Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/YF--vA_L6zCcHJEBqR7jtaCGFfo.roa
File:                     YF--vA_L6zCcHJEBqR7jtaCGFfo.roa (raw, json)
Hash identifier:          a3gFh25pMYpl+agwkJIHNpjKYlN2gnTlYe3HeVBoWTk=
Subject key identifier:   60:5F:BE:BC:0F:CB:EB:30:9C:1C:91:01:A9:1E:E3:B5:A0:86:15:FA
Certificate issuer:       /CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
Certificate serial:       019C470A72FB6D2EC03B58B2E227CE344388
Authority key identifier: C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/YF--vA_L6zCcHJEBqR7jtaCGFfo.roa
Signing time:             Tue 10 Feb 2026 10:13:13 +0000
ROA not before:           Tue 10 Feb 2026 10:13:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     984
IP address blocks:        95.155.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:47:0a:72:fb:6d:2e:c0:3b:58:b2:e2:27:ce:34:43:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
        Validity
            Not Before: Feb 10 10:13:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=605fbebc0fcbeb309c1c9101a91ee3b5a08615fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:86:d1:7d:c2:c1:fa:04:6c:98:53:2b:3e:cd:
                    e4:1c:94:c6:f1:c7:29:f1:40:d7:a3:b8:d7:6f:e5:
                    82:3e:22:69:4f:ac:53:a5:20:10:e0:00:5d:d4:01:
                    f0:88:b2:4a:1c:c2:4c:f8:a1:b9:5c:59:8a:5e:6d:
                    6c:6a:ef:c4:b6:8b:9f:a6:38:ca:00:01:95:3c:75:
                    15:37:c7:29:fc:00:28:30:23:83:2c:85:58:52:53:
                    c4:2e:6f:2a:14:13:2b:a8:b8:46:7d:32:40:ad:44:
                    ac:3f:2d:41:8e:fc:ce:07:4a:c3:05:d4:64:73:66:
                    fb:a5:7d:8a:48:0e:e4:c5:e1:97:9d:69:a5:5e:bb:
                    03:e1:61:f4:22:4c:78:de:41:25:da:48:1e:f3:b6:
                    e6:06:6e:fa:e2:21:bc:df:6b:82:71:66:50:74:6d:
                    2e:ef:97:b0:e5:b7:ad:98:76:b7:80:97:65:61:5d:
                    26:55:0c:1b:92:cd:f0:0e:27:66:a2:16:c0:4d:c1:
                    1e:b4:69:aa:f0:0b:92:3a:21:59:7f:b0:f7:f5:ce:
                    8c:34:6f:8b:b1:91:6e:65:5c:90:a0:87:9d:5d:e3:
                    04:2d:19:5d:6e:58:e8:dc:45:8e:9f:ec:58:61:df:
                    1b:c1:92:d6:d6:5a:3e:85:3e:20:21:e4:0c:ee:a6:
                    68:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:5F:BE:BC:0F:CB:EB:30:9C:1C:91:01:A9:1E:E3:B5:A0:86:15:FA
            X509v3 Authority Key Identifier:
                keyid:C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/YF--vA_L6zCcHJEBqR7jtaCGFfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.155.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:0f:ad:ef:7b:27:db:52:38:35:ec:c9:05:06:34:b2:dc:bc:
         d6:4a:55:67:2d:a2:88:c8:b2:6f:7a:db:ff:e4:46:52:c4:1e:
         87:3e:38:61:8e:15:4f:94:54:28:bf:2f:e8:cf:79:69:32:a3:
         83:8b:91:17:9b:00:7b:6f:83:e8:56:e3:a9:3c:f5:48:55:f5:
         54:19:dc:22:2b:24:ff:b4:e1:9a:97:61:ba:b2:83:28:0d:8b:
         8a:ff:ac:88:1b:1e:66:f6:22:10:5d:04:99:ad:0f:11:03:25:
         a5:00:34:9b:49:cd:e2:2a:19:33:6d:11:aa:6e:30:36:21:33:
         8f:25:1a:f5:bc:c2:30:ee:26:ee:46:9a:d4:61:0d:f6:47:33:
         4f:d7:f9:63:2f:b7:34:b9:6e:1c:69:e9:9f:f8:f8:26:7b:f3:
         fc:e3:9b:2e:39:df:74:a6:13:58:0b:e0:e5:c9:47:7d:8d:0e:
         c3:d9:2e:52:59:9b:3c:7f:5c:7f:8b:fa:eb:f3:a2:97:19:8c:
         15:65:a7:98:04:01:93:d4:e0:36:19:8b:63:1a:71:b5:67:42:
         97:af:2d:82:3c:d6:48:30:f9:bd:0e:e1:06:0a:45:17:ea:68:
         d7:7b:ac:b2:54:d9:81:89:e5:b6:15:b1:d8:e0:df:e4:59:cd:
         e3:cb:d2:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxHCnL7bS7AO1iy4ifONEOIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YTI0OWEwZWFjZDhhYmNiZWEwZDgyZWY3MTAxNmQzODZl
OGVmOTQwHhcNMjYwMjEwMTAxMzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDVmYmViYzBmY2JlYjMwOWMxYzkxMDFhOTFlZTNiNWEwODYxNWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoIbRfcLB+gRsmFMrPs3kHJTG8ccp
8UDXo7jXb+WCPiJpT6xTpSAQ4ABd1AHwiLJKHMJM+KG5XFmKXm1sau/EtoufpjjK
AAGVPHUVN8cp/AAoMCODLIVYUlPELm8qFBMrqLhGfTJArUSsPy1BjvzOB0rDBdRk
c2b7pX2KSA7kxeGXnWmlXrsD4WH0Ikx43kEl2kge87bmBm764iG832uCcWZQdG0u
75ew5betmHa3gJdlYV0mVQwbks3wDidmohbATcEetGmq8AuSOiFZf7D39c6MNG+L
sZFuZVyQoIedXeMELRldbljo3EWOn+xYYd8bwZLW1lo+hT4gIeQM7qZoWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGBfvrwPy+swnByRAake47WghhX6MB8GA1UdIwQY
MBaAFMaiSaDqzYq8vqDYLvcQFtOG6O+UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2Ut
MjEwNTdkMjI4ZDA1LzEvWUYtLXZBX0w2ekNjSEpFQnFSN2p0YUNHRmZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2UtMjEwNTdkMjI4ZDA1
LzEveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX5uCMA0G
CSqGSIb3DQEBCwUAA4IBAQA8D63veyfbUjg17MkFBjSy3LzWSlVnLaKIyLJvetv/
5EZSxB6HPjhhjhVPlFQovy/oz3lpMqODi5EXmwB7b4PoVuOpPPVIVfVUGdwiKyT/
tOGal2G6soMoDYuK/6yIGx5m9iIQXQSZrQ8RAyWlADSbSc3iKhkzbRGqbjA2ITOP
JRr1vMIw7ibuRprUYQ32RzNP1/ljL7c0uW4caemf+Pgme/P845suOd90phNYC+Dl
yUd9jQ7D2S5SWZs8f1x/i/rr86KXGYwVZaeYBAGT1OA2GYtjGnG1Z0KXry2CPNZI
MPm9DuEGCkUX6mjXe6yyVNmBieW2FbHY4N/kWc3jy9KQ
-----END CERTIFICATE-----