Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ya7Bu9G8A8DXUHtKXG_P21gQBws.roa
File:                     ya7Bu9G8A8DXUHtKXG_P21gQBws.roa (raw, json)
Hash identifier:          m768Y/J5R99lBIbmUBHzZrHQ4LetzjCQvn2l/3flrUE=
Subject key identifier:   C9:AE:C1:BB:D1:BC:03:C0:D7:50:7B:4A:5C:6F:CF:DB:58:10:07:0B
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019C8A0B1372BDABAFB27D81C85140CDCA1D
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ya7Bu9G8A8DXUHtKXG_P21gQBws.roa
Signing time:             Mon 23 Feb 2026 10:28:27 +0000
ROA not before:           Mon 23 Feb 2026 10:28:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     135120
IP address blocks:        185.227.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 24 Feb 2026 10:35:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8a:0b:13:72:bd:ab:af:b2:7d:81:c8:51:40:cd:ca:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Feb 23 10:28:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c9aec1bbd1bc03c0d7507b4a5c6fcfdb5810070b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:9e:10:6c:fd:3e:b7:ed:cd:7d:51:58:f6:b5:
                    ea:7b:b4:fa:c9:75:df:08:83:fd:45:e2:33:37:1e:
                    69:56:b3:a8:9b:58:94:ec:e8:dd:e3:e0:a3:6b:a2:
                    a5:5c:11:73:69:76:69:e0:e2:45:75:e0:29:08:11:
                    dd:d9:45:f5:bf:22:71:cc:9f:f4:ae:92:b0:d6:79:
                    b1:fc:5b:07:7d:c0:73:b8:e3:f8:f0:b7:45:92:23:
                    e3:3c:c1:ff:a1:e3:e0:a5:7a:af:69:22:9c:84:b7:
                    62:44:d7:9e:1f:a2:c5:a9:18:80:3c:56:47:09:ba:
                    8c:07:70:98:ff:3f:3c:25:a2:93:a0:06:07:32:36:
                    f6:6e:ff:60:b5:dc:a0:72:fa:39:6d:61:56:f9:f1:
                    e4:c7:39:79:b8:ec:19:f9:b3:03:b4:6d:e9:21:5c:
                    1c:a4:d9:70:8c:db:5e:8e:83:6f:a5:c5:f6:04:c4:
                    07:b6:76:05:df:14:df:ce:dd:40:fc:d6:34:ea:14:
                    05:db:46:6a:f2:a1:2a:f8:7b:ad:5e:b7:60:b5:c2:
                    d7:00:76:e9:93:80:80:22:c9:44:17:f0:98:20:d4:
                    a3:81:f8:a1:34:e5:83:82:8b:21:dc:4f:4d:7e:31:
                    2f:93:c4:93:35:b6:ed:e2:73:7b:15:14:a7:8f:4e:
                    b8:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:AE:C1:BB:D1:BC:03:C0:D7:50:7B:4A:5C:6F:CF:DB:58:10:07:0B
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ya7Bu9G8A8DXUHtKXG_P21gQBws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:fb:fb:34:4a:06:fe:4f:83:9c:7d:16:f5:ac:9c:5e:bf:4b:
         18:45:c2:f6:f4:06:a9:20:e9:41:95:02:2b:d9:2c:04:5e:dd:
         dc:80:76:63:a2:82:dc:25:f5:0a:6a:8e:30:dd:12:04:09:56:
         93:14:23:cd:b2:95:f3:a4:da:46:87:84:06:76:e4:32:0c:46:
         54:41:a5:91:f7:9a:a7:14:66:13:e2:f8:38:26:12:a0:aa:3f:
         f7:c9:1e:79:66:af:7c:b9:19:65:05:09:da:8b:5b:cf:ed:80:
         b0:70:96:00:3a:f3:da:df:d9:cf:c2:f3:c6:1b:42:42:61:27:
         3f:b3:e9:75:5e:c4:8e:1e:81:9c:e8:75:a9:3b:ea:9b:50:69:
         76:dc:ee:c3:2f:58:fa:91:24:db:01:ce:ef:4d:40:70:dc:96:
         8f:91:6f:2b:d3:0d:bd:8c:a9:2c:08:1b:d6:a1:a3:33:e1:a6:
         5a:7d:07:73:85:57:0a:8b:80:a2:ea:2d:8c:0d:99:a3:29:c9:
         60:82:5d:71:26:61:2a:70:0b:6d:34:5b:a5:f1:2a:f3:23:e5:
         66:f2:92:bb:50:bb:62:1f:90:df:9f:4e:fb:64:df:93:ec:1f:
         9a:5b:d5:a1:6e:6c:61:2c:50:3f:cb:a7:30:e0:e4:2f:11:ad:
         be:6a:0e:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyKCxNyvauvsn2ByFFAzcodMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwMjIzMTAyODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWFlYzFiYmQxYmMwM2MwZDc1MDdiNGE1YzZmY2ZkYjU4MTAwNzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2J4QbP0+t+3NfVFY9rXqe7T6yXXf
CIP9ReIzNx5pVrOom1iU7Ojd4+Cja6KlXBFzaXZp4OJFdeApCBHd2UX1vyJxzJ/0
rpKw1nmx/FsHfcBzuOP48LdFkiPjPMH/oePgpXqvaSKchLdiRNeeH6LFqRiAPFZH
CbqMB3CY/z88JaKToAYHMjb2bv9gtdygcvo5bWFW+fHkxzl5uOwZ+bMDtG3pIVwc
pNlwjNtejoNvpcX2BMQHtnYF3xTfzt1A/NY06hQF20Zq8qEq+HutXrdgtcLXAHbp
k4CAIslEF/CYINSjgfihNOWDgosh3E9NfjEvk8STNbbt4nN7FRSnj0645wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMmuwbvRvAPA11B7Slxvz9tYEAcLMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEveWE3QnU5RzhBOERYVUh0S1hHX1AyMWdRQndzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueOSMA0G
CSqGSIb3DQEBCwUAA4IBAQCD+/s0Sgb+T4OcfRb1rJxev0sYRcL29AapIOlBlQIr
2SwEXt3cgHZjooLcJfUKao4w3RIECVaTFCPNspXzpNpGh4QGduQyDEZUQaWR95qn
FGYT4vg4JhKgqj/3yR55Zq98uRllBQnai1vP7YCwcJYAOvPa39nPwvPGG0JCYSc/
s+l1XsSOHoGc6HWpO+qbUGl23O7DL1j6kSTbAc7vTUBw3JaPkW8r0w29jKksCBvW
oaMz4aZafQdzhVcKi4Ci6i2MDZmjKclggl1xJmEqcAttNFul8SrzI+Vm8pK7ULti
H5Dfn077ZN+T7B+aW9WhbmxhLFA/y6cw4OQvEa2+ag5m
-----END CERTIFICATE-----