Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/073dda-0314-4eaf-bd04-21fe8b29d3d6/1/Aw9tXveR8BkFdyjJFk7_AmnfBwY.roa
File:                     Aw9tXveR8BkFdyjJFk7_AmnfBwY.roa (raw, json)
Hash identifier:          qR8wHawnouYoCzeQOakk7xfrAyq4fC7VhBjSSJYeEBQ=
Subject key identifier:   03:0F:6D:5E:F7:91:F0:19:05:77:28:C9:16:4E:FF:02:69:DF:07:06
Certificate issuer:       /CN=6e4213ef7550aadef91793dc9d14be87471e4c12
Certificate serial:       019C944663FCBA8E842E7FBCB5CE93CF3947
Authority key identifier: 6E:42:13:EF:75:50:AA:DE:F9:17:93:DC:9D:14:BE:87:47:1E:4C:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bkIT73VQqt75F5PcnRS-h0ceTBI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/073dda-0314-4eaf-bd04-21fe8b29d3d6/1/Aw9tXveR8BkFdyjJFk7_AmnfBwY.roa
Signing time:             Wed 25 Feb 2026 10:09:26 +0000
ROA not before:           Wed 25 Feb 2026 10:09:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204830
IP address blocks:        203.26.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/073dda-0314-4eaf-bd04-21fe8b29d3d6/1/bkIT73VQqt75F5PcnRS-h0ceTBI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/073dda-0314-4eaf-bd04-21fe8b29d3d6/1/bkIT73VQqt75F5PcnRS-h0ceTBI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bkIT73VQqt75F5PcnRS-h0ceTBI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:94:46:63:fc:ba:8e:84:2e:7f:bc:b5:ce:93:cf:39:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e4213ef7550aadef91793dc9d14be87471e4c12
        Validity
            Not Before: Feb 25 10:09:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=030f6d5ef791f019057728c9164eff0269df0706
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:3f:5f:66:f6:64:57:25:80:d6:ca:b2:51:24:
                    3d:f2:ee:47:27:97:5f:b4:66:33:f7:2d:01:7a:0d:
                    fd:1d:01:a9:1c:ca:60:3d:90:6b:56:35:1a:a6:7d:
                    8e:c9:c6:b7:c9:95:c4:bb:cd:b0:43:a1:35:0f:ae:
                    6e:ee:2e:ab:30:b1:40:1f:88:52:fe:49:27:e9:4f:
                    84:cd:88:2f:2e:f5:9c:ad:48:51:06:78:93:05:09:
                    d1:53:8f:f8:88:fa:f4:e7:88:65:3f:b7:b7:72:1e:
                    db:fb:92:75:28:36:d2:d0:d0:a8:44:2c:de:e0:e4:
                    1d:4f:63:9c:eb:6e:8d:23:b8:9a:4f:ae:9c:7e:1c:
                    ce:7f:b7:b6:88:24:fb:bf:4a:7f:b7:9d:8a:41:04:
                    b5:af:8a:2c:2c:9d:ce:ad:47:27:79:fa:0d:34:1d:
                    6b:ba:fd:ec:bc:68:87:d8:08:e9:81:02:fa:2f:58:
                    ae:52:be:bc:95:6d:62:3e:e9:ef:c0:ca:c2:56:fa:
                    81:67:7d:ae:b0:89:d0:bb:0c:6c:6e:8c:56:a2:25:
                    4c:92:88:82:28:f1:72:d5:f2:77:58:93:80:c2:c3:
                    7f:b3:57:d4:bd:eb:82:9e:03:c0:dd:29:a9:ea:00:
                    02:b4:ca:46:99:3f:37:b0:bb:bb:05:c1:25:ee:7f:
                    59:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:0F:6D:5E:F7:91:F0:19:05:77:28:C9:16:4E:FF:02:69:DF:07:06
            X509v3 Authority Key Identifier:
                keyid:6E:42:13:EF:75:50:AA:DE:F9:17:93:DC:9D:14:BE:87:47:1E:4C:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bkIT73VQqt75F5PcnRS-h0ceTBI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/073dda-0314-4eaf-bd04-21fe8b29d3d6/1/Aw9tXveR8BkFdyjJFk7_AmnfBwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/073dda-0314-4eaf-bd04-21fe8b29d3d6/1/bkIT73VQqt75F5PcnRS-h0ceTBI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.26.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:1f:b2:6f:b3:4f:55:21:aa:7a:3e:d5:d5:89:b4:4f:6d:59:
         23:42:ea:a2:d9:78:59:41:e7:07:ba:d9:19:7e:35:44:3f:38:
         5d:61:89:a0:64:52:bc:88:db:97:0b:fa:72:1e:f7:5d:d5:6d:
         fe:e9:9a:d3:d8:2a:06:37:df:84:e2:6a:fd:bd:01:4f:66:36:
         66:e6:05:70:d8:10:f8:b7:0f:f3:34:d3:61:91:13:cb:a5:55:
         ea:a6:f3:86:7d:22:37:f8:5f:9a:ad:d4:8c:a1:5e:f8:28:20:
         68:41:1f:81:f7:e9:49:2a:07:a9:c9:0a:93:ba:06:ad:12:b6:
         b5:7a:06:82:e0:f2:7f:64:6b:4d:dc:a6:b1:6e:e8:bb:c1:a0:
         e5:18:09:e4:8b:58:6d:b7:05:49:b3:34:df:e1:14:6a:74:d8:
         96:8a:25:94:eb:cd:fe:af:c1:cf:44:70:7f:cf:5a:06:4b:64:
         99:fd:83:09:ee:ee:8a:11:43:1f:cc:6b:c8:f3:c3:68:28:0d:
         21:7b:8f:7e:0e:6a:d3:7d:87:41:22:c2:13:13:7a:42:ec:93:
         56:b8:95:57:85:45:8c:a1:5f:9b:af:0f:48:82:a7:48:8f:4d:
         4c:40:ca:e1:97:1f:73:96:aa:19:0a:ff:05:43:bc:a1:ba:4e:
         10:8f:10:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyURmP8uo6ELn+8tc6TzzlHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlNDIxM2VmNzU1MGFhZGVmOTE3OTNkYzlkMTRiZTg3NDcx
ZTRjMTIwHhcNMjYwMjI1MTAwOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzBmNmQ1ZWY3OTFmMDE5MDU3NzI4YzkxNjRlZmYwMjY5ZGYwNzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqz9fZvZkVyWA1sqyUSQ98u5HJ5df
tGYz9y0Beg39HQGpHMpgPZBrVjUapn2Oyca3yZXEu82wQ6E1D65u7i6rMLFAH4hS
/kkn6U+EzYgvLvWcrUhRBniTBQnRU4/4iPr054hlP7e3ch7b+5J1KDbS0NCoRCze
4OQdT2Oc626NI7iaT66cfhzOf7e2iCT7v0p/t52KQQS1r4osLJ3OrUcnefoNNB1r
uv3svGiH2AjpgQL6L1iuUr68lW1iPunvwMrCVvqBZ32usInQuwxsboxWoiVMkoiC
KPFy1fJ3WJOAwsN/s1fUveuCngPA3Smp6gACtMpGmT83sLu7BcEl7n9Z9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAMPbV73kfAZBXcoyRZO/wJp3wcGMB8GA1UdIwQY
MBaAFG5CE+91UKre+ReT3J0UvodHHkwSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmtJVDczVlFxdDc1RjVQY25SUy1oMGNlVEJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8wNzNkZGEtMDMxNC00ZWFmLWJkMDQt
MjFmZThiMjlkM2Q2LzEvQXc5dFh2ZVI4QmtGZHlqSkZrN19BbW5mQndZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8wNzNkZGEtMDMxNC00ZWFmLWJkMDQtMjFmZThiMjlkM2Q2
LzEvYmtJVDczVlFxdDc1RjVQY25SUy1oMGNlVEJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyxqFMA0G
CSqGSIb3DQEBCwUAA4IBAQAbH7Jvs09VIap6PtXVibRPbVkjQuqi2XhZQecHutkZ
fjVEPzhdYYmgZFK8iNuXC/pyHvdd1W3+6ZrT2CoGN9+E4mr9vQFPZjZm5gVw2BD4
tw/zNNNhkRPLpVXqpvOGfSI3+F+ardSMoV74KCBoQR+B9+lJKgepyQqTugatEra1
egaC4PJ/ZGtN3Kaxbui7waDlGAnki1httwVJszTf4RRqdNiWiiWU683+r8HPRHB/
z1oGS2SZ/YMJ7u6KEUMfzGvI88NoKA0he49+DmrTfYdBIsITE3pC7JNWuJVXhUWM
oV+brw9IgqdIj01MQMrhlx9zlqoZCv8FQ7yhuk4QjxAZ
-----END CERTIFICATE-----