Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/c80c5a-fae2-466d-aa16-8ca6c33d14bb/1/kMiPdUnfBlmQ_-UZ0PPwAdBy2Ws.roa
File:                     kMiPdUnfBlmQ_-UZ0PPwAdBy2Ws.roa (raw, json)
Hash identifier:          MMTL72eHvD66StkaydrVIWqM0Kvh189EtZcOy9LJ7fc=
Subject key identifier:   90:C8:8F:75:49:DF:06:59:90:FF:E5:19:D0:F3:F0:01:D0:72:D9:6B
Certificate issuer:       /CN=e0f2f545ddb234e383d36b8a8d6b56a38dd72f89
Certificate serial:       019C5725FB421078AF980939FC0B51F3B991
Authority key identifier: E0:F2:F5:45:DD:B2:34:E3:83:D3:6B:8A:8D:6B:56:A3:8D:D7:2F:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4PL1Rd2yNOOD02uKjWtWo43XL4k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/c80c5a-fae2-466d-aa16-8ca6c33d14bb/1/kMiPdUnfBlmQ_-UZ0PPwAdBy2Ws.roa
Signing time:             Fri 13 Feb 2026 13:17:12 +0000
ROA not before:           Fri 13 Feb 2026 13:17:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206816
IP address blocks:        91.207.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/c80c5a-fae2-466d-aa16-8ca6c33d14bb/1/4PL1Rd2yNOOD02uKjWtWo43XL4k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/c80c5a-fae2-466d-aa16-8ca6c33d14bb/1/4PL1Rd2yNOOD02uKjWtWo43XL4k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4PL1Rd2yNOOD02uKjWtWo43XL4k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:57:25:fb:42:10:78:af:98:09:39:fc:0b:51:f3:b9:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0f2f545ddb234e383d36b8a8d6b56a38dd72f89
        Validity
            Not Before: Feb 13 13:17:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=90c88f7549df065990ffe519d0f3f001d072d96b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:67:47:06:41:f5:fb:ec:14:47:54:25:a1:6e:
                    bd:f0:8e:42:39:ee:94:b1:36:37:a4:35:b7:b9:8d:
                    a0:4b:b3:cc:b3:80:46:de:35:4e:52:31:74:5c:b9:
                    b5:30:f7:73:40:59:21:74:ae:ea:3d:8b:50:11:f3:
                    99:b2:7c:18:fb:a6:58:b0:04:d7:01:58:61:a5:8c:
                    b8:47:90:a2:fd:af:9f:6c:db:30:98:ca:a1:e2:48:
                    e8:90:d6:89:ef:04:34:83:2d:ed:8c:af:1a:5b:7b:
                    9b:ff:20:08:74:b1:5a:75:c8:3c:76:85:ea:1d:01:
                    d2:12:44:94:50:cd:ad:33:a9:4f:cf:97:f1:e0:24:
                    4e:73:a6:f4:ea:3a:4a:0e:11:6c:94:ff:c1:42:c6:
                    01:61:4f:c9:12:3a:65:4d:df:80:7b:19:69:ff:9f:
                    6f:27:00:12:0b:58:1a:5e:e8:21:2a:1b:6b:75:95:
                    4d:63:10:43:e7:26:0d:75:76:2c:bc:bf:bc:e8:4b:
                    49:85:63:2c:97:97:e3:5b:60:50:b0:d8:fc:6e:c4:
                    a6:a9:75:3f:ea:db:55:e4:81:27:15:f4:36:bd:5e:
                    8e:93:e5:0c:7d:93:e5:25:46:5d:15:b3:85:11:1a:
                    fe:71:0e:be:0f:8d:62:43:a7:ee:8d:ff:70:53:7a:
                    6f:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:C8:8F:75:49:DF:06:59:90:FF:E5:19:D0:F3:F0:01:D0:72:D9:6B
            X509v3 Authority Key Identifier:
                keyid:E0:F2:F5:45:DD:B2:34:E3:83:D3:6B:8A:8D:6B:56:A3:8D:D7:2F:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4PL1Rd2yNOOD02uKjWtWo43XL4k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/c80c5a-fae2-466d-aa16-8ca6c33d14bb/1/kMiPdUnfBlmQ_-UZ0PPwAdBy2Ws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/c80c5a-fae2-466d-aa16-8ca6c33d14bb/1/4PL1Rd2yNOOD02uKjWtWo43XL4k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:c2:57:1f:ae:08:5a:4a:cb:6c:14:7e:0b:ff:fc:36:1a:78:
         61:25:b7:20:9a:11:ce:24:6e:ad:3d:c8:4b:73:6a:fa:41:f3:
         cb:eb:95:de:4e:92:5a:af:3f:bc:ae:6a:39:2d:0f:26:5d:24:
         33:f2:dd:ed:65:03:c7:64:48:f3:19:f8:2e:4f:b5:6b:7c:f7:
         dc:29:1b:e2:3a:d0:7b:70:04:3c:fd:9b:a7:4b:b1:9e:6c:4b:
         95:14:6b:3b:a5:e1:bd:41:a5:33:1f:fa:30:11:67:71:f0:60:
         1a:23:19:e6:94:31:95:36:19:f2:68:9f:15:57:8c:6f:a6:6b:
         61:f3:25:29:28:fb:57:99:de:d6:0f:8e:b5:86:9d:8a:78:38:
         92:13:9f:44:5a:99:00:77:3d:0d:23:1e:6d:37:71:ba:6b:2f:
         46:3b:ba:72:ed:93:14:cb:ec:97:7d:19:0c:99:45:63:5c:a6:
         26:de:cf:d0:e3:93:a0:2f:5b:69:8b:71:62:ec:63:59:4f:62:
         53:ed:43:a7:77:c8:59:20:20:55:75:09:cd:e6:b7:1c:d4:ac:
         a6:74:e2:81:87:a7:b2:3c:f4:bc:74:d0:d7:21:92:ce:1b:34:
         12:d5:ee:94:d1:af:2f:38:88:92:6f:13:c5:18:de:0c:64:bb:
         b8:59:b1:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxXJftCEHivmAk5/AtR87mRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwZjJmNTQ1ZGRiMjM0ZTM4M2QzNmI4YThkNmI1NmEzOGRk
NzJmODkwHhcNMjYwMjEzMTMxNzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGM4OGY3NTQ5ZGYwNjU5OTBmZmU1MTlkMGYzZjAwMWQwNzJkOTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWdHBkH1++wUR1QloW698I5COe6U
sTY3pDW3uY2gS7PMs4BG3jVOUjF0XLm1MPdzQFkhdK7qPYtQEfOZsnwY+6ZYsATX
AVhhpYy4R5Ci/a+fbNswmMqh4kjokNaJ7wQ0gy3tjK8aW3ub/yAIdLFadcg8doXq
HQHSEkSUUM2tM6lPz5fx4CROc6b06jpKDhFslP/BQsYBYU/JEjplTd+Aexlp/59v
JwASC1gaXughKhtrdZVNYxBD5yYNdXYsvL+86EtJhWMsl5fjW2BQsNj8bsSmqXU/
6ttV5IEnFfQ2vV6Ok+UMfZPlJUZdFbOFERr+cQ6+D41iQ6fujf9wU3pv+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJDIj3VJ3wZZkP/lGdDz8AHQctlrMB8GA1UdIwQY
MBaAFODy9UXdsjTjg9Nrio1rVqON1y+JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFBMMVJkMnlOT09EMDJ1S2pXdFdvNDNYTDRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9jODBjNWEtZmFlMi00NjZkLWFhMTYt
OGNhNmMzM2QxNGJiLzEva01pUGRVbmZCbG1RXy1VWjBQUHdBZEJ5MldzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9jODBjNWEtZmFlMi00NjZkLWFhMTYtOGNhNmMzM2QxNGJi
LzEvNFBMMVJkMnlOT09EMDJ1S2pXdFdvNDNYTDRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8/sMA0G
CSqGSIb3DQEBCwUAA4IBAQBOwlcfrghaSstsFH4L//w2GnhhJbcgmhHOJG6tPchL
c2r6QfPL65XeTpJarz+8rmo5LQ8mXSQz8t3tZQPHZEjzGfguT7VrfPfcKRviOtB7
cAQ8/ZunS7GebEuVFGs7peG9QaUzH/owEWdx8GAaIxnmlDGVNhnyaJ8VV4xvpmth
8yUpKPtXmd7WD461hp2KeDiSE59EWpkAdz0NIx5tN3G6ay9GO7py7ZMUy+yXfRkM
mUVjXKYm3s/Q45OgL1tpi3Fi7GNZT2JT7UOnd8hZICBVdQnN5rcc1KymdOKBh6ey
PPS8dNDXIZLOGzQS1e6U0a8vOIiSbxPFGN4MZLu4WbGz
-----END CERTIFICATE-----