Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/b97070-c5f4-4410-94b5-d64d75394037/1/A8hQT388ItEqoQYFOhqCCsEIlTI.roa
File:                     A8hQT388ItEqoQYFOhqCCsEIlTI.roa (raw, json)
Hash identifier:          97e6isQPIjw70otEwzd0gLtQm2r1Kv7FnFS5tJziJjw=
Subject key identifier:   03:C8:50:4F:7F:3C:22:D1:2A:A1:06:05:3A:1A:82:0A:C1:08:95:32
Certificate issuer:       /CN=c7770135d0f0d30a868df551d8752d4b4badc2c1
Certificate serial:       019C9A7CA8D776DC538FA03C6B57D1EE0B73
Authority key identifier: C7:77:01:35:D0:F0:D3:0A:86:8D:F5:51:D8:75:2D:4B:4B:AD:C2:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x3cBNdDw0wqGjfVR2HUtS0utwsE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/b97070-c5f4-4410-94b5-d64d75394037/1/A8hQT388ItEqoQYFOhqCCsEIlTI.roa
Signing time:             Thu 26 Feb 2026 15:06:26 +0000
ROA not before:           Thu 26 Feb 2026 15:06:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207176
IP address blocks:        81.173.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/b97070-c5f4-4410-94b5-d64d75394037/1/x3cBNdDw0wqGjfVR2HUtS0utwsE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/b97070-c5f4-4410-94b5-d64d75394037/1/x3cBNdDw0wqGjfVR2HUtS0utwsE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x3cBNdDw0wqGjfVR2HUtS0utwsE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9a:7c:a8:d7:76:dc:53:8f:a0:3c:6b:57:d1:ee:0b:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7770135d0f0d30a868df551d8752d4b4badc2c1
        Validity
            Not Before: Feb 26 15:06:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=03c8504f7f3c22d12aa106053a1a820ac1089532
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:ff:ff:4f:07:ee:0c:63:c1:4f:37:94:c8:42:
                    46:17:37:19:59:15:15:20:9a:f8:88:50:03:11:ae:
                    96:3a:27:dc:ff:25:0f:05:86:19:ba:7b:e7:7f:d7:
                    9a:fd:67:c5:41:2a:14:2d:ed:23:3b:03:37:9d:f8:
                    53:c6:fa:7d:37:c1:58:10:df:c4:cf:ea:42:6a:ff:
                    d1:f1:14:78:1a:96:a9:86:36:30:23:0f:13:41:02:
                    bb:90:9d:73:7f:f0:fb:c7:c8:b5:4f:fb:84:3d:78:
                    31:39:5e:6c:e3:86:53:d2:0f:1c:58:20:fa:7c:53:
                    40:74:54:6c:52:93:51:6c:f2:50:84:c7:9d:ba:5f:
                    70:0c:34:32:9b:0f:12:d8:76:72:18:9b:ec:7e:6a:
                    3d:c6:69:43:bf:ff:15:83:d6:26:9b:ee:1b:91:8d:
                    d1:2b:06:8c:1a:d6:7c:49:0f:05:c2:a1:bd:68:78:
                    95:b3:12:5a:e4:8e:47:21:09:4d:62:6b:fb:7b:aa:
                    01:cc:af:1b:03:74:92:62:81:85:a7:2f:a3:56:3a:
                    6b:99:b0:83:cf:0f:97:05:23:5b:95:60:b4:65:9d:
                    03:1b:3c:4f:f8:4f:8c:7a:1a:df:05:5b:20:3e:ad:
                    26:e0:31:e5:be:b8:f6:16:28:02:5e:4a:ed:ac:42:
                    21:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:C8:50:4F:7F:3C:22:D1:2A:A1:06:05:3A:1A:82:0A:C1:08:95:32
            X509v3 Authority Key Identifier:
                keyid:C7:77:01:35:D0:F0:D3:0A:86:8D:F5:51:D8:75:2D:4B:4B:AD:C2:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x3cBNdDw0wqGjfVR2HUtS0utwsE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/b97070-c5f4-4410-94b5-d64d75394037/1/A8hQT388ItEqoQYFOhqCCsEIlTI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/b97070-c5f4-4410-94b5-d64d75394037/1/x3cBNdDw0wqGjfVR2HUtS0utwsE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.173.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:c2:b1:e8:f2:12:8c:23:40:d6:fd:ae:97:20:1d:e0:75:8d:
         c3:06:54:ef:3b:74:d5:90:45:87:8d:05:9a:b5:af:0b:95:1f:
         7d:54:6a:4d:e6:ae:0f:60:4c:19:ba:3f:87:88:7c:4b:05:16:
         b5:ac:40:9f:d0:1f:6e:fb:be:7e:64:b3:6e:6f:a7:ed:46:42:
         e7:cc:e5:9a:be:80:66:04:9d:97:7a:f4:2b:45:bd:48:17:f8:
         0f:52:6e:78:69:db:02:42:b9:6e:86:d5:b9:b8:0b:ed:e8:83:
         69:55:43:5c:39:75:a8:2c:07:f5:c1:48:d1:34:81:6b:bb:c3:
         0e:10:22:38:69:91:4f:67:15:d1:dc:6a:97:fe:e6:52:7a:49:
         78:82:75:1e:14:8a:91:c4:e5:6b:23:1e:b3:50:cb:ca:80:b6:
         d0:15:99:2b:65:da:39:84:55:44:22:ca:2d:3d:c4:2d:8b:14:
         bf:b7:ac:c1:89:54:b1:83:5b:a8:da:d4:11:3f:94:81:48:63:
         73:8a:23:06:5c:45:81:3b:a9:5b:73:7b:ba:f8:1a:a2:a1:55:
         a2:5e:ad:6a:ac:5b:7c:5b:81:e4:1d:d2:02:fb:91:47:cd:15:
         e9:e1:9f:c1:bb:6e:f0:b2:8a:ce:47:af:43:86:7c:99:61:b8:
         4e:ef:e3:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyafKjXdtxTj6A8a1fR7gtzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NzcwMTM1ZDBmMGQzMGE4NjhkZjU1MWQ4NzUyZDRiNGJh
ZGMyYzEwHhcNMjYwMjI2MTUwNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2M4NTA0ZjdmM2MyMmQxMmFhMTA2MDUzYTFhODIwYWMxMDg5NTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAif//TwfuDGPBTzeUyEJGFzcZWRUV
IJr4iFADEa6WOifc/yUPBYYZunvnf9ea/WfFQSoULe0jOwM3nfhTxvp9N8FYEN/E
z+pCav/R8RR4GpaphjYwIw8TQQK7kJ1zf/D7x8i1T/uEPXgxOV5s44ZT0g8cWCD6
fFNAdFRsUpNRbPJQhMedul9wDDQymw8S2HZyGJvsfmo9xmlDv/8Vg9Ymm+4bkY3R
KwaMGtZ8SQ8FwqG9aHiVsxJa5I5HIQlNYmv7e6oBzK8bA3SSYoGFpy+jVjprmbCD
zw+XBSNblWC0ZZ0DGzxP+E+MehrfBVsgPq0m4DHlvrj2FigCXkrtrEIhBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAPIUE9/PCLRKqEGBToaggrBCJUyMB8GA1UdIwQY
MBaAFMd3ATXQ8NMKho31Udh1LUtLrcLBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDNjQk5kRHcwd3FHamZWUjJIVXRTMHV0d3NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9iOTcwNzAtYzVmNC00NDEwLTk0YjUt
ZDY0ZDc1Mzk0MDM3LzEvQThoUVQzODhJdEVxb1FZRk9ocUNDc0VJbFRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9iOTcwNzAtYzVmNC00NDEwLTk0YjUtZDY0ZDc1Mzk0MDM3
LzEveDNjQk5kRHcwd3FHamZWUjJIVXRTMHV0d3NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUa0vMA0G
CSqGSIb3DQEBCwUAA4IBAQBJwrHo8hKMI0DW/a6XIB3gdY3DBlTvO3TVkEWHjQWa
ta8LlR99VGpN5q4PYEwZuj+HiHxLBRa1rECf0B9u+75+ZLNub6ftRkLnzOWavoBm
BJ2XevQrRb1IF/gPUm54adsCQrluhtW5uAvt6INpVUNcOXWoLAf1wUjRNIFru8MO
ECI4aZFPZxXR3GqX/uZSekl4gnUeFIqRxOVrIx6zUMvKgLbQFZkrZdo5hFVEIsot
PcQtixS/t6zBiVSxg1uo2tQRP5SBSGNziiMGXEWBO6lbc3u6+BqioVWiXq1qrFt8
W4HkHdIC+5FHzRXp4Z/Bu27wsorOR69DhnyZYbhO7+O3
-----END CERTIFICATE-----