Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/c1c063-9e49-4353-b8bd-9374f21e6488/1/v09tww-7oHxZ6sHFn1E1sm8TLy8.roa
File:                     v09tww-7oHxZ6sHFn1E1sm8TLy8.roa (raw, json)
Hash identifier:          b5FXRSJZMeoKM16WUIwE96LX1QoLUNfwWW43UIqRREE=
Subject key identifier:   BF:4F:6D:C3:0F:BB:A0:7C:59:EA:C1:C5:9F:51:35:B2:6F:13:2F:2F
Certificate issuer:       /CN=3fda29a48c257758c8e518ee5c8b03ccda0247c9
Certificate serial:       019C473A0DECE4A8E4A571FF12CE68D5C6A7
Authority key identifier: 3F:DA:29:A4:8C:25:77:58:C8:E5:18:EE:5C:8B:03:CC:DA:02:47:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9oppIwld1jI5RjuXIsDzNoCR8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/c1c063-9e49-4353-b8bd-9374f21e6488/1/v09tww-7oHxZ6sHFn1E1sm8TLy8.roa
Signing time:             Tue 10 Feb 2026 11:05:12 +0000
ROA not before:           Tue 10 Feb 2026 11:05:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51816
IP address blocks:        91.220.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/c1c063-9e49-4353-b8bd-9374f21e6488/1/P9oppIwld1jI5RjuXIsDzNoCR8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/c1c063-9e49-4353-b8bd-9374f21e6488/1/P9oppIwld1jI5RjuXIsDzNoCR8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9oppIwld1jI5RjuXIsDzNoCR8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 23:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:47:3a:0d:ec:e4:a8:e4:a5:71:ff:12:ce:68:d5:c6:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fda29a48c257758c8e518ee5c8b03ccda0247c9
        Validity
            Not Before: Feb 10 11:05:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bf4f6dc30fbba07c59eac1c59f5135b26f132f2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:c0:c8:c6:3b:44:5f:7f:67:6d:7d:76:ae:b5:
                    12:c0:3c:ed:2b:a7:62:8c:57:c0:ce:13:0b:ce:e0:
                    69:d9:0a:7a:a3:1c:a6:45:44:40:02:59:8a:65:99:
                    b9:34:9b:bd:c6:84:35:c0:76:3e:f9:c5:ba:ac:1b:
                    36:d6:a9:c6:db:ca:4a:96:59:5d:30:d8:bb:19:2e:
                    38:e2:63:1f:ba:b7:29:e2:e3:5a:a3:32:e6:20:9c:
                    9a:55:a3:74:69:07:b4:2f:00:6b:f7:de:73:2f:8d:
                    09:89:84:98:4a:be:ed:b1:61:5a:ec:bd:43:11:fe:
                    8c:5c:79:5c:dc:09:82:3e:21:ff:4b:21:0a:33:85:
                    70:01:1c:91:4d:d0:be:00:ea:b1:a9:14:a5:69:c4:
                    e5:39:fd:7a:68:dc:57:96:27:7a:c1:9c:d3:c6:cd:
                    ff:90:f1:88:04:41:30:57:93:8a:53:c8:64:9c:2f:
                    6b:a7:18:5b:b7:8a:7f:84:01:61:5e:63:c9:49:cb:
                    65:5e:2f:6e:0e:95:a1:5e:9f:c6:73:2a:7f:e6:a7:
                    96:89:43:39:7c:ed:7b:fc:c9:d5:45:7c:91:bb:fd:
                    0c:e2:93:ae:11:ba:e6:65:bd:84:be:4c:fe:26:78:
                    32:6c:67:6f:a5:02:ce:8e:a9:cb:00:73:34:a6:6c:
                    2f:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:4F:6D:C3:0F:BB:A0:7C:59:EA:C1:C5:9F:51:35:B2:6F:13:2F:2F
            X509v3 Authority Key Identifier:
                keyid:3F:DA:29:A4:8C:25:77:58:C8:E5:18:EE:5C:8B:03:CC:DA:02:47:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9oppIwld1jI5RjuXIsDzNoCR8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/c1c063-9e49-4353-b8bd-9374f21e6488/1/v09tww-7oHxZ6sHFn1E1sm8TLy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/c1c063-9e49-4353-b8bd-9374f21e6488/1/P9oppIwld1jI5RjuXIsDzNoCR8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:56:71:c9:75:42:61:5d:e9:f9:76:f0:af:d5:fb:4a:5d:6c:
         7c:16:60:35:8f:49:a9:6f:64:05:e2:da:e9:80:ff:40:56:1e:
         91:af:0b:cd:d9:9a:40:d4:1a:2c:b4:47:45:5b:e3:77:b8:91:
         ee:04:54:60:9e:bc:65:21:3d:b1:88:cd:e8:5f:a6:7b:a4:be:
         df:f0:f6:43:f8:80:ea:00:0a:78:a6:69:8e:f1:ee:9c:66:4d:
         6d:b3:ec:81:1a:6b:e7:69:0f:1a:b3:87:30:8e:e9:6f:4f:c4:
         c7:45:8d:cb:c7:2a:9f:d2:d5:a9:17:e3:53:ba:94:ea:4a:9b:
         6a:50:69:35:d3:ab:f5:9e:d5:b0:bd:ed:bf:4e:3b:4e:3a:81:
         1f:a5:c0:5e:37:4f:cd:78:a6:02:5e:83:7d:0f:b0:1c:07:7d:
         5b:df:f3:e1:6e:1c:6b:1c:95:f5:ee:ad:e8:56:29:6d:4e:c8:
         65:75:04:e1:43:5d:10:de:b3:20:63:ed:6a:63:93:8f:c3:64:
         45:5a:3c:34:94:73:0a:08:7b:dd:9c:b3:49:fa:17:5e:76:ac:
         51:27:27:a8:ea:63:f3:dc:23:d6:f2:9a:de:d9:54:fa:1d:ca:
         d2:f0:66:4b:3f:8a:56:8c:3d:ee:b1:11:95:b3:e1:34:97:a1:
         0b:3c:6e:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxHOg3s5KjkpXH/Es5o1canMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZGEyOWE0OGMyNTc3NThjOGU1MThlZTVjOGIwM2NjZGEw
MjQ3YzkwHhcNMjYwMjEwMTEwNTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjRmNmRjMzBmYmJhMDdjNTllYWMxYzU5ZjUxMzViMjZmMTMyZjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA18DIxjtEX39nbX12rrUSwDztK6di
jFfAzhMLzuBp2Qp6oxymRURAAlmKZZm5NJu9xoQ1wHY++cW6rBs21qnG28pKllld
MNi7GS444mMfurcp4uNaozLmIJyaVaN0aQe0LwBr995zL40JiYSYSr7tsWFa7L1D
Ef6MXHlc3AmCPiH/SyEKM4VwARyRTdC+AOqxqRSlacTlOf16aNxXlid6wZzTxs3/
kPGIBEEwV5OKU8hknC9rpxhbt4p/hAFhXmPJSctlXi9uDpWhXp/Gcyp/5qeWiUM5
fO17/MnVRXyRu/0M4pOuEbrmZb2Evkz+JngybGdvpQLOjqnLAHM0pmwvSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9PbcMPu6B8WerBxZ9RNbJvEy8vMB8GA1UdIwQY
MBaAFD/aKaSMJXdYyOUY7lyLA8zaAkfJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlvcHBJd2xkMWpJNVJqdVhJc0R6Tm9DUjhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9jMWMwNjMtOWU0OS00MzUzLWI4YmQt
OTM3NGYyMWU2NDg4LzEvdjA5dHd3LTdvSHhaNnNIRm4xRTFzbThUTHk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9jMWMwNjMtOWU0OS00MzUzLWI4YmQtOTM3NGYyMWU2NDg4
LzEvUDlvcHBJd2xkMWpJNVJqdVhJc0R6Tm9DUjhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9xrMA0G
CSqGSIb3DQEBCwUAA4IBAQCGVnHJdUJhXen5dvCv1ftKXWx8FmA1j0mpb2QF4trp
gP9AVh6RrwvN2ZpA1BostEdFW+N3uJHuBFRgnrxlIT2xiM3oX6Z7pL7f8PZD+IDq
AAp4pmmO8e6cZk1ts+yBGmvnaQ8as4cwjulvT8THRY3Lxyqf0tWpF+NTupTqSptq
UGk106v1ntWwve2/TjtOOoEfpcBeN0/NeKYCXoN9D7AcB31b3/PhbhxrHJX17q3o
ViltTshldQThQ10Q3rMgY+1qY5OPw2RFWjw0lHMKCHvdnLNJ+hdedqxRJyeo6mPz
3CPW8pre2VT6HcrS8GZLP4pWjD3usRGVs+E0l6ELPG7X
-----END CERTIFICATE-----