Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/97339c-cdbd-4626-be25-c5b64c528e28/1/JkYAYVNwCur5J8bwJ80jkfME47w.roa
File:                     JkYAYVNwCur5J8bwJ80jkfME47w.roa (raw, json)
Hash identifier:          CbSKEg/vIOH/qxG77B9ev+0u/ThhZsLHdvEQfupCLQo=
Subject key identifier:   26:46:00:61:53:70:0A:EA:F9:27:C6:F0:27:CD:23:91:F3:04:E3:BC
Certificate issuer:       /CN=cfe4694ec24ea715dca2d27a321c04bd0b0c90be
Certificate serial:       019C4DE92C95BF3BDCD227094D8916966743
Authority key identifier: CF:E4:69:4E:C2:4E:A7:15:DC:A2:D2:7A:32:1C:04:BD:0B:0C:90:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z-RpTsJOpxXcotJ6MhwEvQsMkL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/97339c-cdbd-4626-be25-c5b64c528e28/1/JkYAYVNwCur5J8bwJ80jkfME47w.roa
Signing time:             Wed 11 Feb 2026 18:14:12 +0000
ROA not before:           Wed 11 Feb 2026 18:14:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215511
IP address blocks:        185.159.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/97339c-cdbd-4626-be25-c5b64c528e28/1/z-RpTsJOpxXcotJ6MhwEvQsMkL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/97339c-cdbd-4626-be25-c5b64c528e28/1/z-RpTsJOpxXcotJ6MhwEvQsMkL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z-RpTsJOpxXcotJ6MhwEvQsMkL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4d:e9:2c:95:bf:3b:dc:d2:27:09:4d:89:16:96:67:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfe4694ec24ea715dca2d27a321c04bd0b0c90be
        Validity
            Not Before: Feb 11 18:14:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2646006153700aeaf927c6f027cd2391f304e3bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:3e:6f:1c:dc:f1:2a:cd:ed:06:cd:c5:ff:5d:
                    79:f4:73:6d:e8:95:94:08:4d:53:4f:f3:e4:7e:2a:
                    34:1c:dc:d4:95:24:6b:89:00:dd:cc:81:d7:65:02:
                    ae:dd:52:0e:22:0b:0d:1c:06:bd:b0:15:38:32:fe:
                    c8:d7:d3:30:fa:98:5b:ae:af:a1:cc:c1:c6:ca:aa:
                    1c:35:cf:c0:38:02:e3:71:9c:70:b9:27:dd:67:ea:
                    8a:eb:25:3d:d6:9d:99:7a:7d:3c:6b:cc:22:66:72:
                    25:d6:71:20:5d:2a:70:3a:60:41:af:e3:e4:85:53:
                    2b:30:1d:8d:17:80:6f:2a:2a:48:2e:65:32:ea:2d:
                    95:7d:10:2c:d7:cc:98:28:33:8c:67:9f:8f:66:4e:
                    f4:10:66:34:16:3c:fd:bf:d9:24:c1:ce:37:fb:1a:
                    40:45:1f:10:74:b2:73:7a:ae:07:01:bd:17:38:c9:
                    53:fd:d8:c3:90:13:de:bf:6f:3b:59:a7:de:09:9c:
                    6a:b8:94:7c:ed:27:ce:d6:c5:23:09:43:ac:99:60:
                    ba:7c:05:23:0a:e7:33:c9:cb:e8:9a:95:4f:94:77:
                    4e:f2:2b:7a:c9:6d:80:83:57:f7:ec:bc:dd:6b:89:
                    78:c1:17:5a:7b:6c:12:7a:59:5d:1b:15:5d:e3:e8:
                    9f:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:46:00:61:53:70:0A:EA:F9:27:C6:F0:27:CD:23:91:F3:04:E3:BC
            X509v3 Authority Key Identifier:
                keyid:CF:E4:69:4E:C2:4E:A7:15:DC:A2:D2:7A:32:1C:04:BD:0B:0C:90:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z-RpTsJOpxXcotJ6MhwEvQsMkL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/97339c-cdbd-4626-be25-c5b64c528e28/1/JkYAYVNwCur5J8bwJ80jkfME47w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/97339c-cdbd-4626-be25-c5b64c528e28/1/z-RpTsJOpxXcotJ6MhwEvQsMkL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:3f:68:11:16:83:f2:3f:5e:c9:de:9d:ca:98:b4:82:bb:cf:
         3f:58:87:e7:68:f9:17:8a:64:7e:43:29:21:0e:63:62:90:f3:
         f1:59:29:ae:3c:0d:f7:bb:d4:d4:9d:49:a6:65:9d:2b:01:d2:
         49:0e:ae:67:12:0b:92:23:cf:eb:26:48:01:7a:de:d5:0f:aa:
         7e:e2:b8:5d:1b:fe:cc:0e:6c:b2:20:d9:79:c2:f4:5d:88:2f:
         4d:ed:ad:49:c6:ff:d8:8c:a1:2a:95:60:84:29:c3:e9:53:4c:
         74:46:17:dc:a8:02:dc:5d:4a:f6:04:1f:29:48:50:bd:4f:bf:
         ed:ce:db:da:33:e0:49:26:09:04:48:34:43:65:f1:cc:f5:9b:
         d0:80:c3:d7:94:67:f7:63:1a:6e:4b:ca:98:6f:7e:52:ae:73:
         bd:64:af:ac:ca:28:34:31:b3:33:52:be:9d:95:7e:3b:0c:13:
         35:12:5c:a1:4a:b1:8f:1c:d4:fd:fe:c5:8d:c7:c9:4d:96:b8:
         78:83:82:42:ec:23:28:c6:85:71:4f:14:42:dd:09:8b:10:b0:
         9d:01:32:d6:a2:cc:70:47:df:ba:72:1b:75:28:98:b1:80:71:
         84:0e:ed:61:d8:14:93:97:e1:9a:85:8e:76:e2:46:61:1f:c3:
         65:c7:53:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxN6SyVvzvc0icJTYkWlmdDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmZTQ2OTRlYzI0ZWE3MTVkY2EyZDI3YTMyMWMwNGJkMGIw
YzkwYmUwHhcNMjYwMjExMTgxNDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjQ2MDA2MTUzNzAwYWVhZjkyN2M2ZjAyN2NkMjM5MWYzMDRlM2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnT5vHNzxKs3tBs3F/1159HNt6JWU
CE1TT/Pkfio0HNzUlSRriQDdzIHXZQKu3VIOIgsNHAa9sBU4Mv7I19Mw+phbrq+h
zMHGyqocNc/AOALjcZxwuSfdZ+qK6yU91p2Zen08a8wiZnIl1nEgXSpwOmBBr+Pk
hVMrMB2NF4BvKipILmUy6i2VfRAs18yYKDOMZ5+PZk70EGY0Fjz9v9kkwc43+xpA
RR8QdLJzeq4HAb0XOMlT/djDkBPev287WafeCZxquJR87SfO1sUjCUOsmWC6fAUj
CuczycvompVPlHdO8it6yW2Ag1f37Lzda4l4wRdae2wSelldGxVd4+ifxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCZGAGFTcArq+SfG8CfNI5HzBOO8MB8GA1UdIwQY
MBaAFM/kaU7CTqcV3KLSejIcBL0LDJC+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvei1ScFRzSk9weFhjb3RKNk1od0V2UXNNa0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi85NzMzOWMtY2RiZC00NjI2LWJlMjUt
YzViNjRjNTI4ZTI4LzEvSmtZQVlWTndDdXI1Sjhid0o4MGprZk1FNDd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi85NzMzOWMtY2RiZC00NjI2LWJlMjUtYzViNjRjNTI4ZTI4
LzEvei1ScFRzSk9weFhjb3RKNk1od0V2UXNNa0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ9aMA0G
CSqGSIb3DQEBCwUAA4IBAQDJP2gRFoPyP17J3p3KmLSCu88/WIfnaPkXimR+Qykh
DmNikPPxWSmuPA33u9TUnUmmZZ0rAdJJDq5nEguSI8/rJkgBet7VD6p+4rhdG/7M
DmyyINl5wvRdiC9N7a1Jxv/YjKEqlWCEKcPpU0x0RhfcqALcXUr2BB8pSFC9T7/t
ztvaM+BJJgkESDRDZfHM9ZvQgMPXlGf3YxpuS8qYb35SrnO9ZK+syig0MbMzUr6d
lX47DBM1ElyhSrGPHNT9/sWNx8lNlrh4g4JC7CMoxoVxTxRC3QmLELCdATLWosxw
R9+6cht1KJixgHGEDu1h2BSTl+GahY524kZhH8Nlx1P6
-----END CERTIFICATE-----