Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/Te7hhMphvQ5EXJGUARJ2QmuB9is.roa
File:                     Te7hhMphvQ5EXJGUARJ2QmuB9is.roa (raw, json)
Hash identifier:          VThy3BxGB0l0YexK6a3YlAdq8VXpKxHqVaWw46D49bE=
Subject key identifier:   4D:EE:E1:84:CA:61:BD:0E:44:5C:91:94:01:12:76:42:6B:81:F6:2B
Certificate issuer:       /CN=816d220b2b5a46fbeb27ef2d969fa21dd338c5b3
Certificate serial:       019C3D922112122C505A98C1F3594FE18358
Authority key identifier: 81:6D:22:0B:2B:5A:46:FB:EB:27:EF:2D:96:9F:A2:1D:D3:38:C5:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gW0iCytaRvvrJ-8tlp-iHdM4xbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/Te7hhMphvQ5EXJGUARJ2QmuB9is.roa
Signing time:             Sun 08 Feb 2026 14:05:12 +0000
ROA not before:           Sun 08 Feb 2026 14:05:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201801
IP address blocks:        185.140.53.0/24 maxlen: 24
                          2a07:1a84::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/gW0iCytaRvvrJ-8tlp-iHdM4xbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/gW0iCytaRvvrJ-8tlp-iHdM4xbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gW0iCytaRvvrJ-8tlp-iHdM4xbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:3d:92:21:12:12:2c:50:5a:98:c1:f3:59:4f:e1:83:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=816d220b2b5a46fbeb27ef2d969fa21dd338c5b3
        Validity
            Not Before: Feb  8 14:05:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4deee184ca61bd0e445c9194011276426b81f62b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:f5:89:fe:6f:05:01:65:d2:7a:38:17:52:18:
                    90:2e:01:8d:b4:4d:af:6f:81:67:c4:bf:09:46:61:
                    6b:8a:dd:a5:7e:3c:2d:56:be:db:46:a8:65:34:a1:
                    d2:30:79:c2:e5:bd:70:d7:82:ad:1c:ac:71:f8:9a:
                    33:22:6a:0a:f7:64:49:cf:26:0e:52:00:6c:b2:b3:
                    fd:19:b2:92:f0:99:c7:c9:2e:06:d4:f6:e7:47:63:
                    5a:95:12:21:29:0a:36:6c:bb:d3:10:4b:6f:9c:f9:
                    22:d1:bf:f6:fa:c0:0f:f8:56:af:f4:a3:45:89:cd:
                    40:78:75:a2:d0:bf:15:97:e6:ca:56:98:54:ea:63:
                    f8:13:c7:f5:60:f4:6f:98:ee:64:fe:83:76:67:08:
                    36:59:a9:17:c9:e3:2d:33:6f:65:a8:a9:f6:34:ab:
                    23:9c:92:94:6c:81:9e:34:31:be:e9:c9:86:d6:46:
                    48:bd:09:0f:2e:5a:5d:6d:65:a4:4f:f5:da:65:f9:
                    bc:2f:9d:37:b1:d4:c7:08:20:76:d0:c6:29:07:c1:
                    98:25:0a:dd:5a:9e:b7:e0:92:9c:08:3b:f3:8c:99:
                    3c:f6:3f:79:2d:47:21:91:81:06:b2:ed:4c:46:da:
                    e5:20:31:c7:47:84:9c:81:37:da:7b:a1:53:32:32:
                    0c:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:EE:E1:84:CA:61:BD:0E:44:5C:91:94:01:12:76:42:6B:81:F6:2B
            X509v3 Authority Key Identifier:
                keyid:81:6D:22:0B:2B:5A:46:FB:EB:27:EF:2D:96:9F:A2:1D:D3:38:C5:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gW0iCytaRvvrJ-8tlp-iHdM4xbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/Te7hhMphvQ5EXJGUARJ2QmuB9is.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/gW0iCytaRvvrJ-8tlp-iHdM4xbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.53.0/24
                IPv6:
                  2a07:1a84::/44

    Signature Algorithm: sha256WithRSAEncryption
         7b:78:62:fa:b3:a1:4b:23:83:73:b4:b9:f9:e1:ce:f6:9b:eb:
         25:db:fc:78:2d:17:4a:8b:94:e0:1a:f0:a7:23:b7:83:a2:1f:
         58:f1:74:da:cb:ff:8b:79:d6:e7:44:96:2f:a1:80:f9:a1:2b:
         16:16:6f:46:fd:ea:b1:6b:50:6c:e2:72:1e:3a:d9:54:42:04:
         b1:ea:aa:9f:c5:5b:f0:15:7b:00:d2:8f:1f:0b:46:e0:54:87:
         1d:82:4d:48:41:0c:ce:62:33:75:c7:a1:d6:10:2a:b7:0f:d3:
         fa:2c:84:cf:30:aa:78:e1:3d:f9:be:22:14:82:a1:fa:40:d8:
         87:bb:f7:95:6e:87:4a:66:13:65:b5:e6:ce:ce:e6:1d:19:ef:
         0f:47:fe:a7:76:6a:ae:7a:8d:4d:75:f4:58:fb:81:73:34:f6:
         b3:e0:22:03:27:f2:73:50:17:d6:36:3e:ed:ab:54:89:13:fc:
         97:1a:2a:ba:a0:26:17:d6:d1:29:f5:73:1f:92:51:bb:e5:e3:
         3b:04:91:f1:06:7c:f5:0b:af:8b:31:b5:19:eb:03:72:c5:81:
         b8:0f:6b:19:53:31:4f:cf:d0:c8:07:78:71:bf:0e:ee:e4:9f:
         0e:82:82:10:78:7b:4f:a3:ff:ea:11:9d:bc:27:53:8f:c0:f7:
         e5:55:17:1a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZw9kiESEixQWpjB81lP4YNYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxNmQyMjBiMmI1YTQ2ZmJlYjI3ZWYyZDk2OWZhMjFkZDMz
OGM1YjMwHhcNMjYwMjA4MTQwNTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGVlZTE4NGNhNjFiZDBlNDQ1YzkxOTQwMTEyNzY0MjZiODFmNjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+fWJ/m8FAWXSejgXUhiQLgGNtE2v
b4FnxL8JRmFrit2lfjwtVr7bRqhlNKHSMHnC5b1w14KtHKxx+JozImoK92RJzyYO
UgBssrP9GbKS8JnHyS4G1PbnR2NalRIhKQo2bLvTEEtvnPki0b/2+sAP+Fav9KNF
ic1AeHWi0L8Vl+bKVphU6mP4E8f1YPRvmO5k/oN2Zwg2WakXyeMtM29lqKn2NKsj
nJKUbIGeNDG+6cmG1kZIvQkPLlpdbWWkT/XaZfm8L503sdTHCCB20MYpB8GYJQrd
Wp634JKcCDvzjJk89j95LUchkYEGsu1MRtrlIDHHR4ScgTfae6FTMjIMjwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFE3u4YTKYb0ORFyRlAESdkJrgfYrMB8GA1UdIwQY
MBaAFIFtIgsrWkb76yfvLZafoh3TOMWzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1cwaUN5dGFSdnZySi04dGxwLWlIZE00eGJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC85NzEzMTEtZjQ3Zi00NmRiLThjNTct
ZTk3ODIwNDFjYzI0LzEvVGU3aGhNcGh2UTVFWEpHVUFSSjJRbXVCOWlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC85NzEzMTEtZjQ3Zi00NmRiLThjNTctZTk3ODIwNDFjYzI0
LzEvZ1cwaUN5dGFSdnZySi04dGxwLWlIZE00eGJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuYw1MA8E
AgACMAkDBwQqBxqEAAAwDQYJKoZIhvcNAQELBQADggEBAHt4YvqzoUsjg3O0ufnh
zvab6yXb/HgtF0qLlOAa8Kcjt4OiH1jxdNrL/4t51udEli+hgPmhKxYWb0b96rFr
UGzich462VRCBLHqqp/FW/AVewDSjx8LRuBUhx2CTUhBDM5iM3XHodYQKrcP0/os
hM8wqnjhPfm+IhSCofpA2Ie795Vuh0pmE2W15s7O5h0Z7w9H/qd2aq56jU119Fj7
gXM09rPgIgMn8nNQF9Y2Pu2rVIkT/JcaKrqgJhfW0Sn1cx+SUbvl4zsEkfEGfPUL
r4sxtRnrA3LFgbgPaxlTMU/P0MgHeHG/Du7knw6CghB4e0+j/+oRnbwnU4/A9+VV
Fxo=
-----END CERTIFICATE-----