Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/c3bKBXQu79Jy3dO_Hl07eYXslQQ.roa
File:                     c3bKBXQu79Jy3dO_Hl07eYXslQQ.roa (raw, json)
Hash identifier:          lJGAiR7fMIYg94I1p5YOTlfAqnFVCGIz11XSv3uLwPE=
Subject key identifier:   73:76:CA:05:74:2E:EF:D2:72:DD:D3:BF:1E:5D:3B:79:85:EC:95:04
Certificate issuer:       /CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
Certificate serial:       019C89A3A3783F1B96904486618816EC104B
Authority key identifier: CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/c3bKBXQu79Jy3dO_Hl07eYXslQQ.roa
Signing time:             Mon 23 Feb 2026 08:35:28 +0000
ROA not before:           Mon 23 Feb 2026 08:35:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207518
IP address blocks:        2a09:d2c1:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 11:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:89:a3:a3:78:3f:1b:96:90:44:86:61:88:16:ec:10:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
        Validity
            Not Before: Feb 23 08:35:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7376ca05742eefd272ddd3bf1e5d3b7985ec9504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:66:52:e1:c5:a1:f1:8e:7a:0f:d5:f7:7f:46:
                    aa:87:0f:88:58:d4:ec:4e:97:6c:28:18:b8:7c:21:
                    ce:39:0d:56:10:4f:bd:98:85:fb:c9:01:d8:66:d7:
                    30:bd:96:01:55:eb:e8:1f:39:ed:84:a5:a5:61:eb:
                    67:a3:a6:b0:51:d5:fa:56:5e:70:55:de:bc:b6:a3:
                    91:7a:61:19:d6:79:90:a9:55:2c:69:cb:f4:c3:32:
                    bc:71:a7:da:71:a9:e1:84:f1:b9:10:b8:3d:7d:fb:
                    b7:96:37:4e:d0:ae:04:12:a1:cb:03:48:af:21:28:
                    c0:7c:bd:db:62:4b:c6:35:d5:4f:fc:b9:c5:d5:e7:
                    11:de:c9:9c:2e:1d:8c:f8:f9:c7:56:43:45:44:08:
                    b3:90:5d:26:53:99:bb:8d:a3:3d:04:d0:2a:d3:15:
                    5f:60:42:35:68:e5:b1:8f:94:3a:7c:2b:ed:30:b5:
                    53:0d:05:96:7d:67:d2:ce:7f:3f:dc:f2:1b:7b:31:
                    e7:e9:85:88:08:55:c5:c7:fa:e4:a1:e8:22:e2:b4:
                    10:9c:23:e7:19:56:52:bc:d1:32:15:e6:08:41:1f:
                    d7:ee:f1:fe:bd:24:17:b1:6c:5d:2c:19:cb:72:e6:
                    49:a3:67:1a:72:95:29:7c:1a:e0:25:ae:08:d0:a6:
                    94:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:76:CA:05:74:2E:EF:D2:72:DD:D3:BF:1E:5D:3B:79:85:EC:95:04
            X509v3 Authority Key Identifier:
                keyid:CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/c3bKBXQu79Jy3dO_Hl07eYXslQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:d2c1:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:19:b7:7d:24:c4:92:9e:d6:db:14:e3:12:c8:55:85:44:2e:
         6c:d4:08:b5:32:6f:11:0f:14:0d:2a:cb:4d:a9:de:2f:37:2f:
         7d:57:13:5a:27:db:6b:0a:47:24:8e:2d:07:d8:6e:8e:ab:f1:
         bd:1c:fa:15:41:ef:bf:49:69:2d:71:ad:8b:60:89:7b:96:fa:
         fe:a6:30:5a:68:7a:d9:ed:51:9f:78:bf:eb:02:c0:f3:a0:1a:
         cc:48:7d:b7:e6:5a:a4:f7:bf:41:7c:98:10:08:67:f9:d1:82:
         03:12:83:d0:e0:e5:9b:83:c4:ce:55:92:7a:4a:27:16:a9:9d:
         9f:ab:e8:ba:79:e0:d7:4d:5a:57:73:83:50:a1:53:88:68:e7:
         67:e3:42:a2:da:52:34:01:12:55:05:51:5f:5e:59:d6:d8:f6:
         58:13:e4:d3:2e:e0:19:6f:8d:79:2f:95:23:02:22:19:1b:2f:
         37:26:17:2f:2e:2e:f7:58:ad:09:a3:3f:cf:7f:88:19:e7:0e:
         2d:5a:0e:a8:e1:1c:5e:26:c8:8f:1a:3b:64:20:ff:69:d8:a8:
         eb:eb:42:9a:0f:fd:88:ab:67:4f:27:bd:d8:19:2a:53:94:39:
         b5:1c:53:ef:b9:61:ca:ca:93:7d:55:62:09:20:04:be:f5:33:
         61:83:6d:d7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZyJo6N4PxuWkESGYYgW7BBLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2Q3M2Y4MmMyNjBkYTg3Mzg2ZGNmN2JlMjZkNWM1NDQ1
NTI2ZmEwHhcNMjYwMjIzMDgzNTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mzc2Y2EwNTc0MmVlZmQyNzJkZGQzYmYxZTVkM2I3OTg1ZWM5NTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1WZS4cWh8Y56D9X3f0aqhw+IWNTs
TpdsKBi4fCHOOQ1WEE+9mIX7yQHYZtcwvZYBVevoHznthKWlYetno6awUdX6Vl5w
Vd68tqORemEZ1nmQqVUsacv0wzK8cafacanhhPG5ELg9ffu3ljdO0K4EEqHLA0iv
ISjAfL3bYkvGNdVP/LnF1ecR3smcLh2M+PnHVkNFRAizkF0mU5m7jaM9BNAq0xVf
YEI1aOWxj5Q6fCvtMLVTDQWWfWfSzn8/3PIbezHn6YWICFXFx/rkoegi4rQQnCPn
GVZSvNEyFeYIQR/X7vH+vSQXsWxdLBnLcuZJo2cacpUpfBrgJa4I0KaUiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHN2ygV0Lu/Sct3Tvx5dO3mF7JUEMB8GA1UdIwQY
MBaAFM/Nc/gsJg2oc4bc974m1cVEVSb6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTct
NmVkYzFiMjI1NjI1LzEvYzNiS0JYUXU3OUp5M2RPX0hsMDdlWVhzbFFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTctNmVkYzFiMjI1NjI1
LzEvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgnSwQAE
MA0GCSqGSIb3DQEBCwUAA4IBAQA7Gbd9JMSSntbbFOMSyFWFRC5s1Ai1Mm8RDxQN
KstNqd4vNy99VxNaJ9trCkckji0H2G6Oq/G9HPoVQe+/SWktca2LYIl7lvr+pjBa
aHrZ7VGfeL/rAsDzoBrMSH235lqk979BfJgQCGf50YIDEoPQ4OWbg8TOVZJ6SicW
qZ2fq+i6eeDXTVpXc4NQoVOIaOdn40Ki2lI0ARJVBVFfXlnW2PZYE+TTLuAZb415
L5UjAiIZGy83JhcvLi73WK0Joz/Pf4gZ5w4tWg6o4RxeJsiPGjtkIP9p2Kjr60Ka
D/2Iq2dPJ73YGSpTlDm1HFPvuWHKypN9VWIJIAS+9TNhg23X
-----END CERTIFICATE-----