Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/xzxuHrmNvIEYVhYQI0r774QNHko.roa
File:                     xzxuHrmNvIEYVhYQI0r774QNHko.roa (raw, json)
Hash identifier:          gej1hag5WvL7dOyM3xWInlhnBY+QDtml0GMcC+TGfJw=
Subject key identifier:   C7:3C:6E:1E:B9:8D:BC:81:18:56:16:10:23:4A:FB:EF:84:0D:1E:4A
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019C84F272BB15ABE9460EEDF6572842C0E7
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/xzxuHrmNvIEYVhYQI0r774QNHko.roa
Signing time:             Sun 22 Feb 2026 10:43:27 +0000
ROA not before:           Sun 22 Feb 2026 10:43:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200897
IP address blocks:        193.233.114.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:84:f2:72:bb:15:ab:e9:46:0e:ed:f6:57:28:42:c0:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Feb 22 10:43:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c73c6e1eb98dbc8118561610234afbef840d1e4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:44:ce:12:78:1f:53:3c:a3:72:a2:0b:96:9f:
                    50:52:87:54:24:63:39:67:79:cf:46:2f:af:86:7a:
                    a2:f5:b8:2e:b6:e3:5b:4a:68:21:0a:17:43:26:a2:
                    9e:9a:d3:72:35:d9:5e:18:e5:f8:85:b8:52:05:a3:
                    bb:57:ed:a2:c9:37:0a:95:b4:1d:c5:38:d4:73:47:
                    29:93:26:43:b5:d4:8f:b7:66:52:40:4d:4e:2b:83:
                    ed:21:ec:ec:e5:df:1e:7b:ad:b2:30:1f:74:1b:16:
                    7d:d8:d0:94:5d:d1:29:08:3c:bd:2c:a3:c4:d9:d5:
                    d0:24:52:bc:8e:f6:73:3f:be:50:35:66:32:02:d4:
                    fa:c4:31:f2:14:31:a1:37:42:e3:48:32:81:75:69:
                    f0:9b:ed:25:48:3b:4a:b3:99:95:be:02:b7:30:24:
                    0e:bb:89:38:1e:a0:77:7d:4b:52:4a:c4:6e:74:3d:
                    46:88:1f:58:c0:ea:17:e3:43:74:04:ad:ba:a0:13:
                    fd:52:c1:5c:dc:10:7a:78:48:1b:5e:ee:8e:10:27:
                    4b:61:82:14:c1:b6:f7:26:a8:7b:7d:f6:e9:98:26:
                    f1:2f:33:2c:b4:46:56:96:29:f0:a9:be:54:30:49:
                    be:20:bc:cd:a3:c6:ec:0f:e5:6d:6f:40:68:f0:fd:
                    a0:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:3C:6E:1E:B9:8D:BC:81:18:56:16:10:23:4A:FB:EF:84:0D:1E:4A
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/xzxuHrmNvIEYVhYQI0r774QNHko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.114.0/23

    Signature Algorithm: sha256WithRSAEncryption
         25:69:83:60:59:86:c9:00:97:41:a2:57:d7:3f:69:2a:7c:8d:
         20:09:f1:ee:a0:63:42:d3:c9:65:6f:98:fb:6f:c7:17:ef:d0:
         29:6d:c2:a6:3c:06:28:42:74:d5:0f:b8:e0:50:d0:ca:b8:a3:
         19:19:1e:0f:83:b7:81:cc:9b:44:0f:b8:55:66:3f:4a:7e:de:
         e1:ab:cc:f2:42:6a:0d:f3:c4:f1:bf:44:55:8e:d4:17:12:94:
         cf:7a:07:67:8d:25:36:a8:66:ef:38:a6:23:7b:c3:46:dd:8c:
         46:88:c4:ca:89:b9:d0:91:d7:f4:c3:3c:ad:c4:60:86:98:e7:
         32:b8:1d:d9:1a:f6:25:11:7e:cf:0c:13:e9:dd:69:11:8b:57:
         cf:04:38:f7:94:a1:0f:29:c9:10:bc:1e:1d:3b:f6:d7:ec:a1:
         e8:0b:fa:ab:5b:fa:47:61:7c:92:fc:9a:95:29:fb:0c:a1:97:
         85:4a:de:c5:2e:6e:e1:89:56:18:e7:79:83:29:1b:1f:cd:3e:
         08:77:4d:6d:6d:d4:79:5f:e5:26:02:09:3f:d8:f9:db:09:e8:
         4f:5b:28:a1:75:3a:fd:2d:de:f8:e8:81:f0:12:91:0e:14:89:
         8a:d8:db:15:66:6e:69:54:00:95:7b:2a:5f:13:c4:70:7f:68:
         a8:50:8e:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyE8nK7FavpRg7t9lcoQsDnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjYwMjIyMTA0MzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzNjNmUxZWI5OGRiYzgxMTg1NjE2MTAyMzRhZmJlZjg0MGQxZTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0TOEngfUzyjcqILlp9QUodUJGM5
Z3nPRi+vhnqi9bgutuNbSmghChdDJqKemtNyNdleGOX4hbhSBaO7V+2iyTcKlbQd
xTjUc0cpkyZDtdSPt2ZSQE1OK4PtIezs5d8ee62yMB90GxZ92NCUXdEpCDy9LKPE
2dXQJFK8jvZzP75QNWYyAtT6xDHyFDGhN0LjSDKBdWnwm+0lSDtKs5mVvgK3MCQO
u4k4HqB3fUtSSsRudD1GiB9YwOoX40N0BK26oBP9UsFc3BB6eEgbXu6OECdLYYIU
wbb3Jqh7ffbpmCbxLzMstEZWlinwqb5UMEm+ILzNo8bsD+Vtb0Bo8P2glwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMc8bh65jbyBGFYWECNK+++EDR5KMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEveHp4dUhybU52SUVZVmhZUUkwcjc3NFFOSGtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwelyMA0G
CSqGSIb3DQEBCwUAA4IBAQAlaYNgWYbJAJdBolfXP2kqfI0gCfHuoGNC08llb5j7
b8cX79ApbcKmPAYoQnTVD7jgUNDKuKMZGR4Pg7eBzJtED7hVZj9Kft7hq8zyQmoN
88Txv0RVjtQXEpTPegdnjSU2qGbvOKYje8NG3YxGiMTKibnQkdf0wzytxGCGmOcy
uB3ZGvYlEX7PDBPp3WkRi1fPBDj3lKEPKckQvB4dO/bX7KHoC/qrW/pHYXyS/JqV
KfsMoZeFSt7FLm7hiVYY53mDKRsfzT4Id01tbdR5X+UmAgk/2PnbCehPWyihdTr9
Ld746IHwEpEOFImK2NsVZm5pVACVeypfE8Rwf2ioUI7v
-----END CERTIFICATE-----