Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/df0e4b-8f67-4295-9e42-346a3cce5f09/1/gSWrvwxEqG3qqWekT_MDQ2Zy8l4.roa
File:                     gSWrvwxEqG3qqWekT_MDQ2Zy8l4.roa (raw, json)
Hash identifier:          0CXXO2Irp4/jfinP8RYHoyXdB5AoI55fQP/c0QKUH+c=
Subject key identifier:   81:25:AB:BF:0C:44:A8:6D:EA:A9:67:A4:4F:F3:03:43:66:72:F2:5E
Certificate issuer:       /CN=06c1fac24e30d9258eb2ef72f31ed9bd608fe0de
Certificate serial:       019C8EF50082AF353C1E083A21661DF7E41C
Authority key identifier: 06:C1:FA:C2:4E:30:D9:25:8E:B2:EF:72:F3:1E:D9:BD:60:8F:E0:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BsH6wk4w2SWOsu9y8x7ZvWCP4N4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/df0e4b-8f67-4295-9e42-346a3cce5f09/1/gSWrvwxEqG3qqWekT_MDQ2Zy8l4.roa
Signing time:             Tue 24 Feb 2026 09:22:26 +0000
ROA not before:           Tue 24 Feb 2026 09:22:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3337
IP address blocks:        185.124.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/df0e4b-8f67-4295-9e42-346a3cce5f09/1/BsH6wk4w2SWOsu9y8x7ZvWCP4N4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/df0e4b-8f67-4295-9e42-346a3cce5f09/1/BsH6wk4w2SWOsu9y8x7ZvWCP4N4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BsH6wk4w2SWOsu9y8x7ZvWCP4N4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8e:f5:00:82:af:35:3c:1e:08:3a:21:66:1d:f7:e4:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06c1fac24e30d9258eb2ef72f31ed9bd608fe0de
        Validity
            Not Before: Feb 24 09:22:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8125abbf0c44a86deaa967a44ff303436672f25e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:5c:57:3f:0b:8c:af:6a:c1:21:e0:3c:96:5c:
                    9d:ee:ed:62:c4:87:a9:81:d7:b3:b6:65:1c:fa:e4:
                    c7:f6:b5:4f:e4:6e:21:d6:b6:e6:f7:86:ef:82:7f:
                    ea:36:11:d4:cf:9c:80:4a:ff:5f:a9:c7:f2:a7:ae:
                    19:0c:1d:0f:da:22:47:eb:b4:78:72:d0:57:c1:db:
                    b6:d2:06:a4:3f:7d:b8:a6:c0:7f:20:ec:0f:56:b2:
                    4f:5e:6c:26:84:dc:93:aa:c7:8e:c8:d2:7c:8a:72:
                    96:08:56:88:6c:35:91:62:01:ab:a2:8c:77:b3:6a:
                    9f:58:b0:95:f1:27:58:ac:3b:1f:b8:89:01:27:22:
                    b3:6c:db:3c:cf:aa:fd:22:d2:49:f8:68:2d:fd:c2:
                    83:d7:ee:0f:b6:04:29:84:3b:d0:b7:e5:36:10:a7:
                    02:ac:20:d2:27:da:8b:25:10:c3:7b:37:54:27:66:
                    d0:62:f7:1a:fd:99:8d:cc:65:e9:97:e7:de:ad:1a:
                    0c:46:df:8f:87:8d:2c:74:18:68:2b:cd:4f:eb:f1:
                    bf:a9:df:e6:b1:76:c6:2d:b3:8c:03:e5:64:f1:43:
                    14:ee:c5:5f:8e:09:89:f6:7d:f7:19:ae:4e:b1:34:
                    56:45:b5:77:2e:67:6e:da:32:b9:f1:8d:57:82:11:
                    f4:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:25:AB:BF:0C:44:A8:6D:EA:A9:67:A4:4F:F3:03:43:66:72:F2:5E
            X509v3 Authority Key Identifier:
                keyid:06:C1:FA:C2:4E:30:D9:25:8E:B2:EF:72:F3:1E:D9:BD:60:8F:E0:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BsH6wk4w2SWOsu9y8x7ZvWCP4N4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/df0e4b-8f67-4295-9e42-346a3cce5f09/1/gSWrvwxEqG3qqWekT_MDQ2Zy8l4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/df0e4b-8f67-4295-9e42-346a3cce5f09/1/BsH6wk4w2SWOsu9y8x7ZvWCP4N4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:65:2b:13:87:aa:fc:e1:09:2b:d5:9f:7d:05:e1:63:d4:51:
         bb:e2:68:43:e3:f3:02:13:a4:9f:cd:95:7b:a9:82:56:83:65:
         81:e7:f0:57:7a:94:f7:aa:41:87:73:3c:db:52:6e:86:1f:cc:
         38:a6:21:af:84:1f:cd:cc:64:57:bf:4d:53:27:c1:1a:6e:5f:
         60:9b:74:ff:48:75:f5:0c:c9:fd:e7:af:87:34:a7:b5:15:bf:
         86:ec:3d:62:d2:c1:b0:3c:7e:9f:8e:4f:ca:b9:64:62:79:6f:
         58:5f:24:1a:6a:6f:63:5d:da:3b:01:93:aa:25:2d:85:28:df:
         3e:30:cf:99:6c:12:57:d7:dc:5f:85:78:ce:62:b5:b1:f9:c5:
         23:59:7b:b1:41:75:cd:91:5c:c7:8d:0b:b5:25:d9:98:ce:40:
         b1:89:96:e0:a1:7a:df:a4:0a:d5:72:e0:a0:a6:18:30:61:af:
         d1:05:52:01:64:9b:78:4e:28:9d:13:6f:93:ea:5d:e7:c3:b4:
         64:4f:13:d5:56:b5:63:77:6a:e8:cd:ed:9d:ba:69:9e:c1:41:
         52:a3:56:e6:22:50:23:3a:7e:e4:3a:b0:7a:ba:89:bb:16:7d:
         85:6b:c8:de:d5:67:84:5b:a7:a2:dd:b8:89:b3:84:a3:fe:ba:
         6d:78:ba:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyO9QCCrzU8Hgg6IWYd9+QcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2YzFmYWMyNGUzMGQ5MjU4ZWIyZWY3MmYzMWVkOWJkNjA4
ZmUwZGUwHhcNMjYwMjI0MDkyMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTI1YWJiZjBjNDRhODZkZWFhOTY3YTQ0ZmYzMDM0MzY2NzJmMjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVxXPwuMr2rBIeA8llyd7u1ixIep
gdeztmUc+uTH9rVP5G4h1rbm94bvgn/qNhHUz5yASv9fqcfyp64ZDB0P2iJH67R4
ctBXwdu20gakP324psB/IOwPVrJPXmwmhNyTqseOyNJ8inKWCFaIbDWRYgGroox3
s2qfWLCV8SdYrDsfuIkBJyKzbNs8z6r9ItJJ+Ggt/cKD1+4PtgQphDvQt+U2EKcC
rCDSJ9qLJRDDezdUJ2bQYvca/ZmNzGXpl+ferRoMRt+Ph40sdBhoK81P6/G/qd/m
sXbGLbOMA+Vk8UMU7sVfjgmJ9n33Ga5OsTRWRbV3Lmdu2jK58Y1XghH0LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIElq78MRKht6qlnpE/zA0NmcvJeMB8GA1UdIwQY
MBaAFAbB+sJOMNkljrLvcvMe2b1gj+DeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnNINndrNHcyU1dPc3U5eTh4N1p2V0NQNE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9kZjBlNGItOGY2Ny00Mjk1LTllNDIt
MzQ2YTNjY2U1ZjA5LzEvZ1NXcnZ3eEVxRzNxcVdla1RfTURRMlp5OGw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi9kZjBlNGItOGY2Ny00Mjk1LTllNDItMzQ2YTNjY2U1ZjA5
LzEvQnNINndrNHcyU1dPc3U5eTh4N1p2V0NQNE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXzFMA0G
CSqGSIb3DQEBCwUAA4IBAQCHZSsTh6r84Qkr1Z99BeFj1FG74mhD4/MCE6SfzZV7
qYJWg2WB5/BXepT3qkGHczzbUm6GH8w4piGvhB/NzGRXv01TJ8Eabl9gm3T/SHX1
DMn956+HNKe1Fb+G7D1i0sGwPH6fjk/KuWRieW9YXyQaam9jXdo7AZOqJS2FKN8+
MM+ZbBJX19xfhXjOYrWx+cUjWXuxQXXNkVzHjQu1JdmYzkCxiZbgoXrfpArVcuCg
phgwYa/RBVIBZJt4TiidE2+T6l3nw7RkTxPVVrVjd2roze2dummewUFSo1bmIlAj
On7kOrB6uom7Fn2Fa8je1WeEW6ei3biJs4Sj/rpteLoa
-----END CERTIFICATE-----