Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/720e5f-7f33-4d9d-8cde-22dd0f3928d5/1/74Dpz122mMMut7bbXL6kEu6zz8E.roa
File:                     74Dpz122mMMut7bbXL6kEu6zz8E.roa (raw, json)
Hash identifier:          p7VXpGGYO1rsvZkHdjohiYrbdkLflYguUEoDUa4uT/I=
Subject key identifier:   EF:80:E9:CF:5D:B6:98:C3:2E:B7:B6:DB:5C:BE:A4:12:EE:B3:CF:C1
Certificate issuer:       /CN=a81297b1d36a42de38e8480bb929b45bc9030c9d
Certificate serial:       019C82093340668428D920AE5FC2661ABCA8
Authority key identifier: A8:12:97:B1:D3:6A:42:DE:38:E8:48:0B:B9:29:B4:5B:C9:03:0C:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qBKXsdNqQt446EgLuSm0W8kDDJ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/720e5f-7f33-4d9d-8cde-22dd0f3928d5/1/74Dpz122mMMut7bbXL6kEu6zz8E.roa
Signing time:             Sat 21 Feb 2026 21:09:26 +0000
ROA not before:           Sat 21 Feb 2026 21:09:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215004
IP address blocks:        176.118.177.0/24 maxlen: 24
                          2a14:3240::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/720e5f-7f33-4d9d-8cde-22dd0f3928d5/1/qBKXsdNqQt446EgLuSm0W8kDDJ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/720e5f-7f33-4d9d-8cde-22dd0f3928d5/1/qBKXsdNqQt446EgLuSm0W8kDDJ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qBKXsdNqQt446EgLuSm0W8kDDJ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:82:09:33:40:66:84:28:d9:20:ae:5f:c2:66:1a:bc:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a81297b1d36a42de38e8480bb929b45bc9030c9d
        Validity
            Not Before: Feb 21 21:09:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ef80e9cf5db698c32eb7b6db5cbea412eeb3cfc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:b2:f7:17:d5:6a:22:e8:21:7d:3e:72:10:0c:
                    6b:ff:39:dc:fc:ed:84:7d:39:a6:f8:81:39:0d:90:
                    ba:ca:dd:ac:be:8e:1b:ae:d4:29:fd:f3:83:84:0a:
                    13:05:b5:23:3e:81:f7:24:b8:87:c6:f0:47:1d:89:
                    bb:b6:45:3f:9e:ae:51:26:f8:ef:a9:7c:ad:b1:70:
                    28:db:c9:53:cd:d6:94:fc:b4:63:d4:42:73:8d:93:
                    40:a1:38:bc:96:a0:b8:72:d4:41:5f:c1:6c:1e:82:
                    38:e5:ec:9f:8b:9e:90:63:88:ef:db:ee:65:a0:a3:
                    79:94:67:ab:f2:1c:e8:45:9a:c7:7e:f8:5a:da:3c:
                    90:d1:6a:28:94:1f:0c:7e:1d:21:24:02:f7:e0:bc:
                    9b:09:5e:f0:93:0a:32:21:7e:9c:98:ce:f9:a8:68:
                    7e:1d:8c:17:33:d4:e8:b0:ee:6e:48:aa:5b:6f:b2:
                    e3:b2:d4:3f:73:1f:64:a8:e0:65:e9:7a:89:ca:fd:
                    46:9b:bd:25:03:76:7b:06:89:be:33:f8:a2:90:c0:
                    72:62:37:8d:14:cd:12:aa:b4:91:54:1b:68:44:df:
                    58:88:76:2f:c9:82:32:28:6b:5d:df:bf:16:dd:32:
                    c1:3e:3f:cd:a5:45:d9:4a:c8:98:4d:3c:17:e5:b5:
                    a0:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:80:E9:CF:5D:B6:98:C3:2E:B7:B6:DB:5C:BE:A4:12:EE:B3:CF:C1
            X509v3 Authority Key Identifier:
                keyid:A8:12:97:B1:D3:6A:42:DE:38:E8:48:0B:B9:29:B4:5B:C9:03:0C:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qBKXsdNqQt446EgLuSm0W8kDDJ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/720e5f-7f33-4d9d-8cde-22dd0f3928d5/1/74Dpz122mMMut7bbXL6kEu6zz8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/720e5f-7f33-4d9d-8cde-22dd0f3928d5/1/qBKXsdNqQt446EgLuSm0W8kDDJ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.118.177.0/24
                IPv6:
                  2a14:3240::/29

    Signature Algorithm: sha256WithRSAEncryption
         29:2a:95:bc:78:cc:3d:28:8f:72:a1:c6:6f:dd:7c:58:14:ed:
         d5:04:10:25:5a:a0:83:2b:2d:93:e1:43:5a:dc:b1:92:47:ef:
         8f:b3:e5:b6:8b:a3:4c:48:b5:2b:23:e1:6a:ba:5c:30:c7:60:
         19:d7:05:74:12:2b:74:6a:37:5e:70:3f:e2:b3:08:91:4b:7a:
         fe:2e:90:21:ba:4a:ad:84:95:04:0b:0b:35:a1:0e:60:fe:bc:
         f8:50:e5:87:3d:fc:e3:93:c6:15:50:12:1a:e0:25:61:3b:8b:
         b3:7f:d3:18:b9:38:96:fe:f2:12:c1:61:29:0d:41:49:69:28:
         f0:5b:a4:ff:b3:b1:e6:e9:1f:e1:2c:dd:5b:5f:67:5b:08:cc:
         42:a6:af:99:b6:2d:23:d4:46:d7:1a:91:c9:75:83:2e:52:75:
         96:fc:a3:fb:c9:ac:41:27:47:a4:d6:35:42:21:13:83:63:7e:
         f1:a2:3a:44:7d:cf:53:4e:e2:7a:60:d6:64:a0:3d:e0:00:d4:
         a4:26:d7:de:11:d9:65:80:d9:c0:62:7e:4a:bf:40:10:a6:8f:
         a7:fb:bd:f5:d9:07:30:90:ae:93:29:c5:d2:e7:b4:3a:ec:15:
         41:c0:81:6a:c4:ee:35:06:b8:cb:08:72:45:4e:17:f3:6a:b7:
         e9:e3:ea:c9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZyCCTNAZoQo2SCuX8JmGryoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MTI5N2IxZDM2YTQyZGUzOGU4NDgwYmI5MjliNDViYzkw
MzBjOWQwHhcNMjYwMjIxMjEwOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjgwZTljZjVkYjY5OGMzMmViN2I2ZGI1Y2JlYTQxMmVlYjNjZmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9LL3F9VqIughfT5yEAxr/znc/O2E
fTmm+IE5DZC6yt2svo4brtQp/fODhAoTBbUjPoH3JLiHxvBHHYm7tkU/nq5RJvjv
qXytsXAo28lTzdaU/LRj1EJzjZNAoTi8lqC4ctRBX8FsHoI45eyfi56QY4jv2+5l
oKN5lGer8hzoRZrHfvha2jyQ0WoolB8Mfh0hJAL34LybCV7wkwoyIX6cmM75qGh+
HYwXM9TosO5uSKpbb7LjstQ/cx9kqOBl6XqJyv1Gm70lA3Z7Bom+M/iikMByYjeN
FM0SqrSRVBtoRN9YiHYvyYIyKGtd378W3TLBPj/NpUXZSsiYTTwX5bWgrwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO+A6c9dtpjDLre221y+pBLus8/BMB8GA1UdIwQY
MBaAFKgSl7HTakLeOOhIC7kptFvJAwydMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUJLWHNkTnFRdDQ0NkVnTHVTbTBXOGtEREowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi83MjBlNWYtN2YzMy00ZDlkLThjZGUt
MjJkZDBmMzkyOGQ1LzEvNzREcHoxMjJtTU11dDdiYlhMNmtFdTZ6ejhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi83MjBlNWYtN2YzMy00ZDlkLThjZGUtMjJkZDBmMzkyOGQ1
LzEvcUJLWHNkTnFRdDQ0NkVnTHVTbTBXOGtEREowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAsHaxMA0E
AgACMAcDBQMqFDJAMA0GCSqGSIb3DQEBCwUAA4IBAQApKpW8eMw9KI9yocZv3XxY
FO3VBBAlWqCDKy2T4UNa3LGSR++Ps+W2i6NMSLUrI+Fqulwwx2AZ1wV0Eit0ajde
cD/iswiRS3r+LpAhukqthJUECws1oQ5g/rz4UOWHPfzjk8YVUBIa4CVhO4uzf9MY
uTiW/vISwWEpDUFJaSjwW6T/s7Hm6R/hLN1bX2dbCMxCpq+Zti0j1EbXGpHJdYMu
UnWW/KP7yaxBJ0ek1jVCIRODY37xojpEfc9TTuJ6YNZkoD3gANSkJtfeEdllgNnA
Yn5Kv0AQpo+n+7312QcwkK6TKcXS57Q67BVBwIFqxO41BrjLCHJFThfzarfp4+rJ
-----END CERTIFICATE-----