Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/o-2kICnoHNfivNsTLGTpqOYwstQ.roa
File:                     o-2kICnoHNfivNsTLGTpqOYwstQ.roa (raw, json)
Hash identifier:          YkVOT+LP7w8mTJUbnwv0gEvNf1idVM4c+qYZj2+A7Oc=
Subject key identifier:   A3:ED:A4:20:29:E8:1C:D7:E2:BC:DB:13:2C:64:E9:A8:E6:30:B2:D4
Certificate issuer:       /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial:       019C523E37BE748B0F1AC0A0742B35A1640C
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/o-2kICnoHNfivNsTLGTpqOYwstQ.roa
Signing time:             Thu 12 Feb 2026 14:25:35 +0000
ROA not before:           Thu 12 Feb 2026 14:25:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50340
IP address blocks:        2a11:7887::/32 maxlen: 32
                          2a12:2cc7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:52:3e:37:be:74:8b:0f:1a:c0:a0:74:2b:35:a1:64:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
        Validity
            Not Before: Feb 12 14:25:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a3eda42029e81cd7e2bcdb132c64e9a8e630b2d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:36:a1:80:d4:6d:86:7a:95:6c:d4:e7:b2:58:
                    25:d6:51:4a:44:eb:94:2f:6e:15:de:7a:20:75:3e:
                    4e:46:91:b3:07:d9:05:9a:2e:53:35:58:f3:1d:4f:
                    07:ad:3d:56:48:a3:05:30:af:c9:e2:be:f2:97:1d:
                    77:21:55:55:62:7f:c1:50:63:bf:a0:1a:77:68:82:
                    02:2a:75:f3:e3:12:58:76:e0:00:5e:cf:e4:f5:1d:
                    3b:59:4b:55:df:d9:a8:b8:7c:51:b5:83:49:79:f9:
                    b6:38:e5:b7:c8:78:3b:04:35:63:f4:28:b1:b4:77:
                    34:05:ad:39:63:09:db:4a:c9:fd:ee:3c:9d:b3:df:
                    b3:49:c8:a7:c7:36:76:36:16:ab:f1:0e:59:7a:15:
                    a7:9a:b6:74:34:24:dc:7f:70:d2:fe:f2:d1:22:3c:
                    c6:fc:af:61:ae:98:9b:ae:e5:29:d7:7e:97:88:31:
                    9d:e5:59:5c:c2:cf:80:a4:53:ed:43:d6:b4:2c:76:
                    f9:5b:d5:30:a4:7f:d0:a3:ee:b2:69:b5:de:bf:b4:
                    e5:4e:7a:89:51:6c:4d:b8:d8:2e:5e:a3:bd:41:2b:
                    9c:a8:0e:26:0a:4e:1d:dd:fc:0d:1b:23:22:8f:7d:
                    d8:19:ec:96:47:4a:c3:29:ef:1e:b6:d1:a8:01:39:
                    28:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:ED:A4:20:29:E8:1C:D7:E2:BC:DB:13:2C:64:E9:A8:E6:30:B2:D4
            X509v3 Authority Key Identifier:
                keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/o-2kICnoHNfivNsTLGTpqOYwstQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:7887::/32
                  2a12:2cc7::/32

    Signature Algorithm: sha256WithRSAEncryption
         2a:9a:ac:c5:36:d6:95:ef:55:3c:a5:d0:50:3b:09:dc:1e:2d:
         b1:cd:6f:e4:33:b9:de:cd:01:87:df:42:29:55:ab:66:2e:c0:
         d7:43:ce:bc:41:4e:05:26:f4:c3:ad:47:4f:c2:a7:41:31:ca:
         2b:fd:68:be:1c:3d:ca:a1:7f:ee:29:c1:93:09:9a:1f:b6:9e:
         8a:8d:0d:54:fb:6b:a1:a6:11:4c:95:18:69:1f:88:93:4a:de:
         91:2a:dc:01:3f:c2:4b:dc:02:6d:20:31:4d:17:f0:c4:de:f8:
         7d:cf:1f:7a:6e:d3:fe:e2:49:64:fa:f4:f0:6c:af:72:67:9d:
         42:39:e2:f3:8a:bb:b5:8f:34:21:9c:72:e5:ad:e4:1e:6d:80:
         2d:81:a4:40:19:6d:8c:47:f7:82:0c:68:c2:68:b2:b7:4f:4c:
         34:d8:f9:e8:c0:da:3f:9d:7f:17:e5:7e:76:33:c1:31:38:6f:
         d4:5f:b7:f7:11:d9:7c:8d:71:ab:c1:41:a3:aa:48:0f:a2:80:
         42:39:38:be:12:fc:e6:58:c7:45:28:51:ea:51:ea:2f:20:9d:
         79:9b:cd:a9:f7:cd:92:82:ae:be:21:b7:2a:78:e5:c9:82:e4:
         5f:9a:78:58:31:b6:49:20:76:29:a7:ea:ef:18:4e:c9:ed:fe:
         b1:96:ab:f3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZxSPje+dIsPGsCgdCs1oWQMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjYwMjEyMTQyNTM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2VkYTQyMDI5ZTgxY2Q3ZTJiY2RiMTMyYzY0ZTlhOGU2MzBiMmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyTahgNRthnqVbNTnslgl1lFKROuU
L24V3nogdT5ORpGzB9kFmi5TNVjzHU8HrT1WSKMFMK/J4r7ylx13IVVVYn/BUGO/
oBp3aIICKnXz4xJYduAAXs/k9R07WUtV39mouHxRtYNJefm2OOW3yHg7BDVj9Cix
tHc0Ba05YwnbSsn97jyds9+zScinxzZ2Nhar8Q5ZehWnmrZ0NCTcf3DS/vLRIjzG
/K9hrpibruUp136XiDGd5Vlcws+ApFPtQ9a0LHb5W9UwpH/Qo+6yabXev7TlTnqJ
UWxNuNguXqO9QSucqA4mCk4d3fwNGyMij33YGeyWR0rDKe8ettGoATkoxQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKPtpCAp6BzX4rzbEyxk6ajmMLLUMB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEvby0ya0lDbm9ITmZpdk5zVExHVHBxT1l3c3RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhF4hwMF
ACoSLMcwDQYJKoZIhvcNAQELBQADggEBACqarMU21pXvVTyl0FA7CdweLbHNb+Qz
ud7NAYffQilVq2YuwNdDzrxBTgUm9MOtR0/Cp0Exyiv9aL4cPcqhf+4pwZMJmh+2
noqNDVT7a6GmEUyVGGkfiJNK3pEq3AE/wkvcAm0gMU0X8MTe+H3PH3pu0/7iSWT6
9PBsr3JnnUI54vOKu7WPNCGccuWt5B5tgC2BpEAZbYxH94IMaMJosrdPTDTY+ejA
2j+dfxflfnYzwTE4b9Rft/cR2XyNcavBQaOqSA+igEI5OL4S/OZYx0UoUepR6i8g
nXmbzan3zZKCrr4htyp45cmC5F+aeFgxtkkgdimn6u8YTsnt/rGWq/M=
-----END CERTIFICATE-----