Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/24c324-a15e-4cd0-94c1-73ff40959348/1/8ddVo-9kzKVGW2yLY3eaMsy1rnU.roa
File:                     8ddVo-9kzKVGW2yLY3eaMsy1rnU.roa (raw, json)
Hash identifier:          fYg9WUAZvsXCn60kBrtqhNECj69V0bbL3jvATcEdq18=
Subject key identifier:   F1:D7:55:A3:EF:64:CC:A5:46:5B:6C:8B:63:77:9A:32:CC:B5:AE:75
Certificate issuer:       /CN=567190854786a16afa6b0ec78dfb0620abaacfef
Certificate serial:       019C7B92D7C61F54F3E1FD6337EBA1C80FD8
Authority key identifier: 56:71:90:85:47:86:A1:6A:FA:6B:0E:C7:8D:FB:06:20:AB:AA:CF:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VnGQhUeGoWr6aw7HjfsGIKuqz-8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/24c324-a15e-4cd0-94c1-73ff40959348/1/8ddVo-9kzKVGW2yLY3eaMsy1rnU.roa
Signing time:             Fri 20 Feb 2026 15:02:26 +0000
ROA not before:           Fri 20 Feb 2026 15:02:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57751
IP address blocks:        185.238.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/24c324-a15e-4cd0-94c1-73ff40959348/1/VnGQhUeGoWr6aw7HjfsGIKuqz-8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/24c324-a15e-4cd0-94c1-73ff40959348/1/VnGQhUeGoWr6aw7HjfsGIKuqz-8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VnGQhUeGoWr6aw7HjfsGIKuqz-8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7b:92:d7:c6:1f:54:f3:e1:fd:63:37:eb:a1:c8:0f:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=567190854786a16afa6b0ec78dfb0620abaacfef
        Validity
            Not Before: Feb 20 15:02:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f1d755a3ef64cca5465b6c8b63779a32ccb5ae75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:10:29:1c:a7:04:c4:e1:99:f1:80:22:8e:1f:
                    a2:70:b1:eb:9e:94:46:48:88:f8:a5:97:d9:08:db:
                    cb:67:58:a8:58:95:57:c0:6e:9a:df:0b:a8:59:78:
                    a2:e1:90:eb:22:29:50:d1:64:54:8e:39:5d:2f:d8:
                    c4:67:ee:0e:cd:84:68:f0:48:90:7f:04:c0:d5:3a:
                    18:82:d9:8d:23:27:36:72:70:96:dd:3b:03:8f:a2:
                    3c:09:a1:b8:fd:0f:8c:ee:4d:02:6b:f0:5b:e9:41:
                    5e:33:c1:19:11:fa:8d:a6:60:30:cd:3e:a5:8f:d5:
                    f8:b0:2d:56:fa:0f:54:79:11:1a:a2:29:1d:c1:ff:
                    c6:08:44:ac:ef:84:61:0e:04:dc:47:05:e3:7b:99:
                    bf:1c:89:91:47:10:4d:5c:0b:3b:c0:8c:e3:f1:2e:
                    a8:a6:2d:3c:45:d4:79:f7:3b:55:45:fc:60:44:7a:
                    f4:0b:e2:32:f0:07:62:08:41:c7:ce:64:c5:7a:65:
                    a1:93:59:1e:71:4a:72:78:be:62:f5:a5:8d:8b:54:
                    1a:cd:41:ce:dc:e3:26:24:bc:cf:28:4c:77:1b:69:
                    86:91:c7:88:72:50:4b:49:c1:e7:a3:70:58:41:10:
                    04:74:9d:b7:7f:10:58:2c:f2:6f:75:38:04:66:aa:
                    13:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:D7:55:A3:EF:64:CC:A5:46:5B:6C:8B:63:77:9A:32:CC:B5:AE:75
            X509v3 Authority Key Identifier:
                keyid:56:71:90:85:47:86:A1:6A:FA:6B:0E:C7:8D:FB:06:20:AB:AA:CF:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VnGQhUeGoWr6aw7HjfsGIKuqz-8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/24c324-a15e-4cd0-94c1-73ff40959348/1/8ddVo-9kzKVGW2yLY3eaMsy1rnU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/24c324-a15e-4cd0-94c1-73ff40959348/1/VnGQhUeGoWr6aw7HjfsGIKuqz-8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:ad:1f:41:2e:08:80:73:06:04:97:6c:22:ee:2f:64:56:ac:
         8d:95:f0:91:da:6c:5f:c8:14:b7:c3:a7:45:4e:66:ec:33:d3:
         63:fd:27:9f:09:0c:f2:6f:86:3a:c3:2f:eb:86:10:48:e3:1e:
         76:ce:18:da:2b:59:21:92:dd:f6:a4:d4:3b:81:e9:b2:dc:8b:
         b1:79:e4:47:52:40:ef:04:a2:cf:f9:f8:c6:36:c5:8b:c1:e8:
         f4:4e:aa:85:a2:15:24:f2:d1:7e:74:8d:60:a0:04:0d:1b:bd:
         e6:35:77:7c:8f:3a:27:5e:27:a1:14:6d:02:44:3c:0e:db:0b:
         10:b7:35:85:d6:8e:7f:96:af:55:fe:68:a3:89:61:4c:14:bb:
         8f:05:60:22:a7:13:0b:32:4c:ac:dd:a3:83:17:f8:81:05:8a:
         65:a8:e6:10:19:90:a5:b6:42:fb:11:9a:9f:da:75:dc:69:d8:
         7a:49:ef:00:ae:d1:5e:27:37:22:01:ee:fc:60:86:d2:81:b0:
         dd:03:49:fd:8b:8a:e3:ce:d3:44:5b:19:5f:d1:43:07:79:df:
         72:e3:99:9a:cb:85:74:31:5a:2e:1b:7b:97:07:11:61:71:85:
         c8:05:67:fc:f4:45:3c:b6:3c:31:cb:ed:07:0d:9c:ba:93:d1:
         64:4c:cc:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx7ktfGH1Tz4f1jN+uhyA/YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2NzE5MDg1NDc4NmExNmFmYTZiMGVjNzhkZmIwNjIwYWJh
YWNmZWYwHhcNMjYwMjIwMTUwMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWQ3NTVhM2VmNjRjY2E1NDY1YjZjOGI2Mzc3OWEzMmNjYjVhZTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxApHKcExOGZ8YAijh+icLHrnpRG
SIj4pZfZCNvLZ1ioWJVXwG6a3wuoWXii4ZDrIilQ0WRUjjldL9jEZ+4OzYRo8EiQ
fwTA1ToYgtmNIyc2cnCW3TsDj6I8CaG4/Q+M7k0Ca/Bb6UFeM8EZEfqNpmAwzT6l
j9X4sC1W+g9UeREaoikdwf/GCESs74RhDgTcRwXje5m/HImRRxBNXAs7wIzj8S6o
pi08RdR59ztVRfxgRHr0C+Iy8AdiCEHHzmTFemWhk1kecUpyeL5i9aWNi1QazUHO
3OMmJLzPKEx3G2mGkceIclBLScHno3BYQRAEdJ23fxBYLPJvdTgEZqoTaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPHXVaPvZMylRltsi2N3mjLMta51MB8GA1UdIwQY
MBaAFFZxkIVHhqFq+msOx437BiCrqs/vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm5HUWhVZUdvV3I2YXc3SGpmc0dJS3Vxei04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC8yNGMzMjQtYTE1ZS00Y2QwLTk0YzEt
NzNmZjQwOTU5MzQ4LzEvOGRkVm8tOWt6S1ZHVzJ5TFkzZWFNc3kxcm5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC8yNGMzMjQtYTE1ZS00Y2QwLTk0YzEtNzNmZjQwOTU5MzQ4
LzEvVm5HUWhVZUdvV3I2YXc3SGpmc0dJS3Vxei04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue51MA0G
CSqGSIb3DQEBCwUAA4IBAQBMrR9BLgiAcwYEl2wi7i9kVqyNlfCR2mxfyBS3w6dF
TmbsM9Nj/SefCQzyb4Y6wy/rhhBI4x52zhjaK1khkt32pNQ7gemy3IuxeeRHUkDv
BKLP+fjGNsWLwej0TqqFohUk8tF+dI1goAQNG73mNXd8jzonXiehFG0CRDwO2wsQ
tzWF1o5/lq9V/mijiWFMFLuPBWAipxMLMkys3aODF/iBBYplqOYQGZCltkL7EZqf
2nXcadh6Se8ArtFeJzciAe78YIbSgbDdA0n9i4rjztNEWxlf0UMHed9y45may4V0
MVouG3uXBxFhcYXIBWf89EU8tjwxy+0HDZy6k9FkTMxC
-----END CERTIFICATE-----