Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/c1c063-9e49-4353-b8bd-9374f21e6488/1/OsxR7yFdFRenycaE_q8hld1AbUQ.roa
File:                     OsxR7yFdFRenycaE_q8hld1AbUQ.roa (raw, json)
Hash identifier:          Fufnasj3vyQ/2zEL9UqegZtuU29Utyi2U8r5NLTadZk=
Subject key identifier:   3A:CC:51:EF:21:5D:15:17:A7:C9:C6:84:FE:AF:21:95:DD:40:6D:44
Certificate issuer:       /CN=3fda29a48c257758c8e518ee5c8b03ccda0247c9
Certificate serial:       019C473A0EA78FAF5518D265B97EE44D0556
Authority key identifier: 3F:DA:29:A4:8C:25:77:58:C8:E5:18:EE:5C:8B:03:CC:DA:02:47:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9oppIwld1jI5RjuXIsDzNoCR8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/c1c063-9e49-4353-b8bd-9374f21e6488/1/OsxR7yFdFRenycaE_q8hld1AbUQ.roa
Signing time:             Tue 10 Feb 2026 11:05:12 +0000
ROA not before:           Tue 10 Feb 2026 11:05:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57854
IP address blocks:        91.235.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/c1c063-9e49-4353-b8bd-9374f21e6488/1/P9oppIwld1jI5RjuXIsDzNoCR8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/c1c063-9e49-4353-b8bd-9374f21e6488/1/P9oppIwld1jI5RjuXIsDzNoCR8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9oppIwld1jI5RjuXIsDzNoCR8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 23:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:47:3a:0e:a7:8f:af:55:18:d2:65:b9:7e:e4:4d:05:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fda29a48c257758c8e518ee5c8b03ccda0247c9
        Validity
            Not Before: Feb 10 11:05:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3acc51ef215d1517a7c9c684feaf2195dd406d44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:68:3b:1c:ad:8d:a3:cb:07:6a:90:88:3e:46:
                    2a:c4:37:7c:f6:36:18:38:64:97:aa:9b:32:a1:ee:
                    ee:a8:fd:94:46:11:ab:7b:dc:46:5b:41:92:d7:92:
                    44:21:05:59:6f:59:fa:ef:df:37:fd:4b:a2:bd:37:
                    30:7a:06:ba:f0:5f:f7:f8:21:da:ab:39:b8:eb:69:
                    48:25:1d:b7:21:6c:75:5e:a6:d9:fe:09:4e:25:b8:
                    b2:a4:9c:94:28:42:51:09:39:01:8f:aa:2e:c3:8c:
                    5d:f5:66:21:59:14:0c:b5:b9:15:c5:cf:30:0c:30:
                    84:a0:f2:d4:ad:43:c8:79:e4:52:03:65:30:c4:12:
                    39:2e:ef:cd:84:d6:5f:bc:f4:df:d9:ed:99:98:fc:
                    f6:25:7e:25:56:54:f3:26:ac:b5:81:95:8b:35:34:
                    d4:f8:93:5e:21:f4:48:0f:21:9d:cd:be:15:98:85:
                    9d:31:3f:08:8d:08:ab:74:c7:c9:fa:d4:80:1a:71:
                    df:04:06:8d:ba:22:2f:09:a1:61:e1:45:44:5c:66:
                    6c:e2:3e:63:87:bb:a1:84:67:f3:eb:b1:39:7e:5b:
                    1b:9c:cb:10:2d:1b:3a:8c:7e:47:8e:38:3e:3b:c3:
                    a3:13:6f:0f:ef:6b:38:a8:30:19:39:d2:4f:15:0b:
                    cd:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:CC:51:EF:21:5D:15:17:A7:C9:C6:84:FE:AF:21:95:DD:40:6D:44
            X509v3 Authority Key Identifier:
                keyid:3F:DA:29:A4:8C:25:77:58:C8:E5:18:EE:5C:8B:03:CC:DA:02:47:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9oppIwld1jI5RjuXIsDzNoCR8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/c1c063-9e49-4353-b8bd-9374f21e6488/1/OsxR7yFdFRenycaE_q8hld1AbUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/c1c063-9e49-4353-b8bd-9374f21e6488/1/P9oppIwld1jI5RjuXIsDzNoCR8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:8a:e8:c6:83:b9:97:94:76:c0:9e:d8:87:1e:be:5f:ad:a5:
         e6:ac:02:18:26:b0:e8:9e:92:1b:83:6d:ab:a3:1b:00:0e:33:
         e0:7d:5b:38:e7:73:84:86:6a:af:86:f9:24:84:20:75:98:5c:
         f6:44:39:59:8c:76:e8:0f:5c:c7:2f:6a:3a:f0:1b:58:d7:01:
         98:97:4e:da:bc:f2:7d:4e:9e:d2:2a:36:c0:13:ff:2e:03:73:
         11:7c:6d:15:49:6e:43:44:dc:77:e8:7b:d7:57:36:3d:b9:45:
         05:06:70:4a:f1:aa:3a:ff:39:ec:52:61:64:15:56:f0:83:7e:
         db:87:45:04:5a:e6:c4:90:58:df:3a:b1:95:1b:51:25:52:22:
         ae:57:aa:ed:d7:fa:d8:89:5f:d0:7c:39:ee:92:16:37:ea:d9:
         95:82:36:a9:df:09:4a:e8:93:0b:c2:23:65:eb:77:1c:9d:f1:
         b1:af:d5:28:17:ae:0a:19:ab:1d:54:f9:5c:b2:86:d9:43:c1:
         5f:40:1e:31:9e:5b:df:dc:b6:66:fa:8a:bf:ae:62:2b:01:4d:
         ed:4f:c4:ab:13:14:b3:07:e7:9b:27:53:b7:2b:9b:e6:62:9a:
         42:b9:f1:07:85:59:ac:c0:5a:fa:76:9e:09:d8:3d:b3:10:f1:
         ba:53:34:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxHOg6nj69VGNJluX7kTQVWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZGEyOWE0OGMyNTc3NThjOGU1MThlZTVjOGIwM2NjZGEw
MjQ3YzkwHhcNMjYwMjEwMTEwNTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWNjNTFlZjIxNWQxNTE3YTdjOWM2ODRmZWFmMjE5NWRkNDA2ZDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Gg7HK2No8sHapCIPkYqxDd89jYY
OGSXqpsyoe7uqP2URhGre9xGW0GS15JEIQVZb1n67983/UuivTcwega68F/3+CHa
qzm462lIJR23IWx1XqbZ/glOJbiypJyUKEJRCTkBj6ouw4xd9WYhWRQMtbkVxc8w
DDCEoPLUrUPIeeRSA2UwxBI5Lu/NhNZfvPTf2e2ZmPz2JX4lVlTzJqy1gZWLNTTU
+JNeIfRIDyGdzb4VmIWdMT8IjQirdMfJ+tSAGnHfBAaNuiIvCaFh4UVEXGZs4j5j
h7uhhGfz67E5flsbnMsQLRs6jH5Hjjg+O8OjE28P72s4qDAZOdJPFQvNJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDrMUe8hXRUXp8nGhP6vIZXdQG1EMB8GA1UdIwQY
MBaAFD/aKaSMJXdYyOUY7lyLA8zaAkfJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlvcHBJd2xkMWpJNVJqdVhJc0R6Tm9DUjhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9jMWMwNjMtOWU0OS00MzUzLWI4YmQt
OTM3NGYyMWU2NDg4LzEvT3N4Ujd5RmRGUmVueWNhRV9xOGhsZDFBYlVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9jMWMwNjMtOWU0OS00MzUzLWI4YmQtOTM3NGYyMWU2NDg4
LzEvUDlvcHBJd2xkMWpJNVJqdVhJc0R6Tm9DUjhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+vyMA0G
CSqGSIb3DQEBCwUAA4IBAQCbiujGg7mXlHbAntiHHr5fraXmrAIYJrDonpIbg22r
oxsADjPgfVs453OEhmqvhvkkhCB1mFz2RDlZjHboD1zHL2o68BtY1wGYl07avPJ9
Tp7SKjbAE/8uA3MRfG0VSW5DRNx36HvXVzY9uUUFBnBK8ao6/znsUmFkFVbwg37b
h0UEWubEkFjfOrGVG1ElUiKuV6rt1/rYiV/QfDnukhY36tmVgjap3wlK6JMLwiNl
63ccnfGxr9UoF64KGasdVPlcsobZQ8FfQB4xnlvf3LZm+oq/rmIrAU3tT8SrExSz
B+ebJ1O3K5vmYppCufEHhVmswFr6dp4J2D2zEPG6UzT0
-----END CERTIFICATE-----