Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/a59ee9-33cd-47df-8403-b9472a2c5b3e/1/A8xv8vtzPNYcudy_CkqqgALd8rQ.roa
File:                     A8xv8vtzPNYcudy_CkqqgALd8rQ.roa (raw, json)
Hash identifier:          Z6P1U4fiAAFfK/T39wGFzFC2aSrZXB1b41nd+Paxb+Y=
Subject key identifier:   03:CC:6F:F2:FB:73:3C:D6:1C:B9:DC:BF:0A:4A:AA:80:02:DD:F2:B4
Certificate issuer:       /CN=4fbb63df06de00c843da63977349595471e51a26
Certificate serial:       019C74FA67C42E789F42490556FD39C24BB5
Authority key identifier: 4F:BB:63:DF:06:DE:00:C8:43:DA:63:97:73:49:59:54:71:E5:1A:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T7tj3wbeAMhD2mOXc0lZVHHlGiY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/a59ee9-33cd-47df-8403-b9472a2c5b3e/1/A8xv8vtzPNYcudy_CkqqgALd8rQ.roa
Signing time:             Thu 19 Feb 2026 08:18:13 +0000
ROA not before:           Thu 19 Feb 2026 08:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208805
IP address blocks:        45.84.164.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/a59ee9-33cd-47df-8403-b9472a2c5b3e/1/T7tj3wbeAMhD2mOXc0lZVHHlGiY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/a59ee9-33cd-47df-8403-b9472a2c5b3e/1/T7tj3wbeAMhD2mOXc0lZVHHlGiY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T7tj3wbeAMhD2mOXc0lZVHHlGiY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:74:fa:67:c4:2e:78:9f:42:49:05:56:fd:39:c2:4b:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbb63df06de00c843da63977349595471e51a26
        Validity
            Not Before: Feb 19 08:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=03cc6ff2fb733cd61cb9dcbf0a4aaa8002ddf2b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:31:75:4b:82:a9:d5:60:51:d5:3e:97:42:ad:
                    31:0c:70:53:0e:6a:68:85:16:43:d3:8f:09:35:b7:
                    ff:84:a8:d9:e3:c6:22:bc:76:80:87:9d:3f:51:19:
                    63:31:17:a9:ba:8e:f7:1a:f9:f1:5a:4a:ba:1c:e1:
                    2c:16:7f:d2:e5:be:c0:dd:b2:f8:0a:ab:58:b1:ba:
                    90:d1:ba:9a:e2:9a:44:6d:48:9c:9e:de:16:f9:e7:
                    42:aa:e8:18:24:68:26:92:38:b1:e4:4d:9b:f8:ab:
                    17:e2:c7:e5:d9:86:1d:d7:45:d7:c5:e1:0d:5c:c2:
                    08:b2:a5:2b:85:ea:aa:0b:5d:c9:b2:c9:a7:d4:dd:
                    b7:a1:53:99:fd:9f:c4:0d:17:d4:68:1d:6d:81:13:
                    ed:2e:64:6d:76:9e:2b:4a:41:e1:70:a6:cf:26:bd:
                    1e:22:af:10:9b:1b:09:2e:59:64:20:fa:fa:64:7e:
                    a8:b7:e1:a0:0e:9d:0a:a8:e2:ba:91:b1:43:a2:92:
                    d9:1f:a0:71:a7:2f:9a:59:cf:a0:d0:2f:49:33:c4:
                    33:c2:5c:35:f5:a8:93:c7:8f:be:82:ca:2b:ff:a5:
                    70:9f:d1:15:a3:ef:5b:43:f9:24:91:48:8f:52:1d:
                    68:53:55:19:87:93:4a:a5:30:72:ca:6e:8c:02:9f:
                    19:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:CC:6F:F2:FB:73:3C:D6:1C:B9:DC:BF:0A:4A:AA:80:02:DD:F2:B4
            X509v3 Authority Key Identifier:
                keyid:4F:BB:63:DF:06:DE:00:C8:43:DA:63:97:73:49:59:54:71:E5:1A:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T7tj3wbeAMhD2mOXc0lZVHHlGiY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a59ee9-33cd-47df-8403-b9472a2c5b3e/1/A8xv8vtzPNYcudy_CkqqgALd8rQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a59ee9-33cd-47df-8403-b9472a2c5b3e/1/T7tj3wbeAMhD2mOXc0lZVHHlGiY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:da:de:89:74:cd:f6:91:ba:f0:56:52:da:80:58:2d:22:af:
         38:a9:39:d0:b1:7f:68:2a:fb:1f:c4:aa:04:11:8c:66:86:53:
         13:c0:16:37:0b:bf:b9:4f:57:f1:e8:bb:89:09:6a:69:01:12:
         72:c1:0a:60:07:7c:b2:ef:d9:b3:8f:97:43:87:98:f8:ad:50:
         64:7a:e7:2c:7b:12:b2:c1:d8:e4:21:c6:dc:c5:52:7d:17:d3:
         ea:28:ac:42:4c:e2:1c:4d:64:56:80:f0:a9:76:33:3c:55:ca:
         4d:fb:a8:5a:75:54:bb:9f:44:e5:c1:7b:60:93:45:09:0f:bf:
         fd:01:14:7c:77:e7:6e:2b:4d:a1:30:e3:ce:03:52:3a:e5:83:
         ef:4d:7d:4d:e9:9d:f9:cc:5e:69:a0:76:70:b7:e5:7f:94:b6:
         cb:e2:b6:f3:60:bd:e1:86:64:db:cb:97:8a:8e:d3:a4:2b:80:
         fd:17:51:eb:10:40:89:38:c3:a8:26:6e:8d:9e:3e:e3:37:7d:
         76:d2:7a:06:c2:0c:a7:5e:1e:a0:31:e8:68:64:c3:fa:be:32:
         e2:57:d7:6e:af:8d:85:55:ed:aa:42:28:d1:d1:df:92:ad:2b:
         78:8c:25:65:65:7d:6b:ac:59:66:99:8d:d1:f8:dd:22:87:83:
         cc:fa:0d:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx0+mfELnifQkkFVv05wku1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmI2M2RmMDZkZTAwYzg0M2RhNjM5NzczNDk1OTU0NzFl
NTFhMjYwHhcNMjYwMjE5MDgxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2NjNmZmMmZiNzMzY2Q2MWNiOWRjYmYwYTRhYWE4MDAyZGRmMmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzF1S4Kp1WBR1T6XQq0xDHBTDmpo
hRZD048JNbf/hKjZ48YivHaAh50/URljMRepuo73GvnxWkq6HOEsFn/S5b7A3bL4
CqtYsbqQ0bqa4ppEbUicnt4W+edCqugYJGgmkjix5E2b+KsX4sfl2YYd10XXxeEN
XMIIsqUrheqqC13Jssmn1N23oVOZ/Z/EDRfUaB1tgRPtLmRtdp4rSkHhcKbPJr0e
Iq8QmxsJLllkIPr6ZH6ot+GgDp0KqOK6kbFDopLZH6Bxpy+aWc+g0C9JM8Qzwlw1
9aiTx4++gsor/6Vwn9EVo+9bQ/kkkUiPUh1oU1UZh5NKpTByym6MAp8ZvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAPMb/L7czzWHLncvwpKqoAC3fK0MB8GA1UdIwQY
MBaAFE+7Y98G3gDIQ9pjl3NJWVRx5RomMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDd0ajN3YmVBTWhEMm1PWGMwbFpWSEhsR2lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hNTllZTktMzNjZC00N2RmLTg0MDMt
Yjk0NzJhMmM1YjNlLzEvQTh4djh2dHpQTlljdWR5X0NrcXFnQUxkOHJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hNTllZTktMzNjZC00N2RmLTg0MDMtYjk0NzJhMmM1YjNl
LzEvVDd0ajN3YmVBTWhEMm1PWGMwbFpWSEhsR2lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVSkMA0G
CSqGSIb3DQEBCwUAA4IBAQAU2t6JdM32kbrwVlLagFgtIq84qTnQsX9oKvsfxKoE
EYxmhlMTwBY3C7+5T1fx6LuJCWppARJywQpgB3yy79mzj5dDh5j4rVBkeucsexKy
wdjkIcbcxVJ9F9PqKKxCTOIcTWRWgPCpdjM8VcpN+6hadVS7n0TlwXtgk0UJD7/9
ARR8d+duK02hMOPOA1I65YPvTX1N6Z35zF5poHZwt+V/lLbL4rbzYL3hhmTby5eK
jtOkK4D9F1HrEECJOMOoJm6Nnj7jN3120noGwgynXh6gMehoZMP6vjLiV9dur42F
Ve2qQijR0d+SrSt4jCVlZX1rrFlmmY3R+N0ih4PM+g19
-----END CERTIFICATE-----