Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/9f3205-52e9-46a4-b6c2-c703522488f9/1/KWX40V7o8A6zMkKoIGkCmwKYmr0.roa
File:                     KWX40V7o8A6zMkKoIGkCmwKYmr0.roa (raw, json)
Hash identifier:          nJ0kf2dRdOxQXbxBLcQMmLtNRpU/yw5QdnU4YcpxOtc=
Subject key identifier:   29:65:F8:D1:5E:E8:F0:0E:B3:32:42:A8:20:69:02:9B:02:98:9A:BD
Certificate issuer:       /CN=0284fd941cf7b294b882e74db0fc97167434dabc
Certificate serial:       019C704E13BFBEE7635C9F9D391279EA986A
Authority key identifier: 02:84:FD:94:1C:F7:B2:94:B8:82:E7:4D:B0:FC:97:16:74:34:DA:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AoT9lBz3spS4gudNsPyXFnQ02rw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/9f3205-52e9-46a4-b6c2-c703522488f9/1/KWX40V7o8A6zMkKoIGkCmwKYmr0.roa
Signing time:             Wed 18 Feb 2026 10:31:30 +0000
ROA not before:           Wed 18 Feb 2026 10:31:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214440
IP address blocks:        89.124.250.0/24 maxlen: 24
                          103.199.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/9f3205-52e9-46a4-b6c2-c703522488f9/1/AoT9lBz3spS4gudNsPyXFnQ02rw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/9f3205-52e9-46a4-b6c2-c703522488f9/1/AoT9lBz3spS4gudNsPyXFnQ02rw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AoT9lBz3spS4gudNsPyXFnQ02rw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 10:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:70:4e:13:bf:be:e7:63:5c:9f:9d:39:12:79:ea:98:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0284fd941cf7b294b882e74db0fc97167434dabc
        Validity
            Not Before: Feb 18 10:31:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2965f8d15ee8f00eb33242a82069029b02989abd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:33:fb:64:32:c2:90:53:07:2f:f0:60:b4:1c:
                    f4:93:5d:18:a1:f4:b1:e3:fe:de:6a:67:bf:1e:76:
                    15:b2:af:51:8f:0e:7a:a3:70:6f:d4:24:fe:2e:52:
                    b5:32:59:51:91:fe:75:7f:aa:75:99:ee:77:f5:7f:
                    cd:19:25:e3:10:19:1a:c2:be:e5:72:72:f4:86:7f:
                    7e:c6:f2:a5:cf:81:97:4a:84:2a:37:dd:aa:5f:1c:
                    b1:93:eb:9c:9b:c5:c7:53:21:09:bd:a4:b5:f1:d1:
                    36:dc:6c:93:fa:d8:c7:29:8b:ea:4c:54:29:e6:9c:
                    25:31:70:75:ea:a9:34:17:d4:93:af:15:b2:1f:04:
                    c3:9c:d4:e6:41:9a:ab:bc:0d:59:d8:b9:f2:93:1a:
                    40:e4:61:a5:e1:03:fc:95:6b:fe:08:78:e9:ea:4e:
                    b5:9e:3b:c5:e3:b5:65:25:47:1a:f0:61:92:16:fa:
                    7d:18:93:1f:b7:5c:9e:38:dd:74:1e:28:e6:ca:52:
                    de:73:c1:57:42:f3:45:07:c6:2a:b4:40:2f:74:d2:
                    c9:97:df:6e:23:d9:6a:d1:38:d1:81:de:ca:60:ec:
                    14:73:eb:80:dd:6b:7f:38:58:75:66:2f:80:a5:a0:
                    02:48:f8:6f:e5:35:76:ab:e7:6d:47:68:d2:d6:79:
                    d9:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:65:F8:D1:5E:E8:F0:0E:B3:32:42:A8:20:69:02:9B:02:98:9A:BD
            X509v3 Authority Key Identifier:
                keyid:02:84:FD:94:1C:F7:B2:94:B8:82:E7:4D:B0:FC:97:16:74:34:DA:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AoT9lBz3spS4gudNsPyXFnQ02rw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/9f3205-52e9-46a4-b6c2-c703522488f9/1/KWX40V7o8A6zMkKoIGkCmwKYmr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/9f3205-52e9-46a4-b6c2-c703522488f9/1/AoT9lBz3spS4gudNsPyXFnQ02rw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.124.250.0/24
                  103.199.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:a3:1d:c7:b9:17:60:e0:28:44:0a:1c:ca:86:0f:2c:89:e5:
         dd:cf:2c:43:cc:2d:38:a3:99:43:7f:a3:ca:00:63:c2:15:5f:
         89:8d:c9:7c:6e:45:08:0c:b9:66:10:ba:8a:eb:82:f3:37:a1:
         a2:19:f9:cf:4d:5c:c4:28:1e:e9:38:7b:65:2e:51:32:4b:ef:
         84:02:86:2e:6d:0d:bd:7b:23:5f:d8:a4:12:91:8e:00:84:55:
         26:57:ea:bf:7a:c7:a6:e6:3a:37:76:20:a3:0b:29:e6:df:32:
         ef:88:cc:5c:49:dc:32:a2:9a:7d:3d:15:5b:b3:c6:d5:65:c2:
         c9:b1:6e:3d:c7:8b:29:71:2c:e9:29:7f:0d:e9:64:2f:ac:6a:
         ef:cb:34:09:7b:6c:32:78:11:56:7a:d6:83:1d:26:91:a4:cb:
         e0:9b:09:8f:fa:2b:3c:65:80:c7:fd:a1:b3:e3:70:6e:5e:f9:
         92:0b:cd:f3:8a:89:e1:8e:48:13:1b:c7:ba:3e:98:e5:55:02:
         a2:7d:40:3b:ec:48:3e:a6:4e:76:c7:f4:73:91:01:5a:3e:d5:
         76:87:4e:24:9e:ba:14:64:1f:26:cb:5e:27:27:5d:99:a5:27:
         1d:fa:ac:47:59:82:60:00:30:fc:97:e2:b7:4d:ff:7e:6f:5c:
         9d:13:e8:81
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxwThO/vudjXJ+dORJ56phqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyODRmZDk0MWNmN2IyOTRiODgyZTc0ZGIwZmM5NzE2NzQz
NGRhYmMwHhcNMjYwMjE4MTAzMTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTY1ZjhkMTVlZThmMDBlYjMzMjQyYTgyMDY5MDI5YjAyOTg5YWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjP7ZDLCkFMHL/BgtBz0k10YofSx
4/7eame/HnYVsq9Rjw56o3Bv1CT+LlK1MllRkf51f6p1me539X/NGSXjEBkawr7l
cnL0hn9+xvKlz4GXSoQqN92qXxyxk+ucm8XHUyEJvaS18dE23GyT+tjHKYvqTFQp
5pwlMXB16qk0F9STrxWyHwTDnNTmQZqrvA1Z2LnykxpA5GGl4QP8lWv+CHjp6k61
njvF47VlJUca8GGSFvp9GJMft1yeON10HijmylLec8FXQvNFB8YqtEAvdNLJl99u
I9lq0TjRgd7KYOwUc+uA3Wt/OFh1Zi+ApaACSPhv5TV2q+dtR2jS1nnZIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCll+NFe6PAOszJCqCBpApsCmJq9MB8GA1UdIwQY
MBaAFAKE/ZQc97KUuILnTbD8lxZ0NNq8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQW9UOWxCejNzcFM0Z3VkTnNQeVhGblEwMnJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC85ZjMyMDUtNTJlOS00NmE0LWI2YzIt
YzcwMzUyMjQ4OGY5LzEvS1dYNDBWN284QTZ6TWtLb0lHa0Ntd0tZbXIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC85ZjMyMDUtNTJlOS00NmE0LWI2YzItYzcwMzUyMjQ4OGY5
LzEvQW9UOWxCejNzcFM0Z3VkTnNQeVhGblEwMnJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWXz6AwQA
Z8d0MA0GCSqGSIb3DQEBCwUAA4IBAQApox3HuRdg4ChEChzKhg8sieXdzyxDzC04
o5lDf6PKAGPCFV+Jjcl8bkUIDLlmELqK64LzN6GiGfnPTVzEKB7pOHtlLlEyS++E
AoYubQ29eyNf2KQSkY4AhFUmV+q/esem5jo3diCjCynm3zLviMxcSdwyopp9PRVb
s8bVZcLJsW49x4spcSzpKX8N6WQvrGrvyzQJe2wyeBFWetaDHSaRpMvgmwmP+is8
ZYDH/aGz43BuXvmSC83zionhjkgTG8e6PpjlVQKifUA77Eg+pk52x/RzkQFaPtV2
h04knroUZB8my14nJ12ZpScd+qxHWYJgADD8l+K3Tf9+b1ydE+iB
-----END CERTIFICATE-----