Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/4Qw48SU09uD09gDzvKJ3ToG3nps.roa
File:                     4Qw48SU09uD09gDzvKJ3ToG3nps.roa (raw, json)
Hash identifier:          XyehKiSEMoHhyzl149H1r6nIyf0HKY1BvP6ffcAaXaA=
Subject key identifier:   E1:0C:38:F1:25:34:F6:E0:F4:F6:00:F3:BC:A2:77:4E:81:B7:9E:9B
Certificate issuer:       /CN=641975583b250362c8150f63adb30a0f6a0c6fc3
Certificate serial:       019C6534020B78FFBABB2381B6DAD767F734
Authority key identifier: 64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/4Qw48SU09uD09gDzvKJ3ToG3nps.roa
Signing time:             Mon 16 Feb 2026 06:47:12 +0000
ROA not before:           Mon 16 Feb 2026 06:47:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210734
IP address blocks:        194.152.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 17:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:65:34:02:0b:78:ff:ba:bb:23:81:b6:da:d7:67:f7:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=641975583b250362c8150f63adb30a0f6a0c6fc3
        Validity
            Not Before: Feb 16 06:47:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e10c38f12534f6e0f4f600f3bca2774e81b79e9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a3:f2:9c:ff:5f:69:60:71:0f:54:23:0d:65:
                    ea:ee:86:69:66:f1:c4:12:3c:1a:d5:e2:2f:48:57:
                    a6:62:36:33:59:3d:44:d3:74:16:bd:2c:53:1b:86:
                    71:c3:fa:95:43:79:33:b8:f9:ff:b2:1f:11:48:41:
                    a0:e3:0d:8d:a0:a4:83:ed:2b:da:a3:c0:7f:04:54:
                    c8:53:b7:e2:92:83:ea:73:5f:74:55:09:9c:20:f7:
                    cc:fe:df:05:e0:3f:41:57:99:fb:b5:96:27:dd:3c:
                    1f:ec:a6:80:b5:60:99:ac:a6:47:0a:c2:95:50:f1:
                    be:80:89:31:69:e6:42:73:e0:9d:77:2a:94:d8:37:
                    40:6b:33:a0:d3:ba:20:b0:7f:45:86:38:af:a7:43:
                    19:a9:57:40:7d:78:26:6b:61:a3:94:35:de:6f:60:
                    3a:bf:d8:61:b5:f5:99:dd:02:e5:1c:d2:7f:6f:72:
                    74:63:7c:50:2a:92:95:be:07:66:64:5c:76:9f:d6:
                    74:fc:79:0d:74:2e:55:41:5f:97:14:d2:fc:f5:7d:
                    fb:72:be:79:8f:c8:02:66:81:46:2b:18:c7:82:0d:
                    0a:a4:a9:97:d6:fa:87:0d:7f:db:d6:b5:9a:ed:62:
                    7a:f1:ca:e2:5b:2d:90:c1:10:e4:7f:f1:01:ec:d9:
                    22:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:0C:38:F1:25:34:F6:E0:F4:F6:00:F3:BC:A2:77:4E:81:B7:9E:9B
            X509v3 Authority Key Identifier:
                keyid:64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/4Qw48SU09uD09gDzvKJ3ToG3nps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.152.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:a2:ed:24:21:03:d4:b6:72:23:18:34:bd:52:1c:68:e6:79:
         e5:71:1a:04:30:f7:c0:6a:40:5e:11:e6:55:87:19:06:60:66:
         f7:00:8f:56:70:ca:75:d8:5b:1f:c1:9f:c4:08:52:db:3a:b4:
         9b:a0:31:c5:12:70:d7:41:8d:11:0b:b3:72:ed:eb:39:68:19:
         95:cf:b4:25:03:8f:da:2b:5c:c4:64:03:11:dd:dc:ec:f6:9a:
         39:29:40:21:e4:ed:2e:ab:54:a2:6a:0f:4c:62:47:1f:1b:e8:
         91:e8:6c:a6:ca:63:95:a6:7f:12:ff:a0:11:2f:53:de:12:9c:
         48:2f:0b:25:7e:76:e2:8e:bc:28:08:74:f0:23:bb:c9:ce:3e:
         b0:6d:91:59:c8:60:f0:73:00:1f:cf:58:ad:55:a8:e7:86:80:
         86:6e:dd:4d:3e:be:36:c9:af:e8:9f:ac:fb:08:e8:1c:55:43:
         c9:b0:a9:98:73:e7:ff:40:a2:a7:f1:14:a8:9a:e1:c3:97:ba:
         95:75:dc:0c:78:b0:7a:a5:48:25:0a:1f:4a:8b:bc:e6:80:3f:
         76:45:b5:15:96:27:a0:64:1b:d2:d3:45:a9:e9:83:17:ed:63:
         88:0c:4d:99:97:08:cb:5d:da:67:49:21:ee:b1:85:2e:8f:af:
         d3:88:ba:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxlNAILeP+6uyOBttrXZ/c0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MTk3NTU4M2IyNTAzNjJjODE1MGY2M2FkYjMwYTBmNmEw
YzZmYzMwHhcNMjYwMjE2MDY0NzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTBjMzhmMTI1MzRmNmUwZjRmNjAwZjNiY2EyNzc0ZTgxYjc5ZTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6PynP9faWBxD1QjDWXq7oZpZvHE
Ejwa1eIvSFemYjYzWT1E03QWvSxTG4Zxw/qVQ3kzuPn/sh8RSEGg4w2NoKSD7Sva
o8B/BFTIU7fikoPqc190VQmcIPfM/t8F4D9BV5n7tZYn3Twf7KaAtWCZrKZHCsKV
UPG+gIkxaeZCc+CddyqU2DdAazOg07ogsH9Fhjivp0MZqVdAfXgma2GjlDXeb2A6
v9hhtfWZ3QLlHNJ/b3J0Y3xQKpKVvgdmZFx2n9Z0/HkNdC5VQV+XFNL89X37cr55
j8gCZoFGKxjHgg0KpKmX1vqHDX/b1rWa7WJ68criWy2QwRDkf/EB7NkiKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOEMOPElNPbg9PYA87yid06Bt56bMB8GA1UdIwQY
MBaAFGQZdVg7JQNiyBUPY62zCg9qDG/DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQt
ZjFjMzNhYTJmZDUwLzEvNFF3NDhTVTA5dUQwOWdEenZLSjNUb0czbnBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQtZjFjMzNhYTJmZDUw
LzEvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpiSMA0G
CSqGSIb3DQEBCwUAA4IBAQDRou0kIQPUtnIjGDS9Uhxo5nnlcRoEMPfAakBeEeZV
hxkGYGb3AI9WcMp12FsfwZ/ECFLbOrSboDHFEnDXQY0RC7Ny7es5aBmVz7QlA4/a
K1zEZAMR3dzs9po5KUAh5O0uq1Siag9MYkcfG+iR6GymymOVpn8S/6ARL1PeEpxI
LwslfnbijrwoCHTwI7vJzj6wbZFZyGDwcwAfz1itVajnhoCGbt1NPr42ya/on6z7
COgcVUPJsKmYc+f/QKKn8RSomuHDl7qVddwMeLB6pUglCh9Ki7zmgD92RbUVlieg
ZBvS00Wp6YMX7WOIDE2ZlwjLXdpnSSHusYUuj6/TiLqr
-----END CERTIFICATE-----