Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/raCC1ziAWdx6bqHkgIHf91VADGA.roa
File:                     raCC1ziAWdx6bqHkgIHf91VADGA.roa (raw, json)
Hash identifier:          sm8e5aIEAw7zYa95FoEtC/pe3ws9yIi4/1jnp7YxMKQ=
Subject key identifier:   AD:A0:82:D7:38:80:59:DC:7A:6E:A1:E4:80:81:DF:F7:55:40:0C:60
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       019C55F606EF6DDEC357C2AC54C810D6C35D
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/raCC1ziAWdx6bqHkgIHf91VADGA.roa
Signing time:             Fri 13 Feb 2026 07:45:12 +0000
ROA not before:           Fri 13 Feb 2026 07:45:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        84.55.16.0/24 maxlen: 24
                          84.55.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:55:f6:06:ef:6d:de:c3:57:c2:ac:54:c8:10:d6:c3:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Feb 13 07:45:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ada082d7388059dc7a6ea1e48081dff755400c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:d3:05:16:9e:58:5f:09:fd:b5:43:4d:73:25:
                    e3:b7:10:6d:03:6e:48:35:30:bf:91:ad:98:fc:18:
                    9c:e9:ed:bb:f8:b3:84:43:d9:ac:eb:41:40:58:80:
                    76:ce:c2:e2:8c:24:d1:24:d6:40:ee:04:fb:f1:67:
                    f7:6c:ed:a6:c0:be:0b:1d:7b:a7:43:c1:0e:13:63:
                    97:85:6d:1c:5e:05:7b:b2:3a:c7:95:3a:bf:6a:ee:
                    26:00:17:93:43:3a:a4:39:c5:e2:39:36:4a:a2:99:
                    52:87:c6:ac:39:4e:4d:43:d2:2e:10:37:ad:9c:7e:
                    a9:fe:ea:3b:69:fa:a0:46:e9:d6:ce:8a:03:d5:9a:
                    83:b7:2c:38:12:d4:3b:37:9a:e0:42:d4:e5:2e:59:
                    41:5b:d1:0a:f9:43:8b:8b:89:7f:a3:36:7f:62:f6:
                    3a:d7:bd:b1:9d:ce:21:ad:ed:ca:96:a8:b5:bd:18:
                    1c:0e:68:35:e7:a9:6d:51:bb:f8:88:af:87:fa:70:
                    be:16:b0:65:5a:c1:10:7c:35:1b:66:c4:a7:13:e2:
                    62:7c:46:4a:d6:90:f6:a8:57:ff:e3:a5:56:66:b5:
                    83:c2:f4:1c:d8:f8:82:20:24:eb:5b:34:d4:1e:cc:
                    de:17:3e:fa:69:1c:dc:73:bb:57:57:a8:de:cb:bc:
                    8f:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:A0:82:D7:38:80:59:DC:7A:6E:A1:E4:80:81:DF:F7:55:40:0C:60
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/raCC1ziAWdx6bqHkgIHf91VADGA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.55.16.0/24
                  84.55.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:e4:b2:9a:c5:a5:3b:18:76:b9:6f:67:dc:24:e5:72:82:67:
         c2:6c:43:b9:d8:5f:29:c5:b5:09:d7:21:67:b2:34:2c:52:3b:
         7e:86:e4:95:97:85:f0:4f:1e:ce:04:80:67:6b:c2:d0:38:07:
         e2:b3:5e:f4:4f:81:0f:7a:7c:83:b5:de:a4:7e:cd:19:35:a4:
         0b:1a:46:07:90:35:51:4e:7c:cc:ce:9a:72:51:eb:c4:d0:e2:
         3f:ac:ec:4d:b3:5a:67:a2:92:ed:d7:40:6b:e9:67:ca:0c:e5:
         cf:e1:c8:00:c5:ac:9f:59:92:6a:a5:fb:40:3f:57:ea:19:a1:
         09:fc:cc:c3:f9:a7:89:07:01:15:ec:be:31:e2:83:ca:19:70:
         0d:ef:7f:c0:07:9a:af:21:6b:f8:20:b0:6f:9c:a0:d0:f0:db:
         db:8c:85:48:4a:db:b4:51:1e:09:5e:0e:0b:c7:01:79:de:c3:
         4f:d6:53:98:58:15:4b:9a:35:96:fd:16:5a:9c:59:81:c3:3c:
         79:c6:e0:3e:96:fc:93:01:20:37:98:45:bf:8b:be:bc:37:58:
         98:22:f9:89:62:ee:83:d7:60:ac:52:06:4e:00:8e:07:ef:9e:
         ec:25:44:76:ab:73:65:b9:27:ae:b5:0e:0e:83:61:b5:32:14:
         1a:fc:74:07
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxV9gbvbd7DV8KsVMgQ1sNdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjYwMjEzMDc0NTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGEwODJkNzM4ODA1OWRjN2E2ZWExZTQ4MDgxZGZmNzU1NDAwYzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA49MFFp5YXwn9tUNNcyXjtxBtA25I
NTC/ka2Y/Bic6e27+LOEQ9ms60FAWIB2zsLijCTRJNZA7gT78Wf3bO2mwL4LHXun
Q8EOE2OXhW0cXgV7sjrHlTq/au4mABeTQzqkOcXiOTZKoplSh8asOU5NQ9IuEDet
nH6p/uo7afqgRunWzooD1ZqDtyw4EtQ7N5rgQtTlLllBW9EK+UOLi4l/ozZ/YvY6
172xnc4hre3Klqi1vRgcDmg156ltUbv4iK+H+nC+FrBlWsEQfDUbZsSnE+JifEZK
1pD2qFf/46VWZrWDwvQc2PiCICTrWzTUHszeFz76aRzcc7tXV6jey7yPDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK2ggtc4gFncem6h5ICB3/dVQAxgMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvcmFDQzF6aUFXZHg2YnFIa2dJSGY5MVZBREdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVDcQAwQA
VDcVMA0GCSqGSIb3DQEBCwUAA4IBAQB85LKaxaU7GHa5b2fcJOVygmfCbEO52F8p
xbUJ1yFnsjQsUjt+huSVl4XwTx7OBIBna8LQOAfis170T4EPenyDtd6kfs0ZNaQL
GkYHkDVRTnzMzppyUevE0OI/rOxNs1pnopLt10Br6WfKDOXP4cgAxayfWZJqpftA
P1fqGaEJ/MzD+aeJBwEV7L4x4oPKGXAN73/AB5qvIWv4ILBvnKDQ8NvbjIVIStu0
UR4JXg4LxwF53sNP1lOYWBVLmjWW/RZanFmBwzx5xuA+lvyTASA3mEW/i768N1iY
IvmJYu6D12CsUgZOAI4H757sJUR2q3NluSeutQ4Og2G1MhQa/HQH
-----END CERTIFICATE-----