Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/TxcH2L9b5gMP5-iWJhz7ZlaieoI.roa
File:                     TxcH2L9b5gMP5-iWJhz7ZlaieoI.roa (raw, json)
Hash identifier:          qXu7njLOzVHXfUHzUvmfFhFWoi/04+Yxj1RzgdWx+Wc=
Subject key identifier:   4F:17:07:D8:BF:5B:E6:03:0F:E7:E8:96:26:1C:FB:66:56:A2:7A:82
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019C249FAF2086EC5525F1DF97BA05A0795A
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/TxcH2L9b5gMP5-iWJhz7ZlaieoI.roa
Signing time:             Tue 03 Feb 2026 17:49:30 +0000
ROA not before:           Tue 03 Feb 2026 17:49:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210006
IP address blocks:        45.87.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:24:9f:af:20:86:ec:55:25:f1:df:97:ba:05:a0:79:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Feb  3 17:49:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4f1707d8bf5be6030fe7e896261cfb6656a27a82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:11:19:5f:40:b7:d1:1c:c7:91:c1:06:a7:38:
                    90:0f:4a:2c:e8:19:0c:2d:20:2d:4b:08:ba:84:cf:
                    b6:c8:1f:77:53:74:bf:ad:55:dc:2a:a9:d1:89:84:
                    90:6c:9d:19:46:e7:ea:2c:b8:95:58:f2:7e:dd:40:
                    09:f3:c3:81:59:ee:bb:e3:90:4c:51:5f:77:19:d2:
                    2b:2f:57:67:d9:e5:b0:72:32:c1:e8:31:ba:25:5a:
                    55:37:51:f0:e1:ec:9c:8b:1a:2e:b9:8c:11:23:62:
                    41:52:34:c3:70:d7:d1:cd:ba:d1:b7:a8:6c:03:41:
                    39:68:c1:e5:59:40:09:56:fe:41:5c:0f:6b:18:2c:
                    f1:f6:4b:27:cf:8e:d2:24:c4:71:6f:57:e2:aa:b0:
                    36:85:db:21:a1:47:00:13:c4:79:37:7d:86:33:76:
                    3c:f5:87:a8:0c:e6:98:00:8d:4e:2a:1f:4c:e6:fd:
                    a8:71:77:d0:f8:a3:ae:74:c2:20:37:16:c0:c8:05:
                    1d:5c:de:8d:b7:23:1a:af:51:ad:cd:50:99:16:b2:
                    88:a9:00:fc:fc:f4:43:a1:a8:f0:ab:b2:b1:bf:9e:
                    36:8f:c5:0d:85:17:6e:85:b3:c2:b5:78:8f:e6:d1:
                    96:cd:15:a6:8a:20:68:e5:df:93:7c:98:97:4c:e8:
                    4e:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:17:07:D8:BF:5B:E6:03:0F:E7:E8:96:26:1C:FB:66:56:A2:7A:82
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/TxcH2L9b5gMP5-iWJhz7ZlaieoI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:fc:13:30:73:7e:ff:b3:6f:85:88:40:e6:c9:72:26:5a:78:
         b0:32:3f:a2:a5:27:0a:cb:9e:ff:fa:30:f3:86:ff:b9:d3:bb:
         50:19:4b:eb:08:41:48:7d:3e:83:51:b6:d0:da:b9:d5:cf:91:
         c0:1a:7c:aa:01:db:49:c8:7f:b1:0e:e7:a2:b9:47:41:47:eb:
         1f:a8:20:12:1a:46:50:2b:f2:84:34:2e:c0:cb:0a:da:56:61:
         80:53:1e:44:0b:2b:b4:7a:74:3f:fd:a2:e6:fb:b5:6c:47:af:
         21:ba:4e:3b:47:e6:0f:a2:c0:3b:85:ae:dc:ba:8d:c1:d6:0c:
         97:c0:0a:98:c2:74:8a:58:4d:4f:b1:40:81:9d:6a:25:1d:06:
         74:24:3f:92:f2:77:81:21:f6:69:1f:b8:fd:0b:6e:a0:cc:c1:
         74:52:f1:27:67:91:2b:54:71:b2:9b:a8:40:f7:c5:ae:d3:1a:
         f0:f3:ba:5e:ec:c1:d5:88:89:2b:a2:56:69:9b:4b:15:0b:1a:
         cb:27:35:d8:dd:99:5a:d3:67:2f:e3:d9:1a:87:e0:74:ef:41:
         70:37:25:88:05:2d:a2:5c:7b:c3:12:a7:a6:1e:6e:d9:7e:ac:
         53:c1:87:db:65:cd:f7:cd:53:b0:f8:c9:d8:68:8f:a4:8f:89:
         2b:50:66:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwkn68ghuxVJfHfl7oFoHlaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMjAzMTc0OTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjE3MDdkOGJmNWJlNjAzMGZlN2U4OTYyNjFjZmI2NjU2YTI3YTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3xEZX0C30RzHkcEGpziQD0os6BkM
LSAtSwi6hM+2yB93U3S/rVXcKqnRiYSQbJ0ZRufqLLiVWPJ+3UAJ88OBWe6745BM
UV93GdIrL1dn2eWwcjLB6DG6JVpVN1Hw4eycixouuYwRI2JBUjTDcNfRzbrRt6hs
A0E5aMHlWUAJVv5BXA9rGCzx9ksnz47SJMRxb1fiqrA2hdshoUcAE8R5N32GM3Y8
9YeoDOaYAI1OKh9M5v2ocXfQ+KOudMIgNxbAyAUdXN6NtyMar1GtzVCZFrKIqQD8
/PRDoajwq7Kxv542j8UNhRduhbPCtXiP5tGWzRWmiiBo5d+TfJiXTOhOQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE8XB9i/W+YDD+foliYc+2ZWonqCMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvVHhjSDJMOWI1Z01QNS1pV0poejdabGFpZW9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVf5MA0G
CSqGSIb3DQEBCwUAA4IBAQCR/BMwc37/s2+FiEDmyXImWniwMj+ipScKy57/+jDz
hv+507tQGUvrCEFIfT6DUbbQ2rnVz5HAGnyqAdtJyH+xDueiuUdBR+sfqCASGkZQ
K/KENC7AywraVmGAUx5ECyu0enQ//aLm+7VsR68huk47R+YPosA7ha7cuo3B1gyX
wAqYwnSKWE1PsUCBnWolHQZ0JD+S8neBIfZpH7j9C26gzMF0UvEnZ5ErVHGym6hA
98Wu0xrw87pe7MHViIkrolZpm0sVCxrLJzXY3Zla02cv49kah+B070FwNyWIBS2i
XHvDEqemHm7ZfqxTwYfbZc33zVOw+MnYaI+kj4krUGZ1
-----END CERTIFICATE-----