e9:f6:95:47:
         96:9a:63:a3:c1:65:0b:0a:be:41:da:85:ae:99:d6:8e:a1:e4:
         21:bd:e9:82:c1:74:ec:d1:69:2c:3d:88:3a:98:6c:93:9a:8a:
         43:a7:2c:e6:e4:2a:e6:96:d8:d6:a2:3e:a9:9e:a6:23:19:8d:
         68:40:bc:f4:ac:7a:c7:6a:16:59:82:d0:97:bd:fa:5d:d6:7c:
         d5:b0:b3:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZybNoQQuOleiZQx6iKDPSVAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYjI2Mjc2NzI4NzdkMGY2ZGU5YmM0ZTdlMTg2ZWVkZDEz
NTYxMTAwHhcNMjYwMjI2MTgyOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWZkZjdlMzg2MzIyNjIyMzdiNGFkZTk1MzI5OTliY2Y5OTU4Mjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jrrpBJQAy4mToRXlaAMFM/qf40F
IB4AVygaA15FE9y0aLwtGi+9fOumQug0ZZjyUm4Ywia6QYRPTMnDU4pWkne1xR+q
r5mo7yJbsRjS8K1CWQdA8Tw5nFeoWkvhcZCOLqJIOUQENamiCqjYkT1WpWKVlrPY
v4pleWZpbAsAHMJY1gpFGN3B2NQ9pjcsN+KHVp0eKkHJxlUHlmUQ/HhTqlfEQYGk
2xJoyLvXc8b3c0l6j0b+v6kle/4GU/JZdNZTGE/k2RTtVbspN6KTCrT488xtOcfM
avaBp48qw+PKs2lRfh2Po06mgc2VJc0pU6wmFa+Z5gGypRdZLF7e8Wj8gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMr99+OGMiYiN7St6VMpmbz5lYKUMB8GA1UdIwQY
MBaAFP+yYnZyh30Pbem8Tn4Ybu3RNWEQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzdKaWRuS0hmUTl0NmJ4T2ZoaHU3ZEUxWVJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8yMmM1MTAtMzQ4MC00Y2UxLThkZDgt
MTk3NDY5NDc1NThkLzEveXYzMzQ0WXlKaUkzdEszcFV5bVp2UG1WZ3BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8yMmM1MTAtMzQ4MC00Y2UxLThkZDgtMTk3NDY5NDc1NThk
LzEvXzdKaWRuS0hmUTl0NmJ4T2ZoaHU3ZEUxWVJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZN+MA0G
CSqGSIb3DQEBCwUAA4IBAQCHjav6mWrLhcwD10gzSMOQ+dJckOtkh4wZa5hdiEiK
abGgZb6HP8x1owVNWZAOsmleKhhcRQju36Q43iXTz2bb+Rv1WiaL3qNYvr+YiELY
t4xFLmxUjt9USFYW6qp8GSw72j502E50o1eSVJHnlNVjOzZUILRPZGQWJmSs4ziW
0/pp5ogpGclz9Q6GLxxj8xxf1mrt/14eE/Oj1sTq/Ou6tCIt8JlxYivILtf1U6Pe
1un2lUeWmmOjwWULCr5B2oWumdaOoeQhvemCwXTs0WksPYg6mGyTmopDpyzm5Crm
ltjWoj6pnqYjGY1oQLz0rHrHahZZgtCXvfpd1nzVsLMF
-----END CERTIFICATE-----