Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/keSJdnMwcVK2FtcwzmCvVNU79JQ.roa
File:                     keSJdnMwcVK2FtcwzmCvVNU79JQ.roa (raw, json)
Hash identifier:          /rXHdI2JjhjhwAIXDwev1G3+2EHSEVpVeCwEeEhKfkg=
Subject key identifier:   91:E4:89:76:73:30:71:52:B6:16:D7:30:CE:60:AF:54:D5:3B:F4:94
Certificate issuer:       /CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
Certificate serial:       019C7C49F3430666E4281734A26777AD644D
Authority key identifier: A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/keSJdnMwcVK2FtcwzmCvVNU79JQ.roa
Signing time:             Fri 20 Feb 2026 18:22:27 +0000
ROA not before:           Fri 20 Feb 2026 18:22:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        87.248.132.0/24 maxlen: 24
                          87.248.134.0/24 maxlen: 24
                          87.248.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7c:49:f3:43:06:66:e4:28:17:34:a2:67:77:ad:64:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
        Validity
            Not Before: Feb 20 18:22:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=91e4897673307152b616d730ce60af54d53bf494
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:30:ab:d6:5e:f5:34:41:14:6f:1b:31:f7:c3:
                    0b:a3:db:9a:cf:22:8d:9a:ab:0f:e6:ce:82:5a:2a:
                    49:c0:d8:3b:df:3c:e1:bc:ea:85:76:cf:aa:8f:72:
                    5a:88:50:7a:fd:cd:ec:f8:98:19:27:2b:6a:8d:7e:
                    2e:98:cd:86:d8:47:65:bc:98:10:62:cc:54:ad:b6:
                    5e:96:d5:4e:08:6f:8a:1b:2f:c4:c8:5e:e1:0a:dc:
                    9e:57:a6:73:cd:2a:96:2c:84:5e:97:af:f0:27:a6:
                    21:72:e5:b9:81:d1:3c:5c:0b:ff:44:9a:e5:19:c1:
                    aa:98:a2:23:2d:3d:fc:5d:d5:32:76:b7:07:2a:ab:
                    be:f2:2a:ac:07:08:50:9e:4b:62:56:90:0d:e3:90:
                    dc:25:4e:30:c3:a1:30:7b:2c:13:af:10:9c:46:6f:
                    98:53:c5:50:a3:51:ca:65:db:b2:8f:21:91:af:0f:
                    02:31:3b:63:9b:7d:5b:2f:54:97:93:89:00:b6:f6:
                    b6:dc:6a:15:c3:2c:67:7b:69:22:f7:c5:10:10:76:
                    dd:79:5e:76:65:9f:2e:e8:d1:f1:40:8b:23:ca:11:
                    1e:12:b7:96:dd:7a:cb:8a:ea:cd:63:3d:29:0e:ae:
                    8f:45:c7:52:c6:8e:4d:3b:ee:57:11:2f:6a:4a:48:
                    9a:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:E4:89:76:73:30:71:52:B6:16:D7:30:CE:60:AF:54:D5:3B:F4:94
            X509v3 Authority Key Identifier:
                keyid:A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/keSJdnMwcVK2FtcwzmCvVNU79JQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.132.0/24
                  87.248.134.0/24
                  87.248.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:17:1d:33:9b:fa:a4:83:e0:99:13:a7:36:da:ab:3d:6d:83:
         b9:bf:d6:2f:d1:c1:29:a5:6d:cc:c2:f9:a7:8b:7c:26:95:6c:
         77:be:8d:f5:8f:b0:5b:35:30:22:9f:7a:59:24:a5:86:a6:49:
         8a:29:af:cc:8f:e4:68:e6:68:95:cb:e7:8e:5d:38:aa:ae:c0:
         b7:b1:1f:43:d2:c4:71:1b:d3:df:82:8f:75:cc:49:b7:05:d3:
         65:ca:0a:06:7f:0c:a5:b9:80:86:29:1e:e7:c0:6b:da:fd:14:
         73:ef:48:f7:e7:1d:c5:6b:13:b1:35:ba:59:88:91:e4:54:f0:
         67:d7:ba:4a:7c:7e:0a:7e:94:1f:2b:1a:9d:92:58:02:eb:bf:
         59:d2:47:eb:93:83:b9:2d:98:3a:3a:c5:29:51:55:42:48:61:
         30:71:c4:8a:a0:69:41:9e:62:03:c0:a6:a3:2b:a8:ae:86:5b:
         0f:04:00:e3:03:ab:be:c0:f0:25:36:16:38:2d:64:91:8a:27:
         13:8d:ae:e7:e6:19:9e:ff:30:77:59:de:19:d1:bb:1e:c7:a9:
         c7:9a:bf:73:85:9f:32:21:04:ad:e6:df:4c:fe:4b:d3:e8:e4:
         66:d3:34:d9:a3:2b:79:d8:14:65:e2:a3:22:e2:b3:51:44:72:
         5a:1b:dd:8d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZx8SfNDBmbkKBc0omd3rWRNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MGNlZTc1ODJlOTc1OWJlMDE2YzkzMWFiMzRkOTI4NWQy
ZmM4YjQwHhcNMjYwMjIwMTgyMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWU0ODk3NjczMzA3MTUyYjYxNmQ3MzBjZTYwYWY1NGQ1M2JmNDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljCr1l71NEEUbxsx98MLo9uazyKN
mqsP5s6CWipJwNg73zzhvOqFds+qj3JaiFB6/c3s+JgZJytqjX4umM2G2EdlvJgQ
YsxUrbZeltVOCG+KGy/EyF7hCtyeV6ZzzSqWLIRel6/wJ6YhcuW5gdE8XAv/RJrl
GcGqmKIjLT38XdUydrcHKqu+8iqsBwhQnktiVpAN45DcJU4ww6EweywTrxCcRm+Y
U8VQo1HKZduyjyGRrw8CMTtjm31bL1SXk4kAtva23GoVwyxne2ki98UQEHbdeV52
ZZ8u6NHxQIsjyhEeEreW3XrLiurNYz0pDq6PRcdSxo5NO+5XES9qSkiaBwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJHkiXZzMHFSthbXMM5gr1TVO/SUMB8GA1UdIwQY
MBaAFKYM7nWC6XWb4BbJMas02ShdL8i0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTct
ZDNiMzhjZTlkYzM0LzEva2VTSmRuTXdjVksyRnRjd3ptQ3ZWTlU3OUpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTctZDNiMzhjZTlkYzM0
LzEvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAV/iEAwQA
V/iGAwQAV/iPMA0GCSqGSIb3DQEBCwUAA4IBAQAiFx0zm/qkg+CZE6c22qs9bYO5
v9Yv0cEppW3Mwvmni3wmlWx3vo31j7BbNTAin3pZJKWGpkmKKa/Mj+Ro5miVy+eO
XTiqrsC3sR9D0sRxG9Pfgo91zEm3BdNlygoGfwyluYCGKR7nwGva/RRz70j35x3F
axOxNbpZiJHkVPBn17pKfH4KfpQfKxqdklgC679Z0kfrk4O5LZg6OsUpUVVCSGEw
ccSKoGlBnmIDwKajK6iuhlsPBADjA6u+wPAlNhY4LWSRiicTja7n5hme/zB3Wd4Z
0bsex6nHmr9zhZ8yIQSt5t9M/kvT6ORm0zTZoyt52BRl4qMi4rNRRHJaG92N
-----END CERTIFICATE-----