Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/8SFZw8BMAj1xVhdMMCCs15uYf7Q.roa
File:                     8SFZw8BMAj1xVhdMMCCs15uYf7Q.roa (raw, json)
Hash identifier:          9ezJKc1nhlgcq48JgfbfaaUeNcn0fAJH9w4Rv8ctllY=
Subject key identifier:   F1:21:59:C3:C0:4C:02:3D:71:56:17:4C:30:20:AC:D7:9B:98:7F:B4
Certificate issuer:       /CN=d3e97033a36aa9bcc0c2f167e620d7ca1493cbea
Certificate serial:       019C52073DE1318F9660D504C7E0150F6005
Authority key identifier: D3:E9:70:33:A3:6A:A9:BC:C0:C2:F1:67:E6:20:D7:CA:14:93:CB:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/8SFZw8BMAj1xVhdMMCCs15uYf7Q.roa
Signing time:             Thu 12 Feb 2026 13:25:31 +0000
ROA not before:           Thu 12 Feb 2026 13:25:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201219
IP address blocks:        93.185.152.0/24 maxlen: 32
                          2a00:8740:2100::/40 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:52:07:3d:e1:31:8f:96:60:d5:04:c7:e0:15:0f:60:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3e97033a36aa9bcc0c2f167e620d7ca1493cbea
        Validity
            Not Before: Feb 12 13:25:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f12159c3c04c023d7156174c3020acd79b987fb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:61:a1:6d:a7:6b:15:94:dc:67:aa:a9:b4:1b:
                    d5:17:d2:25:a8:c6:4e:db:e0:3e:e7:7d:cb:4b:e9:
                    e4:97:42:bb:40:77:be:90:1e:73:c6:41:b9:ea:d9:
                    d0:09:d5:5b:23:db:92:63:11:d2:d0:4d:5c:ca:7c:
                    cc:ff:72:50:45:23:05:90:c9:fd:59:e7:44:f5:14:
                    b9:dc:20:67:d7:bb:c9:a0:9b:3e:de:8d:5d:18:04:
                    ff:09:13:35:44:f3:de:12:4c:88:7e:91:4f:a3:7c:
                    1c:4c:81:4c:30:6d:66:aa:7f:58:f9:1d:40:42:9b:
                    21:af:1d:38:a8:73:36:76:6c:2b:aa:9e:54:55:f3:
                    4a:01:58:6d:3b:6b:b8:21:81:a7:52:c2:54:90:3d:
                    50:3a:da:7e:49:d9:1b:98:85:b3:b3:67:40:02:62:
                    ae:fe:02:b2:44:af:54:25:6b:30:a1:db:b7:01:eb:
                    00:a1:36:bb:4a:93:f9:b1:c3:91:2b:65:27:61:b0:
                    df:ba:f0:8a:47:0d:db:da:3c:f9:12:a4:d3:8c:6e:
                    81:00:f1:56:ae:86:7c:36:94:d4:2d:fb:4c:ca:54:
                    72:8f:14:f2:45:6a:04:f2:14:2d:a2:ae:0b:a4:21:
                    f3:af:e5:1c:7c:07:df:63:b3:81:03:e7:88:ff:84:
                    a9:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:21:59:C3:C0:4C:02:3D:71:56:17:4C:30:20:AC:D7:9B:98:7F:B4
            X509v3 Authority Key Identifier:
                keyid:D3:E9:70:33:A3:6A:A9:BC:C0:C2:F1:67:E6:20:D7:CA:14:93:CB:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/8SFZw8BMAj1xVhdMMCCs15uYf7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.185.152.0/24
                IPv6:
                  2a00:8740:2100::/40

    Signature Algorithm: sha256WithRSAEncryption
         36:76:3c:db:43:9c:6b:c5:86:5e:1d:60:cf:94:dd:3e:5a:0f:
         af:f6:b5:6f:e7:62:4c:13:30:37:b3:a6:fb:f3:86:d6:59:d6:
         c2:73:f1:3a:7e:8e:97:0d:51:26:0a:00:6c:b1:40:af:74:a1:
         a1:29:d2:6c:78:68:d4:ae:94:9f:ce:5f:56:c5:a0:e9:29:76:
         3a:84:9a:d6:d3:31:bc:c4:b0:ad:1b:66:1a:f9:66:e2:d7:ea:
         85:5f:97:39:00:07:ef:67:1b:d5:f0:bf:3f:9d:da:38:84:09:
         b5:2e:63:87:89:44:5a:8d:dc:77:6a:8a:bd:7d:ab:c8:c4:69:
         f3:d2:02:2b:26:5c:63:30:de:37:e0:40:95:c7:12:f7:56:62:
         ea:e6:33:b3:01:85:d1:e3:72:34:3d:f9:08:df:5c:c2:93:34:
         7e:df:80:fd:bb:f2:5e:46:1a:15:61:b6:7d:66:01:58:89:cb:
         56:06:b1:be:fd:01:cc:8e:0a:8e:cd:01:67:4f:e9:d2:b9:a0:
         88:32:28:90:72:95:4b:8f:5b:24:80:a5:1a:33:3b:4c:11:d2:
         bc:37:94:93:37:61:01:5e:3e:5a:7e:36:6f:66:fd:a3:f2:6c:
         94:9d:ac:56:26:7a:4c:d7:6e:68:e8:90:2a:56:14:f6:eb:50:
         fe:25:80:a8
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZxSBz3hMY+WYNUEx+AVD2AFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZTk3MDMzYTM2YWE5YmNjMGMyZjE2N2U2MjBkN2NhMTQ5
M2NiZWEwHhcNMjYwMjEyMTMyNTMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTIxNTljM2MwNGMwMjNkNzE1NjE3NGMzMDIwYWNkNzliOTg3ZmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWGhbadrFZTcZ6qptBvVF9IlqMZO
2+A+533LS+nkl0K7QHe+kB5zxkG56tnQCdVbI9uSYxHS0E1cynzM/3JQRSMFkMn9
WedE9RS53CBn17vJoJs+3o1dGAT/CRM1RPPeEkyIfpFPo3wcTIFMMG1mqn9Y+R1A
Qpshrx04qHM2dmwrqp5UVfNKAVhtO2u4IYGnUsJUkD1QOtp+SdkbmIWzs2dAAmKu
/gKyRK9UJWswodu3AesAoTa7SpP5scORK2UnYbDfuvCKRw3b2jz5EqTTjG6BAPFW
roZ8NpTULftMylRyjxTyRWoE8hQtoq4LpCHzr+UcfAffY7OBA+eI/4SpywIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPEhWcPATAI9cVYXTDAgrNebmH+0MB8GA1UdIwQY
MBaAFNPpcDOjaqm8wMLxZ+Yg18oUk8vqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMC1sd002TnFxYnpBd3ZGbjVpRFh5aFNUeS1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS81YTMyMGItZTk0Zi00MWM5LTgyZjMt
ZGJmOWQ0MWYxNzk4LzEvOFNGWnc4Qk1BajF4VmhkTU1DQ3MxNXVZZjdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS81YTMyMGItZTk0Zi00MWM5LTgyZjMtZGJmOWQ0MWYxNzk4
LzEvMC1sd002TnFxYnpBd3ZGbjVpRFh5aFNUeS1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAXbmYMA4E
AgACMAgDBgAqAIdAITANBgkqhkiG9w0BAQsFAAOCAQEANnY820Oca8WGXh1gz5Td
PloPr/a1b+diTBMwN7Om+/OG1lnWwnPxOn6Olw1RJgoAbLFAr3ShoSnSbHho1K6U
n85fVsWg6Sl2OoSa1tMxvMSwrRtmGvlm4tfqhV+XOQAH72cb1fC/P53aOIQJtS5j
h4lEWo3cd2qKvX2ryMRp89ICKyZcYzDeN+BAlccS91Zi6uYzswGF0eNyND35CN9c
wpM0ft+A/bvyXkYaFWG2fWYBWInLVgaxvv0BzI4Kjs0BZ0/p0rmgiDIokHKVS49b
JIClGjM7TBHSvDeUkzdhAV4+Wn42b2b9o/JslJ2sViZ6TNduaOiQKlYU9utQ/iWA
qA==
-----END CERTIFICATE-----