Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/79c702-62c0-43c5-998b-d544e7f13220/1/KxgGnF6vb3Ni0-buINiimrlB5FA.roa
File:                     KxgGnF6vb3Ni0-buINiimrlB5FA.roa (raw, json)
Hash identifier:          I5qHdG7CgoGWsa9qwKXjDuC38Iefxr90rUgtaAZcSlM=
Subject key identifier:   2B:18:06:9C:5E:AF:6F:73:62:D3:E6:EE:20:D8:A2:9A:B9:41:E4:50
Certificate issuer:       /CN=f20a22cc642f0444f80b1762e21dd32ad96a6443
Certificate serial:       019C51DBEAA3CF13AB23014DECC2AD012A7B
Authority key identifier: F2:0A:22:CC:64:2F:04:44:F8:0B:17:62:E2:1D:D3:2A:D9:6A:64:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8goizGQvBET4Cxdi4h3TKtlqZEM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/79c702-62c0-43c5-998b-d544e7f13220/1/KxgGnF6vb3Ni0-buINiimrlB5FA.roa
Signing time:             Thu 12 Feb 2026 12:38:12 +0000
ROA not before:           Thu 12 Feb 2026 12:38:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42168
IP address blocks:        2001:67c:29a8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/79c702-62c0-43c5-998b-d544e7f13220/1/8goizGQvBET4Cxdi4h3TKtlqZEM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/79c702-62c0-43c5-998b-d544e7f13220/1/8goizGQvBET4Cxdi4h3TKtlqZEM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8goizGQvBET4Cxdi4h3TKtlqZEM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:51:db:ea:a3:cf:13:ab:23:01:4d:ec:c2:ad:01:2a:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f20a22cc642f0444f80b1762e21dd32ad96a6443
        Validity
            Not Before: Feb 12 12:38:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2b18069c5eaf6f7362d3e6ee20d8a29ab941e450
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:94:80:eb:23:c9:09:95:d1:c3:3e:1d:bb:8d:
                    ed:06:e9:12:0f:5a:dd:b1:04:a8:5e:67:71:46:a3:
                    5b:82:ac:19:e1:20:ed:48:d4:8b:ab:a8:d6:28:8f:
                    2a:6f:3b:11:00:1a:3f:23:8b:c4:e7:a4:88:ad:d6:
                    82:43:b0:f7:8e:80:a6:03:25:9e:b5:44:e3:11:85:
                    86:f0:be:19:40:84:ff:97:fe:46:33:18:46:24:ab:
                    e9:70:3c:8b:34:c7:fd:9b:2d:8e:d5:3d:86:5d:c5:
                    8a:9a:27:dc:66:59:0d:ba:d1:11:4a:5c:23:68:45:
                    a0:69:39:38:0f:6b:74:aa:d8:d8:26:4b:9d:e3:73:
                    bd:76:62:22:f6:12:69:c2:33:7a:e0:09:fc:31:d3:
                    5b:5b:71:76:3a:81:ad:b8:6d:1f:8e:30:3e:6a:29:
                    f7:05:bf:fa:52:f1:20:e0:17:bc:7d:d3:e4:28:7a:
                    54:2e:bf:79:ec:35:d6:30:85:f5:cc:66:f3:9a:c8:
                    a6:bf:1a:6a:ec:ae:4e:73:20:49:75:bf:ef:78:27:
                    a7:e5:49:ea:98:fa:46:8f:d2:55:80:1f:59:9f:db:
                    9c:10:db:d7:21:9c:61:75:91:21:b2:10:69:36:5b:
                    30:bd:23:0c:99:0c:3d:1f:e8:20:01:8f:66:5e:c2:
                    92:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:18:06:9C:5E:AF:6F:73:62:D3:E6:EE:20:D8:A2:9A:B9:41:E4:50
            X509v3 Authority Key Identifier:
                keyid:F2:0A:22:CC:64:2F:04:44:F8:0B:17:62:E2:1D:D3:2A:D9:6A:64:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8goizGQvBET4Cxdi4h3TKtlqZEM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/79c702-62c0-43c5-998b-d544e7f13220/1/KxgGnF6vb3Ni0-buINiimrlB5FA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/79c702-62c0-43c5-998b-d544e7f13220/1/8goizGQvBET4Cxdi4h3TKtlqZEM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:29a8::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:4c:f9:3d:37:2c:14:7e:3b:9b:24:ee:a2:81:3a:9a:0d:71:
         cf:cd:34:78:0b:a1:c4:dd:17:d2:56:59:a4:6d:de:50:97:ef:
         19:11:59:81:65:d9:c5:ae:12:50:1a:2f:24:79:41:43:67:ef:
         97:98:20:e4:13:c4:05:5c:49:70:c8:7a:59:7a:39:06:de:f9:
         87:1c:64:80:3d:56:da:c7:7c:ce:78:2a:78:66:21:1a:db:4a:
         32:6b:f0:3c:cc:7a:d4:5e:b8:0f:eb:72:c8:00:3d:f4:fa:4c:
         9b:3d:89:78:0b:f3:d7:94:60:b5:e3:b1:ba:7c:91:d2:e3:23:
         0a:d3:67:52:bc:09:ea:db:3a:24:87:50:57:32:70:fa:11:80:
         92:58:1d:a0:56:92:1c:83:85:e7:2b:dd:8a:9e:c9:17:e8:da:
         61:fb:48:f0:bb:96:8e:6d:1c:59:ab:6c:2c:60:9e:48:37:55:
         7e:c0:30:1a:c5:64:9e:5e:98:ea:86:b3:e5:5e:e3:30:c0:e9:
         55:fd:cb:d3:a8:90:89:c0:f0:4c:b5:0f:2c:80:93:b6:2c:54:
         19:36:91:ac:84:bf:57:62:3f:0e:b8:e3:9a:6d:68:34:9d:16:
         bd:5a:8b:ed:d8:31:b1:d9:84:a3:d9:18:b9:9a:e4:75:ed:92:
         00:1a:02:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZxR2+qjzxOrIwFN7MKtASp7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyMGEyMmNjNjQyZjA0NDRmODBiMTc2MmUyMWRkMzJhZDk2
YTY0NDMwHhcNMjYwMjEyMTIzODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjE4MDY5YzVlYWY2ZjczNjJkM2U2ZWUyMGQ4YTI5YWI5NDFlNDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpSA6yPJCZXRwz4du43tBukSD1rd
sQSoXmdxRqNbgqwZ4SDtSNSLq6jWKI8qbzsRABo/I4vE56SIrdaCQ7D3joCmAyWe
tUTjEYWG8L4ZQIT/l/5GMxhGJKvpcDyLNMf9my2O1T2GXcWKmifcZlkNutERSlwj
aEWgaTk4D2t0qtjYJkud43O9dmIi9hJpwjN64An8MdNbW3F2OoGtuG0fjjA+ain3
Bb/6UvEg4Be8fdPkKHpULr957DXWMIX1zGbzmsimvxpq7K5OcyBJdb/veCen5Unq
mPpGj9JVgB9Zn9ucENvXIZxhdZEhshBpNlswvSMMmQw9H+ggAY9mXsKSHQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCsYBpxer29zYtPm7iDYopq5QeRQMB8GA1UdIwQY
MBaAFPIKIsxkLwRE+AsXYuId0yrZamRDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGdvaXpHUXZCRVQ0Q3hkaTRoM1RLdGxxWkVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny83OWM3MDItNjJjMC00M2M1LTk5OGIt
ZDU0NGU3ZjEzMjIwLzEvS3hnR25GNnZiM05pMC1idUlOaWltcmxCNUZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny83OWM3MDItNjJjMC00M2M1LTk5OGItZDU0NGU3ZjEzMjIw
LzEvOGdvaXpHUXZCRVQ0Q3hkaTRoM1RLdGxxWkVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCmo
MA0GCSqGSIb3DQEBCwUAA4IBAQAmTPk9NywUfjubJO6igTqaDXHPzTR4C6HE3RfS
Vlmkbd5Ql+8ZEVmBZdnFrhJQGi8keUFDZ++XmCDkE8QFXElwyHpZejkG3vmHHGSA
PVbax3zOeCp4ZiEa20oya/A8zHrUXrgP63LIAD30+kybPYl4C/PXlGC147G6fJHS
4yMK02dSvAnq2zokh1BXMnD6EYCSWB2gVpIcg4XnK92KnskX6Nph+0jwu5aObRxZ
q2wsYJ5IN1V+wDAaxWSeXpjqhrPlXuMwwOlV/cvTqJCJwPBMtQ8sgJO2LFQZNpGs
hL9XYj8OuOOabWg0nRa9Wovt2DGx2YSj2Ri5muR17ZIAGgJM
-----END CERTIFICATE-----