Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/xLvL2DDHdDsFuu0LWe_ArfxkZOU.roa
File:                     xLvL2DDHdDsFuu0LWe_ArfxkZOU.roa (raw, json)
Hash identifier:          jEvpZaWRUr0vww6k+sw/ZzVTbY8rHX3wan18IH9TsyY=
Subject key identifier:   C4:BB:CB:D8:30:C7:74:3B:05:BA:ED:0B:59:EF:C0:AD:FC:64:64:E5
Certificate issuer:       /CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
Certificate serial:       019CA0A7F297811C8D1832E05298851AE498
Authority key identifier: F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/xLvL2DDHdDsFuu0LWe_ArfxkZOU.roa
Signing time:             Fri 27 Feb 2026 19:51:27 +0000
ROA not before:           Fri 27 Feb 2026 19:51:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210734
IP address blocks:        212.119.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a0:a7:f2:97:81:1c:8d:18:32:e0:52:98:85:1a:e4:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
        Validity
            Not Before: Feb 27 19:51:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c4bbcbd830c7743b05baed0b59efc0adfc6464e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:db:7f:73:6e:50:ba:b8:81:ea:64:9e:cb:70:
                    d9:a9:18:7f:f3:54:3b:b6:e1:fe:97:37:cb:22:97:
                    ae:b3:d6:b1:f4:21:08:49:58:78:52:50:22:23:5f:
                    85:87:d2:62:f8:50:d8:d2:7d:12:8d:2d:86:5d:a6:
                    f3:8e:3e:f6:87:5c:6f:be:80:95:8f:57:0d:6e:b6:
                    f0:3d:0a:40:76:ed:e0:73:71:23:3e:61:97:06:5d:
                    62:a9:00:d6:6e:aa:87:e8:d7:f3:fe:57:07:28:10:
                    84:0f:a2:e8:b9:8a:c0:b8:13:ee:9b:d4:2e:b8:07:
                    37:86:db:ed:8e:87:f3:d8:4c:77:63:72:4c:af:ff:
                    88:3d:25:2e:38:75:18:5e:ef:72:71:0a:73:5b:8d:
                    ff:48:9a:a9:71:22:46:da:ad:ea:20:19:b7:d8:70:
                    b9:7c:6a:4a:f2:c2:27:13:e1:47:42:b1:d5:56:10:
                    46:eb:04:ec:f5:3d:5e:dc:dc:fc:e9:c6:38:b7:16:
                    8d:a0:e6:76:63:b6:24:09:b0:e7:25:e0:4f:81:32:
                    4f:0f:15:fd:25:27:eb:c8:c5:ae:13:08:c2:a1:61:
                    38:52:b5:5e:18:3c:7f:13:81:28:25:3e:78:f5:50:
                    81:4f:6f:42:b4:93:b8:61:be:f0:84:63:b4:fe:62:
                    7d:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:BB:CB:D8:30:C7:74:3B:05:BA:ED:0B:59:EF:C0:AD:FC:64:64:E5
            X509v3 Authority Key Identifier:
                keyid:F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/xLvL2DDHdDsFuu0LWe_ArfxkZOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.119.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:37:2c:a3:cc:4f:69:c0:1d:78:52:84:aa:00:e4:1b:f6:82:
         96:d0:4b:20:21:18:8b:9f:bc:4f:40:c6:f9:dd:92:b9:77:45:
         c8:00:7c:ea:97:3a:d3:97:e1:3e:27:34:f5:7e:0d:ab:bb:fa:
         99:b7:eb:73:ff:2d:3d:df:4a:df:a6:8b:30:53:de:fa:b8:1a:
         e1:ea:09:e6:7e:f4:57:f8:79:c8:10:ce:4d:fe:30:9a:bb:3c:
         a8:b2:d0:2f:fd:ce:32:e9:df:d5:e6:8a:69:cb:30:03:de:29:
         3f:c5:a7:09:fd:70:23:61:20:ab:07:36:d5:9a:98:ae:43:50:
         96:de:7d:8c:4a:68:54:c0:c8:f6:cf:98:03:a0:27:fd:37:17:
         df:82:88:9a:8f:48:5e:cf:37:8d:90:e1:d8:5c:04:1e:31:2f:
         93:42:57:de:d0:4e:f0:85:20:65:30:f6:a0:57:be:d8:4c:9a:
         d4:70:15:ac:1a:24:eb:61:f1:a0:06:71:33:7e:b6:1f:80:9f:
         53:3c:0e:fc:ee:c4:2f:4a:4f:ea:26:df:ef:37:be:95:40:ed:
         d7:8e:6f:e2:05:af:17:68:f5:bf:c4:58:fd:72:eb:8a:17:67:
         bd:2d:20:35:4a:6b:1f:95:d2:90:db:b1:a1:c9:47:10:e0:fb:
         ae:67:65:98
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZygp/KXgRyNGDLgUpiFGuSYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NjUxYjExOTRmMTJlOThlNzBkM2RhNzhlZmU0ZGQyNDY3
Y2Q0MjMwHhcNMjYwMjI3MTk1MTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGJiY2JkODMwYzc3NDNiMDViYWVkMGI1OWVmYzBhZGZjNjQ2NGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9t/c25QuriB6mSey3DZqRh/81Q7
tuH+lzfLIpeus9ax9CEISVh4UlAiI1+Fh9Ji+FDY0n0SjS2GXabzjj72h1xvvoCV
j1cNbrbwPQpAdu3gc3EjPmGXBl1iqQDWbqqH6Nfz/lcHKBCED6LouYrAuBPum9Qu
uAc3htvtjofz2Ex3Y3JMr/+IPSUuOHUYXu9ycQpzW43/SJqpcSJG2q3qIBm32HC5
fGpK8sInE+FHQrHVVhBG6wTs9T1e3Nz86cY4txaNoOZ2Y7YkCbDnJeBPgTJPDxX9
JSfryMWuEwjCoWE4UrVeGDx/E4EoJT549VCBT29CtJO4Yb7whGO0/mJ9iwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMS7y9gwx3Q7BbrtC1nvwK38ZGTlMB8GA1UdIwQY
MBaAFPhlGxGU8S6Y5w09p47+TdJGfNQjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1HVWJFWlR4THBqbkRUMm5qdjVOMGtaODFDTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjli
LWExYjdjZWVmYTE2Yy8xL3hMdkwyRERIZERzRnV1MExXZV9BcmZ4a1pPVS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjliLWExYjdjZWVmYTE2
Yy8xLzEtR1ViRVpUeExwam5EVDJuanY1TjBrWjgxQ00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADUdysw
DQYJKoZIhvcNAQELBQADggEBABA3LKPMT2nAHXhShKoA5Bv2gpbQSyAhGIufvE9A
xvndkrl3RcgAfOqXOtOX4T4nNPV+Dau7+pm363P/LT3fSt+mizBT3vq4GuHqCeZ+
9Ff4ecgQzk3+MJq7PKiy0C/9zjLp39XmimnLMAPeKT/Fpwn9cCNhIKsHNtWamK5D
UJbefYxKaFTAyPbPmAOgJ/03F9+CiJqPSF7PN42Q4dhcBB4xL5NCV97QTvCFIGUw
9qBXvthMmtRwFawaJOth8aAGcTN+th+An1M8DvzuxC9KT+om3+83vpVA7deOb+IF
rxdo9b/EWP1y64oXZ70tIDVKax+V0pDbsaHJRxDg+65nZZg=
-----END CERTIFICATE-----