Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/7D9sz2lNDDFE-hf_AZPWGLWGdbE.roa
File:                     7D9sz2lNDDFE-hf_AZPWGLWGdbE.roa (raw, json)
Hash identifier:          mL2JXZ+wB0ouBK+uGiGH4SC4V/HFHA0CKlPyqXe2ad8=
Subject key identifier:   EC:3F:6C:CF:69:4D:0C:31:44:FA:17:FF:01:93:D6:18:B5:86:75:B1
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019C94A5A0B01BAA11285BD22076B146467F
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/7D9sz2lNDDFE-hf_AZPWGLWGdbE.roa
Signing time:             Wed 25 Feb 2026 11:53:28 +0000
ROA not before:           Wed 25 Feb 2026 11:53:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400463
IP address blocks:        217.60.232.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 08:38:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:94:a5:a0:b0:1b:aa:11:28:5b:d2:20:76:b1:46:46:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Feb 25 11:53:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ec3f6ccf694d0c3144fa17ff0193d618b58675b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:00:3d:3c:cc:10:a4:78:d5:3b:fe:64:17:f3:
                    62:d3:67:b9:4e:03:a9:37:74:f5:82:37:e1:84:17:
                    cc:aa:48:ec:ba:8b:e6:20:89:9c:3b:6e:f3:34:d8:
                    28:aa:b8:a5:81:85:c1:dc:90:4f:f9:59:5a:35:4d:
                    f8:8b:a7:80:94:18:96:bf:a0:6e:67:4e:8d:b5:88:
                    2d:37:11:da:71:7a:81:71:a4:02:b5:7a:52:4d:66:
                    87:dc:12:c5:63:e7:8c:d6:15:e3:69:d9:78:b0:49:
                    09:38:ab:1b:ef:c8:d0:3a:b5:d7:33:95:eb:e1:3c:
                    ec:01:12:ac:89:e7:c8:e4:71:07:4c:ac:77:0a:7f:
                    43:d1:43:8e:c7:9f:b2:d6:9a:da:bf:b5:e8:2a:21:
                    04:48:39:fc:70:d5:ba:a8:cb:d6:9c:b5:5a:29:e9:
                    5a:69:ae:68:54:f4:73:0d:fc:ed:8a:12:d1:59:6f:
                    cb:08:d5:fd:24:7a:84:5e:b1:b3:39:ce:d0:dd:22:
                    a7:f8:dc:04:5a:7e:9d:33:21:55:82:96:45:db:0b:
                    a1:94:2f:43:61:d6:02:12:34:37:97:2c:9e:0d:d1:
                    f7:2d:cb:9d:41:bf:03:95:c8:da:6b:67:3a:14:08:
                    8e:2e:6a:37:2b:95:f0:77:45:e9:19:44:df:8e:41:
                    82:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:3F:6C:CF:69:4D:0C:31:44:FA:17:FF:01:93:D6:18:B5:86:75:B1
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/7D9sz2lNDDFE-hf_AZPWGLWGdbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a0:b4:34:2f:2b:7b:d8:77:f3:28:d9:3d:e2:ba:17:97:21:a9:
         4c:35:f9:50:de:cc:aa:99:1a:66:ca:8c:8c:34:d8:28:59:21:
         e8:d1:a2:2e:e7:b3:c9:71:d6:70:73:af:35:2a:8d:56:27:6f:
         f5:3f:2f:74:e7:d3:e7:d7:7f:81:8c:d5:ae:34:b7:92:bc:3f:
         db:42:d9:94:57:e9:d4:e5:5b:c2:74:06:b7:ec:19:88:d3:84:
         13:56:c5:31:3d:f3:23:d1:ee:b8:aa:a4:dd:7a:62:4e:4e:01:
         28:e5:43:b5:af:2f:b2:91:d6:cc:82:d4:c4:48:b8:47:06:06:
         8e:00:e2:77:c2:f2:4f:c7:21:e8:4d:1d:50:a2:3b:4d:1f:fd:
         04:79:89:56:ec:a3:0d:3c:8c:3d:68:ed:eb:66:36:69:b0:e8:
         21:98:e0:66:5b:34:dc:77:3b:69:96:b8:73:09:a2:0d:1c:53:
         3b:54:a9:9f:8a:21:fd:0f:7c:8d:d7:b1:2a:1b:05:fb:7e:11:
         e4:10:ee:42:a9:76:da:a5:65:7e:44:07:20:aa:c7:f2:8f:e9:
         fa:cd:da:03:d1:1c:a7:30:0f:cc:42:26:96:f5:73:20:16:08:
         a5:c2:18:b6:39:c1:9c:2f:a0:c2:9d:a5:35:a7:be:a3:47:e8:
         d6:9b:25:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyUpaCwG6oRKFvSIHaxRkZ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMjI1MTE1MzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzNmNmNjZjY5NGQwYzMxNDRmYTE3ZmYwMTkzZDYxOGI1ODY3NWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQA9PMwQpHjVO/5kF/Ni02e5TgOp
N3T1gjfhhBfMqkjsuovmIImcO27zNNgoqrilgYXB3JBP+VlaNU34i6eAlBiWv6Bu
Z06NtYgtNxHacXqBcaQCtXpSTWaH3BLFY+eM1hXjadl4sEkJOKsb78jQOrXXM5Xr
4TzsARKsiefI5HEHTKx3Cn9D0UOOx5+y1prav7XoKiEESDn8cNW6qMvWnLVaKela
aa5oVPRzDfztihLRWW/LCNX9JHqEXrGzOc7Q3SKn+NwEWn6dMyFVgpZF2wuhlC9D
YdYCEjQ3lyyeDdH3LcudQb8Dlcjaa2c6FAiOLmo3K5Xwd0XpGUTfjkGCgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOw/bM9pTQwxRPoX/wGT1hi1hnWxMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvN0Q5c3oybE5EREZFLWhmX0FaUFdHTFdHZGJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2TzoMA0G
CSqGSIb3DQEBCwUAA4IBAQCgtDQvK3vYd/Mo2T3iuheXIalMNflQ3syqmRpmyoyM
NNgoWSHo0aIu57PJcdZwc681Ko1WJ2/1Py9059Pn13+BjNWuNLeSvD/bQtmUV+nU
5VvCdAa37BmI04QTVsUxPfMj0e64qqTdemJOTgEo5UO1ry+ykdbMgtTESLhHBgaO
AOJ3wvJPxyHoTR1QojtNH/0EeYlW7KMNPIw9aO3rZjZpsOghmOBmWzTcdztplrhz
CaINHFM7VKmfiiH9D3yN17EqGwX7fhHkEO5CqXbapWV+RAcgqsfyj+n6zdoD0Ryn
MA/MQiaW9XMgFgilwhi2OcGcL6DCnaU1p76jR+jWmyWv
-----END CERTIFICATE-----