Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/BdX3fcOeDhixs5mjEByZv8IeEI4.roa
File:                     BdX3fcOeDhixs5mjEByZv8IeEI4.roa (raw, json)
Hash identifier:          iDPMhPX3X0EUGvcVgkuC7zDq67zIcnm5IrWQxYVQIFU=
Subject key identifier:   05:D5:F7:7D:C3:9E:0E:18:B1:B3:99:A3:10:1C:99:BF:C2:1E:10:8E
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019C60DF4FF4AA9B03C2D583D26E615231A8
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/BdX3fcOeDhixs5mjEByZv8IeEI4.roa
Signing time:             Sun 15 Feb 2026 10:36:13 +0000
ROA not before:           Sun 15 Feb 2026 10:36:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207695
IP address blocks:        5.175.237.0/24 maxlen: 24
                          77.90.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:60:df:4f:f4:aa:9b:03:c2:d5:83:d2:6e:61:52:31:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Feb 15 10:36:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=05d5f77dc39e0e18b1b399a3101c99bfc21e108e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a8:d7:0a:81:9a:b6:4d:7a:cb:96:5e:e3:bc:
                    c9:75:df:d6:13:5b:cd:c5:92:a2:db:78:09:aa:dd:
                    07:1b:22:86:44:2d:10:32:7d:d5:83:84:6a:85:3b:
                    35:12:57:df:bf:00:ea:f8:f2:16:ae:6a:17:b1:3c:
                    0a:84:68:00:7d:63:0d:a0:84:d6:64:23:f8:3e:4e:
                    81:39:76:72:5b:83:ef:26:51:d0:15:90:a4:c4:ab:
                    61:13:b8:04:40:87:49:8f:d3:ce:53:15:8d:bd:1c:
                    ad:d2:b4:72:1a:7f:7a:d8:13:42:a2:fb:1e:ed:54:
                    b0:1a:0a:06:d2:21:d3:dd:6d:f1:0e:79:65:52:41:
                    35:90:c6:ba:4c:a9:4d:15:3f:60:26:62:16:0e:3e:
                    63:11:22:9a:dc:98:03:b3:ae:b4:81:1c:e5:42:38:
                    49:74:e8:b0:0a:4d:95:80:1a:aa:66:28:17:a4:f5:
                    57:44:f1:0b:63:a0:38:97:01:bb:81:6d:95:fa:79:
                    83:94:7a:90:af:09:bf:b0:97:f0:4c:53:c6:66:12:
                    6f:ee:24:58:d0:81:26:7c:77:f4:2f:d7:bd:f0:ed:
                    0a:e0:77:f3:6e:df:6f:c7:16:40:b3:07:2d:5d:0e:
                    a9:ec:5a:ac:26:ee:70:cb:27:43:8e:f1:75:2b:13:
                    b9:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:D5:F7:7D:C3:9E:0E:18:B1:B3:99:A3:10:1C:99:BF:C2:1E:10:8E
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/BdX3fcOeDhixs5mjEByZv8IeEI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.237.0/24
                  77.90.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:e9:cc:e8:e4:1f:35:7b:7e:56:5b:97:8b:8a:97:40:ec:27:
         97:9f:45:79:a4:26:14:4a:f7:31:18:27:65:a6:71:45:7d:e9:
         b5:72:19:31:a7:fc:48:5d:02:39:a1:80:7b:19:2d:d2:b3:83:
         8f:07:b6:50:6b:0d:83:1e:b0:fa:d1:99:5a:a0:c1:e3:7d:a4:
         8c:ed:f1:1e:c3:65:7d:a9:40:29:15:a9:12:b7:70:87:de:a5:
         9d:90:d7:8d:37:06:1c:2f:5c:21:1c:a3:2f:e1:5e:db:79:33:
         15:34:8b:64:28:b8:ae:c4:ba:83:01:11:9b:44:a9:bb:54:44:
         d9:bd:77:cf:71:f3:2f:02:16:7b:08:ec:ea:39:20:9e:6b:48:
         e7:9e:79:69:66:5d:8a:65:8b:85:61:9b:55:49:b6:43:66:cf:
         88:e3:ad:f6:0e:10:05:5c:98:02:d1:57:b1:de:be:c1:08:01:
         0d:84:23:df:c0:4a:ac:4f:d7:26:4c:00:88:48:2a:c2:01:53:
         0e:d9:86:f0:4e:e0:cb:22:f3:b6:9b:c8:20:24:fc:44:47:c6:
         d1:bb:e8:76:63:4d:6f:47:85:a4:98:28:af:7c:58:a2:06:e2:
         7a:75:54:f9:d6:a3:3b:6a:12:f9:a9:6b:ba:d3:55:a5:7b:66:
         13:8b:e6:5c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxg30/0qpsDwtWD0m5hUjGoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwMjE1MTAzNjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWQ1Zjc3ZGMzOWUwZTE4YjFiMzk5YTMxMDFjOTliZmMyMWUxMDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqjXCoGatk16y5Ze47zJdd/WE1vN
xZKi23gJqt0HGyKGRC0QMn3Vg4RqhTs1ElffvwDq+PIWrmoXsTwKhGgAfWMNoITW
ZCP4Pk6BOXZyW4PvJlHQFZCkxKthE7gEQIdJj9POUxWNvRyt0rRyGn962BNCovse
7VSwGgoG0iHT3W3xDnllUkE1kMa6TKlNFT9gJmIWDj5jESKa3JgDs660gRzlQjhJ
dOiwCk2VgBqqZigXpPVXRPELY6A4lwG7gW2V+nmDlHqQrwm/sJfwTFPGZhJv7iRY
0IEmfHf0L9e98O0K4Hfzbt9vxxZAswctXQ6p7FqsJu5wyydDjvF1KxO5+wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAXV933Dng4YsbOZoxAcmb/CHhCOMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvQmRYM2ZjT2VEaGl4czVtakVCeVp2OEllRUk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABa/tAwQA
TVo0MA0GCSqGSIb3DQEBCwUAA4IBAQBI6czo5B81e35WW5eLipdA7CeXn0V5pCYU
SvcxGCdlpnFFfem1chkxp/xIXQI5oYB7GS3Ss4OPB7ZQaw2DHrD60ZlaoMHjfaSM
7fEew2V9qUApFakSt3CH3qWdkNeNNwYcL1whHKMv4V7beTMVNItkKLiuxLqDARGb
RKm7VETZvXfPcfMvAhZ7COzqOSCea0jnnnlpZl2KZYuFYZtVSbZDZs+I4632DhAF
XJgC0Vex3r7BCAENhCPfwEqsT9cmTACISCrCAVMO2YbwTuDLIvO2m8ggJPxER8bR
u+h2Y01vR4WkmCivfFiiBuJ6dVT51qM7ahL5qWu601Wle2YTi+Zc
-----END CERTIFICATE-----