Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/bce141-e9c2-4a5d-8e16-84b5176a2a4c/1/0ySGeIDrXtZFxjKASUMVzdc0Dlc.roa
File:                     0ySGeIDrXtZFxjKASUMVzdc0Dlc.roa (raw, json)
Hash identifier:          l2+MJdgyr6VqnECFLRIqzXDoWHq/3WTx2ApaEcFXd9c=
Subject key identifier:   D3:24:86:78:80:EB:5E:D6:45:C6:32:80:49:43:15:CD:D7:34:0E:57
Certificate issuer:       /CN=76fe3055e87290000e3287f7ab5883802a5aa6da
Certificate serial:       019C66C244175EFAE3AAA139C09FC4D51405
Authority key identifier: 76:FE:30:55:E8:72:90:00:0E:32:87:F7:AB:58:83:80:2A:5A:A6:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dv4wVehykAAOMof3q1iDgCpapto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/bce141-e9c2-4a5d-8e16-84b5176a2a4c/1/0ySGeIDrXtZFxjKASUMVzdc0Dlc.roa
Signing time:             Mon 16 Feb 2026 14:02:13 +0000
ROA not before:           Mon 16 Feb 2026 14:02:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51155
IP address blocks:        185.179.132.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/bce141-e9c2-4a5d-8e16-84b5176a2a4c/1/dv4wVehykAAOMof3q1iDgCpapto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/bce141-e9c2-4a5d-8e16-84b5176a2a4c/1/dv4wVehykAAOMof3q1iDgCpapto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dv4wVehykAAOMof3q1iDgCpapto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 02:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:66:c2:44:17:5e:fa:e3:aa:a1:39:c0:9f:c4:d5:14:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76fe3055e87290000e3287f7ab5883802a5aa6da
        Validity
            Not Before: Feb 16 14:02:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d324867880eb5ed645c63280494315cdd7340e57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:e2:bf:d5:8e:9f:02:82:a5:d3:f1:1a:a8:7f:
                    48:37:d5:18:cf:5f:25:c8:3a:b8:ed:6b:c6:ba:04:
                    e0:dd:a0:3f:8f:67:6f:21:4f:98:c4:ab:c6:41:cf:
                    b7:9a:69:61:58:ab:a8:20:18:45:7b:76:bd:c5:56:
                    33:bf:16:25:f1:92:94:de:0e:91:f7:58:b8:be:ca:
                    f5:79:ab:be:cc:dc:bd:4b:e7:68:cd:b4:04:12:c4:
                    3a:d9:a8:91:b1:c2:76:d9:db:ba:b6:02:e2:92:b8:
                    b3:b3:4b:11:03:4f:36:84:78:40:75:03:42:18:d0:
                    07:bc:aa:b8:58:2e:1a:87:29:91:9d:18:50:5e:fb:
                    cd:2c:62:61:89:5b:13:32:ed:48:c5:30:d2:87:cb:
                    af:64:cc:84:23:ff:bf:8d:12:48:ec:8c:12:18:2c:
                    ef:90:ee:02:03:8a:e3:a4:54:70:1b:79:87:3a:9a:
                    bd:12:ab:cd:57:65:dc:a7:89:a7:c9:cc:eb:22:f1:
                    6f:c7:86:f4:f9:a6:2b:14:8c:f3:dd:06:dc:8b:d0:
                    b5:45:bb:83:a7:f9:fc:c3:66:c2:04:03:07:8f:27:
                    51:b4:90:3b:cd:3a:8e:7e:05:0e:93:df:e2:2a:51:
                    9d:85:6a:5c:31:53:1f:6c:72:b8:84:ea:2d:2c:0d:
                    87:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:24:86:78:80:EB:5E:D6:45:C6:32:80:49:43:15:CD:D7:34:0E:57
            X509v3 Authority Key Identifier:
                keyid:76:FE:30:55:E8:72:90:00:0E:32:87:F7:AB:58:83:80:2A:5A:A6:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dv4wVehykAAOMof3q1iDgCpapto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/bce141-e9c2-4a5d-8e16-84b5176a2a4c/1/0ySGeIDrXtZFxjKASUMVzdc0Dlc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/bce141-e9c2-4a5d-8e16-84b5176a2a4c/1/dv4wVehykAAOMof3q1iDgCpapto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7b:86:e1:d3:a0:e0:ee:ce:fe:7f:50:45:37:da:f0:08:73:9c:
         16:28:5f:a1:58:3d:a3:eb:7f:21:31:1a:48:8b:dc:0d:1d:f4:
         c0:16:b3:bd:ac:49:51:b0:dc:15:b3:10:83:9b:70:f3:b3:71:
         9f:95:cd:90:81:d0:2a:56:4e:45:e7:28:3e:56:7b:0f:ce:c2:
         fd:40:92:95:5c:46:fe:a2:06:b4:38:fc:3a:cf:49:37:33:97:
         79:71:cd:2d:66:2a:ec:a2:58:4d:cb:09:6a:a1:64:2e:4f:a7:
         51:62:e4:a8:09:c2:c7:2f:d1:ae:ab:87:1f:57:9d:85:4c:b7:
         bd:f0:1e:bb:87:25:3b:4b:ec:e3:f3:cb:73:a3:77:14:e5:66:
         be:a4:99:ab:cd:d9:12:cb:e5:b8:98:7a:4a:44:ff:a2:88:00:
         f2:da:28:90:8d:59:cd:6d:80:50:38:fe:d4:a9:31:5d:b4:ea:
         7b:d5:84:8b:02:4a:ba:44:31:47:ab:e3:54:3f:0b:77:a0:2c:
         c9:0b:cf:20:de:a6:6a:10:e8:5b:a4:71:16:d3:35:20:b1:de:
         26:a8:4a:9f:91:29:47:c8:22:f6:ac:f6:c3:4b:f6:66:09:b6:
         3f:eb:7f:79:4d:94:63:7d:c4:1c:2b:c5:4d:82:30:4a:33:6e:
         3d:bf:df:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxmwkQXXvrjqqE5wJ/E1RQFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2ZmUzMDU1ZTg3MjkwMDAwZTMyODdmN2FiNTg4MzgwMmE1
YWE2ZGEwHhcNMjYwMjE2MTQwMjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzI0ODY3ODgwZWI1ZWQ2NDVjNjMyODA0OTQzMTVjZGQ3MzQwZTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2eK/1Y6fAoKl0/EaqH9IN9UYz18l
yDq47WvGugTg3aA/j2dvIU+YxKvGQc+3mmlhWKuoIBhFe3a9xVYzvxYl8ZKU3g6R
91i4vsr1eau+zNy9S+dozbQEEsQ62aiRscJ22du6tgLikrizs0sRA082hHhAdQNC
GNAHvKq4WC4ahymRnRhQXvvNLGJhiVsTMu1IxTDSh8uvZMyEI/+/jRJI7IwSGCzv
kO4CA4rjpFRwG3mHOpq9EqvNV2Xcp4mnyczrIvFvx4b0+aYrFIzz3Qbci9C1RbuD
p/n8w2bCBAMHjydRtJA7zTqOfgUOk9/iKlGdhWpcMVMfbHK4hOotLA2HrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNMkhniA617WRcYygElDFc3XNA5XMB8GA1UdIwQY
MBaAFHb+MFXocpAADjKH96tYg4AqWqbaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHY0d1ZlaHlrQUFPTW9mM3ExaURnQ3BhcHRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9iY2UxNDEtZTljMi00YTVkLThlMTYt
ODRiNTE3NmEyYTRjLzEvMHlTR2VJRHJYdFpGeGpLQVNVTVZ6ZGMwRGxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9iY2UxNDEtZTljMi00YTVkLThlMTYtODRiNTE3NmEyYTRj
LzEvZHY0d1ZlaHlrQUFPTW9mM3ExaURnQ3BhcHRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubOEMA0G
CSqGSIb3DQEBCwUAA4IBAQB7huHToODuzv5/UEU32vAIc5wWKF+hWD2j638hMRpI
i9wNHfTAFrO9rElRsNwVsxCDm3Dzs3Gflc2QgdAqVk5F5yg+VnsPzsL9QJKVXEb+
oga0OPw6z0k3M5d5cc0tZirsolhNywlqoWQuT6dRYuSoCcLHL9Guq4cfV52FTLe9
8B67hyU7S+zj88tzo3cU5Wa+pJmrzdkSy+W4mHpKRP+iiADy2iiQjVnNbYBQOP7U
qTFdtOp71YSLAkq6RDFHq+NUPwt3oCzJC88g3qZqEOhbpHEW0zUgsd4mqEqfkSlH
yCL2rPbDS/ZmCbY/6395TZRjfcQcK8VNgjBKM249v99F
-----END CERTIFICATE-----