Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/0Oic1IcERTEb5DlaPzbn0th6N50.roa
File:                     0Oic1IcERTEb5DlaPzbn0th6N50.roa (raw, json)
Hash identifier:          bDlBbgczPM559YYoDu7tlNakooG/ffcXd8tnjCuBkcE=
Subject key identifier:   D0:E8:9C:D4:87:04:45:31:1B:E4:39:5A:3F:36:E7:D2:D8:7A:37:9D
Certificate issuer:       /CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Certificate serial:       019C56E151AA8FC24B18D164CA3771F3E7B4
Authority key identifier: CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/0Oic1IcERTEb5DlaPzbn0th6N50.roa
Signing time:             Fri 13 Feb 2026 12:02:12 +0000
ROA not before:           Fri 13 Feb 2026 12:02:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216332
IP address blocks:        85.137.160.0/24 maxlen: 24
                          85.137.161.0/24 maxlen: 24
                          85.137.162.0/24 maxlen: 24
                          85.137.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:56:e1:51:aa:8f:c2:4b:18:d1:64:ca:37:71:f3:e7:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
        Validity
            Not Before: Feb 13 12:02:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d0e89cd4870445311be4395a3f36e7d2d87a379d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:be:2a:80:a4:23:10:32:70:2c:a3:b0:49:66:
                    42:ad:37:f6:d7:a6:07:54:42:9e:28:f0:79:4f:34:
                    26:f2:c2:3d:3b:a3:ce:fe:2c:ea:eb:76:99:fe:36:
                    72:b4:6e:aa:56:72:50:a3:75:c5:4d:d4:43:95:0f:
                    d6:75:45:0a:8e:c9:0c:62:fe:cc:28:9c:15:f4:71:
                    5c:f7:a3:88:b5:aa:62:66:30:db:d7:60:a7:95:e9:
                    5f:34:34:4f:67:ee:4d:23:a9:1a:85:5a:1b:21:bc:
                    13:52:a5:1c:53:89:83:ba:86:ab:98:5e:b2:01:e9:
                    f9:72:86:af:94:ac:54:55:4f:fa:9e:99:54:53:6c:
                    b0:35:4c:96:6b:df:04:05:d2:23:31:b3:7f:64:de:
                    4b:45:4e:62:7e:91:4b:1c:61:fa:ef:04:8c:09:ef:
                    0d:f9:04:21:9a:89:b8:51:3d:20:c6:80:5c:aa:f0:
                    e5:f6:fd:a6:41:1d:0b:60:a6:ca:f7:1b:84:73:7e:
                    b1:9f:8f:4a:e0:28:ee:e5:a4:4c:7e:4d:92:c5:65:
                    1f:fe:01:a8:4f:e2:ae:48:b9:9d:94:c0:45:fa:e1:
                    ca:c7:d4:e3:f4:4e:cc:5c:a3:2a:da:54:1b:fb:d9:
                    bb:5b:4d:98:b5:9d:01:ab:cf:e5:e6:27:af:ef:33:
                    ad:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:E8:9C:D4:87:04:45:31:1B:E4:39:5A:3F:36:E7:D2:D8:7A:37:9D
            X509v3 Authority Key Identifier:
                keyid:CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/0Oic1IcERTEb5DlaPzbn0th6N50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.137.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:61:5f:6f:fa:c4:42:f2:10:1d:1c:fc:5f:45:19:bc:e9:72:
         af:aa:49:fe:56:e6:ad:9b:0d:a0:5e:fa:09:b9:6f:b5:2c:5f:
         d8:1a:bd:90:81:b8:52:49:e7:29:74:5a:f5:dd:d6:2a:fd:21:
         fe:cb:09:07:7d:5a:6d:b6:3b:74:d9:87:2f:da:4c:e2:87:06:
         2a:e6:8e:d3:36:2e:44:9a:36:f4:91:c3:1f:f3:7a:d4:26:a5:
         aa:58:66:87:d3:14:f3:8b:47:39:c0:15:39:13:3e:72:1e:cd:
         23:3a:c8:2c:ac:6a:d7:14:7b:36:74:00:27:73:3e:e3:f3:ce:
         ef:70:3e:17:fd:b3:b0:0f:00:ea:0c:bf:eb:5d:cc:ed:9d:e3:
         07:ef:e7:42:dc:15:82:97:1f:0b:fc:e3:11:82:45:0d:80:2f:
         cd:cd:cb:6f:72:84:4e:ea:34:9a:d3:4b:2f:70:af:cd:fb:01:
         dc:da:b4:51:9e:34:fc:dd:c5:dd:4b:f0:a8:41:d8:5a:04:bd:
         23:e1:d5:b8:f9:2e:ba:ea:4c:91:27:51:af:0b:f2:77:cf:0e:
         29:f1:a1:6c:23:95:29:5b:05:ba:fb:d0:ed:74:ef:8e:07:2a:
         c3:3f:9a:c3:06:ef:d7:f3:1b:24:55:29:52:9c:a9:cc:9d:dc:
         1f:fb:4f:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxW4VGqj8JLGNFkyjdx8+e0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjQ0MWQ5ZDgwN2UwZDc4Y2U3NTIxM2ExMDM0MDBlZTE0
YTdjZGMwHhcNMjYwMjEzMTIwMjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGU4OWNkNDg3MDQ0NTMxMWJlNDM5NWEzZjM2ZTdkMmQ4N2EzNzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7L4qgKQjEDJwLKOwSWZCrTf216YH
VEKeKPB5TzQm8sI9O6PO/izq63aZ/jZytG6qVnJQo3XFTdRDlQ/WdUUKjskMYv7M
KJwV9HFc96OItapiZjDb12CnlelfNDRPZ+5NI6kahVobIbwTUqUcU4mDuoarmF6y
Aen5coavlKxUVU/6nplUU2ywNUyWa98EBdIjMbN/ZN5LRU5ifpFLHGH67wSMCe8N
+QQhmom4UT0gxoBcqvDl9v2mQR0LYKbK9xuEc36xn49K4Cju5aRMfk2SxWUf/gGo
T+KuSLmdlMBF+uHKx9Tj9E7MXKMq2lQb+9m7W02YtZ0Bq8/l5iev7zOttwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNDonNSHBEUxG+Q5Wj8259LYejedMB8GA1UdIwQY
MBaAFMpkQdnYB+DXjOdSE6EDQA7hSnzcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYt
MmUyOGI5NjQ5OGE5LzEvME9pYzFJY0VSVEViNURsYVB6Ym4wdGg2TjUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYtMmUyOGI5NjQ5OGE5
LzEveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVYmgMA0G
CSqGSIb3DQEBCwUAA4IBAQB0YV9v+sRC8hAdHPxfRRm86XKvqkn+Vuatmw2gXvoJ
uW+1LF/YGr2QgbhSSecpdFr13dYq/SH+ywkHfVpttjt02Ycv2kzihwYq5o7TNi5E
mjb0kcMf83rUJqWqWGaH0xTzi0c5wBU5Ez5yHs0jOsgsrGrXFHs2dAAncz7j887v
cD4X/bOwDwDqDL/rXcztneMH7+dC3BWClx8L/OMRgkUNgC/NzctvcoRO6jSa00sv
cK/N+wHc2rRRnjT83cXdS/CoQdhaBL0j4dW4+S666kyRJ1GvC/J3zw4p8aFsI5Up
WwW6+9DtdO+OByrDP5rDBu/X8xskVSlSnKnMndwf+0/z
-----END CERTIFICATE-----