Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS26666.roa
File:                     AS26666.roa (raw, json)
Hash identifier:          s+m1ONZeSvFwZ+m2eRvW/oPw1uR1mxjheTmm9F+R6hw=
Subject key identifier:   29:17:BF:AB:AB:4F:6A:0B:F0:50:C5:19:0D:76:40:45:DD:93:E3:3F
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       180B8CCB4A2FE28749AB9FA07D051EA3A90A9640
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS26666.roa
Signing time:             Tue 07 Apr 2026 11:52:49 +0000
ROA not before:           Tue 07 Apr 2026 11:47:49 +0000
ROA not after:            Tue 06 Apr 2027 11:52:49 +0000
asID:                     26666
IP address blocks:        147.125.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Apr 2026 10:07:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:0b:8c:cb:4a:2f:e2:87:49:ab:9f:a0:7d:05:1e:a3:a9:0a:96:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Apr  7 11:47:49 2026 GMT
            Not After : Apr  6 11:52:49 2027 GMT
        Subject: CN=2917BFABAB4F6A0BF050C5190D764045DD93E33F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:d8:de:71:c6:60:76:a2:b2:d7:61:61:98:e4:
                    67:3b:e9:46:a8:1b:e4:54:23:6f:f3:8a:72:d2:8e:
                    ef:9e:28:22:e5:f9:d1:fd:40:c0:53:a9:52:e0:bd:
                    40:cd:7e:ff:a5:d1:23:07:e4:7f:28:dd:e3:ac:50:
                    d2:d8:ab:8c:fc:c2:f4:de:b0:93:16:ba:b8:d6:c8:
                    48:df:65:c9:47:64:ba:1a:39:17:ee:63:2c:cf:35:
                    2c:41:ea:a4:3a:6c:cc:0b:c1:27:48:df:a5:63:77:
                    6b:7d:22:e5:92:48:bd:ce:db:78:86:35:6a:79:c7:
                    21:de:85:26:dd:f7:ce:5c:ba:45:c7:10:72:ea:93:
                    e2:fa:d0:44:23:c8:13:9c:a9:e5:1f:4d:85:fe:20:
                    f1:6f:da:bc:cf:e5:3a:96:30:b3:40:bc:65:ea:ee:
                    95:ac:19:b0:15:11:13:78:16:c9:00:0b:51:ca:4c:
                    d6:33:75:7a:42:72:a1:2e:9b:cc:65:b9:db:85:62:
                    b1:9f:41:e9:e9:60:0e:40:12:6f:4a:38:48:78:98:
                    0e:3f:b5:22:79:72:6a:51:33:d8:3c:fc:f0:81:ee:
                    a0:19:37:b8:7a:e0:0b:1d:c9:c9:ae:e9:98:93:24:
                    63:9a:b1:80:58:df:60:ca:f1:27:87:e8:b9:c1:c9:
                    45:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:17:BF:AB:AB:4F:6A:0B:F0:50:C5:19:0D:76:40:45:DD:93:E3:3F
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS26666.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:4a:ce:68:f6:97:8a:cf:a3:c8:b8:d8:e1:e2:83:23:4a:08:
         10:c8:4d:2a:6b:d6:d9:10:ab:1c:a3:1f:78:ef:3b:da:71:cf:
         98:cb:fe:e0:63:10:92:05:59:a8:ce:34:1b:27:fd:0c:1a:1e:
         d9:30:38:50:46:be:91:9b:d5:1f:ef:e4:c3:bc:80:8f:23:94:
         c6:af:4d:8d:0e:07:0f:2f:15:97:f9:f7:05:f8:f1:0e:82:e0:
         98:b0:8e:10:29:eb:1e:a1:fb:c5:7d:84:9a:eb:7e:3a:4f:63:
         b2:96:5f:c6:03:ed:b8:cb:91:50:6f:0b:3d:62:0f:0d:3e:4d:
         ef:6e:40:92:9d:b8:fe:68:15:39:75:1a:2e:50:e8:e8:87:f0:
         5a:fa:1f:34:44:08:0b:2b:ed:38:4c:ac:04:97:f8:31:62:b5:
         5d:0f:3c:10:43:68:41:56:b2:4b:79:c9:1b:81:8e:ec:9e:bd:
         08:8c:a2:44:f1:a2:54:1d:0c:0a:63:98:97:44:ab:68:f7:db:
         f9:f6:9f:11:51:e0:f7:72:ad:b3:c9:0d:be:31:be:4f:3f:c2:
         67:eb:ed:4b:22:d2:47:c5:86:ab:7e:5e:c9:7d:53:52:ee:09:
         dd:64:a8:1a:4d:c9:c0:55:9d:7e:a0:1b:ae:21:50:d2:91:68:
         d8:f3:46:34
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUGAuMy0ov4odJq5+gfQUeo6kKlkAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA0MDcxMTQ3NDlaFw0yNzA0MDYxMTUyNDlaMDMxMTAvBgNV
BAMTKDI5MTdCRkFCQUI0RjZBMEJGMDUwQzUxOTBENzY0MDQ1REQ5M0UzM0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDo2N5xxmB2orLXYWGY5Gc76Uao
G+RUI2/zinLSju+eKCLl+dH9QMBTqVLgvUDNfv+l0SMH5H8o3eOsUNLYq4z8wvTe
sJMWurjWyEjfZclHZLoaORfuYyzPNSxB6qQ6bMwLwSdI36Vjd2t9IuWSSL3O23iG
NWp5xyHehSbd985cukXHEHLqk+L60EQjyBOcqeUfTYX+IPFv2rzP5TqWMLNAvGXq
7pWsGbAVERN4FskAC1HKTNYzdXpCcqEum8xluduFYrGfQenpYA5AEm9KOEh4mA4/
tSJ5cmpRM9g8/PCB7qAZN7h64Asdycmu6ZiTJGOasYBY32DK8SeH6LnByUUfAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUKRe/q6tPagvwUMUZDXZARd2T4z8wHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2NjZDM4ODRhLWMzODUt
NGI2NS05ODY2LTRmNjM4MzE3MjY3Mi8wL0FTMjY2NjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACTffEw
DQYJKoZIhvcNAQELBQADggEBAGhKzmj2l4rPo8i42OHigyNKCBDITSpr1tkQqxyj
H3jvO9pxz5jL/uBjEJIFWajONBsn/QwaHtkwOFBGvpGb1R/v5MO8gI8jlMavTY0O
Bw8vFZf59wX48Q6C4JiwjhAp6x6h+8V9hJrrfjpPY7KWX8YD7bjLkVBvCz1iDw0+
Te9uQJKduP5oFTl1Gi5Q6OiH8Fr6HzRECAsr7ThMrASX+DFitV0PPBBDaEFWskt5
yRuBjuyevQiMokTxolQdDApjmJdEq2j32/n2nxFR4PdyrbPJDb4xvk8/wmfr7Usi
0kfFhqt+Xsl9U1LuCd1kqBpNycBVnX6gG64hUNKRaNjzRjQ=
-----END CERTIFICATE-----