Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZCwehjVcWbNwFDZWd2w-vXytS9g.roa
File:                     ZCwehjVcWbNwFDZWd2w-vXytS9g.roa (raw, json)
Hash identifier:          mBp05qo8N3SA7CdnjtDS0Nmu2mojKbivALUVRhRx7SM=
Subject key identifier:   64:2C:1E:86:35:5C:59:B3:70:14:36:56:77:6C:3E:BD:7C:AD:4B:D8
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019C50EECE86E7DFA431CF137EBA9C799CC6
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZCwehjVcWbNwFDZWd2w-vXytS9g.roa
Signing time:             Thu 12 Feb 2026 08:19:13 +0000
ROA not before:           Thu 12 Feb 2026 08:19:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     984
IP address blocks:        82.152.122.0/24 maxlen: 24
                          213.210.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:50:ee:ce:86:e7:df:a4:31:cf:13:7e:ba:9c:79:9c:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Feb 12 08:19:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=642c1e86355c59b370143656776c3ebd7cad4bd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a2:71:f1:db:7e:17:c3:24:0a:1b:dd:16:77:
                    57:03:ff:3d:be:65:47:69:a1:62:81:50:ee:2e:c1:
                    ff:ba:b5:e4:b9:43:b9:3f:61:db:6b:e9:47:ae:4c:
                    c1:95:1b:2a:29:96:75:4d:21:2f:ab:24:89:40:ba:
                    77:f2:20:d7:2a:0e:6f:96:f6:35:8a:f5:6b:b2:8f:
                    e7:6d:2d:43:c8:16:3d:42:da:e8:1d:94:29:42:95:
                    df:de:46:fd:60:05:93:ce:c0:7b:e6:af:b5:7f:49:
                    3b:b7:74:2c:76:11:35:a5:8a:b0:da:63:f8:9e:a1:
                    00:39:06:2a:c3:00:fb:11:bb:33:f0:dc:c0:fa:03:
                    46:f8:86:52:85:58:3d:2a:4f:65:8b:a7:ea:da:9f:
                    c4:e6:96:89:5f:bd:16:77:ac:9a:85:76:43:52:1e:
                    11:51:d5:12:fc:f5:25:4f:81:60:1e:41:ac:74:56:
                    c8:e1:a0:33:c8:29:d8:4e:97:9c:83:85:a5:5d:92:
                    1d:85:4c:80:28:99:f8:87:f9:2a:b5:ac:77:01:cd:
                    67:57:d6:34:e5:31:15:6a:29:68:a9:fe:70:92:c3:
                    75:3d:9e:a2:07:9b:26:49:23:1c:47:06:6f:1d:31:
                    c7:f0:b0:79:b6:03:41:52:59:56:6e:08:2e:1a:53:
                    ee:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:2C:1E:86:35:5C:59:B3:70:14:36:56:77:6C:3E:BD:7C:AD:4B:D8
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZCwehjVcWbNwFDZWd2w-vXytS9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.122.0/24
                  213.210.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:86:59:88:43:d3:86:78:6f:a6:79:31:30:a4:56:6c:04:96:
         a5:e5:45:e6:4b:eb:db:d3:06:ff:25:7b:db:d3:e1:f2:30:3b:
         f8:4b:17:48:0c:29:e4:dc:d1:e3:54:42:3d:60:5d:e9:38:35:
         13:f5:dc:27:a2:16:10:b3:a7:76:2f:fd:4d:73:8e:5c:7e:06:
         51:39:f7:ed:86:37:13:b9:9c:6c:56:e9:6e:92:97:54:4f:60:
         68:76:de:e5:82:89:1a:15:8d:0e:c8:a7:74:a0:96:06:0c:c6:
         7a:92:56:51:64:b3:86:59:84:54:73:cc:37:79:9f:f6:26:3e:
         ce:e8:96:d6:a1:fb:cc:de:fd:fb:cf:08:33:b2:a1:94:6a:4f:
         d1:0b:f7:30:05:54:4e:34:5b:24:2e:1b:b4:ba:c2:4a:f2:a2:
         92:76:72:bf:4f:ca:61:91:38:81:a6:01:27:19:8a:44:5e:8c:
         2b:22:54:93:e5:56:9c:a7:ac:30:6c:8f:24:21:f3:4d:a9:ee:
         6d:ec:87:13:62:0f:6f:1b:0c:9f:8b:c2:4c:06:d5:6f:29:9e:
         bb:cb:6e:c2:f2:78:9d:78:7b:5c:b8:64:c8:bd:18:4a:2a:fb:
         40:fc:d2:78:27:1b:2e:6b:ca:a0:47:a3:fc:91:0a:6e:17:9b:
         67:bf:0f:00
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxQ7s6G59+kMc8TfrqceZzGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMjEyMDgxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDJjMWU4NjM1NWM1OWIzNzAxNDM2NTY3NzZjM2ViZDdjYWQ0YmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqJx8dt+F8MkChvdFndXA/89vmVH
aaFigVDuLsH/urXkuUO5P2Hba+lHrkzBlRsqKZZ1TSEvqySJQLp38iDXKg5vlvY1
ivVrso/nbS1DyBY9QtroHZQpQpXf3kb9YAWTzsB75q+1f0k7t3QsdhE1pYqw2mP4
nqEAOQYqwwD7Ebsz8NzA+gNG+IZShVg9Kk9li6fq2p/E5paJX70Wd6yahXZDUh4R
UdUS/PUlT4FgHkGsdFbI4aAzyCnYTpecg4WlXZIdhUyAKJn4h/kqtax3Ac1nV9Y0
5TEVailoqf5wksN1PZ6iB5smSSMcRwZvHTHH8LB5tgNBUllWbgguGlPu9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGQsHoY1XFmzcBQ2VndsPr18rUvYMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWkN3ZWhqVmNXYk53RkRaV2Qydy12WHl0UzlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUph6AwQA
1dIpMA0GCSqGSIb3DQEBCwUAA4IBAQAnhlmIQ9OGeG+meTEwpFZsBJal5UXmS+vb
0wb/JXvb0+HyMDv4SxdIDCnk3NHjVEI9YF3pODUT9dwnohYQs6d2L/1Nc45cfgZR
OffthjcTuZxsVulukpdUT2Bodt7lgokaFY0OyKd0oJYGDMZ6klZRZLOGWYRUc8w3
eZ/2Jj7O6JbWofvM3v37zwgzsqGUak/RC/cwBVRONFskLhu0usJK8qKSdnK/T8ph
kTiBpgEnGYpEXowrIlST5Vacp6wwbI8kIfNNqe5t7IcTYg9vGwyfi8JMBtVvKZ67
y27C8nideHtcuGTIvRhKKvtA/NJ4Jxsua8qgR6P8kQpuF5tnvw8A
-----END CERTIFICATE-----