Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/kR23whFjS1yTPrK8lRsUC1IvToE.roa
File:                     kR23whFjS1yTPrK8lRsUC1IvToE.roa (raw, json)
Hash identifier:          QZPua623BL753r2guNY8Q/Q1bYRMgfE3VvsbXCxTsdo=
Subject key identifier:   91:1D:B7:C2:11:63:4B:5C:93:3E:B2:BC:95:1B:14:0B:52:2F:4E:81
Certificate issuer:       /CN=ffb2627672877d0f6de9bc4e7e186eedd1356110
Certificate serial:       019C4D6815A58019E7F600D3FE6EB968AF55
Authority key identifier: FF:B2:62:76:72:87:7D:0F:6D:E9:BC:4E:7E:18:6E:ED:D1:35:61:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/kR23whFjS1yTPrK8lRsUC1IvToE.roa
Signing time:             Wed 11 Feb 2026 15:53:12 +0000
ROA not before:           Wed 11 Feb 2026 15:53:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47464
IP address blocks:        2a07:ca00::/30 maxlen: 30
                          2a07:ca05::/32 maxlen: 32
                          2a07:ca06::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 14:11:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4d:68:15:a5:80:19:e7:f6:00:d3:fe:6e:b9:68:af:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffb2627672877d0f6de9bc4e7e186eedd1356110
        Validity
            Not Before: Feb 11 15:53:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=911db7c211634b5c933eb2bc951b140b522f4e81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:98:c1:33:f4:6b:43:bc:a7:96:be:43:ac:d6:
                    c7:1e:ad:e0:1f:61:ff:ac:f6:45:40:e0:b0:14:90:
                    8a:45:4c:98:ed:73:95:85:d4:d6:c5:41:52:71:8a:
                    63:4e:a8:eb:96:61:44:5b:65:52:c7:30:39:3f:ab:
                    42:35:9b:33:3e:82:24:5b:1b:42:3c:89:22:cb:a3:
                    17:5a:ef:84:22:4e:b5:81:be:d7:0d:55:31:a3:b5:
                    ea:e6:de:7e:fe:d7:9b:5c:78:0d:25:8e:cc:d0:2b:
                    b3:ec:dc:b9:e1:a9:ee:5a:52:54:8c:a4:41:b0:bf:
                    29:eb:58:a5:89:3f:7c:11:61:92:f0:f4:bf:dc:c6:
                    3b:6a:c5:0b:0b:a1:3f:76:5f:c8:ca:16:d5:44:83:
                    c8:f8:b2:fc:9e:07:aa:16:19:5c:01:d7:2a:b5:2f:
                    21:f5:10:c1:64:3e:09:9c:2c:c7:ce:4f:14:6c:85:
                    27:69:98:d9:45:bc:77:67:69:95:c0:87:f6:16:4e:
                    64:33:29:25:bb:3f:73:d8:26:52:0a:c7:b7:4c:52:
                    19:00:61:c9:ec:b5:8e:f7:39:2f:79:93:20:07:88:
                    f8:9b:59:5b:47:fd:ea:6c:3a:56:88:cf:f3:0a:4f:
                    61:58:09:cb:37:af:aa:cd:e2:5f:5b:a2:ea:5d:da:
                    5a:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:1D:B7:C2:11:63:4B:5C:93:3E:B2:BC:95:1B:14:0B:52:2F:4E:81
            X509v3 Authority Key Identifier:
                keyid:FF:B2:62:76:72:87:7D:0F:6D:E9:BC:4E:7E:18:6E:ED:D1:35:61:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/kR23whFjS1yTPrK8lRsUC1IvToE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:ca00::/30
                  2a07:ca05::-2a07:ca06:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         71:bd:fc:4e:68:2a:48:b5:46:c0:47:2a:eb:a7:45:86:71:9a:
         31:f2:dc:34:e6:f3:fd:e6:f8:fe:a4:6e:dd:2f:0a:4c:66:85:
         2a:eb:c3:f5:c0:90:89:70:cd:0a:56:a5:dc:b0:bf:b8:78:4b:
         37:ec:b0:d5:e4:ee:d9:7e:69:a4:72:9c:b2:24:11:b8:d4:3a:
         ec:6b:79:11:30:9b:b4:a4:4d:12:3e:b4:5b:0f:79:00:0e:c5:
         b0:a6:0d:4e:ba:7d:50:e9:42:92:24:ef:7a:40:e8:35:e1:c0:
         af:06:5d:34:17:86:e5:7c:a4:13:81:22:b2:ea:82:a9:2d:4b:
         27:f9:47:a6:71:87:2e:c8:d6:7f:5f:b3:94:38:67:4e:c7:ac:
         e6:1f:18:c8:05:86:81:74:4f:b0:41:cb:ef:41:82:58:01:e8:
         c4:00:70:25:a4:ee:cb:f4:4b:1c:c3:27:9e:71:9a:10:f4:db:
         c0:f9:85:c3:dd:36:d6:e7:cb:ed:ba:0a:fd:75:13:99:4f:b9:
         53:9f:44:b9:d3:e3:dc:56:9f:94:b3:40:0a:5b:ab:ad:3c:22:
         05:85:c4:c9:73:8d:03:18:27:9c:32:f8:2b:4f:8e:41:00:20:
         cf:97:7b:9c:33:6a:1e:42:64:69:8d:23:3f:75:ad:c9:cf:09:
         be:01:ac:e9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZxNaBWlgBnn9gDT/m65aK9VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYjI2Mjc2NzI4NzdkMGY2ZGU5YmM0ZTdlMTg2ZWVkZDEz
NTYxMTAwHhcNMjYwMjExMTU1MzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTFkYjdjMjExNjM0YjVjOTMzZWIyYmM5NTFiMTQwYjUyMmY0ZTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZjBM/RrQ7ynlr5DrNbHHq3gH2H/
rPZFQOCwFJCKRUyY7XOVhdTWxUFScYpjTqjrlmFEW2VSxzA5P6tCNZszPoIkWxtC
PIkiy6MXWu+EIk61gb7XDVUxo7Xq5t5+/tebXHgNJY7M0Cuz7Ny54anuWlJUjKRB
sL8p61iliT98EWGS8PS/3MY7asULC6E/dl/IyhbVRIPI+LL8ngeqFhlcAdcqtS8h
9RDBZD4JnCzHzk8UbIUnaZjZRbx3Z2mVwIf2Fk5kMykluz9z2CZSCse3TFIZAGHJ
7LWO9zkveZMgB4j4m1lbR/3qbDpWiM/zCk9hWAnLN6+qzeJfW6LqXdpa2wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJEdt8IRY0tckz6yvJUbFAtSL06BMB8GA1UdIwQY
MBaAFP+yYnZyh30Pbem8Tn4Ybu3RNWEQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzdKaWRuS0hmUTl0NmJ4T2ZoaHU3ZEUxWVJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8yMmM1MTAtMzQ4MC00Y2UxLThkZDgt
MTk3NDY5NDc1NThkLzEva1IyM3doRmpTMXlUUHJLOGxSc1VDMUl2VG9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8yMmM1MTAtMzQ4MC00Y2UxLThkZDgtMTk3NDY5NDc1NThk
LzEvXzdKaWRuS0hmUTl0NmJ4T2ZoaHU3ZEUxWVJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAdBAIAAjAXAwUCKgfKADAO
AwUAKgfKBQMFACoHygYwDQYJKoZIhvcNAQELBQADggEBAHG9/E5oKki1RsBHKuun
RYZxmjHy3DTm8/3m+P6kbt0vCkxmhSrrw/XAkIlwzQpWpdywv7h4SzfssNXk7tl+
aaRynLIkEbjUOuxreREwm7SkTRI+tFsPeQAOxbCmDU66fVDpQpIk73pA6DXhwK8G
XTQXhuV8pBOBIrLqgqktSyf5R6Zxhy7I1n9fs5Q4Z07HrOYfGMgFhoF0T7BBy+9B
glgB6MQAcCWk7sv0SxzDJ55xmhD028D5hcPdNtbny+26Cv11E5lPuVOfRLnT49xW
n5SzQApbq608IgWFxMlzjQMYJ5wy+CtPjkEAIM+Xe5wzah5CZGmNIz91rcnPCb4B
rOk=
-----END CERTIFICATE-----