Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Ymd9NZv-lAUpqH_sFgGg5aCr0h4.roa
File:                     Ymd9NZv-lAUpqH_sFgGg5aCr0h4.roa (raw, json)
Hash identifier:          vhrH774ccQshhy/3tdujgzUbaNZlIQXm7cXRcKIZwxU=
Subject key identifier:   62:67:7D:35:9B:FE:94:05:29:A8:7F:EC:16:01:A0:E5:A0:AB:D2:1E
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019C9B69CA46432659057D2EB61DFCC29AE1
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Ymd9NZv-lAUpqH_sFgGg5aCr0h4.roa
Signing time:             Thu 26 Feb 2026 19:25:27 +0000
ROA not before:           Thu 26 Feb 2026 19:25:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25198
IP address blocks:        45.128.78.0/24 maxlen: 24
                          84.21.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9b:69:ca:46:43:26:59:05:7d:2e:b6:1d:fc:c2:9a:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Feb 26 19:25:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=62677d359bfe940529a87fec1601a0e5a0abd21e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:df:22:8e:9c:ed:00:ec:94:43:32:f0:97:6c:
                    ba:cd:b7:a2:b9:18:1f:ae:0e:b0:cd:71:13:ea:8a:
                    e8:36:fc:e0:40:72:d7:e0:9a:b4:24:c7:ec:54:3e:
                    c6:a0:0d:28:d1:6f:3d:96:e9:e8:d3:b9:44:0e:8a:
                    77:2b:b5:a8:08:ed:f3:f2:13:88:7e:8b:5e:41:20:
                    49:59:0e:b0:82:a9:fd:9b:3d:da:54:1b:e0:ce:be:
                    5e:12:82:06:b0:0a:96:fd:69:06:8e:48:7e:5d:46:
                    0d:da:c5:2d:4f:73:c0:65:10:36:75:27:f8:4e:e7:
                    ac:7b:e8:f6:07:68:70:b0:90:3f:43:8f:b1:53:ba:
                    c7:06:cc:e7:e4:78:93:18:61:9d:8d:0d:98:17:f3:
                    98:7f:b8:1a:27:a4:c8:54:03:53:42:ae:3f:62:ca:
                    ae:ff:c9:ab:1f:30:3e:f6:be:63:a0:53:96:56:52:
                    3b:7b:34:33:07:3a:28:ff:ed:c9:38:6f:ed:90:71:
                    1e:fd:32:a2:4f:a2:71:bb:c0:79:b7:da:bc:cc:ef:
                    ec:97:2b:0c:47:f0:f1:44:82:6a:58:38:f6:40:4d:
                    9a:74:e3:42:52:a4:40:4c:23:c7:83:33:51:23:f7:
                    a2:37:20:a9:60:0e:23:16:0a:70:0e:39:32:be:95:
                    b7:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:67:7D:35:9B:FE:94:05:29:A8:7F:EC:16:01:A0:E5:A0:AB:D2:1E
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Ymd9NZv-lAUpqH_sFgGg5aCr0h4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.78.0/24
                  84.21.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:df:86:9d:fc:89:8c:16:6f:e1:f0:cd:36:36:3d:ed:b6:2a:
         ad:be:61:8f:97:65:3f:14:5c:10:c6:b4:48:a1:51:a6:9f:13:
         ba:dd:8c:3c:b6:b9:d3:43:84:a9:b5:77:49:05:09:a4:ef:97:
         47:5e:67:c0:92:f2:4a:9a:a6:77:64:0b:0c:67:25:8d:a8:e1:
         9b:f9:99:90:db:06:97:48:25:20:4a:f2:92:f1:0a:3a:5c:a5:
         7f:3e:34:ea:83:65:b3:4d:be:09:ac:f9:fa:c7:97:e4:5b:46:
         eb:52:76:7d:d4:ac:d9:16:ba:e0:1b:6f:51:35:aa:fe:6e:89:
         9c:9f:4e:0f:b8:94:3b:d5:96:a0:92:90:7c:9e:17:a6:a5:73:
         e9:f7:8e:af:5f:e5:25:e7:99:1b:91:7d:48:06:5d:51:60:5d:
         27:b1:10:c7:d2:5e:63:e4:4d:ab:ef:6d:2c:10:b2:02:40:7d:
         54:77:67:39:38:15:f9:53:c2:d3:f2:67:82:84:e0:ab:e3:6c:
         93:9e:a0:ec:72:89:49:24:89:d6:ab:f9:c5:b5:8c:08:0f:12:
         dd:af:cb:89:79:c4:d7:7c:bc:ec:56:f4:08:db:65:09:6e:39:
         cc:22:24:fb:3b:b4:b2:3e:8b:84:ae:ec:5e:e3:4f:82:17:7d:
         6e:0d:46:2b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZybacpGQyZZBX0uth38wprhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMjI2MTkyNTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjY3N2QzNTliZmU5NDA1MjlhODdmZWMxNjAxYTBlNWEwYWJkMjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtN8ijpztAOyUQzLwl2y6zbeiuRgf
rg6wzXET6oroNvzgQHLX4Jq0JMfsVD7GoA0o0W89luno07lEDop3K7WoCO3z8hOI
foteQSBJWQ6wgqn9mz3aVBvgzr5eEoIGsAqW/WkGjkh+XUYN2sUtT3PAZRA2dSf4
Tuese+j2B2hwsJA/Q4+xU7rHBszn5HiTGGGdjQ2YF/OYf7gaJ6TIVANTQq4/Ysqu
/8mrHzA+9r5joFOWVlI7ezQzBzoo/+3JOG/tkHEe/TKiT6Jxu8B5t9q8zO/slysM
R/DxRIJqWDj2QE2adONCUqRATCPHgzNRI/eiNyCpYA4jFgpwDjkyvpW3owIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGJnfTWb/pQFKah/7BYBoOWgq9IeMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvWW1kOU5adi1sQVVwcUhfc0ZnR2c1YUNyMGg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYBOAwQA
VBW8MA0GCSqGSIb3DQEBCwUAA4IBAQB034ad/ImMFm/h8M02Nj3ttiqtvmGPl2U/
FFwQxrRIoVGmnxO63Yw8trnTQ4SptXdJBQmk75dHXmfAkvJKmqZ3ZAsMZyWNqOGb
+ZmQ2waXSCUgSvKS8Qo6XKV/PjTqg2WzTb4JrPn6x5fkW0brUnZ91KzZFrrgG29R
Nar+bomcn04PuJQ71ZagkpB8nhempXPp946vX+Ul55kbkX1IBl1RYF0nsRDH0l5j
5E2r720sELICQH1Ud2c5OBX5U8LT8meChOCr42yTnqDscolJJInWq/nFtYwIDxLd
r8uJecTXfLzsVvQI22UJbjnMIiT7O7SyPouEruxe40+CF31uDUYr
-----END CERTIFICATE-----