Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/KEpd8aLsRLWLmDc4xwKLy9aSBTM.roa
File:                     KEpd8aLsRLWLmDc4xwKLy9aSBTM.roa (raw, json)
Hash identifier:          vGg7c23WcZQm7IFeTTb7/OJV3iJUNh5/vY8lgr3tw0A=
Subject key identifier:   28:4A:5D:F1:A2:EC:44:B5:8B:98:37:38:C7:02:8B:CB:D6:92:05:33
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       019C50D096FD79499EE1B95A90059CE1C295
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/KEpd8aLsRLWLmDc4xwKLy9aSBTM.roa
Signing time:             Thu 12 Feb 2026 07:46:13 +0000
ROA not before:           Thu 12 Feb 2026 07:46:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25436
IP address blocks:        85.175.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:50:d0:96:fd:79:49:9e:e1:b9:5a:90:05:9c:e1:c2:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Feb 12 07:46:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=284a5df1a2ec44b58b983738c7028bcbd6920533
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:29:be:ca:59:bf:15:9c:cf:f0:3f:da:1e:9b:
                    41:cf:03:6b:80:e3:43:a1:f3:22:60:2c:b8:01:ce:
                    78:fe:c8:d8:9f:6b:40:b9:7d:bf:57:0e:c5:d0:f4:
                    8d:86:6f:68:4a:1f:0f:16:b8:5c:4c:f4:d2:2d:47:
                    5c:ef:0b:c9:3a:e7:81:0e:96:99:be:1e:d1:07:69:
                    75:a3:6b:b2:82:2c:56:d0:70:20:1c:30:34:07:7c:
                    2a:58:ee:79:56:bd:0c:a2:ba:bb:a8:ae:e3:51:d0:
                    80:6f:61:a2:36:ab:ee:df:eb:0b:bb:a8:2e:dc:c0:
                    36:91:82:83:97:61:22:89:ac:67:52:20:a8:d9:3d:
                    ce:8c:36:b3:6c:ac:3b:bf:c9:0e:3f:79:0b:41:db:
                    ce:48:53:2b:07:ff:29:c3:a6:fa:17:aa:5d:8a:6e:
                    51:07:ee:98:cd:57:52:58:50:32:e1:44:39:59:bc:
                    ed:f8:6e:01:00:60:6b:41:8c:0d:7b:5b:e8:8a:b5:
                    70:50:b9:7d:c9:5a:b6:de:f5:b6:71:55:c4:d9:c1:
                    aa:4f:1a:1a:81:d4:04:17:1e:12:df:8d:a1:02:95:
                    2e:90:6c:c5:1c:35:5e:1b:fb:35:04:5c:38:ec:fd:
                    58:e2:99:89:9a:dd:c8:79:50:e2:76:b5:f8:14:e2:
                    83:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:4A:5D:F1:A2:EC:44:B5:8B:98:37:38:C7:02:8B:CB:D6:92:05:33
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/KEpd8aLsRLWLmDc4xwKLy9aSBTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.175.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:70:8e:75:18:d0:0d:5d:78:d1:fb:65:b7:8a:2b:31:ca:c2:
         cd:c3:96:77:8c:21:8d:9d:d8:fe:66:b4:bc:9c:9a:49:6a:36:
         f0:85:7e:5a:e6:48:e7:a0:78:34:cc:c6:2f:fe:8e:57:ae:5f:
         a8:79:57:f8:57:3b:86:3b:50:3a:97:99:23:cb:bc:cd:21:23:
         30:41:7c:9e:a3:0d:68:07:8f:2b:d3:f8:6c:70:c2:59:05:e0:
         f1:3f:cd:a2:ad:c0:a5:8a:70:d1:98:0c:0e:5c:e0:64:07:0c:
         30:94:f8:26:ff:35:2d:06:ea:e2:9d:91:8a:eb:ca:e1:ba:82:
         10:18:78:33:01:49:64:55:43:d5:75:8b:2e:22:ec:50:d1:57:
         f2:a2:dd:45:28:50:a4:78:c2:1d:70:f8:2f:5f:30:fc:1e:fb:
         85:0a:a2:68:b3:7f:c8:e3:c6:9c:33:3d:ae:3e:fb:26:de:8f:
         b3:a3:12:56:ea:eb:5f:be:ff:86:72:a4:08:09:e3:9b:a5:6f:
         b5:bd:bd:7d:16:a7:76:2b:4a:f4:92:55:7a:a4:58:42:c5:52:
         29:50:be:76:55:c9:4d:75:a8:69:3c:93:5e:44:82:02:37:99:
         dd:cd:ae:d0:f0:81:18:35:ff:9f:78:8d:12:35:da:74:9c:d6:
         fd:ec:2a:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxQ0Jb9eUme4blakAWc4cKVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjYwMjEyMDc0NjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODRhNWRmMWEyZWM0NGI1OGI5ODM3MzhjNzAyOGJjYmQ2OTIwNTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSm+ylm/FZzP8D/aHptBzwNrgOND
ofMiYCy4Ac54/sjYn2tAuX2/Vw7F0PSNhm9oSh8PFrhcTPTSLUdc7wvJOueBDpaZ
vh7RB2l1o2uygixW0HAgHDA0B3wqWO55Vr0Morq7qK7jUdCAb2GiNqvu3+sLu6gu
3MA2kYKDl2EiiaxnUiCo2T3OjDazbKw7v8kOP3kLQdvOSFMrB/8pw6b6F6pdim5R
B+6YzVdSWFAy4UQ5Wbzt+G4BAGBrQYwNe1voirVwULl9yVq23vW2cVXE2cGqTxoa
gdQEFx4S342hApUukGzFHDVeG/s1BFw47P1Y4pmJmt3IeVDidrX4FOKDaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFChKXfGi7ES1i5g3OMcCi8vWkgUzMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvS0VwZDhhTHNSTFdMbURjNHh3S0x5OWFTQlRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVa8KMA0G
CSqGSIb3DQEBCwUAA4IBAQCWcI51GNANXXjR+2W3iisxysLNw5Z3jCGNndj+ZrS8
nJpJajbwhX5a5kjnoHg0zMYv/o5Xrl+oeVf4VzuGO1A6l5kjy7zNISMwQXyeow1o
B48r0/hscMJZBeDxP82ircClinDRmAwOXOBkBwwwlPgm/zUtBurinZGK68rhuoIQ
GHgzAUlkVUPVdYsuIuxQ0Vfyot1FKFCkeMIdcPgvXzD8HvuFCqJos3/I48acMz2u
Pvsm3o+zoxJW6utfvv+GcqQICeObpW+1vb19Fqd2K0r0klV6pFhCxVIpUL52VclN
dahpPJNeRIICN5ndza7Q8IEYNf+feI0SNdp0nNb97CoQ
-----END CERTIFICATE-----