Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/FmT3AytipE6RDV5cuOHkUzA5dU8.roa
File:                     FmT3AytipE6RDV5cuOHkUzA5dU8.roa (raw, json)
Hash identifier:          SfTSfiuFUVaAwv401YTCavtE9gslX9egFs5gc/0CGxw=
Subject key identifier:   16:64:F7:03:2B:62:A4:4E:91:0D:5E:5C:B8:E1:E4:53:30:39:75:4F
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019C95E6F4A47E4CDB7843F6A19ED7591671
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/FmT3AytipE6RDV5cuOHkUzA5dU8.roa
Signing time:             Wed 25 Feb 2026 17:44:26 +0000
ROA not before:           Wed 25 Feb 2026 17:44:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     131653
IP address blocks:        216.195.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:95:e6:f4:a4:7e:4c:db:78:43:f6:a1:9e:d7:59:16:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Feb 25 17:44:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1664f7032b62a44e910d5e5cb8e1e4533039754f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:9a:47:da:89:fe:83:ac:08:60:68:d5:c0:98:
                    62:7c:0e:8c:ed:a5:be:6f:73:76:e0:ea:6b:d0:1e:
                    1b:ca:ef:7c:ad:74:c2:03:29:c1:92:b1:73:06:b0:
                    38:dc:ba:6c:06:72:ef:d9:88:39:ed:04:b0:77:4c:
                    d4:75:c7:c3:d4:6f:cb:1e:a1:0c:9b:10:72:b2:13:
                    c1:8a:ec:ab:53:dc:a0:f5:63:3c:d2:31:7b:0a:44:
                    a4:39:8e:cd:29:7b:73:5c:84:88:80:ff:75:75:61:
                    d6:ad:37:b9:bc:93:83:b4:71:14:fc:3e:ea:5b:df:
                    39:1d:00:72:03:27:17:5a:2d:25:71:c1:43:51:cd:
                    5d:b3:ce:d0:5a:b5:e1:d7:f3:a8:6a:77:59:31:b4:
                    d5:89:79:6e:2e:2f:bd:72:ac:10:3b:2e:89:ad:d4:
                    7c:7f:ef:76:25:07:af:0c:63:df:72:fa:ed:92:22:
                    89:7e:ef:5b:67:7e:7f:bb:1a:89:ba:78:88:5a:ea:
                    04:0a:e2:e3:d7:ae:9c:da:35:6d:48:43:b7:50:9a:
                    dc:f9:af:85:37:98:93:9c:a2:70:5e:ae:ef:7c:33:
                    f6:48:ca:8d:bb:ec:62:7c:72:5e:c0:50:ee:71:70:
                    d5:5a:6d:31:5b:0c:0d:57:90:7e:91:ef:12:7b:c8:
                    30:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:64:F7:03:2B:62:A4:4E:91:0D:5E:5C:B8:E1:E4:53:30:39:75:4F
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/FmT3AytipE6RDV5cuOHkUzA5dU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.195.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:02:0c:98:11:6c:55:63:2f:dc:18:b0:3c:f4:96:f7:36:52:
         c6:ce:ce:0c:94:b5:f0:e2:53:d9:01:8c:aa:5f:bd:55:18:ec:
         19:22:d5:99:1c:3c:9d:02:b4:85:30:89:2f:fd:6d:5b:22:40:
         56:5a:fa:83:1e:55:e0:7b:a9:23:45:23:fe:30:62:4a:43:13:
         dc:50:30:d0:f2:72:94:98:3c:c8:c8:3a:6c:c3:6f:eb:f1:da:
         c3:fb:ad:ab:03:0c:6e:c2:a8:d3:b4:18:2b:0a:c5:3c:f4:92:
         c9:35:67:3a:48:78:c0:74:82:5f:5d:87:1e:9f:00:8f:34:7d:
         ee:52:56:91:d8:67:9b:af:4a:7c:ee:5f:9f:07:52:5b:26:cb:
         43:36:7c:92:75:1b:9c:ce:f2:e1:a5:e4:42:38:8b:e7:7e:21:
         71:c0:24:bf:e0:69:83:a3:60:6a:53:cc:27:3b:78:f0:ed:d8:
         3a:06:b9:53:ad:f4:77:7d:c0:15:0c:92:d5:e4:d2:39:fa:d1:
         67:b0:5f:a3:ef:43:f4:09:f7:e4:99:2a:c1:d5:a0:8c:b1:94:
         bb:6a:db:1e:b8:f6:1f:05:9c:62:a6:1c:c6:38:43:41:86:a2:
         37:30:79:54:f8:d2:82:c7:99:1e:21:f0:bb:92:80:a6:75:87:
         95:3f:cc:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyV5vSkfkzbeEP2oZ7XWRZxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwMjI1MTc0NDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjY0ZjcwMzJiNjJhNDRlOTEwZDVlNWNiOGUxZTQ1MzMwMzk3NTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5pH2on+g6wIYGjVwJhifA6M7aW+
b3N24Opr0B4byu98rXTCAynBkrFzBrA43LpsBnLv2Yg57QSwd0zUdcfD1G/LHqEM
mxByshPBiuyrU9yg9WM80jF7CkSkOY7NKXtzXISIgP91dWHWrTe5vJODtHEU/D7q
W985HQByAycXWi0lccFDUc1ds87QWrXh1/OoandZMbTViXluLi+9cqwQOy6JrdR8
f+92JQevDGPfcvrtkiKJfu9bZ35/uxqJuniIWuoECuLj166c2jVtSEO3UJrc+a+F
N5iTnKJwXq7vfDP2SMqNu+xifHJewFDucXDVWm0xWwwNV5B+ke8Se8gwXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZk9wMrYqROkQ1eXLjh5FMwOXVPMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvRm1UM0F5dGlwRTZSRFY1Y3VPSGtVekE1ZFU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2MPcMA0G
CSqGSIb3DQEBCwUAA4IBAQAGAgyYEWxVYy/cGLA89Jb3NlLGzs4MlLXw4lPZAYyq
X71VGOwZItWZHDydArSFMIkv/W1bIkBWWvqDHlXge6kjRSP+MGJKQxPcUDDQ8nKU
mDzIyDpsw2/r8drD+62rAwxuwqjTtBgrCsU89JLJNWc6SHjAdIJfXYcenwCPNH3u
UlaR2Gebr0p87l+fB1JbJstDNnySdRuczvLhpeRCOIvnfiFxwCS/4GmDo2BqU8wn
O3jw7dg6BrlTrfR3fcAVDJLV5NI5+tFnsF+j70P0CffkmSrB1aCMsZS7atseuPYf
BZxiphzGOENBhqI3MHlU+NKCx5keIfC7koCmdYeVP8wU
-----END CERTIFICATE-----