Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/55354e-bce7-4a5d-b561-9113fd7afd6c/1/2mbNbpusYk6iw7nI_ZoVXkx25Kk.roa
File:                     2mbNbpusYk6iw7nI_ZoVXkx25Kk.roa (raw, json)
Hash identifier:          jECrA0GxGXQNN5tkvnTh0W3htAuhM6FaT6MhUte5d2Q=
Subject key identifier:   DA:66:CD:6E:9B:AC:62:4E:A2:C3:B9:C8:FD:9A:15:5E:4C:76:E4:A9
Certificate issuer:       /CN=e290e9cc3b7e363d726bd702750b53f29b050a7d
Certificate serial:       019C6ABA7F476F8ED4431747BCBCB2CC0B79
Authority key identifier: E2:90:E9:CC:3B:7E:36:3D:72:6B:D7:02:75:0B:53:F2:9B:05:0A:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4pDpzDt-Nj1ya9cCdQtT8psFCn0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/55354e-bce7-4a5d-b561-9113fd7afd6c/1/2mbNbpusYk6iw7nI_ZoVXkx25Kk.roa
Signing time:             Tue 17 Feb 2026 08:32:12 +0000
ROA not before:           Tue 17 Feb 2026 08:32:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62201
IP address blocks:        185.149.200.0/22 maxlen: 25
                          2a07:6a00::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/55354e-bce7-4a5d-b561-9113fd7afd6c/1/4pDpzDt-Nj1ya9cCdQtT8psFCn0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/55354e-bce7-4a5d-b561-9113fd7afd6c/1/4pDpzDt-Nj1ya9cCdQtT8psFCn0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4pDpzDt-Nj1ya9cCdQtT8psFCn0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6a:ba:7f:47:6f:8e:d4:43:17:47:bc:bc:b2:cc:0b:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e290e9cc3b7e363d726bd702750b53f29b050a7d
        Validity
            Not Before: Feb 17 08:32:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da66cd6e9bac624ea2c3b9c8fd9a155e4c76e4a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:8e:e0:4e:3a:d8:82:80:47:24:c8:b5:e1:72:
                    68:ee:2d:d9:4e:94:15:77:e0:ba:ba:ce:3e:5d:57:
                    35:b8:c8:e0:e9:64:61:1d:79:93:0d:fd:7e:d5:ab:
                    86:d6:68:22:b2:08:50:ff:24:91:c6:c7:96:d4:7f:
                    28:ac:1c:e4:dd:6a:19:62:06:bd:e7:0b:7f:1d:68:
                    b3:62:34:29:ca:ac:37:96:73:b3:a9:0f:6a:44:cb:
                    65:a2:49:5f:0c:8d:ad:30:d1:0f:16:2d:2f:3b:6a:
                    b5:67:b6:3a:bb:dc:55:d1:76:3b:91:6e:7b:d7:f0:
                    53:2e:ff:d4:d1:19:ee:dd:3c:76:f6:06:9a:5e:c4:
                    51:91:02:03:59:5f:a7:95:03:a7:2a:1b:4c:ea:fe:
                    0b:09:01:43:cc:66:5f:f5:f3:4a:72:0e:ad:8a:36:
                    8e:60:b1:b8:e2:1d:32:1c:5e:35:d8:f7:63:c4:1e:
                    86:46:ec:32:1b:96:39:b5:df:ba:b0:99:81:33:08:
                    a4:b7:54:9f:d2:f3:08:82:24:5f:54:7d:67:e8:b8:
                    5e:ae:43:e7:3b:08:c3:20:70:dd:b1:9a:9b:fa:e1:
                    05:0d:75:37:fd:a8:5f:7c:57:29:5c:29:5e:fb:72:
                    7d:f2:fd:ec:57:e2:22:e0:54:34:15:60:c9:e6:af:
                    28:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:66:CD:6E:9B:AC:62:4E:A2:C3:B9:C8:FD:9A:15:5E:4C:76:E4:A9
            X509v3 Authority Key Identifier:
                keyid:E2:90:E9:CC:3B:7E:36:3D:72:6B:D7:02:75:0B:53:F2:9B:05:0A:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4pDpzDt-Nj1ya9cCdQtT8psFCn0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/55354e-bce7-4a5d-b561-9113fd7afd6c/1/2mbNbpusYk6iw7nI_ZoVXkx25Kk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/55354e-bce7-4a5d-b561-9113fd7afd6c/1/4pDpzDt-Nj1ya9cCdQtT8psFCn0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.200.0/22
                IPv6:
                  2a07:6a00::/29

    Signature Algorithm: sha256WithRSAEncryption
         93:32:50:ff:3a:bb:cc:c8:8f:7a:5b:33:aa:ed:5b:2c:ab:74:
         77:c6:4d:54:2f:e7:3d:c3:1b:09:0d:e4:19:71:22:8d:cc:34:
         74:79:cd:99:a3:ef:e1:e3:4d:30:29:2e:79:bc:41:3c:33:78:
         dc:52:47:cf:a9:af:ad:78:d7:2d:b8:1c:00:28:5d:11:f4:55:
         5d:ba:10:71:ff:e2:4c:2b:f7:e5:37:49:c3:e5:72:18:70:34:
         b8:04:ea:94:3d:e8:f3:a4:3c:84:fe:1b:ae:65:1f:40:eb:6e:
         f4:a6:21:84:54:75:41:f3:6e:23:f6:eb:ed:d2:fd:e1:85:36:
         a3:5f:ff:42:af:c3:c5:60:3d:e5:45:23:8d:e0:bf:59:43:9d:
         f7:99:b3:5a:9a:74:ff:8d:2c:f8:69:9d:ba:0f:6e:51:72:c2:
         05:3d:32:93:0c:a7:1f:51:f4:ae:75:06:e4:8f:cd:e9:9f:d4:
         9e:95:81:d9:ea:74:be:2b:c9:8e:45:ae:9b:24:30:16:5a:81:
         d6:1e:8b:3b:82:7f:de:b8:c1:91:3f:ca:1b:d5:71:38:8a:22:
         0a:b4:3a:8b:d1:df:e4:da:c7:de:6f:7f:72:ab:eb:a3:d0:70:
         e8:63:bd:d5:f7:da:c8:7e:19:fa:90:c3:70:4c:fd:cc:6a:13:
         26:03:7a:17
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZxqun9Hb47UQxdHvLyyzAt5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyOTBlOWNjM2I3ZTM2M2Q3MjZiZDcwMjc1MGI1M2YyOWIw
NTBhN2QwHhcNMjYwMjE3MDgzMjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTY2Y2Q2ZTliYWM2MjRlYTJjM2I5YzhmZDlhMTU1ZTRjNzZlNGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqI7gTjrYgoBHJMi14XJo7i3ZTpQV
d+C6us4+XVc1uMjg6WRhHXmTDf1+1auG1mgisghQ/ySRxseW1H8orBzk3WoZYga9
5wt/HWizYjQpyqw3lnOzqQ9qRMtloklfDI2tMNEPFi0vO2q1Z7Y6u9xV0XY7kW57
1/BTLv/U0Rnu3Tx29gaaXsRRkQIDWV+nlQOnKhtM6v4LCQFDzGZf9fNKcg6tijaO
YLG44h0yHF412PdjxB6GRuwyG5Y5td+6sJmBMwikt1Sf0vMIgiRfVH1n6LherkPn
OwjDIHDdsZqb+uEFDXU3/ahffFcpXCle+3J98v3sV+Ii4FQ0FWDJ5q8oIQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNpmzW6brGJOosO5yP2aFV5MduSpMB8GA1UdIwQY
MBaAFOKQ6cw7fjY9cmvXAnULU/KbBQp9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHBEcHpEdC1OajF5YTljQ2RRdFQ4cHNGQ24wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC81NTM1NGUtYmNlNy00YTVkLWI1NjEt
OTExM2ZkN2FmZDZjLzEvMm1iTmJwdXNZazZpdzduSV9ab1ZYa3gyNUtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC81NTM1NGUtYmNlNy00YTVkLWI1NjEtOTExM2ZkN2FmZDZj
LzEvNHBEcHpEdC1OajF5YTljQ2RRdFQ4cHNGQ24wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZXIMA0E
AgACMAcDBQMqB2oAMA0GCSqGSIb3DQEBCwUAA4IBAQCTMlD/OrvMyI96WzOq7Vss
q3R3xk1UL+c9wxsJDeQZcSKNzDR0ec2Zo+/h400wKS55vEE8M3jcUkfPqa+teNct
uBwAKF0R9FVduhBx/+JMK/flN0nD5XIYcDS4BOqUPejzpDyE/huuZR9A6270piGE
VHVB824j9uvt0v3hhTajX/9Cr8PFYD3lRSON4L9ZQ533mbNamnT/jSz4aZ26D25R
csIFPTKTDKcfUfSudQbkj83pn9SelYHZ6nS+K8mORa6bJDAWWoHWHos7gn/euMGR
P8ob1XE4iiIKtDqL0d/k2sfeb39yq+uj0HDoY73V99rIfhn6kMNwTP3MahMmA3oX
-----END CERTIFICATE-----