Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/4fc780-b296-40b7-9508-9f8e6a184374/1/y8_LNgwxUbTo2kYfyXrTJhM5aoA.roa
File:                     y8_LNgwxUbTo2kYfyXrTJhM5aoA.roa (raw, json)
Hash identifier:          5zjlPGmjTWA8lGnzMm1Kk7Dl2qi8X7Yn0O8wDBpdII4=
Subject key identifier:   CB:CF:CB:36:0C:31:51:B4:E8:DA:46:1F:C9:7A:D3:26:13:39:6A:80
Certificate issuer:       /CN=cd919eb5c2108360155de7fb4f216a055ae31f09
Certificate serial:       019C4CCE4753569ABA9CB06B9AB87EA4CEF0
Authority key identifier: CD:91:9E:B5:C2:10:83:60:15:5D:E7:FB:4F:21:6A:05:5A:E3:1F:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zZGetcIQg2AVXef7TyFqBVrjHwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/4fc780-b296-40b7-9508-9f8e6a184374/1/y8_LNgwxUbTo2kYfyXrTJhM5aoA.roa
Signing time:             Wed 11 Feb 2026 13:05:12 +0000
ROA not before:           Wed 11 Feb 2026 13:05:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57004
IP address blocks:        185.191.200.0/24 maxlen: 32
                          185.191.202.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/4fc780-b296-40b7-9508-9f8e6a184374/1/zZGetcIQg2AVXef7TyFqBVrjHwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/4fc780-b296-40b7-9508-9f8e6a184374/1/zZGetcIQg2AVXef7TyFqBVrjHwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zZGetcIQg2AVXef7TyFqBVrjHwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 07:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4c:ce:47:53:56:9a:ba:9c:b0:6b:9a:b8:7e:a4:ce:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd919eb5c2108360155de7fb4f216a055ae31f09
        Validity
            Not Before: Feb 11 13:05:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cbcfcb360c3151b4e8da461fc97ad32613396a80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:9f:2d:dd:0c:91:c2:7f:12:14:46:79:6d:62:
                    dd:00:40:7d:69:bb:fb:3d:24:14:1d:a0:c1:0f:70:
                    35:93:c1:1e:28:de:88:6e:c3:3a:a8:f3:46:11:c6:
                    3a:4d:e2:e5:33:40:cf:3c:f6:50:e0:7b:2c:04:1f:
                    bb:de:70:ec:fc:a4:00:75:22:e4:55:cd:da:d3:0e:
                    0d:f5:6e:a5:82:88:c7:37:5c:38:af:0f:0a:82:d3:
                    30:ed:bb:5f:eb:1f:ae:0b:cd:ef:14:eb:b7:2d:2e:
                    4f:dd:e4:ef:b8:94:cb:39:44:cb:96:17:25:7c:22:
                    b6:7c:67:d6:37:0d:89:28:f3:1f:76:4a:2a:92:60:
                    3f:b5:21:ed:b4:75:f9:9e:a7:2a:bb:a7:52:09:8e:
                    66:7e:c0:93:17:fc:e5:b8:9c:a2:44:20:9c:ba:0b:
                    05:15:26:54:f0:de:5b:9c:8d:f5:b7:d4:03:07:04:
                    c6:a0:e9:0e:8e:a2:4b:ae:ba:8a:2e:bb:76:7d:1a:
                    1b:9b:3c:45:21:49:4d:c1:38:89:82:db:79:3c:2a:
                    69:0f:16:d4:0d:e9:0a:ba:13:96:74:5c:2c:be:90:
                    ff:b7:12:8a:95:a2:e9:f4:33:4f:ad:0e:28:db:e2:
                    5d:fc:4d:e0:6e:80:05:b7:a3:02:91:cf:e6:f8:1e:
                    ff:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:CF:CB:36:0C:31:51:B4:E8:DA:46:1F:C9:7A:D3:26:13:39:6A:80
            X509v3 Authority Key Identifier:
                keyid:CD:91:9E:B5:C2:10:83:60:15:5D:E7:FB:4F:21:6A:05:5A:E3:1F:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zZGetcIQg2AVXef7TyFqBVrjHwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/4fc780-b296-40b7-9508-9f8e6a184374/1/y8_LNgwxUbTo2kYfyXrTJhM5aoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/4fc780-b296-40b7-9508-9f8e6a184374/1/zZGetcIQg2AVXef7TyFqBVrjHwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.200.0/24
                  185.191.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:92:65:d4:53:d7:62:3f:fe:a0:27:43:dc:10:e0:da:60:43:
         a3:27:f2:d8:0a:a1:0f:bf:40:63:85:c0:01:a2:fe:8b:dc:76:
         2a:01:3d:16:40:6b:60:28:54:f2:4b:05:c6:fa:df:13:b6:6a:
         42:8f:6b:69:73:04:c5:ba:19:65:75:2a:f7:bb:32:67:7c:d4:
         68:d3:5b:ea:c7:f3:09:27:1e:03:84:27:22:36:8c:dd:43:25:
         91:b9:37:af:e1:4f:50:b3:b8:1d:52:28:6c:cf:7d:3e:80:21:
         fc:1a:c0:b5:17:08:99:26:c0:d8:81:19:81:d7:13:69:4c:2a:
         a9:ac:b8:16:66:36:0d:46:6c:6f:67:23:6e:20:de:20:2f:53:
         74:29:ba:42:8d:5d:e0:f6:28:f9:a2:91:77:58:34:70:9f:b2:
         66:74:a7:b9:45:53:60:00:14:c5:f4:32:e1:53:a3:3e:25:60:
         1d:a7:a9:53:cf:70:4b:4b:c3:71:aa:8c:b2:9d:4e:ba:df:9c:
         3f:cd:f1:c9:17:ff:82:56:ad:a6:85:ed:f9:19:93:83:16:7b:
         76:89:59:ab:12:a4:54:88:8d:57:3b:c9:eb:e6:d8:a6:84:3e:
         52:e7:11:2d:64:60:0c:26:ae:d9:46:09:97:e5:5f:04:d5:81:
         af:df:a2:fb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxMzkdTVpq6nLBrmrh+pM7wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkOTE5ZWI1YzIxMDgzNjAxNTVkZTdmYjRmMjE2YTA1NWFl
MzFmMDkwHhcNMjYwMjExMTMwNTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmNmY2IzNjBjMzE1MWI0ZThkYTQ2MWZjOTdhZDMyNjEzMzk2YTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn58t3QyRwn8SFEZ5bWLdAEB9abv7
PSQUHaDBD3A1k8EeKN6IbsM6qPNGEcY6TeLlM0DPPPZQ4HssBB+73nDs/KQAdSLk
Vc3a0w4N9W6lgojHN1w4rw8KgtMw7btf6x+uC83vFOu3LS5P3eTvuJTLOUTLlhcl
fCK2fGfWNw2JKPMfdkoqkmA/tSHttHX5nqcqu6dSCY5mfsCTF/zluJyiRCCcugsF
FSZU8N5bnI31t9QDBwTGoOkOjqJLrrqKLrt2fRobmzxFIUlNwTiJgtt5PCppDxbU
DekKuhOWdFwsvpD/txKKlaLp9DNPrQ4o2+Jd/E3gboAFt6MCkc/m+B7/AQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMvPyzYMMVG06NpGH8l60yYTOWqAMB8GA1UdIwQY
MBaAFM2RnrXCEINgFV3n+08hagVa4x8JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelpHZXRjSVFnMkFWWGVmN1R5RnFCVnJqSHdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny80ZmM3ODAtYjI5Ni00MGI3LTk1MDgt
OWY4ZTZhMTg0Mzc0LzEveThfTE5nd3hVYlRvMmtZZnlYclRKaE01YW9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny80ZmM3ODAtYjI5Ni00MGI3LTk1MDgtOWY4ZTZhMTg0Mzc0
LzEvelpHZXRjSVFnMkFWWGVmN1R5RnFCVnJqSHdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAub/IAwQA
ub/KMA0GCSqGSIb3DQEBCwUAA4IBAQA/kmXUU9diP/6gJ0PcEODaYEOjJ/LYCqEP
v0BjhcABov6L3HYqAT0WQGtgKFTySwXG+t8TtmpCj2tpcwTFuhlldSr3uzJnfNRo
01vqx/MJJx4DhCciNozdQyWRuTev4U9Qs7gdUihsz30+gCH8GsC1FwiZJsDYgRmB
1xNpTCqprLgWZjYNRmxvZyNuIN4gL1N0KbpCjV3g9ij5opF3WDRwn7JmdKe5RVNg
ABTF9DLhU6M+JWAdp6lTz3BLS8NxqoyynU6635w/zfHJF/+CVq2mhe35GZODFnt2
iVmrEqRUiI1XO8nr5timhD5S5xEtZGAMJq7ZRgmX5V8E1YGv36L7
-----END CERTIFICATE-----