Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/26rLNje-5GxvYZVT0swfwJnqk7o.roa
File:                     26rLNje-5GxvYZVT0swfwJnqk7o.roa (raw, json)
Hash identifier:          QK5jjtwOLc2LvgvPPlN4ghX4dCXmOU5tCJW4D3OFYHA=
Subject key identifier:   DB:AA:CB:36:37:BE:E4:6C:6F:61:95:53:D2:CC:1F:C0:99:EA:93:BA
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019C612D0B55FDBF9F1004295507DFEC0919
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/26rLNje-5GxvYZVT0swfwJnqk7o.roa
Signing time:             Sun 15 Feb 2026 12:01:07 +0000
ROA not before:           Sun 15 Feb 2026 12:01:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        85.239.145.0/24 maxlen: 24
                          85.239.148.0/24 maxlen: 24
                          92.62.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:61:2d:0b:55:fd:bf:9f:10:04:29:55:07:df:ec:09:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Feb 15 12:01:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dbaacb3637bee46c6f619553d2cc1fc099ea93ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:d3:c1:0d:83:78:71:63:ac:ed:8c:2b:db:0e:
                    35:a2:96:77:e1:68:13:a5:b5:0f:d1:70:c4:c4:82:
                    c2:4b:01:f4:65:fe:c5:99:13:ed:d6:6d:d9:12:cd:
                    5f:fd:65:7d:2d:29:f8:a9:d4:a9:cc:91:ac:33:3c:
                    75:e3:b9:cc:fa:c1:46:3c:e6:9a:93:7e:67:06:4b:
                    29:c4:0d:b4:94:d8:68:fb:a9:4b:0d:25:a5:84:28:
                    9f:bd:94:57:1e:ac:92:9e:5c:a1:ec:e1:3a:d6:d3:
                    5f:ea:88:4d:88:b7:a8:ce:39:97:10:c1:1b:de:73:
                    b7:43:4b:6e:19:9f:fa:dc:55:1f:7e:2d:67:b1:40:
                    b2:bc:d8:63:0f:70:76:79:d8:95:43:95:eb:a7:72:
                    5a:04:53:09:bf:24:3b:79:f0:94:3d:aa:05:33:f6:
                    34:89:ba:41:d1:d0:ba:60:6a:85:00:f2:b2:4c:b1:
                    75:88:3a:c6:93:85:72:27:05:e0:03:e1:28:62:01:
                    4b:41:52:14:42:93:ee:be:25:c7:a0:10:d4:63:ef:
                    b6:a7:9f:14:59:26:54:37:e3:fe:29:d1:37:86:c4:
                    85:71:1e:87:22:da:fd:58:01:bb:34:a5:b6:30:da:
                    0b:7c:50:85:51:f8:76:e6:0e:4a:41:96:e9:d0:fb:
                    ac:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:AA:CB:36:37:BE:E4:6C:6F:61:95:53:D2:CC:1F:C0:99:EA:93:BA
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/26rLNje-5GxvYZVT0swfwJnqk7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.145.0/24
                  85.239.148.0/24
                  92.62.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:7e:3f:fd:5c:0c:6c:8f:0d:cc:61:71:58:69:4c:e1:50:32:
         c6:65:3c:10:83:91:42:eb:ec:d7:f1:66:93:b6:0a:a8:7d:22:
         b0:dc:8a:7c:83:8a:0c:0d:fc:02:9a:79:e2:56:f6:77:c3:f2:
         7d:d5:c7:72:5f:36:bb:40:12:07:df:cc:e3:90:49:25:ed:40:
         eb:4e:27:63:e4:6f:43:4f:13:c3:9f:aa:28:8d:bb:fa:06:37:
         df:07:b9:e1:d8:18:7a:3c:3f:2d:6b:78:55:88:ca:35:bc:d8:
         e4:5f:8b:29:97:7a:dd:d9:2a:17:1b:e5:f2:60:30:52:40:df:
         e5:3b:b9:75:f6:f8:71:3f:34:02:ef:1a:3f:ec:10:6b:bd:5e:
         e5:56:ab:9b:4e:71:89:3b:5c:29:48:f4:b2:a4:34:ec:b3:13:
         58:71:9a:af:c1:a8:76:55:c5:05:4c:72:47:2b:da:d8:3a:ac:
         9d:50:bc:9b:1a:65:ef:0c:58:66:46:11:ab:d8:b7:55:b9:00:
         5d:00:b2:b6:e3:5e:b6:48:72:ff:09:0e:e2:14:ae:a3:67:b0:
         d9:53:c5:3e:f9:bd:37:ac:2a:7b:bb:8d:53:63:42:1a:5f:aa:
         57:c6:34:38:1f:89:86:5d:6b:93:eb:c0:90:b2:60:5d:25:be:
         2d:eb:d0:3b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZxhLQtV/b+fEAQpVQff7AkZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjYwMjE1MTIwMTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmFhY2IzNjM3YmVlNDZjNmY2MTk1NTNkMmNjMWZjMDk5ZWE5M2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwNPBDYN4cWOs7Ywr2w41opZ34WgT
pbUP0XDExILCSwH0Zf7FmRPt1m3ZEs1f/WV9LSn4qdSpzJGsMzx147nM+sFGPOaa
k35nBkspxA20lNho+6lLDSWlhCifvZRXHqySnlyh7OE61tNf6ohNiLeozjmXEMEb
3nO3Q0tuGZ/63FUffi1nsUCyvNhjD3B2ediVQ5Xrp3JaBFMJvyQ7efCUPaoFM/Y0
ibpB0dC6YGqFAPKyTLF1iDrGk4VyJwXgA+EoYgFLQVIUQpPuviXHoBDUY++2p58U
WSZUN+P+KdE3hsSFcR6HItr9WAG7NKW2MNoLfFCFUfh25g5KQZbp0PusgwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNuqyzY3vuRsb2GVU9LMH8CZ6pO6MB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvMjZyTE5qZS01R3h2WVpWVDBzd2Z3Sm5xazdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVe+RAwQA
Ve+UAwQAXD79MA0GCSqGSIb3DQEBCwUAA4IBAQAbfj/9XAxsjw3MYXFYaUzhUDLG
ZTwQg5FC6+zX8WaTtgqofSKw3Ip8g4oMDfwCmnniVvZ3w/J91cdyXza7QBIH38zj
kEkl7UDrTidj5G9DTxPDn6oojbv6BjffB7nh2Bh6PD8ta3hViMo1vNjkX4spl3rd
2SoXG+XyYDBSQN/lO7l19vhxPzQC7xo/7BBrvV7lVqubTnGJO1wpSPSypDTssxNY
cZqvwah2VcUFTHJHK9rYOqydULybGmXvDFhmRhGr2LdVuQBdALK24162SHL/CQ7i
FK6jZ7DZU8U++b03rCp7u41TY0IaX6pXxjQ4H4mGXWuT68CQsmBdJb4t69A7
-----END CERTIFICATE-----