Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/dfa51b-46aa-4084-a343-f016ca5da219/1/BpG8igZJv8h8cPkp6g_Gbs3F_SU.roa
File:                     BpG8igZJv8h8cPkp6g_Gbs3F_SU.roa (raw, json)
Hash identifier:          EZCW2Mw9lZcsL5iipH/n6h6UZOB/4+vnk665tkL9CRo=
Subject key identifier:   06:91:BC:8A:06:49:BF:C8:7C:70:F9:29:EA:0F:C6:6E:CD:C5:FD:25
Certificate issuer:       /CN=b32ee2b39712377b4bfec9e66ac7e6e908efceec
Certificate serial:       019C5708AF9AC66FCEDA244FE9671BDE63DB
Authority key identifier: B3:2E:E2:B3:97:12:37:7B:4B:FE:C9:E6:6A:C7:E6:E9:08:EF:CE:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sy7is5cSN3tL_snmasfm6Qjvzuw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/dfa51b-46aa-4084-a343-f016ca5da219/1/BpG8igZJv8h8cPkp6g_Gbs3F_SU.roa
Signing time:             Fri 13 Feb 2026 12:45:12 +0000
ROA not before:           Fri 13 Feb 2026 12:45:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12387
IP address blocks:        195.4.176.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/dfa51b-46aa-4084-a343-f016ca5da219/1/sy7is5cSN3tL_snmasfm6Qjvzuw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/dfa51b-46aa-4084-a343-f016ca5da219/1/sy7is5cSN3tL_snmasfm6Qjvzuw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sy7is5cSN3tL_snmasfm6Qjvzuw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 14:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:57:08:af:9a:c6:6f:ce:da:24:4f:e9:67:1b:de:63:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b32ee2b39712377b4bfec9e66ac7e6e908efceec
        Validity
            Not Before: Feb 13 12:45:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0691bc8a0649bfc87c70f929ea0fc66ecdc5fd25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:32:10:14:96:9e:1f:80:32:20:94:43:ad:26:
                    6e:92:e8:e0:22:7e:dd:c4:29:1a:7c:fc:e9:eb:d1:
                    58:ae:64:21:3f:4b:6b:1f:9c:60:c2:70:4b:ca:fb:
                    22:b2:62:48:88:5c:d8:a2:7b:08:60:ab:be:4d:10:
                    eb:c8:61:47:06:4d:7b:13:01:d1:c0:3e:0d:d4:8c:
                    b1:31:35:94:a4:b8:1e:1f:a7:95:58:48:d3:25:ae:
                    f9:5e:15:94:a3:6d:7d:a0:9a:2f:4c:9b:13:34:29:
                    36:54:e9:11:33:a2:54:5f:eb:0f:45:00:38:b9:9e:
                    5f:c0:e4:ae:2b:ea:f4:b6:bd:63:b0:15:3e:89:7e:
                    03:e8:97:a1:4d:ce:6f:27:7f:be:c1:ee:e5:f6:c1:
                    39:01:26:dd:9b:0f:d2:eb:b7:a0:59:b2:f8:52:75:
                    b0:31:fb:15:29:86:7f:77:ce:77:36:e3:55:a4:8a:
                    76:10:e4:ef:9f:5e:87:85:7c:d8:fa:f8:79:79:0b:
                    c9:cc:d3:98:cf:be:eb:df:4c:a8:17:dc:bf:11:4d:
                    a8:98:9d:e1:1e:75:47:4c:9b:16:79:d6:30:f2:29:
                    6e:80:8a:9c:8b:0f:57:8f:15:a9:db:fa:e2:66:29:
                    fc:cb:be:66:d0:0c:89:f1:a6:66:24:81:4e:8b:fd:
                    7a:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:91:BC:8A:06:49:BF:C8:7C:70:F9:29:EA:0F:C6:6E:CD:C5:FD:25
            X509v3 Authority Key Identifier:
                keyid:B3:2E:E2:B3:97:12:37:7B:4B:FE:C9:E6:6A:C7:E6:E9:08:EF:CE:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sy7is5cSN3tL_snmasfm6Qjvzuw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/dfa51b-46aa-4084-a343-f016ca5da219/1/BpG8igZJv8h8cPkp6g_Gbs3F_SU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/dfa51b-46aa-4084-a343-f016ca5da219/1/sy7is5cSN3tL_snmasfm6Qjvzuw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.4.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6d:56:1b:08:68:0d:99:cd:23:32:0a:da:02:fd:e5:e0:69:60:
         9a:88:5f:59:2b:2f:02:30:db:ad:1e:1c:29:90:74:74:2a:a6:
         ed:fd:bb:a0:82:53:a2:e4:a3:9e:ed:c8:4a:2c:8d:65:6c:88:
         35:d1:0a:93:27:bc:45:f5:7d:c2:01:d9:e4:64:42:88:59:db:
         cc:bd:8e:65:f2:f3:09:f2:27:09:e4:92:8f:30:4b:20:b8:35:
         d7:d7:24:db:a3:76:10:91:97:c4:c3:6f:71:a8:c9:f5:73:f6:
         f2:dd:c6:40:c1:66:fe:95:b8:d3:57:84:04:6e:5f:2e:65:f9:
         1f:1c:16:29:8c:74:7c:40:20:ea:94:db:f7:d2:0b:dd:2f:c8:
         3b:81:8a:f0:3f:e5:d2:f7:f6:4c:34:7a:99:5d:1b:2a:79:99:
         f4:e0:e3:3f:d6:67:64:1c:83:81:e9:e7:a0:4b:42:93:06:3e:
         2c:5d:ea:68:af:4f:f2:f4:95:a5:1b:2d:f4:ff:4d:ae:f2:6c:
         e5:40:39:13:5f:89:37:38:57:77:b4:bf:f5:76:55:4d:46:f6:
         c5:ce:c6:f0:7f:53:b8:f7:1a:f5:21:e9:25:ab:8e:25:fc:e4:
         b9:0e:75:51:2d:d9:61:8b:ef:88:7b:3f:df:3c:21:64:ee:3b:
         98:ff:44:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxXCK+axm/O2iRP6Wcb3mPbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMmVlMmIzOTcxMjM3N2I0YmZlYzllNjZhYzdlNmU5MDhl
ZmNlZWMwHhcNMjYwMjEzMTI0NTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjkxYmM4YTA2NDliZmM4N2M3MGY5MjllYTBmYzY2ZWNkYzVmZDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTIQFJaeH4AyIJRDrSZukujgIn7d
xCkafPzp69FYrmQhP0trH5xgwnBLyvsismJIiFzYonsIYKu+TRDryGFHBk17EwHR
wD4N1IyxMTWUpLgeH6eVWEjTJa75XhWUo219oJovTJsTNCk2VOkRM6JUX+sPRQA4
uZ5fwOSuK+r0tr1jsBU+iX4D6JehTc5vJ3++we7l9sE5ASbdmw/S67egWbL4UnWw
MfsVKYZ/d853NuNVpIp2EOTvn16HhXzY+vh5eQvJzNOYz77r30yoF9y/EU2omJ3h
HnVHTJsWedYw8ilugIqciw9XjxWp2/riZin8y75m0AyJ8aZmJIFOi/16FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAaRvIoGSb/IfHD5KeoPxm7Nxf0lMB8GA1UdIwQY
MBaAFLMu4rOXEjd7S/7J5mrH5ukI787sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3k3aXM1Y1NOM3RMX3NubWFzZm02UWp2enV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9kZmE1MWItNDZhYS00MDg0LWEzNDMt
ZjAxNmNhNWRhMjE5LzEvQnBHOGlnWkp2OGg4Y1BrcDZnX0diczNGX1NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9kZmE1MWItNDZhYS00MDg0LWEzNDMtZjAxNmNhNWRhMjE5
LzEvc3k3aXM1Y1NOM3RMX3NubWFzZm02UWp2enV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwwSwMA0G
CSqGSIb3DQEBCwUAA4IBAQBtVhsIaA2ZzSMyCtoC/eXgaWCaiF9ZKy8CMNutHhwp
kHR0Kqbt/bugglOi5KOe7chKLI1lbIg10QqTJ7xF9X3CAdnkZEKIWdvMvY5l8vMJ
8icJ5JKPMEsguDXX1yTbo3YQkZfEw29xqMn1c/by3cZAwWb+lbjTV4QEbl8uZfkf
HBYpjHR8QCDqlNv30gvdL8g7gYrwP+XS9/ZMNHqZXRsqeZn04OM/1mdkHIOB6eeg
S0KTBj4sXepor0/y9JWlGy30/02u8mzlQDkTX4k3OFd3tL/1dlVNRvbFzsbwf1O4
9xr1Ieklq44l/OS5DnVRLdlhi++Iez/fPCFk7juY/0Rd
-----END CERTIFICATE-----