Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/_ivtUU1mqgreHNEMeFLVjqlyqus.roa
File:                     _ivtUU1mqgreHNEMeFLVjqlyqus.roa (raw, json)
Hash identifier:          1Z2Sp5fdw4pzzUL2fhkOyHFdw7mmR0C0eK/FxP/qoYA=
Subject key identifier:   FE:2B:ED:51:4D:66:AA:0A:DE:1C:D1:0C:78:52:D5:8E:A9:72:AA:EB
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019C7568433FF9AB9391D7A672C1F2FE7035
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/_ivtUU1mqgreHNEMeFLVjqlyqus.roa
Signing time:             Thu 19 Feb 2026 10:18:13 +0000
ROA not before:           Thu 19 Feb 2026 10:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48314
IP address blocks:        195.133.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:75:68:43:3f:f9:ab:93:91:d7:a6:72:c1:f2:fe:70:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Feb 19 10:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fe2bed514d66aa0ade1cd10c7852d58ea972aaeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:5f:9a:b3:77:50:a5:6f:bf:e7:f9:4a:8a:5e:
                    63:2e:83:46:99:82:2c:c0:e4:f3:51:55:97:57:b4:
                    f8:8e:9f:19:4b:b0:12:43:ed:aa:be:14:65:ee:bb:
                    d8:86:0e:f7:9a:37:74:bf:48:83:46:f3:41:14:30:
                    da:cc:9c:76:9b:bb:51:94:73:65:79:4a:d3:67:4a:
                    74:d5:be:0b:69:31:3d:52:67:52:32:8a:ae:ec:41:
                    e7:d7:39:24:33:89:ff:fe:a9:40:90:34:60:d5:1d:
                    b0:5d:d0:c4:c1:27:56:24:f4:53:1f:2d:b3:a5:a8:
                    c6:a3:56:6e:0a:77:0c:60:9f:a3:d2:26:bd:8e:19:
                    03:64:50:0f:ee:9f:5d:cd:42:5a:c2:e4:64:a4:ef:
                    08:10:b0:ea:34:73:72:e0:c6:b2:8e:c1:1d:09:d8:
                    d7:c1:53:8e:4d:8a:e7:d1:14:56:63:ca:b1:59:45:
                    7a:db:74:63:05:1b:fc:f9:93:1d:49:50:8e:c2:75:
                    43:6d:8d:35:61:9d:3e:67:28:7d:3d:7b:39:9f:f9:
                    71:1a:c3:6d:f2:a2:de:1c:8b:75:f5:ef:2e:c5:87:
                    dd:a1:f7:3c:32:4b:ed:dd:e0:7d:35:8d:e3:0b:f1:
                    02:8f:72:62:80:ea:53:30:71:52:dd:b6:2c:3f:50:
                    da:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:2B:ED:51:4D:66:AA:0A:DE:1C:D1:0C:78:52:D5:8E:A9:72:AA:EB
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/_ivtUU1mqgreHNEMeFLVjqlyqus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:6e:2d:84:cf:40:10:64:7c:9a:06:70:0f:79:47:db:c7:b3:
         06:17:a8:66:6a:45:fb:24:47:4a:1b:e0:a9:5c:96:cf:22:a0:
         5a:98:82:0a:67:b8:9b:b5:59:66:42:1b:aa:5c:95:a6:2c:f6:
         4b:64:07:ad:88:ca:44:83:91:b0:87:e2:33:87:5f:22:4c:41:
         0a:02:61:91:76:90:df:0d:58:5f:99:4d:c2:46:01:c3:43:bd:
         f2:86:47:47:88:c4:72:b6:9a:1a:ad:c2:30:6b:25:49:37:a4:
         c7:e3:88:c7:56:b8:70:97:79:4f:99:ee:ea:f6:93:37:58:2b:
         d8:a2:a5:b6:59:46:fe:87:3a:f9:43:87:82:4c:10:12:ec:10:
         a0:62:a2:76:3b:a0:2b:e6:07:24:f1:22:a5:5d:df:9d:05:1d:
         7c:6b:83:17:cc:a8:d4:e6:8a:8c:cd:56:4c:bf:a0:45:ed:91:
         b7:d3:b8:2b:cb:e8:1e:85:f9:1e:22:a9:c7:b4:4b:82:99:94:
         7c:d1:e8:11:d0:e6:6e:f8:21:a0:ad:bb:93:f8:5e:9c:80:ee:
         7d:d3:85:62:a9:7c:59:f6:f5:49:30:47:30:49:45:48:8b:87:
         2e:93:47:3d:0c:5b:b1:1c:d0:39:a8:e5:7b:3d:db:32:91:47:
         b2:c0:ed:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx1aEM/+auTkdemcsHy/nA1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMjE5MTAxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTJiZWQ1MTRkNjZhYTBhZGUxY2QxMGM3ODUyZDU4ZWE5NzJhYWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtl+as3dQpW+/5/lKil5jLoNGmYIs
wOTzUVWXV7T4jp8ZS7ASQ+2qvhRl7rvYhg73mjd0v0iDRvNBFDDazJx2m7tRlHNl
eUrTZ0p01b4LaTE9UmdSMoqu7EHn1zkkM4n//qlAkDRg1R2wXdDEwSdWJPRTHy2z
pajGo1ZuCncMYJ+j0ia9jhkDZFAP7p9dzUJawuRkpO8IELDqNHNy4MayjsEdCdjX
wVOOTYrn0RRWY8qxWUV623RjBRv8+ZMdSVCOwnVDbY01YZ0+Zyh9PXs5n/lxGsNt
8qLeHIt19e8uxYfdofc8Mkvt3eB9NY3jC/ECj3JigOpTMHFS3bYsP1DaxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP4r7VFNZqoK3hzRDHhS1Y6pcqrrMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvX2l2dFVVMW1xZ3JlSE5FTWVGTFZqcWx5cXVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4VKMA0G
CSqGSIb3DQEBCwUAA4IBAQApbi2Ez0AQZHyaBnAPeUfbx7MGF6hmakX7JEdKG+Cp
XJbPIqBamIIKZ7ibtVlmQhuqXJWmLPZLZAetiMpEg5Gwh+Izh18iTEEKAmGRdpDf
DVhfmU3CRgHDQ73yhkdHiMRytpoarcIwayVJN6TH44jHVrhwl3lPme7q9pM3WCvY
oqW2WUb+hzr5Q4eCTBAS7BCgYqJ2O6Ar5gck8SKlXd+dBR18a4MXzKjU5oqMzVZM
v6BF7ZG307gry+gehfkeIqnHtEuCmZR80egR0OZu+CGgrbuT+F6cgO5904ViqXxZ
9vVJMEcwSUVIi4cuk0c9DFuxHNA5qOV7PdsykUeywO3b
-----END CERTIFICATE-----