Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/1mX8w6XwA7woU8wmLAJ5ZXky2sk.roa
File:                     1mX8w6XwA7woU8wmLAJ5ZXky2sk.roa (raw, json)
Hash identifier:          O4FxQ+GxB8UXGvgtMf5kwgBczUX5jVwN68R45/WuCz8=
Subject key identifier:   D6:65:FC:C3:A5:F0:03:BC:28:53:CC:26:2C:02:79:65:79:32:DA:C9
Certificate issuer:       /CN=423d93054f063cf8a291861735f90059ab9ec169
Certificate serial:       019C5B7706978CFAA65CD1651A13D8E25705
Authority key identifier: 42:3D:93:05:4F:06:3C:F8:A2:91:86:17:35:F9:00:59:AB:9E:C1:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qj2TBU8GPPiikYYXNfkAWauewWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/1mX8w6XwA7woU8wmLAJ5ZXky2sk.roa
Signing time:             Sat 14 Feb 2026 09:24:12 +0000
ROA not before:           Sat 14 Feb 2026 09:24:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204834
IP address blocks:        178.157.0.0/24 maxlen: 24
                          185.188.112.0/24 maxlen: 24
                          185.188.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/Qj2TBU8GPPiikYYXNfkAWauewWk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/Qj2TBU8GPPiikYYXNfkAWauewWk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qj2TBU8GPPiikYYXNfkAWauewWk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:5b:77:06:97:8c:fa:a6:5c:d1:65:1a:13:d8:e2:57:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=423d93054f063cf8a291861735f90059ab9ec169
        Validity
            Not Before: Feb 14 09:24:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d665fcc3a5f003bc2853cc262c0279657932dac9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:70:15:b3:75:84:b4:8d:ed:00:f5:8f:0d:f1:
                    05:7c:69:d1:11:e3:b2:d0:d4:e6:06:30:eb:a3:9f:
                    b5:af:16:32:24:6b:14:1d:1f:cc:01:5a:da:87:41:
                    7b:02:b1:46:a7:96:73:7e:48:26:4a:0f:ed:aa:13:
                    60:83:33:1a:1e:fd:94:60:42:bc:bc:66:37:c5:59:
                    a1:74:9b:51:58:64:da:ec:b2:95:b7:3d:f9:d2:b8:
                    b8:6e:24:37:9f:93:1e:93:ce:07:1e:fd:34:02:59:
                    00:72:4b:4d:e4:32:1f:ff:86:da:37:21:3a:d1:f8:
                    3d:74:9e:ce:eb:eb:23:ed:f0:73:d4:c6:0d:1e:47:
                    81:ee:3d:bd:b2:11:7e:c8:ed:32:85:8f:23:34:df:
                    cc:d5:9d:98:40:c3:2c:e6:5e:ae:80:49:94:36:56:
                    b0:51:fa:b0:9b:1f:69:1b:f4:e9:31:53:9a:69:42:
                    6d:2c:64:c5:8b:5a:ac:9d:e5:3f:33:8e:4d:06:17:
                    4f:3d:6c:17:92:ca:dd:f6:72:41:33:06:d6:9e:be:
                    84:dc:74:33:58:bb:14:28:ad:b7:4d:5f:e2:d9:d8:
                    82:af:0b:4e:eb:d7:8e:64:f7:6f:4a:fe:43:60:d7:
                    0a:cb:d3:17:65:b1:8c:f7:36:07:3d:10:1b:4e:39:
                    03:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:65:FC:C3:A5:F0:03:BC:28:53:CC:26:2C:02:79:65:79:32:DA:C9
            X509v3 Authority Key Identifier:
                keyid:42:3D:93:05:4F:06:3C:F8:A2:91:86:17:35:F9:00:59:AB:9E:C1:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qj2TBU8GPPiikYYXNfkAWauewWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/1mX8w6XwA7woU8wmLAJ5ZXky2sk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/Qj2TBU8GPPiikYYXNfkAWauewWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.157.0.0/24
                  185.188.112.0/23

    Signature Algorithm: sha256WithRSAEncryption
         00:62:ee:68:46:24:5f:9e:78:8b:f6:19:16:5d:93:2b:4f:3f:
         e6:62:64:aa:4f:be:c0:ce:d6:15:e0:6d:17:f4:3b:64:68:bb:
         55:aa:f2:a8:ac:3c:2e:08:ec:f0:e8:e8:a3:ce:69:14:cb:d7:
         22:84:d7:9c:a7:22:a9:f9:ae:ed:4b:87:5d:52:b6:cd:de:ef:
         87:07:dc:f4:05:83:f0:02:af:fd:14:32:b1:63:3e:11:d2:b5:
         b3:9d:83:60:e7:15:fb:e2:89:2a:ee:28:80:b4:67:61:66:6b:
         e8:58:3c:eb:47:01:b5:ad:e9:b9:5f:80:14:6f:66:67:a4:20:
         49:ad:05:74:90:29:95:ef:9a:a2:eb:74:ba:2e:7b:29:4c:c0:
         17:d5:f9:6e:27:9a:2b:23:9c:71:e3:69:fc:0c:5d:d0:6c:ad:
         9e:2c:7e:ff:d4:56:7b:00:d7:91:cc:ed:3b:ee:fd:c5:7a:65:
         84:35:c9:cf:ee:d6:96:fb:ec:3d:19:95:b2:4c:f0:5c:b5:1a:
         ec:1b:0c:cc:67:00:1a:55:de:e4:1e:2f:4f:1c:e9:44:14:6d:
         76:10:0c:1d:5b:fe:c3:1e:f0:5e:2a:7c:c0:62:99:2a:85:6a:
         05:5d:4e:17:ea:ca:b8:21:ec:6b:99:e9:ca:60:26:f1:f7:77:
         f4:22:47:56
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxbdwaXjPqmXNFlGhPY4lcFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyM2Q5MzA1NGYwNjNjZjhhMjkxODYxNzM1ZjkwMDU5YWI5
ZWMxNjkwHhcNMjYwMjE0MDkyNDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjY1ZmNjM2E1ZjAwM2JjMjg1M2NjMjYyYzAyNzk2NTc5MzJkYWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHAVs3WEtI3tAPWPDfEFfGnREeOy
0NTmBjDro5+1rxYyJGsUHR/MAVrah0F7ArFGp5ZzfkgmSg/tqhNggzMaHv2UYEK8
vGY3xVmhdJtRWGTa7LKVtz350ri4biQ3n5Mek84HHv00AlkAcktN5DIf/4baNyE6
0fg9dJ7O6+sj7fBz1MYNHkeB7j29shF+yO0yhY8jNN/M1Z2YQMMs5l6ugEmUNlaw
Ufqwmx9pG/TpMVOaaUJtLGTFi1qsneU/M45NBhdPPWwXksrd9nJBMwbWnr6E3HQz
WLsUKK23TV/i2diCrwtO69eOZPdvSv5DYNcKy9MXZbGM9zYHPRAbTjkD0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNZl/MOl8AO8KFPMJiwCeWV5MtrJMB8GA1UdIwQY
MBaAFEI9kwVPBjz4opGGFzX5AFmrnsFpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWoyVEJVOEdQUGlpa1lZWE5ma0FXYXVld1drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8wYzJlYzMtMzg0NC00YjVmLTlmNTgt
NWYxYjY5MDQ4ZmUyLzEvMW1YOHc2WHdBN3dvVTh3bUxBSjVaWGt5MnNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8wYzJlYzMtMzg0NC00YjVmLTlmNTgtNWYxYjY5MDQ4ZmUy
LzEvUWoyVEJVOEdQUGlpa1lZWE5ma0FXYXVld1drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsp0AAwQB
ubxwMA0GCSqGSIb3DQEBCwUAA4IBAQAAYu5oRiRfnniL9hkWXZMrTz/mYmSqT77A
ztYV4G0X9DtkaLtVqvKorDwuCOzw6OijzmkUy9cihNecpyKp+a7tS4ddUrbN3u+H
B9z0BYPwAq/9FDKxYz4R0rWznYNg5xX74okq7iiAtGdhZmvoWDzrRwG1rem5X4AU
b2ZnpCBJrQV0kCmV75qi63S6LnspTMAX1fluJ5orI5xx42n8DF3QbK2eLH7/1FZ7
ANeRzO077v3FemWENcnP7taW++w9GZWyTPBctRrsGwzMZwAaVd7kHi9PHOlEFG12
EAwdW/7DHvBeKnzAYpkqhWoFXU4X6sq4IexrmenKYCbx93f0IkdW
-----END CERTIFICATE-----