Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5a0af8-24b2-4154-a412-b4fb5708db15/1/zXN8Zo903MoyG9swu9ptS1d7Y-o.roa
File:                     zXN8Zo903MoyG9swu9ptS1d7Y-o.roa (raw, json)
Hash identifier:          wf4nwKfhrGscwzAC+PKo2qMsSU5af4zzL/Bk9hi/rJk=
Subject key identifier:   CD:73:7C:66:8F:74:DC:CA:32:1B:DB:30:BB:DA:6D:4B:57:7B:63:EA
Certificate issuer:       /CN=606b9ba219e362b2a827720a05c43c7d1c1fa8ef
Certificate serial:       019C68F550ABF7E78AF9FAFA68FAD3557EE4
Authority key identifier: 60:6B:9B:A2:19:E3:62:B2:A8:27:72:0A:05:C4:3C:7D:1C:1F:A8:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGubohnjYrKoJ3IKBcQ8fRwfqO8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5a0af8-24b2-4154-a412-b4fb5708db15/1/zXN8Zo903MoyG9swu9ptS1d7Y-o.roa
Signing time:             Tue 17 Feb 2026 00:17:12 +0000
ROA not before:           Tue 17 Feb 2026 00:17:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        185.135.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/5a0af8-24b2-4154-a412-b4fb5708db15/1/YGubohnjYrKoJ3IKBcQ8fRwfqO8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/5a0af8-24b2-4154-a412-b4fb5708db15/1/YGubohnjYrKoJ3IKBcQ8fRwfqO8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGubohnjYrKoJ3IKBcQ8fRwfqO8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Feb 2026 00:56:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:68:f5:50:ab:f7:e7:8a:f9:fa:fa:68:fa:d3:55:7e:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606b9ba219e362b2a827720a05c43c7d1c1fa8ef
        Validity
            Not Before: Feb 17 00:17:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cd737c668f74dcca321bdb30bbda6d4b577b63ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:18:66:26:60:fa:8e:fa:44:e8:f0:cb:f2:10:
                    b6:cd:8d:2b:09:df:1d:ec:98:da:ca:bd:e6:26:fc:
                    79:ab:a8:01:98:4d:ff:ba:ce:e1:f8:3b:58:ee:ad:
                    a7:42:ea:d6:14:3e:7d:ec:f7:91:53:28:2f:52:c4:
                    f2:9a:07:ae:a2:d7:df:a6:2c:8e:39:ed:02:a4:3e:
                    6b:7b:46:f3:a1:fe:3e:51:fc:39:ad:b4:7d:68:4a:
                    db:3b:10:5a:d0:5f:36:02:94:f6:08:57:18:67:a4:
                    59:8a:80:ed:76:af:63:49:24:a1:f4:31:12:7b:b4:
                    3d:8a:18:5c:cf:2c:e1:89:e0:ec:12:81:19:8b:11:
                    1c:02:81:36:12:c4:c9:89:98:97:92:9f:b2:14:9c:
                    46:24:80:1e:d4:86:86:68:ee:90:f0:a1:7e:77:c6:
                    90:02:0d:00:3e:21:78:ec:a6:fe:56:21:78:c8:f5:
                    92:67:5e:ad:df:0d:00:90:56:c5:39:ed:4b:45:50:
                    46:91:cb:0e:db:c2:28:ef:9d:74:26:f0:a8:59:80:
                    5d:36:1f:a1:f3:82:9a:b2:10:39:d4:de:77:88:4d:
                    40:87:28:9e:78:7c:8e:57:18:f0:f0:38:5f:d3:5f:
                    75:f4:f4:bc:aa:bf:ef:52:6e:cb:80:f4:bf:b2:0e:
                    0d:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:73:7C:66:8F:74:DC:CA:32:1B:DB:30:BB:DA:6D:4B:57:7B:63:EA
            X509v3 Authority Key Identifier:
                keyid:60:6B:9B:A2:19:E3:62:B2:A8:27:72:0A:05:C4:3C:7D:1C:1F:A8:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGubohnjYrKoJ3IKBcQ8fRwfqO8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5a0af8-24b2-4154-a412-b4fb5708db15/1/zXN8Zo903MoyG9swu9ptS1d7Y-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5a0af8-24b2-4154-a412-b4fb5708db15/1/YGubohnjYrKoJ3IKBcQ8fRwfqO8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:43:51:76:92:6d:b7:67:1c:09:9f:1e:e5:fe:ac:40:47:08:
         12:32:f0:98:2e:7c:7c:de:8c:4a:4a:ce:5b:aa:ae:09:89:13:
         96:cb:ad:74:ad:f1:01:ce:67:96:6e:18:ed:7b:00:38:25:6b:
         99:69:4b:1e:c9:84:31:47:8d:7f:6a:8f:29:e2:f3:61:73:34:
         e3:18:23:41:bd:5e:b2:83:88:00:0b:73:e4:d9:0d:22:96:8e:
         5b:86:f4:7a:d9:aa:29:ca:13:5f:7e:90:c2:46:34:54:74:fa:
         28:90:28:cb:f4:d0:ad:37:69:f0:a9:7d:bc:16:90:7e:d5:95:
         cc:6a:9e:c0:0a:22:fb:64:40:b0:3f:d9:ff:c8:42:95:86:d8:
         de:7d:99:d2:ef:03:87:70:d5:b5:6a:c8:0a:da:51:bf:e6:44:
         cd:96:2b:1d:d9:19:21:42:a7:9e:55:4e:1b:bc:32:80:7b:f1:
         d1:97:9d:6e:87:a3:ac:dd:51:96:bd:b9:ed:c4:1d:b6:47:6a:
         85:df:e4:0d:35:89:e8:4e:05:ef:f8:76:34:f7:a4:72:82:8e:
         a7:10:e3:81:84:1f:0a:b8:c9:1b:8d:e8:4d:ee:ec:c0:98:d4:
         18:98:11:08:00:93:b6:34:24:ab:b4:a6:fe:fa:7b:5c:95:3e:
         64:28:8f:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxo9VCr9+eK+fr6aPrTVX7kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNmI5YmEyMTllMzYyYjJhODI3NzIwYTA1YzQzYzdkMWMx
ZmE4ZWYwHhcNMjYwMjE3MDAxNzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDczN2M2NjhmNzRkY2NhMzIxYmRiMzBiYmRhNmQ0YjU3N2I2M2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwRhmJmD6jvpE6PDL8hC2zY0rCd8d
7Jjayr3mJvx5q6gBmE3/us7h+DtY7q2nQurWFD597PeRUygvUsTymgeuotffpiyO
Oe0CpD5re0bzof4+Ufw5rbR9aErbOxBa0F82ApT2CFcYZ6RZioDtdq9jSSSh9DES
e7Q9ihhczyzhieDsEoEZixEcAoE2EsTJiZiXkp+yFJxGJIAe1IaGaO6Q8KF+d8aQ
Ag0APiF47Kb+ViF4yPWSZ16t3w0AkFbFOe1LRVBGkcsO28Io7510JvCoWYBdNh+h
84KashA51N53iE1AhyieeHyOVxjw8Dhf01919PS8qr/vUm7LgPS/sg4NKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM1zfGaPdNzKMhvbMLvabUtXe2PqMB8GA1UdIwQY
MBaAFGBrm6IZ42KyqCdyCgXEPH0cH6jvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUd1Ym9obmpZcktvSjNJS0JjUThmUndmcU84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81YTBhZjgtMjRiMi00MTU0LWE0MTIt
YjRmYjU3MDhkYjE1LzEvelhOOFpvOTAzTW95Rzlzd3U5cHRTMWQ3WS1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81YTBhZjgtMjRiMi00MTU0LWE0MTItYjRmYjU3MDhkYjE1
LzEvWUd1Ym9obmpZcktvSjNJS0JjUThmUndmcU84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYd0MA0G
CSqGSIb3DQEBCwUAA4IBAQCxQ1F2km23ZxwJnx7l/qxARwgSMvCYLnx83oxKSs5b
qq4JiROWy610rfEBzmeWbhjtewA4JWuZaUseyYQxR41/ao8p4vNhczTjGCNBvV6y
g4gAC3Pk2Q0ilo5bhvR62aopyhNffpDCRjRUdPookCjL9NCtN2nwqX28FpB+1ZXM
ap7ACiL7ZECwP9n/yEKVhtjefZnS7wOHcNW1asgK2lG/5kTNlisd2RkhQqeeVU4b
vDKAe/HRl51uh6Os3VGWvbntxB22R2qF3+QNNYnoTgXv+HY096Rygo6nEOOBhB8K
uMkbjehN7uzAmNQYmBEIAJO2NCSrtKb++ntclT5kKI8n
-----END CERTIFICATE-----