Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/ce8943-0ea4-46a3-95fc-ad7a02f1946a/1/wH_MfDJl_h2tECJc3oCb2Qz0pi4.roa
File:                     wH_MfDJl_h2tECJc3oCb2Qz0pi4.roa (raw, json)
Hash identifier:          8pIUEql8CBNNXltIona5AYLJWg9u6/3eIQY5XVZR3ks=
Subject key identifier:   C0:7F:CC:7C:32:65:FE:1D:AD:10:22:5C:DE:80:9B:D9:0C:F4:A6:2E
Certificate issuer:       /CN=41fa6fa00898ad35ee67fb5a5a19105db6c1d1eb
Certificate serial:       019C4F968ECAFCE21622919B27CAF17235D1
Authority key identifier: 41:FA:6F:A0:08:98:AD:35:EE:67:FB:5A:5A:19:10:5D:B6:C1:D1:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QfpvoAiYrTXuZ_taWhkQXbbB0es.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/ce8943-0ea4-46a3-95fc-ad7a02f1946a/1/wH_MfDJl_h2tECJc3oCb2Qz0pi4.roa
Signing time:             Thu 12 Feb 2026 02:03:12 +0000
ROA not before:           Thu 12 Feb 2026 02:03:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213424
IP address blocks:        2001:67c:c88::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/ce8943-0ea4-46a3-95fc-ad7a02f1946a/1/QfpvoAiYrTXuZ_taWhkQXbbB0es.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/ce8943-0ea4-46a3-95fc-ad7a02f1946a/1/QfpvoAiYrTXuZ_taWhkQXbbB0es.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QfpvoAiYrTXuZ_taWhkQXbbB0es.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4f:96:8e:ca:fc:e2:16:22:91:9b:27:ca:f1:72:35:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41fa6fa00898ad35ee67fb5a5a19105db6c1d1eb
        Validity
            Not Before: Feb 12 02:03:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c07fcc7c3265fe1dad10225cde809bd90cf4a62e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:9a:19:ed:a7:df:fc:c7:f5:9e:17:be:2e:9e:
                    49:c7:ab:86:bf:36:43:bc:1f:93:8c:ca:2a:b1:05:
                    d1:73:21:4a:17:40:86:14:0e:55:4a:ae:60:65:29:
                    7b:a2:bd:14:1c:c0:c0:fc:7c:51:bf:ad:9f:a1:be:
                    71:1c:83:79:80:c1:80:68:9c:c5:dd:37:2d:74:02:
                    dd:e6:81:52:79:63:97:ae:37:75:a6:f9:d1:34:50:
                    aa:63:5b:b7:b4:e9:da:7b:bd:2c:24:ad:0e:88:14:
                    53:e5:40:a4:81:07:4c:76:f1:2f:81:c6:4a:a3:da:
                    71:a3:48:27:1f:f5:46:19:5b:c0:6c:7e:35:e3:4b:
                    de:cc:50:19:f8:fb:a5:cc:49:36:dc:9b:ea:0f:d7:
                    13:b7:3a:2e:40:6f:23:70:c9:d2:f2:41:09:d9:ff:
                    ac:79:55:6b:79:70:76:e2:51:b6:fb:27:c9:06:c1:
                    85:51:26:47:67:c2:12:28:c3:d9:2a:82:7e:53:ef:
                    84:1f:87:fa:af:f1:da:1c:4c:44:a3:c1:25:ef:1f:
                    c6:85:07:75:cd:8c:0c:38:cc:8f:e9:a8:87:57:3b:
                    3a:42:44:a0:35:c9:58:03:17:8c:0c:5e:b9:d2:f0:
                    f7:5d:6b:19:ac:31:41:f1:93:1e:81:a8:8d:51:76:
                    98:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:7F:CC:7C:32:65:FE:1D:AD:10:22:5C:DE:80:9B:D9:0C:F4:A6:2E
            X509v3 Authority Key Identifier:
                keyid:41:FA:6F:A0:08:98:AD:35:EE:67:FB:5A:5A:19:10:5D:B6:C1:D1:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QfpvoAiYrTXuZ_taWhkQXbbB0es.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/ce8943-0ea4-46a3-95fc-ad7a02f1946a/1/wH_MfDJl_h2tECJc3oCb2Qz0pi4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/ce8943-0ea4-46a3-95fc-ad7a02f1946a/1/QfpvoAiYrTXuZ_taWhkQXbbB0es.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:c88::/48

    Signature Algorithm: sha256WithRSAEncryption
         5f:6d:ab:4a:60:04:88:21:39:f9:4b:af:e0:bc:a7:4a:b0:3b:
         21:c0:24:9f:ba:3d:e8:f3:a6:5a:7b:ce:9b:cd:a5:e5:dc:f1:
         c3:ed:0f:46:5b:ac:c5:50:b5:16:5f:39:7b:a3:cc:07:74:34:
         0e:64:1c:3d:27:02:98:a6:09:18:17:73:be:52:5e:b6:f1:17:
         cc:2c:30:1c:1d:a3:5e:05:e8:cd:19:4c:7c:3e:f6:fe:da:5e:
         d3:da:8a:cb:29:53:a1:cf:43:f7:27:86:a0:bf:83:93:fd:ec:
         da:1e:eb:c8:bd:f2:54:c0:97:60:95:6d:e1:75:b7:a3:e9:58:
         d1:98:b8:15:73:85:71:4c:1a:76:43:4c:72:5c:b2:0e:bb:19:
         70:e3:e4:72:81:d2:c6:9f:1f:fa:b9:87:fc:0b:2a:a4:b2:01:
         11:63:de:1f:2a:f4:fc:fb:0b:29:10:5e:aa:8a:a8:c9:5e:03:
         0b:76:07:f9:f8:f2:0c:f0:aa:6a:55:c2:f6:fb:28:57:47:b5:
         0f:21:05:1c:35:ae:78:95:94:17:4e:13:cf:6c:1f:50:48:79:
         31:9b:b4:de:5a:38:66:69:01:01:54:23:2c:8f:e3:41:d3:f4:
         54:29:0b:fd:fc:dc:ac:32:c5:82:fc:40:1d:58:5a:cf:f7:b3:
         d8:3c:8e:64
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZxPlo7K/OIWIpGbJ8rxcjXRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZmE2ZmEwMDg5OGFkMzVlZTY3ZmI1YTVhMTkxMDVkYjZj
MWQxZWIwHhcNMjYwMjEyMDIwMzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDdmY2M3YzMyNjVmZTFkYWQxMDIyNWNkZTgwOWJkOTBjZjRhNjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpoZ7aff/Mf1nhe+Lp5Jx6uGvzZD
vB+TjMoqsQXRcyFKF0CGFA5VSq5gZSl7or0UHMDA/HxRv62fob5xHIN5gMGAaJzF
3TctdALd5oFSeWOXrjd1pvnRNFCqY1u3tOnae70sJK0OiBRT5UCkgQdMdvEvgcZK
o9pxo0gnH/VGGVvAbH4140vezFAZ+PulzEk23JvqD9cTtzouQG8jcMnS8kEJ2f+s
eVVreXB24lG2+yfJBsGFUSZHZ8ISKMPZKoJ+U++EH4f6r/HaHExEo8El7x/GhQd1
zYwMOMyP6aiHVzs6QkSgNclYAxeMDF650vD3XWsZrDFB8ZMegaiNUXaYEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMB/zHwyZf4drRAiXN6Am9kM9KYuMB8GA1UdIwQY
MBaAFEH6b6AImK017mf7WloZEF22wdHrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWZwdm9BaVlyVFh1Wl90YVdoa1FYYmJCMGVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9jZTg5NDMtMGVhNC00NmEzLTk1ZmMt
YWQ3YTAyZjE5NDZhLzEvd0hfTWZESmxfaDJ0RUNKYzNvQ2IyUXowcGk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9jZTg5NDMtMGVhNC00NmEzLTk1ZmMtYWQ3YTAyZjE5NDZh
LzEvUWZwdm9BaVlyVFh1Wl90YVdoa1FYYmJCMGVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAyI
MA0GCSqGSIb3DQEBCwUAA4IBAQBfbatKYASIITn5S6/gvKdKsDshwCSfuj3o86Za
e86bzaXl3PHD7Q9GW6zFULUWXzl7o8wHdDQOZBw9JwKYpgkYF3O+Ul628RfMLDAc
HaNeBejNGUx8Pvb+2l7T2orLKVOhz0P3J4agv4OT/ezaHuvIvfJUwJdglW3hdbej
6VjRmLgVc4VxTBp2Q0xyXLIOuxlw4+RygdLGnx/6uYf8CyqksgERY94fKvT8+wsp
EF6qiqjJXgMLdgf5+PIM8KpqVcL2+yhXR7UPIQUcNa54lZQXThPPbB9QSHkxm7Te
WjhmaQEBVCMsj+NB0/RUKQv9/NysMsWC/EAdWFrP97PYPI5k
-----END CERTIFICATE-----