Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/9x9AOkqpKQ9ytxby-6-4d4hB9P8.roa
File:                     9x9AOkqpKQ9ytxby-6-4d4hB9P8.roa (raw, json)
Hash identifier:          TIH278yKT3/0sPg4BeQ8NvOtkraNBgIlZuSFHYyl7R8=
Subject key identifier:   F7:1F:40:3A:4A:A9:29:0F:72:B7:16:F2:FB:AF:B8:77:88:41:F4:FF
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019C705F34E9D668E6E4C10ABCEFF7E7E644
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/9x9AOkqpKQ9ytxby-6-4d4hB9P8.roa
Signing time:             Wed 18 Feb 2026 10:50:13 +0000
ROA not before:           Wed 18 Feb 2026 10:50:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200882
IP address blocks:        2a0c:b641:990::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 24 Feb 2026 06:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:70:5f:34:e9:d6:68:e6:e4:c1:0a:bc:ef:f7:e7:e6:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Feb 18 10:50:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f71f403a4aa9290f72b716f2fbafb8778841f4ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:20:25:67:53:93:86:6d:92:0e:d0:6e:c4:4a:
                    e5:7a:05:ba:0f:1e:0a:ba:23:25:02:d0:e2:59:ad:
                    1c:64:87:c9:07:bb:29:2e:b0:6e:a0:99:f8:ba:f2:
                    87:9b:d9:7f:30:64:c1:62:84:93:bf:60:2a:69:c5:
                    73:7d:91:50:36:01:f2:84:6a:b8:30:63:4e:a3:7f:
                    3e:4d:af:3e:90:1b:c4:8f:aa:ec:13:d6:05:e6:8d:
                    12:a5:7e:09:67:b5:ae:fe:b6:57:03:93:8d:69:e8:
                    8d:71:ba:bc:1e:f5:ea:da:3e:e8:18:8e:79:55:88:
                    bb:d5:90:61:83:de:6e:e7:33:65:a2:05:e0:d9:7f:
                    61:c4:56:92:a4:b6:c5:ca:a0:97:e5:ef:ee:57:a2:
                    89:34:cf:47:16:2d:20:a2:6e:d8:4b:ff:ca:e7:84:
                    ef:7d:ac:c9:dc:30:55:8e:ee:4f:a2:32:80:1e:96:
                    55:42:cf:86:55:62:fc:8c:3c:b2:48:69:d6:46:a1:
                    37:e2:92:39:65:f9:c4:39:8c:bd:54:06:8c:18:f0:
                    a8:7e:e8:b8:9e:0a:3d:70:5c:41:b2:bc:8e:0e:14:
                    af:31:dc:f1:6c:a9:55:8a:73:67:0a:02:07:6c:91:
                    19:ab:37:59:94:d4:5e:45:09:ff:cb:4c:0d:e8:45:
                    88:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:1F:40:3A:4A:A9:29:0F:72:B7:16:F2:FB:AF:B8:77:88:41:F4:FF
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/9x9AOkqpKQ9ytxby-6-4d4hB9P8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:990::/44

    Signature Algorithm: sha256WithRSAEncryption
         55:03:ec:74:5d:86:f0:77:21:d0:0e:4a:f7:53:ef:1c:63:33:
         6f:f3:d0:7b:4c:a0:91:9f:c5:33:1b:f0:bc:aa:51:7e:1f:07:
         63:63:ca:a2:1d:6c:99:26:05:17:b0:8b:ee:7d:ae:b5:24:55:
         e3:89:52:8b:8c:56:e9:f7:af:c5:63:2e:b2:9c:c3:da:2b:47:
         37:ff:96:4d:fe:82:b1:62:ef:a6:23:97:f4:6e:93:e8:fa:b8:
         2b:ed:80:d0:11:c1:35:5e:d6:2e:db:b1:08:7e:0d:7c:c7:56:
         c5:af:e8:57:d0:63:e2:02:00:9f:6e:d4:49:a5:02:93:d7:4c:
         86:6a:75:87:ac:a1:6d:26:54:cf:b3:ef:8e:a9:53:3f:f6:57:
         75:87:33:e0:f8:e6:42:ae:f9:fb:24:94:bb:8a:68:43:15:94:
         7f:71:49:66:d8:d9:fe:60:f3:39:18:91:be:3b:aa:98:4b:94:
         d3:a6:bc:c4:fe:1d:fb:44:fa:2f:14:df:a7:87:bd:63:b6:c9:
         11:c3:3f:f1:e6:98:4e:a3:6a:6a:12:5c:0a:74:c6:fb:a0:54:
         a1:51:87:d0:de:22:0c:7d:a2:a1:99:19:58:27:1a:c1:27:f6:
         d8:a2:80:f6:2c:dc:6c:33:94:8a:43:42:cb:ea:46:fb:1f:4a:
         fd:31:2c:cf
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZxwXzTp1mjm5MEKvO/35+ZEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMjE4MTA1MDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzFmNDAzYTRhYTkyOTBmNzJiNzE2ZjJmYmFmYjg3Nzg4NDFmNGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtyAlZ1OThm2SDtBuxErlegW6Dx4K
uiMlAtDiWa0cZIfJB7spLrBuoJn4uvKHm9l/MGTBYoSTv2AqacVzfZFQNgHyhGq4
MGNOo38+Ta8+kBvEj6rsE9YF5o0SpX4JZ7Wu/rZXA5ONaeiNcbq8HvXq2j7oGI55
VYi71ZBhg95u5zNlogXg2X9hxFaSpLbFyqCX5e/uV6KJNM9HFi0gom7YS//K54Tv
fazJ3DBVju5PojKAHpZVQs+GVWL8jDyySGnWRqE34pI5ZfnEOYy9VAaMGPCofui4
ngo9cFxBsryODhSvMdzxbKlVinNnCgIHbJEZqzdZlNReRQn/y0wN6EWIqQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPcfQDpKqSkPcrcW8vuvuHeIQfT/MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvOXg5QU9rcXBLUTl5dHhieS02LTRkNGhCOVA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQmQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBVA+x0XYbwdyHQDkr3U+8cYzNv89B7TKCRn8Uz
G/C8qlF+HwdjY8qiHWyZJgUXsIvufa61JFXjiVKLjFbp96/FYy6ynMPaK0c3/5ZN
/oKxYu+mI5f0bpPo+rgr7YDQEcE1XtYu27EIfg18x1bFr+hX0GPiAgCfbtRJpQKT
10yGanWHrKFtJlTPs++OqVM/9ld1hzPg+OZCrvn7JJS7imhDFZR/cUlm2Nn+YPM5
GJG+O6qYS5TTprzE/h37RPovFN+nh71jtskRwz/x5phOo2pqElwKdMb7oFShUYfQ
3iIMfaKhmRlYJxrBJ/bYooD2LNxsM5SKQ0LL6kb7H0r9MSzP
-----END CERTIFICATE-----