Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/1-ehzYatit3iLMmu80bwVvF4ySRg.roa
File:                     1-ehzYatit3iLMmu80bwVvF4ySRg.roa (raw, json)
Hash identifier:          yxJAVsFotojTUCt/gJcaBSwXY212I++Y/TVg1twrlgE=
Subject key identifier:   F9:E8:73:61:AB:62:B7:78:8B:32:6B:BC:D1:BC:15:BC:5E:32:49:18
Certificate issuer:       /CN=ec9c685cf6671cc656f92e764557a38378f2827c
Certificate serial:       019C94DC8970921DEE6AC4E806E4056D5E5F
Authority key identifier: EC:9C:68:5C:F6:67:1C:C6:56:F9:2E:76:45:57:A3:83:78:F2:82:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/1-ehzYatit3iLMmu80bwVvF4ySRg.roa
Signing time:             Wed 25 Feb 2026 12:53:26 +0000
ROA not before:           Wed 25 Feb 2026 12:53:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215152
IP address blocks:        212.114.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:94:dc:89:70:92:1d:ee:6a:c4:e8:06:e4:05:6d:5e:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec9c685cf6671cc656f92e764557a38378f2827c
        Validity
            Not Before: Feb 25 12:53:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f9e87361ab62b7788b326bbcd1bc15bc5e324918
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:13:bb:db:15:be:1c:a0:1f:ae:46:d9:02:35:
                    01:00:7d:b5:01:38:89:4d:c5:99:4e:33:86:64:b6:
                    e9:5f:ca:22:bd:1b:14:a3:e7:d5:ae:da:b5:3a:d1:
                    c1:1f:b4:2e:fe:c5:24:31:2b:94:de:10:41:39:35:
                    5c:eb:f3:08:d6:e0:5a:be:3c:38:14:68:85:e1:cb:
                    2d:0b:f0:58:af:15:dd:45:ca:2c:06:b7:64:d2:1f:
                    ef:74:36:83:89:d3:71:c6:e1:9d:2b:df:c6:fd:61:
                    f3:e2:d5:b2:a9:e1:d0:12:bf:54:db:5b:22:15:59:
                    d9:6b:4a:6a:af:88:a0:34:e2:10:0f:cf:ae:a6:37:
                    fa:8b:fa:1c:ab:cb:96:8d:03:76:97:5d:3e:61:73:
                    37:f7:6e:72:71:b7:1a:62:ef:10:46:37:5c:4c:86:
                    5e:b7:56:d3:3e:67:b1:36:b3:bd:91:7f:84:0c:25:
                    fe:84:30:1f:b3:0f:87:72:5d:f8:f0:c9:ab:f9:72:
                    36:d2:d1:cd:e2:e4:57:95:03:19:4f:ad:3d:ad:39:
                    12:72:79:2c:45:f7:e3:9d:63:48:26:da:14:0b:45:
                    5e:43:da:4a:59:f4:2f:f6:42:50:f2:89:c1:3a:ee:
                    33:fa:ad:88:bf:56:ad:b8:d3:b0:2e:22:43:6f:1f:
                    63:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:E8:73:61:AB:62:B7:78:8B:32:6B:BC:D1:BC:15:BC:5E:32:49:18
            X509v3 Authority Key Identifier:
                keyid:EC:9C:68:5C:F6:67:1C:C6:56:F9:2E:76:45:57:A3:83:78:F2:82:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/1-ehzYatit3iLMmu80bwVvF4ySRg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.114.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:4c:7e:ba:cf:1a:4d:b3:31:68:81:eb:a8:53:bf:48:99:fb:
         bd:81:64:3b:f4:2f:60:24:cf:90:a2:ec:b0:43:68:d6:bf:b7:
         48:8c:49:1f:b4:cd:bd:e4:7a:94:f9:a5:37:69:55:01:19:66:
         a3:e1:de:d4:33:94:1c:a5:5b:24:28:e4:de:13:d4:39:48:c2:
         c9:ce:fe:8e:03:c9:32:2f:19:2d:60:fc:e7:f2:67:d5:5b:69:
         01:ee:7a:92:14:2a:99:0b:f9:96:74:9f:ac:4d:07:76:4a:97:
         be:be:4a:15:cd:9c:fe:95:f4:66:1a:35:eb:77:22:30:f7:d5:
         5d:07:d5:66:98:7b:45:5c:9b:b7:55:2a:0d:cc:02:67:af:02:
         a3:78:06:61:72:4f:d6:67:34:34:9b:b7:60:2e:36:5d:59:5d:
         a8:a1:fb:61:ec:c4:16:bc:02:92:fc:c3:a1:cd:b1:cb:af:71:
         03:bc:05:3c:59:77:1f:bd:0f:30:f1:b5:d0:7b:29:24:3c:6e:
         2c:b6:d2:df:e8:c0:ac:11:2d:08:1d:71:dc:d0:35:4e:59:5d:
         d5:f4:35:3b:50:bb:6e:de:a2:39:27:dc:87:d6:6d:40:4c:00:
         f6:93:27:6b:c7:ed:5e:ff:3b:61:db:6e:fa:18:cb:4e:2d:67:
         be:e4:84:e5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZyU3Ilwkh3uasToBuQFbV5fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjOWM2ODVjZjY2NzFjYzY1NmY5MmU3NjQ1NTdhMzgzNzhm
MjgyN2MwHhcNMjYwMjI1MTI1MzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWU4NzM2MWFiNjJiNzc4OGIzMjZiYmNkMWJjMTViYzVlMzI0OTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhO72xW+HKAfrkbZAjUBAH21ATiJ
TcWZTjOGZLbpX8oivRsUo+fVrtq1OtHBH7Qu/sUkMSuU3hBBOTVc6/MI1uBavjw4
FGiF4cstC/BYrxXdRcosBrdk0h/vdDaDidNxxuGdK9/G/WHz4tWyqeHQEr9U21si
FVnZa0pqr4igNOIQD8+upjf6i/ocq8uWjQN2l10+YXM3925ycbcaYu8QRjdcTIZe
t1bTPmexNrO9kX+EDCX+hDAfsw+Hcl348Mmr+XI20tHN4uRXlQMZT609rTkScnks
RffjnWNIJtoUC0VeQ9pKWfQv9kJQ8onBOu4z+q2Iv1atuNOwLiJDbx9jaQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPnoc2GrYrd4izJrvNG8FbxeMkkYMB8GA1UdIwQY
MBaAFOycaFz2ZxzGVvkudkVXo4N48oJ8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0p4b1hQWm5ITVpXLVM1MlJWZWpnM2p5Z253LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9lOWI1NmUtM2I1Yi00M2IxLThiYjUt
YmFiNDhkYWI0Y2Q2LzEvMS1laHpZYXRpdDNpTE1tdTgwYndWdkY0eVNSZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMWIvZTliNTZlLTNiNWItNDNiMS04YmI1LWJhYjQ4ZGFiNGNk
Ni8xLzdKeG9YUFpuSE1aVy1TNTJSVmVqZzNqeWdudy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANRyLTAN
BgkqhkiG9w0BAQsFAAOCAQEAlEx+us8aTbMxaIHrqFO/SJn7vYFkO/QvYCTPkKLs
sENo1r+3SIxJH7TNveR6lPmlN2lVARlmo+He1DOUHKVbJCjk3hPUOUjCyc7+jgPJ
Mi8ZLWD85/Jn1VtpAe56khQqmQv5lnSfrE0HdkqXvr5KFc2c/pX0Zho163ciMPfV
XQfVZph7RVybt1UqDcwCZ68Co3gGYXJP1mc0NJu3YC42XVldqKH7YezEFrwCkvzD
oc2xy69xA7wFPFl3H70PMPG10HspJDxuLLbS3+jArBEtCB1x3NA1Tlld1fQ1O1C7
bt6iOSfch9ZtQEwA9pMna8ftXv87Ydtu+hjLTi1nvuSE5Q==
-----END CERTIFICATE-----