Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/kkTc-CqdA7325Hx74WPC1i1z1ho.roa
File:                     kkTc-CqdA7325Hx74WPC1i1z1ho.roa (raw, json)
Hash identifier:          hgMqyY5kb0icfrniqakaGixYqwHTT+s6ebLBFJjRgM4=
Subject key identifier:   92:44:DC:F8:2A:9D:03:BD:F6:E4:7C:7B:E1:63:C2:D6:2D:73:D6:1A
Certificate issuer:       /CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Certificate serial:       019C85B2B4F40F292DED550AA64695784928
Authority key identifier: DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/kkTc-CqdA7325Hx74WPC1i1z1ho.roa
Signing time:             Sun 22 Feb 2026 14:13:27 +0000
ROA not before:           Sun 22 Feb 2026 14:13:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216127
IP address blocks:        138.124.228.0/24 maxlen: 24
                          138.124.229.0/24 maxlen: 24
                          138.124.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:85:b2:b4:f4:0f:29:2d:ed:55:0a:a6:46:95:78:49:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
        Validity
            Not Before: Feb 22 14:13:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9244dcf82a9d03bdf6e47c7be163c2d62d73d61a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:29:86:72:15:a5:3d:ca:85:38:bf:7f:9f:b0:
                    30:7f:ad:81:e4:7e:d0:7a:3e:68:30:c1:41:2a:10:
                    96:99:fd:96:71:22:24:95:ce:5b:ed:cb:76:d9:d7:
                    87:85:36:62:b1:f2:3b:a4:e3:cb:0d:8c:96:85:5c:
                    57:5c:cf:70:12:53:e8:ea:e8:14:fd:c4:8c:82:28:
                    12:c8:7e:f4:4a:13:99:ff:f0:1a:d0:55:b9:7a:8f:
                    ea:7a:1b:c9:3f:fc:14:c2:de:c8:9f:7f:5a:ec:be:
                    42:46:ff:da:de:c3:fc:37:0e:46:73:33:5f:c7:cb:
                    24:aa:f6:6c:18:05:12:f2:2b:5b:c7:28:ec:58:31:
                    33:e7:88:30:f4:6c:91:50:ba:ef:e4:86:a3:d3:6f:
                    f0:a9:d8:cb:21:64:59:5b:70:67:bf:32:e5:7c:59:
                    78:e5:b2:06:64:2d:e4:41:66:0f:bc:72:fc:70:af:
                    40:71:d8:59:de:bf:0b:84:28:55:3b:8e:57:32:9e:
                    ac:21:61:01:75:52:bc:e9:5b:f5:94:42:4b:1d:40:
                    1e:34:a6:95:3c:4e:62:de:5c:36:f5:81:75:40:35:
                    56:38:ea:7c:05:de:6d:a3:48:a7:20:bc:f4:04:5b:
                    9b:f8:d6:c7:48:2e:3c:3c:d4:6f:57:96:05:c8:72:
                    d4:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:44:DC:F8:2A:9D:03:BD:F6:E4:7C:7B:E1:63:C2:D6:2D:73:D6:1A
            X509v3 Authority Key Identifier:
                keyid:DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/kkTc-CqdA7325Hx74WPC1i1z1ho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.124.228.0-138.124.230.255

    Signature Algorithm: sha256WithRSAEncryption
         79:3d:63:5a:03:68:b7:3c:a2:ba:98:8d:00:c7:df:6d:99:a1:
         7a:a2:f7:59:b2:fd:80:f9:37:3b:f2:30:f6:38:2a:58:09:b9:
         52:25:85:ce:03:4c:b4:46:f0:e5:45:c5:28:59:31:ef:f2:c7:
         9c:f4:f5:10:0c:df:7a:64:53:b4:27:c9:0b:42:8d:ad:12:e6:
         0c:e4:ea:f7:1a:ee:4e:de:35:ad:a6:83:c9:0c:09:4e:aa:28:
         f6:2a:e3:bf:5f:eb:80:42:a2:0b:ae:96:b0:f8:36:ed:97:61:
         1c:f2:98:8d:f5:96:dc:7d:93:b2:37:a1:8e:99:5c:0b:32:35:
         95:75:36:51:cc:db:b2:83:0f:bd:e6:b4:ac:14:fd:e6:09:16:
         c5:a8:ae:6a:35:23:26:06:a9:09:2c:fa:4f:33:e2:61:ac:b0:
         d6:ab:c5:1d:3e:ca:da:fd:06:c9:be:8d:5e:97:55:c9:7f:6c:
         62:06:b2:f9:b4:bd:bf:58:2f:ea:59:c8:0c:06:90:06:49:90:
         b2:39:61:54:99:24:9b:b6:f4:d7:3b:d5:ff:a6:7f:68:fa:98:
         4f:e1:12:c1:c5:a6:c5:75:33:a0:d8:de:da:04:9c:5b:6c:37:
         dc:a0:5a:3b:0b:3a:3f:39:c9:9a:b1:8c:ba:ca:ee:29:46:5e:
         71:a0:37:2e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZyFsrT0Dykt7VUKpkaVeEkoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhOGYwNWUzODQzNTE3Y2YwOTcxYzJiZjljZGRkZGQ2Mjcx
N2U1MmMwHhcNMjYwMjIyMTQxMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjQ0ZGNmODJhOWQwM2JkZjZlNDdjN2JlMTYzYzJkNjJkNzNkNjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzimGchWlPcqFOL9/n7Awf62B5H7Q
ej5oMMFBKhCWmf2WcSIklc5b7ct22deHhTZisfI7pOPLDYyWhVxXXM9wElPo6ugU
/cSMgigSyH70ShOZ//Aa0FW5eo/qehvJP/wUwt7In39a7L5CRv/a3sP8Nw5GczNf
x8skqvZsGAUS8itbxyjsWDEz54gw9GyRULrv5Iaj02/wqdjLIWRZW3BnvzLlfFl4
5bIGZC3kQWYPvHL8cK9AcdhZ3r8LhChVO45XMp6sIWEBdVK86Vv1lEJLHUAeNKaV
PE5i3lw29YF1QDVWOOp8Bd5to0inILz0BFub+NbHSC48PNRvV5YFyHLUnwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJJE3PgqnQO99uR8e+FjwtYtc9YaMB8GA1UdIwQY
MBaAFNqPBeOENRfPCXHCv5zd3dYnF+UsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgt
ZTAxZTk0MTI0Njc0LzEva2tUYy1DcWRBNzMyNUh4NzRXUEMxaTF6MWhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgtZTAxZTk0MTI0Njc0
LzEvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAKKfOQD
BACKfOYwDQYJKoZIhvcNAQELBQADggEBAHk9Y1oDaLc8orqYjQDH322ZoXqi91my
/YD5NzvyMPY4KlgJuVIlhc4DTLRG8OVFxShZMe/yx5z09RAM33pkU7QnyQtCja0S
5gzk6vca7k7eNa2mg8kMCU6qKPYq479f64BCoguulrD4Nu2XYRzymI31ltx9k7I3
oY6ZXAsyNZV1NlHM27KDD73mtKwU/eYJFsWormo1IyYGqQks+k8z4mGssNarxR0+
ytr9Bsm+jV6XVcl/bGIGsvm0vb9YL+pZyAwGkAZJkLI5YVSZJJu29Nc71f+mf2j6
mE/hEsHFpsV1M6DY3toEnFtsN9ygWjsLOj85yZqxjLrK7ilGXnGgNy4=
-----END CERTIFICATE-----