Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/8819e2-c4e3-4bce-a61c-305d41d53a65/1/Jo3OhvYKqzyTMsOO-06Cr6N1_P8.roa
File:                     Jo3OhvYKqzyTMsOO-06Cr6N1_P8.roa (raw, json)
Hash identifier:          n7Kb4qqB8hRT0/AEwz8YCJRJUt0Sd29P7/pf8OQNdu4=
Subject key identifier:   26:8D:CE:86:F6:0A:AB:3C:93:32:C3:8E:FB:4E:82:AF:A3:75:FC:FF
Certificate issuer:       /CN=b85b0c8a75893a4f8e1ef0d9a4d41478d8b33278
Certificate serial:       019C4E803CC5CF799E62BC29B1FE8938B854
Authority key identifier: B8:5B:0C:8A:75:89:3A:4F:8E:1E:F0:D9:A4:D4:14:78:D8:B3:32:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uFsMinWJOk-OHvDZpNQUeNizMng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/8819e2-c4e3-4bce-a61c-305d41d53a65/1/Jo3OhvYKqzyTMsOO-06Cr6N1_P8.roa
Signing time:             Wed 11 Feb 2026 20:59:12 +0000
ROA not before:           Wed 11 Feb 2026 20:59:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61953
IP address blocks:        87.121.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/8819e2-c4e3-4bce-a61c-305d41d53a65/1/uFsMinWJOk-OHvDZpNQUeNizMng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/8819e2-c4e3-4bce-a61c-305d41d53a65/1/uFsMinWJOk-OHvDZpNQUeNizMng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uFsMinWJOk-OHvDZpNQUeNizMng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4e:80:3c:c5:cf:79:9e:62:bc:29:b1:fe:89:38:b8:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b85b0c8a75893a4f8e1ef0d9a4d41478d8b33278
        Validity
            Not Before: Feb 11 20:59:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=268dce86f60aab3c9332c38efb4e82afa375fcff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:66:4f:ee:e8:25:a4:df:43:53:fb:3e:a9:07:
                    0a:3a:18:28:68:c5:4f:26:f9:9f:d7:23:9b:db:39:
                    da:93:e3:ea:60:51:a9:6c:fd:55:51:b1:46:fe:c8:
                    6c:7c:3d:ff:3d:d9:6a:4f:b5:66:27:fb:aa:d2:18:
                    db:83:93:86:80:d1:87:02:af:55:91:0e:e2:fd:84:
                    2c:58:ec:f0:a2:5b:24:21:3b:36:d9:d5:0e:f0:76:
                    42:1d:f3:fb:7c:6f:53:b0:ae:23:7a:1f:f8:8b:c6:
                    ee:95:5b:cb:a0:d8:59:f5:12:80:63:66:c6:e9:fa:
                    b8:5d:3b:20:b3:e9:02:04:40:f3:c5:cf:d8:3d:d5:
                    c6:7a:4a:91:1c:d5:2f:eb:86:27:1c:ad:df:b7:09:
                    75:e2:a5:2c:c2:63:b3:f6:7e:03:fd:cf:e9:88:f3:
                    de:66:db:43:4d:0e:cd:75:6e:2d:bb:a0:9b:34:d5:
                    93:0b:be:7b:b9:56:a4:53:9e:dc:11:38:00:c8:af:
                    da:f6:2d:09:6c:d5:ea:19:aa:a6:b4:a7:3a:1a:65:
                    69:13:f1:98:4f:18:4c:58:2e:f0:fe:6c:26:86:6e:
                    86:f7:d1:bd:1f:9a:f8:1c:c2:b2:94:2d:92:09:47:
                    ec:36:d0:36:f9:c3:0f:b8:fc:4a:e0:1e:e0:de:5d:
                    75:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:8D:CE:86:F6:0A:AB:3C:93:32:C3:8E:FB:4E:82:AF:A3:75:FC:FF
            X509v3 Authority Key Identifier:
                keyid:B8:5B:0C:8A:75:89:3A:4F:8E:1E:F0:D9:A4:D4:14:78:D8:B3:32:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uFsMinWJOk-OHvDZpNQUeNizMng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/8819e2-c4e3-4bce-a61c-305d41d53a65/1/Jo3OhvYKqzyTMsOO-06Cr6N1_P8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/8819e2-c4e3-4bce-a61c-305d41d53a65/1/uFsMinWJOk-OHvDZpNQUeNizMng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:67:8c:14:96:9d:f4:06:39:b9:e9:d5:44:59:b5:9d:55:f9:
         e6:f8:cc:a6:0d:1f:26:7d:02:a1:6e:42:37:34:19:5d:79:23:
         c2:85:a2:81:32:b7:7a:e2:62:93:bf:0b:d8:fa:37:64:3e:7e:
         8d:eb:ca:32:f9:a5:1c:49:8d:b6:3d:a2:8b:cd:56:ea:cf:27:
         a9:84:e9:98:84:32:37:5a:92:88:f9:87:69:ce:99:d3:a5:cd:
         9d:fa:4b:2f:a7:3e:8b:da:dc:e7:92:c8:76:57:0e:29:ea:7f:
         91:21:e0:71:cd:0a:c5:43:3b:29:d5:21:69:a0:ef:31:bb:8b:
         89:09:1e:64:51:36:77:6a:0f:86:26:22:9f:cb:d4:7e:87:c6:
         79:bf:19:d8:2a:48:a8:f0:2f:3c:fd:8f:2f:3a:2b:3a:34:cf:
         4f:71:b4:ae:36:99:4a:d7:a7:b0:14:fa:1e:c3:1d:92:d2:78:
         a3:3a:42:cb:9c:8b:7b:de:b9:ef:1c:11:42:1b:76:d4:97:00:
         d4:c2:fb:19:ed:72:8f:d6:55:80:57:5a:98:87:1f:52:e4:af:
         6c:65:81:37:7c:c1:75:8c:9e:fe:ab:34:b9:7c:3f:33:c8:59:
         13:22:fd:c0:06:3a:3b:f5:6f:89:bf:0c:fc:64:15:9f:1a:43:
         47:23:05:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxOgDzFz3meYrwpsf6JOLhUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NWIwYzhhNzU4OTNhNGY4ZTFlZjBkOWE0ZDQxNDc4ZDhi
MzMyNzgwHhcNMjYwMjExMjA1OTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjhkY2U4NmY2MGFhYjNjOTMzMmMzOGVmYjRlODJhZmEzNzVmY2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1mZP7uglpN9DU/s+qQcKOhgoaMVP
Jvmf1yOb2znak+PqYFGpbP1VUbFG/shsfD3/PdlqT7VmJ/uq0hjbg5OGgNGHAq9V
kQ7i/YQsWOzwolskITs22dUO8HZCHfP7fG9TsK4jeh/4i8bulVvLoNhZ9RKAY2bG
6fq4XTsgs+kCBEDzxc/YPdXGekqRHNUv64YnHK3ftwl14qUswmOz9n4D/c/piPPe
ZttDTQ7NdW4tu6CbNNWTC757uVakU57cETgAyK/a9i0JbNXqGaqmtKc6GmVpE/GY
TxhMWC7w/mwmhm6G99G9H5r4HMKylC2SCUfsNtA2+cMPuPxK4B7g3l11twIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCaNzob2Cqs8kzLDjvtOgq+jdfz/MB8GA1UdIwQY
MBaAFLhbDIp1iTpPjh7w2aTUFHjYszJ4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUZzTWluV0pPay1PSHZEWnBOUVVlTml6TW5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC84ODE5ZTItYzRlMy00YmNlLWE2MWMt
MzA1ZDQxZDUzYTY1LzEvSm8zT2h2WUtxenlUTXNPTy0wNkNyNk4xX1A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC84ODE5ZTItYzRlMy00YmNlLWE2MWMtMzA1ZDQxZDUzYTY1
LzEvdUZzTWluV0pPay1PSHZEWnBOUVVlTml6TW5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3mGMA0G
CSqGSIb3DQEBCwUAA4IBAQAWZ4wUlp30Bjm56dVEWbWdVfnm+MymDR8mfQKhbkI3
NBldeSPChaKBMrd64mKTvwvY+jdkPn6N68oy+aUcSY22PaKLzVbqzyephOmYhDI3
WpKI+YdpzpnTpc2d+ksvpz6L2tznksh2Vw4p6n+RIeBxzQrFQzsp1SFpoO8xu4uJ
CR5kUTZ3ag+GJiKfy9R+h8Z5vxnYKkio8C88/Y8vOis6NM9PcbSuNplK16ewFPoe
wx2S0nijOkLLnIt73rnvHBFCG3bUlwDUwvsZ7XKP1lWAV1qYhx9S5K9sZYE3fMF1
jJ7+qzS5fD8zyFkTIv3ABjo79W+Jvwz8ZBWfGkNHIwXO
-----END CERTIFICATE-----