Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/40ZCLfu-hf54aZk4vS6thtcaz6Y.roa
File:                     40ZCLfu-hf54aZk4vS6thtcaz6Y.roa (raw, json)
Hash identifier:          6qlfEyZyTsr1GU+JJmssokqBIx7S6uv3hfgnFxarKbc=
Subject key identifier:   E3:46:42:2D:FB:BE:85:FE:78:69:99:38:BD:2E:AD:86:D7:1A:CF:A6
Certificate issuer:       /CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
Certificate serial:       019C2D9FCB44AA4107784766FE2035D9BFCE
Authority key identifier: D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/40ZCLfu-hf54aZk4vS6thtcaz6Y.roa
Signing time:             Thu 05 Feb 2026 11:46:12 +0000
ROA not before:           Thu 05 Feb 2026 11:46:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207091
IP address blocks:        85.149.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:2d:9f:cb:44:aa:41:07:78:47:66:fe:20:35:d9:bf:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
        Validity
            Not Before: Feb  5 11:46:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e346422dfbbe85fe78699938bd2ead86d71acfa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:16:ba:4d:98:f0:7f:77:d8:78:58:a2:94:4e:
                    6c:83:f3:a7:5e:34:84:ad:fa:74:d9:5a:ac:e3:f7:
                    fa:27:fe:4c:2d:e0:55:bf:4b:21:d0:bf:b1:7a:bb:
                    8f:64:b3:07:7d:74:80:80:a2:f1:10:7f:35:ff:f4:
                    bd:b4:cc:6e:23:6e:d1:1b:66:18:73:76:48:f5:47:
                    c8:30:e8:15:07:b2:3d:f8:79:7a:a4:a5:36:7c:ab:
                    7d:84:4c:20:9a:c9:45:da:99:98:14:7e:69:86:b0:
                    84:10:b5:1e:b7:eb:de:fd:c8:f0:b9:6e:67:52:b2:
                    27:a7:24:6c:cb:f9:82:ca:75:5e:6f:9d:79:86:3a:
                    a7:9f:6b:dd:ba:31:3c:fe:4d:84:6f:1c:48:d5:38:
                    6f:00:5e:4a:02:6c:4d:36:a9:be:20:6f:79:9d:4f:
                    4f:c5:55:c8:30:40:d2:fe:e7:43:62:b5:46:28:c1:
                    30:28:88:45:74:d7:3b:4b:ed:58:72:fe:ba:4b:b1:
                    12:2c:49:1f:80:37:21:bc:00:2e:a5:8a:99:46:47:
                    65:3b:6a:dd:dd:8a:51:ce:6b:95:36:ca:d6:37:2c:
                    35:37:86:09:ce:34:ae:5c:b4:0e:8a:98:d8:b1:d4:
                    4a:60:89:b7:7f:c9:5e:f8:01:47:a3:75:99:99:bb:
                    b3:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:46:42:2D:FB:BE:85:FE:78:69:99:38:BD:2E:AD:86:D7:1A:CF:A6
            X509v3 Authority Key Identifier:
                keyid:D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/40ZCLfu-hf54aZk4vS6thtcaz6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.149.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:4b:57:30:9c:ec:71:c1:42:25:3b:6f:d9:55:9c:5d:a6:b5:
         14:72:ce:b3:fd:8b:d1:22:b1:95:93:45:6a:6d:76:8c:3d:c4:
         2f:e5:ac:58:3e:5a:94:e1:15:33:63:c4:2a:e2:0a:61:f7:de:
         0c:fc:5a:33:7a:7f:b1:d2:82:27:9e:35:82:17:cd:7d:3c:f8:
         11:4f:16:a1:02:c7:4f:5d:e4:7f:96:2c:d4:26:95:02:e3:f8:
         34:50:0f:d3:ca:f5:9a:5a:09:21:8c:5f:e5:1c:bc:32:e9:eb:
         68:40:70:b0:ee:5b:9f:bf:0b:79:4e:3c:7b:1c:68:9e:fa:56:
         f3:d9:08:42:cc:8c:2f:15:ce:98:5c:c9:82:63:cd:50:c2:14:
         59:8a:0d:12:a4:48:cd:ff:bc:d3:77:d0:e5:e5:cb:97:e7:44:
         85:2a:be:8c:98:13:2f:08:9b:2e:a6:d4:18:43:57:1c:60:fb:
         39:75:f9:76:cc:29:1d:ba:31:5b:a3:9e:24:9e:15:f5:e3:6f:
         bb:c4:1a:00:be:7a:ee:12:35:40:f7:5b:1f:f1:49:99:db:66:
         85:c8:fc:a1:a0:bf:e1:d8:4a:94:7a:c1:72:5b:f5:37:a0:d4:
         ae:1b:2c:d0:81:23:73:50:ba:9c:9c:49:cb:61:e0:36:e7:58:
         33:0a:92:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwtn8tEqkEHeEdm/iA12b/OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDNjYTJjMjMxYWZkZjNiMDM1NWM3N2E3Y2JiMjI2Zjgx
Yjc0ZGUwHhcNMjYwMjA1MTE0NjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzQ2NDIyZGZiYmU4NWZlNzg2OTk5MzhiZDJlYWQ4NmQ3MWFjZmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBa6TZjwf3fYeFiilE5sg/OnXjSE
rfp02Vqs4/f6J/5MLeBVv0sh0L+xeruPZLMHfXSAgKLxEH81//S9tMxuI27RG2YY
c3ZI9UfIMOgVB7I9+Hl6pKU2fKt9hEwgmslF2pmYFH5phrCEELUet+ve/cjwuW5n
UrInpyRsy/mCynVeb515hjqnn2vdujE8/k2EbxxI1ThvAF5KAmxNNqm+IG95nU9P
xVXIMEDS/udDYrVGKMEwKIhFdNc7S+1Ycv66S7ESLEkfgDchvAAupYqZRkdlO2rd
3YpRzmuVNsrWNyw1N4YJzjSuXLQOipjYsdRKYIm3f8le+AFHo3WZmbuzCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFONGQi37voX+eGmZOL0urYbXGs+mMB8GA1UdIwQY
MBaAFNjTyiwjGv3zsDVcd6fLsib4G3TeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTkt
OTkxMjhiZjZhODQxLzEvNDBaQ0xmdS1oZjU0YVprNHZTNnRodGNhejZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTktOTkxMjhiZjZhODQx
LzEvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVZXcMA0G
CSqGSIb3DQEBCwUAA4IBAQAmS1cwnOxxwUIlO2/ZVZxdprUUcs6z/YvRIrGVk0Vq
bXaMPcQv5axYPlqU4RUzY8Qq4gph994M/Fozen+x0oInnjWCF819PPgRTxahAsdP
XeR/lizUJpUC4/g0UA/TyvWaWgkhjF/lHLwy6etoQHCw7lufvwt5Tjx7HGie+lbz
2QhCzIwvFc6YXMmCY81QwhRZig0SpEjN/7zTd9Dl5cuX50SFKr6MmBMvCJsuptQY
Q1ccYPs5dfl2zCkdujFbo54knhX142+7xBoAvnruEjVA91sf8UmZ22aFyPyhoL/h
2EqUesFyW/U3oNSuGyzQgSNzULqcnEnLYeA251gzCpJe
-----END CERTIFICATE-----