Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/RY-mbVhA4I89kNcmBsI8h8uXhiw.roa
File:                     RY-mbVhA4I89kNcmBsI8h8uXhiw.roa (raw, json)
Hash identifier:          qgJoxMHmlU8CHkmRyFqNaxEYeU5S0JCmLUfKTUPCXsE=
Subject key identifier:   45:8F:A6:6D:58:40:E0:8F:3D:90:D7:26:06:C2:3C:87:CB:97:86:2C
Certificate issuer:       /CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Certificate serial:       019C7C4ADE0690A3611FB37B68F7FB7EECA3
Authority key identifier: 9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/RY-mbVhA4I89kNcmBsI8h8uXhiw.roa
Signing time:             Fri 20 Feb 2026 18:23:27 +0000
ROA not before:           Fri 20 Feb 2026 18:23:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2914
IP address blocks:        86.107.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7c:4a:de:06:90:a3:61:1f:b3:7b:68:f7:fb:7e:ec:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
        Validity
            Not Before: Feb 20 18:23:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=458fa66d5840e08f3d90d72606c23c87cb97862c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ce:67:1e:9e:cf:9d:b5:18:d9:29:fa:5f:bc:
                    25:2f:0c:f4:76:f2:3d:cf:a2:65:bc:5a:0a:f9:51:
                    39:13:05:7f:5b:1b:1d:25:7b:66:17:75:ee:82:21:
                    a4:e3:3d:91:bd:2c:a4:45:7d:65:9a:75:41:7d:4e:
                    73:8c:3b:80:1d:26:46:c9:5a:20:b7:d0:0f:70:75:
                    1d:09:38:b3:71:64:62:f2:90:d9:73:1b:d1:e1:1d:
                    96:69:ff:a4:a8:27:3f:9f:f2:fb:28:2a:f9:4c:6f:
                    9c:3c:8e:b1:e4:c2:b4:ba:f0:b9:c2:c9:2b:8e:98:
                    53:ef:86:c1:46:0d:09:b4:7e:e8:70:14:9f:5c:eb:
                    2c:e4:6e:7e:05:b1:17:e8:71:ba:12:8d:e3:77:da:
                    94:24:9a:49:8d:1c:dd:85:7d:bf:61:3e:55:cb:1e:
                    52:70:3f:87:12:61:9e:57:8c:6a:71:7f:6a:a2:d7:
                    f4:3a:4a:fd:95:a9:ab:5e:21:69:d5:ea:d3:42:24:
                    7e:af:e0:42:51:42:d8:e7:c7:0b:41:6c:2c:a1:95:
                    34:a2:4d:58:24:db:ea:fe:9b:2f:fc:e0:a7:6a:d3:
                    a1:94:9d:41:21:9e:60:da:e0:df:17:52:02:3b:73:
                    19:a9:81:be:88:78:ee:74:0c:25:4c:7f:48:aa:dd:
                    3d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:8F:A6:6D:58:40:E0:8F:3D:90:D7:26:06:C2:3C:87:CB:97:86:2C
            X509v3 Authority Key Identifier:
                keyid:9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/RY-mbVhA4I89kNcmBsI8h8uXhiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.107.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:dc:fd:f8:be:1a:98:e9:a8:9f:c2:0a:f4:03:08:35:ee:a9:
         42:2e:c8:70:97:e5:18:ab:bd:af:bc:4d:fd:16:58:b8:19:ee:
         de:f6:73:c4:07:8b:b2:0e:54:13:0c:8e:a9:e2:ab:1b:0d:c5:
         66:69:ee:a2:b7:ba:a2:bf:c0:0e:c6:b7:f7:3f:ee:83:2c:0e:
         ab:52:f3:7e:f2:df:14:3d:87:46:71:f2:7d:3c:93:c5:4f:69:
         9a:a2:da:ef:2e:0b:72:38:ec:7b:58:2a:5c:68:08:c2:e1:6a:
         a0:91:86:e8:8e:23:77:f9:a6:03:99:1a:67:79:8e:58:5f:38:
         ec:3d:e2:c2:33:45:85:e7:27:96:53:d4:5d:1c:c1:a6:bf:fb:
         6f:35:5b:e0:a1:4a:c0:d8:95:c6:ed:4f:5d:7b:6c:f4:2b:29:
         79:26:14:d7:0f:a1:5f:03:1e:ce:15:47:b2:a2:ad:ad:73:6f:
         67:55:ff:e7:df:2b:a8:ce:02:89:ee:83:d2:95:3c:bf:e0:87:
         ab:5c:11:9d:6e:69:af:32:1e:7f:9e:e2:30:ac:29:17:cb:f6:
         c6:63:61:03:81:3d:a3:de:59:55:1e:f9:a2:a0:2a:87:3b:5d:
         f3:13:f7:d7:b6:71:fe:75:6f:bf:94:c6:7f:80:8c:83:80:63:
         1e:2d:78:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx8St4GkKNhH7N7aPf7fuyjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNTQyZjVkZjNjMWFjYjg1N2ZkNTBlZWIwMTZlZWQwNzM4
NWZmOGMwHhcNMjYwMjIwMTgyMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NThmYTY2ZDU4NDBlMDhmM2Q5MGQ3MjYwNmMyM2M4N2NiOTc4NjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwc5nHp7PnbUY2Sn6X7wlLwz0dvI9
z6JlvFoK+VE5EwV/WxsdJXtmF3XugiGk4z2RvSykRX1lmnVBfU5zjDuAHSZGyVog
t9APcHUdCTizcWRi8pDZcxvR4R2Waf+kqCc/n/L7KCr5TG+cPI6x5MK0uvC5wskr
jphT74bBRg0JtH7ocBSfXOss5G5+BbEX6HG6Eo3jd9qUJJpJjRzdhX2/YT5Vyx5S
cD+HEmGeV4xqcX9qotf0Okr9lamrXiFp1erTQiR+r+BCUULY58cLQWwsoZU0ok1Y
JNvq/psv/OCnatOhlJ1BIZ5g2uDfF1ICO3MZqYG+iHjudAwlTH9Iqt09gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEWPpm1YQOCPPZDXJgbCPIfLl4YsMB8GA1UdIwQY
MBaAFJxUL13zway4V/1Q7rAW7tBzhf+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUt
MjVkYmY0MzgwNGM1LzEvUlktbWJWaEE0STg5a05jbUJzSThoOHVYaGl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUtMjVkYmY0MzgwNGM1
LzEvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVms/MA0G
CSqGSIb3DQEBCwUAA4IBAQBh3P34vhqY6aifwgr0Awg17qlCLshwl+UYq72vvE39
Fli4Ge7e9nPEB4uyDlQTDI6p4qsbDcVmae6it7qiv8AOxrf3P+6DLA6rUvN+8t8U
PYdGcfJ9PJPFT2maotrvLgtyOOx7WCpcaAjC4WqgkYbojiN3+aYDmRpneY5YXzjs
PeLCM0WF5yeWU9RdHMGmv/tvNVvgoUrA2JXG7U9de2z0Kyl5JhTXD6FfAx7OFUey
oq2tc29nVf/n3yuozgKJ7oPSlTy/4IerXBGdbmmvMh5/nuIwrCkXy/bGY2EDgT2j
3llVHvmioCqHO13zE/fXtnH+dW+/lMZ/gIyDgGMeLXjY
-----END CERTIFICATE-----