Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/OXi9FvtAm7uWOfuxrndTFxtIeDI.roa
File:                     OXi9FvtAm7uWOfuxrndTFxtIeDI.roa (raw, json)
Hash identifier:          PQF15uXbDvgw+VA1SQ5MhfFl8laWx5AoFn8wDW3NLX0=
Subject key identifier:   39:78:BD:16:FB:40:9B:BB:96:39:FB:B1:AE:77:53:17:1B:48:78:32
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019C8EE745F562A8606C5AB438BB5FAAAC5D
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/OXi9FvtAm7uWOfuxrndTFxtIeDI.roa
Signing time:             Tue 24 Feb 2026 09:07:27 +0000
ROA not before:           Tue 24 Feb 2026 09:07:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215152
IP address blocks:        93.186.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8e:e7:45:f5:62:a8:60:6c:5a:b4:38:bb:5f:aa:ac:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Feb 24 09:07:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3978bd16fb409bbb9639fbb1ae7753171b487832
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b3:52:c7:10:52:c8:d1:35:81:56:c1:b2:19:
                    4b:07:52:94:58:18:96:03:62:6d:de:64:92:30:14:
                    d6:41:fa:76:98:ec:ae:0f:04:96:e2:be:de:4c:c1:
                    c9:7f:58:07:e0:f2:a4:a7:91:ca:00:cd:3b:79:28:
                    e5:fa:ef:be:ee:4b:74:4c:22:80:6c:2d:3c:b8:16:
                    ab:53:c7:7b:43:c0:fd:58:59:04:59:c0:37:cb:da:
                    0d:6e:a4:c8:1d:79:c1:ac:e7:94:52:31:5d:3b:ea:
                    f6:78:18:5b:c9:f8:61:e9:76:15:8b:0a:5f:99:d3:
                    e8:8f:fc:c9:e7:e5:04:62:e2:25:84:22:96:3b:7e:
                    30:8e:67:6a:26:c5:7b:9d:76:24:13:da:f7:09:91:
                    13:8d:28:df:fb:44:d9:25:39:a0:fc:b9:9b:96:71:
                    1c:5e:48:ee:0e:a4:46:9a:90:f0:aa:be:cf:a8:70:
                    ac:45:62:78:a9:bb:ab:2f:00:8c:de:e4:3b:5f:22:
                    96:5b:14:84:02:4a:04:89:d6:64:da:e9:32:c8:18:
                    1f:0d:ed:93:6c:1b:2b:fd:dd:2c:71:76:b3:4f:90:
                    6c:49:c6:b4:bc:2f:27:d4:73:3e:39:1a:b5:44:e7:
                    65:9b:06:4d:79:d4:07:c4:05:b2:9a:c0:0b:aa:08:
                    2e:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:78:BD:16:FB:40:9B:BB:96:39:FB:B1:AE:77:53:17:1B:48:78:32
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/OXi9FvtAm7uWOfuxrndTFxtIeDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.186.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:9a:4b:bd:73:ed:1a:f2:c6:27:23:23:52:e0:24:04:68:06:
         d2:17:80:d4:ce:68:b9:ce:b6:2a:7f:54:df:b0:68:9b:cd:23:
         1c:ec:9e:0f:90:9f:3f:82:49:1a:30:ed:4d:90:c4:ae:2d:00:
         6c:7b:76:84:e4:5c:c2:f1:c0:57:1c:3a:d8:b5:f3:1a:4e:4a:
         a2:56:c9:10:f9:20:83:e3:1d:5e:e5:8c:2f:60:59:cd:48:3d:
         32:54:55:f4:6c:89:9d:ff:ae:38:5a:e2:fd:11:02:b3:2f:ab:
         46:6a:6f:78:82:75:92:e2:c4:c1:5b:ca:7b:86:49:00:fe:42:
         d2:f6:df:5d:77:bf:68:2a:ca:f2:80:d1:17:93:40:d3:d3:4e:
         50:b6:ce:e6:cb:08:2a:88:57:4f:97:29:80:d5:e4:83:23:10:
         c0:dc:9a:13:30:93:cf:ec:7c:05:2b:db:10:dd:0c:d2:c5:a1:
         b3:2e:db:08:86:f3:46:bd:32:c9:8c:10:96:9f:92:68:a2:2f:
         d8:94:fc:7e:cb:09:e6:03:83:1e:3c:8b:2d:a8:d5:56:ad:42:
         0d:60:07:ea:35:76:61:f8:1e:13:ed:4f:83:92:dd:23:1c:80:
         43:12:4c:11:c7:ef:ee:37:18:b6:ce:6f:0b:fd:37:f3:a2:1a:
         4d:75:b2:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyO50X1YqhgbFq0OLtfqqxdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwMjI0MDkwNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTc4YmQxNmZiNDA5YmJiOTYzOWZiYjFhZTc3NTMxNzFiNDg3ODMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbNSxxBSyNE1gVbBshlLB1KUWBiW
A2Jt3mSSMBTWQfp2mOyuDwSW4r7eTMHJf1gH4PKkp5HKAM07eSjl+u++7kt0TCKA
bC08uBarU8d7Q8D9WFkEWcA3y9oNbqTIHXnBrOeUUjFdO+r2eBhbyfhh6XYViwpf
mdPoj/zJ5+UEYuIlhCKWO34wjmdqJsV7nXYkE9r3CZETjSjf+0TZJTmg/LmblnEc
XkjuDqRGmpDwqr7PqHCsRWJ4qburLwCM3uQ7XyKWWxSEAkoEidZk2ukyyBgfDe2T
bBsr/d0scXazT5BsSca0vC8n1HM+ORq1ROdlmwZNedQHxAWymsALqggujQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDl4vRb7QJu7ljn7sa53UxcbSHgyMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvT1hpOUZ2dEFtN3VXT2Z1eHJuZFRGeHRJZURJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXbpHMA0G
CSqGSIb3DQEBCwUAA4IBAQBSmku9c+0a8sYnIyNS4CQEaAbSF4DUzmi5zrYqf1Tf
sGibzSMc7J4PkJ8/gkkaMO1NkMSuLQBse3aE5FzC8cBXHDrYtfMaTkqiVskQ+SCD
4x1e5YwvYFnNSD0yVFX0bImd/644WuL9EQKzL6tGam94gnWS4sTBW8p7hkkA/kLS
9t9dd79oKsrygNEXk0DT005Qts7mywgqiFdPlymA1eSDIxDA3JoTMJPP7HwFK9sQ
3QzSxaGzLtsIhvNGvTLJjBCWn5Jooi/YlPx+ywnmA4MePIstqNVWrUINYAfqNXZh
+B4T7U+Dkt0jHIBDEkwRx+/uNxi2zm8L/TfzohpNdbJk
-----END CERTIFICATE-----