Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/wZQ6m3eEC9hSmQ_KOF41gIwPF0k.roa
File:                     wZQ6m3eEC9hSmQ_KOF41gIwPF0k.roa (raw, json)
Hash identifier:          3oPxAKxnrOrp8PJK6Efk9YDF9kba8v5YOD9BPoDGLIM=
Subject key identifier:   C1:94:3A:9B:77:84:0B:D8:52:99:0F:CA:38:5E:35:80:8C:0F:17:49
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019C69373A6073D31A77A076DF09E5FA7466
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/wZQ6m3eEC9hSmQ_KOF41gIwPF0k.roa
Signing time:             Tue 17 Feb 2026 01:29:12 +0000
ROA not before:           Tue 17 Feb 2026 01:29:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204464
IP address blocks:        2a06:9801:85::/48 maxlen: 48
                          2a06:9801:90::/44 maxlen: 44
                          2a06:9801:a0::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 04:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:69:37:3a:60:73:d3:1a:77:a0:76:df:09:e5:fa:74:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Feb 17 01:29:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c1943a9b77840bd852990fca385e35808c0f1749
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:07:b2:02:c0:f5:49:96:ba:e1:ed:80:36:a0:
                    0f:79:29:3c:63:7b:6e:c0:9c:dc:1c:9d:5e:23:15:
                    e6:07:db:e5:0f:d7:23:1d:fe:d0:bf:cf:f7:8d:66:
                    fb:ed:44:c0:3f:ec:16:ce:d6:49:dd:32:76:0f:0f:
                    3c:6a:24:1e:76:40:a0:c0:30:44:a1:e9:1e:8b:d4:
                    81:3e:6a:e7:d4:ee:05:1f:82:f1:d3:b5:9e:6d:cd:
                    09:1b:8d:54:55:45:98:1a:22:36:3e:12:44:b2:59:
                    39:6d:d3:c1:a9:7f:4e:c2:f4:ae:ab:de:09:3b:6f:
                    7c:68:5a:e1:10:8b:c7:6b:a0:48:a7:e0:d4:ea:56:
                    a0:a9:e6:57:ab:87:e9:26:7e:d9:71:44:c8:a2:22:
                    25:aa:e9:7e:12:4b:a6:c2:22:83:4c:5a:d7:e8:f5:
                    77:7d:3b:68:df:83:af:d3:46:99:7f:fa:b4:19:7f:
                    dd:24:2f:7a:7e:a2:bc:7d:92:86:1a:43:10:88:29:
                    fe:fe:5e:6a:46:49:9a:44:3b:96:01:50:40:a6:44:
                    37:ae:73:76:10:30:d9:49:6c:db:fb:66:68:df:a4:
                    a6:be:03:09:aa:9b:85:8c:c5:28:99:70:b6:ae:59:
                    cb:a4:44:43:ec:7b:c4:95:ed:ba:aa:ca:e2:d7:48:
                    7a:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:94:3A:9B:77:84:0B:D8:52:99:0F:CA:38:5E:35:80:8C:0F:17:49
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/wZQ6m3eEC9hSmQ_KOF41gIwPF0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:85::/48
                  2a06:9801:90::-2a06:9801:af:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         15:ef:95:08:d0:9f:76:9e:df:70:21:b5:82:95:4f:5d:6d:5d:
         6e:d7:e3:8d:7f:54:9b:30:9e:cd:7a:7f:ba:5a:48:e5:81:32:
         10:0b:b5:97:64:70:1b:fc:65:27:75:1a:0e:14:ed:53:7e:99:
         e7:f8:a0:dd:55:1c:fe:b9:b7:89:a3:ae:9a:07:57:e2:4d:0e:
         e1:13:53:02:df:2b:4f:52:46:a0:70:34:8c:fb:a7:76:96:19:
         91:41:14:fd:16:8e:52:d0:f9:cc:17:ea:3c:a5:ec:f3:fd:8b:
         62:68:36:a5:31:70:01:1c:14:64:60:39:6e:06:95:0b:70:44:
         b5:38:bb:78:5d:e5:af:eb:34:1e:9f:67:8d:df:6b:b1:ff:e0:
         e8:a4:71:07:7b:9f:d0:f7:60:db:5f:50:9b:b2:be:71:31:6d:
         93:98:17:3a:a6:01:db:b2:1d:b3:6f:0e:8c:2f:fd:31:7b:3f:
         8d:83:9c:d4:bd:c9:27:b6:65:24:21:b1:26:df:c7:87:53:92:
         fc:1d:06:86:63:34:e8:35:bf:d8:97:3a:ae:a1:41:47:04:3c:
         4c:e2:25:bb:91:77:7c:02:dc:fc:87:cd:b8:53:65:93:18:2d:
         bb:07:d1:14:e7:29:c4:c6:33:47:7f:cc:16:fa:a1:c7:8e:7e:
         29:03:c5:f0
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZxpNzpgc9Mad6B23wnl+nRmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMjE3MDEyOTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTk0M2E5Yjc3ODQwYmQ4NTI5OTBmY2EzODVlMzU4MDhjMGYxNzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlweyAsD1SZa64e2ANqAPeSk8Y3tu
wJzcHJ1eIxXmB9vlD9cjHf7Qv8/3jWb77UTAP+wWztZJ3TJ2Dw88aiQedkCgwDBE
oekei9SBPmrn1O4FH4Lx07Webc0JG41UVUWYGiI2PhJEslk5bdPBqX9OwvSuq94J
O298aFrhEIvHa6BIp+DU6lagqeZXq4fpJn7ZcUTIoiIlqul+EkumwiKDTFrX6PV3
fTto34Ov00aZf/q0GX/dJC96fqK8fZKGGkMQiCn+/l5qRkmaRDuWAVBApkQ3rnN2
EDDZSWzb+2Zo36SmvgMJqpuFjMUomXC2rlnLpERD7HvEle26qsri10h6mQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFMGUOpt3hAvYUpkPyjheNYCMDxdJMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvd1pRNm0zZUVDOWhTbVFfS09GNDFnSXdQRjBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAjBAIAAjAdAwcAKgaYAQCF
MBIDBwQqBpgBAJADBwQqBpgBAKAwDQYJKoZIhvcNAQELBQADggEBABXvlQjQn3ae
33AhtYKVT11tXW7X441/VJswns16f7paSOWBMhALtZdkcBv8ZSd1Gg4U7VN+mef4
oN1VHP65t4mjrpoHV+JNDuETUwLfK09SRqBwNIz7p3aWGZFBFP0WjlLQ+cwX6jyl
7PP9i2JoNqUxcAEcFGRgOW4GlQtwRLU4u3hd5a/rNB6fZ43fa7H/4OikcQd7n9D3
YNtfUJuyvnExbZOYFzqmAduyHbNvDowv/TF7P42DnNS9ySe2ZSQhsSbfx4dTkvwd
BoZjNOg1v9iXOq6hQUcEPEziJbuRd3wC3PyHzbhTZZMYLbsH0RTnKcTGM0d/zBb6
oceOfikDxfA=
-----END CERTIFICATE-----