Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/0e8715-d87e-4ce5-9482-2e97aba0fb2c/1/9HbfhKUnZ7haZ03pPm7cMB8XKU8.roa
File:                     9HbfhKUnZ7haZ03pPm7cMB8XKU8.roa (raw, json)
Hash identifier:          ImuG4if+Hc6PIgHVLJaf1cQyzFqgiLjKr6z/klhg4eU=
Subject key identifier:   F4:76:DF:84:A5:27:67:B8:5A:67:4D:E9:3E:6E:DC:30:1F:17:29:4F
Certificate issuer:       /CN=199b3f908ce6e1764617731b624539421d13c94d
Certificate serial:       019C4FEF98F9FFBE4CFDC2073F3E678899E5
Authority key identifier: 19:9B:3F:90:8C:E6:E1:76:46:17:73:1B:62:45:39:42:1D:13:C9:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GZs_kIzm4XZGF3MbYkU5Qh0TyU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/0e8715-d87e-4ce5-9482-2e97aba0fb2c/1/9HbfhKUnZ7haZ03pPm7cMB8XKU8.roa
Signing time:             Thu 12 Feb 2026 03:40:28 +0000
ROA not before:           Thu 12 Feb 2026 03:40:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209990
IP address blocks:        2001:67c:910::/48 maxlen: 48
                          2001:67c:9d8::/48 maxlen: 48
                          2001:67c:aa0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/0e8715-d87e-4ce5-9482-2e97aba0fb2c/1/GZs_kIzm4XZGF3MbYkU5Qh0TyU0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/0e8715-d87e-4ce5-9482-2e97aba0fb2c/1/GZs_kIzm4XZGF3MbYkU5Qh0TyU0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GZs_kIzm4XZGF3MbYkU5Qh0TyU0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4f:ef:98:f9:ff:be:4c:fd:c2:07:3f:3e:67:88:99:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=199b3f908ce6e1764617731b624539421d13c94d
        Validity
            Not Before: Feb 12 03:40:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f476df84a52767b85a674de93e6edc301f17294f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:73:84:8c:e0:90:05:c3:0a:21:09:13:cd:25:
                    a8:3f:7b:71:42:dc:8b:26:4e:35:fb:c6:b2:be:42:
                    41:26:4a:bc:94:7d:e2:ef:87:f5:e8:e2:22:d5:2a:
                    6b:10:9c:70:88:05:58:ab:f2:b3:d1:3a:06:e1:a6:
                    4f:c1:c4:f0:48:c4:22:76:6d:97:2d:f8:4c:f3:8b:
                    5d:c7:90:2b:5a:52:9b:44:bf:b1:f8:e1:1b:92:5c:
                    61:57:b8:d3:df:23:a7:fc:30:2e:46:d2:69:42:5a:
                    2a:94:10:46:4a:36:aa:b5:c8:01:2e:1a:f2:9c:df:
                    9f:a2:51:6b:1b:dc:15:bc:3f:92:b6:80:b0:37:bb:
                    18:d4:87:3a:8b:d7:af:d2:08:ca:07:5b:f3:d2:f6:
                    03:55:d1:e8:c0:0c:a1:58:be:f3:68:63:dd:e4:73:
                    47:3d:4d:f3:6f:58:ac:b0:53:5c:a9:8e:10:c9:54:
                    64:a5:8f:2f:1c:e8:82:ef:0e:d4:a2:ea:ea:72:78:
                    3f:ac:0d:52:d4:f1:4f:2c:d7:0a:aa:ae:85:ba:1d:
                    90:26:55:bb:f5:58:80:61:20:bf:41:81:c3:ea:f4:
                    aa:6f:e2:1b:ce:b3:38:85:7d:76:e1:1f:7f:f6:6f:
                    08:17:35:24:71:63:99:50:ef:e2:f6:2c:56:42:c6:
                    98:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:76:DF:84:A5:27:67:B8:5A:67:4D:E9:3E:6E:DC:30:1F:17:29:4F
            X509v3 Authority Key Identifier:
                keyid:19:9B:3F:90:8C:E6:E1:76:46:17:73:1B:62:45:39:42:1D:13:C9:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GZs_kIzm4XZGF3MbYkU5Qh0TyU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/0e8715-d87e-4ce5-9482-2e97aba0fb2c/1/9HbfhKUnZ7haZ03pPm7cMB8XKU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/0e8715-d87e-4ce5-9482-2e97aba0fb2c/1/GZs_kIzm4XZGF3MbYkU5Qh0TyU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:910::/48
                  2001:67c:9d8::/48
                  2001:67c:aa0::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:f4:e5:37:91:a1:29:c5:e6:aa:70:39:e4:ab:91:66:0c:c8:
         aa:b6:49:9e:db:73:7c:b6:1d:24:f8:5b:40:82:e2:5e:69:05:
         d4:f8:80:ca:bd:9c:20:4e:7a:a9:7f:86:21:a2:b5:d8:22:01:
         25:6f:90:08:b7:0b:45:49:29:7b:4c:f2:d8:54:ce:e6:7a:68:
         56:e0:2e:44:51:4e:1e:33:69:a1:b4:ed:5a:d7:b8:02:7c:72:
         b9:f0:b6:53:a8:aa:51:0c:6b:37:bd:2a:38:87:cb:23:18:66:
         82:dc:09:63:97:3d:69:28:0f:7e:73:ef:c4:3d:1d:d9:54:14:
         89:e6:1b:d0:55:72:93:48:83:6d:a4:03:a7:22:bb:bc:40:e0:
         45:c9:55:a7:f1:08:a6:93:d4:32:01:3a:36:02:d0:3b:ed:08:
         3c:01:23:17:a0:3e:4b:bb:bc:ba:1b:f3:26:b1:8d:45:ce:4a:
         c8:31:1f:1b:21:38:6c:65:ef:e9:0b:0e:c8:4a:70:d2:a7:78:
         ed:b8:99:f2:8c:83:47:e5:3f:02:69:4c:9d:db:1d:0e:c9:7a:
         4a:ff:17:08:5c:bf:3f:c6:eb:37:4e:cb:ef:b5:0e:e5:ba:bc:
         68:41:fa:60:08:97:ff:5b:c2:bb:ad:13:91:ae:3b:8c:d6:cd:
         84:9e:b8:4b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZxP75j5/75M/cIHPz5niJnlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5OWIzZjkwOGNlNmUxNzY0NjE3NzMxYjYyNDUzOTQyMWQx
M2M5NGQwHhcNMjYwMjEyMDM0MDI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDc2ZGY4NGE1Mjc2N2I4NWE2NzRkZTkzZTZlZGMzMDFmMTcyOTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHOEjOCQBcMKIQkTzSWoP3txQtyL
Jk41+8ayvkJBJkq8lH3i74f16OIi1SprEJxwiAVYq/Kz0ToG4aZPwcTwSMQidm2X
LfhM84tdx5ArWlKbRL+x+OEbklxhV7jT3yOn/DAuRtJpQloqlBBGSjaqtcgBLhry
nN+folFrG9wVvD+StoCwN7sY1Ic6i9ev0gjKB1vz0vYDVdHowAyhWL7zaGPd5HNH
PU3zb1issFNcqY4QyVRkpY8vHOiC7w7Uourqcng/rA1S1PFPLNcKqq6Fuh2QJlW7
9ViAYSC/QYHD6vSqb+IbzrM4hX124R9/9m8IFzUkcWOZUO/i9ixWQsaYxwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPR234SlJ2e4WmdN6T5u3DAfFylPMB8GA1UdIwQY
MBaAFBmbP5CM5uF2RhdzG2JFOUIdE8lNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1pzX2tJem00WFpHRjNNYllrVTVRaDBUeVUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8wZTg3MTUtZDg3ZS00Y2U1LTk0ODIt
MmU5N2FiYTBmYjJjLzEvOUhiZmhLVW5aN2hhWjAzcFBtN2NNQjhYS1U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8wZTg3MTUtZDg3ZS00Y2U1LTk0ODItMmU5N2FiYTBmYjJj
LzEvR1pzX2tJem00WFpHRjNNYllrVTVRaDBUeVUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAIAEGfAkQ
AwcAIAEGfAnYAwcAIAEGfAqgMA0GCSqGSIb3DQEBCwUAA4IBAQCO9OU3kaEpxeaq
cDnkq5FmDMiqtkme23N8th0k+FtAguJeaQXU+IDKvZwgTnqpf4YhorXYIgElb5AI
twtFSSl7TPLYVM7memhW4C5EUU4eM2mhtO1a17gCfHK58LZTqKpRDGs3vSo4h8sj
GGaC3Aljlz1pKA9+c+/EPR3ZVBSJ5hvQVXKTSINtpAOnIru8QOBFyVWn8Qimk9Qy
ATo2AtA77Qg8ASMXoD5Lu7y6G/MmsY1FzkrIMR8bIThsZe/pCw7ISnDSp3jtuJny
jINH5T8CaUyd2x0OyXpK/xcIXL8/xus3TsvvtQ7lurxoQfpgCJf/W8K7rRORrjuM
1s2EnrhL
-----END CERTIFICATE-----