Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7d8b41-bc66-4a5f-82e6-a82cbbc73675/1/xYx_vOW7vkTjvjtpiy67I2LnOhE.roa
File:                     xYx_vOW7vkTjvjtpiy67I2LnOhE.roa (raw, json)
Hash identifier:          N7u6humGzKYT/H6+9vAbd+SuhUaYJnp74HRkR2a2nH4=
Subject key identifier:   C5:8C:7F:BC:E5:BB:BE:44:E3:BE:3B:69:8B:2E:BB:23:62:E7:3A:11
Certificate issuer:       /CN=d25efe544b6357c7fbc281b2e41b1cb2e743e89c
Certificate serial:       019C796512A2DFD8FF2E447B7F0852AB271E
Authority key identifier: D2:5E:FE:54:4B:63:57:C7:FB:C2:81:B2:E4:1B:1C:B2:E7:43:E8:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0l7-VEtjV8f7woGy5BscsudD6Jw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7d8b41-bc66-4a5f-82e6-a82cbbc73675/1/xYx_vOW7vkTjvjtpiy67I2LnOhE.roa
Signing time:             Fri 20 Feb 2026 04:53:12 +0000
ROA not before:           Fri 20 Feb 2026 04:53:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     151673
IP address blocks:        194.153.159.191/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7d8b41-bc66-4a5f-82e6-a82cbbc73675/1/0l7-VEtjV8f7woGy5BscsudD6Jw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7d8b41-bc66-4a5f-82e6-a82cbbc73675/1/0l7-VEtjV8f7woGy5BscsudD6Jw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0l7-VEtjV8f7woGy5BscsudD6Jw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:79:65:12:a2:df:d8:ff:2e:44:7b:7f:08:52:ab:27:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d25efe544b6357c7fbc281b2e41b1cb2e743e89c
        Validity
            Not Before: Feb 20 04:53:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c58c7fbce5bbbe44e3be3b698b2ebb2362e73a11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:86:d5:32:45:33:01:df:b5:5a:14:10:35:31:
                    50:97:94:a0:ca:6d:fb:33:56:08:f8:12:ea:9c:77:
                    81:25:e6:e7:fa:fb:94:1f:41:2f:16:ab:37:f8:41:
                    64:3a:07:04:19:6b:ac:c1:a7:a3:27:58:c2:60:82:
                    82:bd:24:4b:1e:b6:70:9b:9a:a9:c4:f8:d2:d8:11:
                    a8:2c:11:7f:df:e4:21:9e:a2:68:16:8e:54:ae:f6:
                    3a:76:91:f1:5d:db:6f:e8:bc:e6:a6:7f:ec:04:d2:
                    bc:0f:17:6d:4e:1e:39:59:ac:cf:0b:49:e3:c4:e8:
                    98:20:15:99:d8:3c:05:93:c8:bf:f3:94:e1:ea:56:
                    85:23:6e:86:b0:45:d6:a0:22:c4:c0:bb:d9:99:ad:
                    23:b6:35:45:e7:7f:7a:fd:af:fb:ad:a3:b0:fe:61:
                    92:b5:4f:ee:47:96:b4:0f:ac:26:5d:d5:8b:5a:43:
                    d8:7d:5d:2f:2c:ad:4e:77:e8:25:e2:c2:13:af:e8:
                    0a:76:fe:b1:d7:89:73:b9:0a:2b:f0:67:dd:e2:f9:
                    e1:43:78:be:42:b9:99:98:5c:54:45:72:97:b5:3b:
                    23:0d:34:04:6d:cc:47:28:fb:2f:99:13:2b:ce:d2:
                    bc:a6:c2:e6:7c:35:ad:9b:92:31:aa:45:bc:38:26:
                    ff:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:8C:7F:BC:E5:BB:BE:44:E3:BE:3B:69:8B:2E:BB:23:62:E7:3A:11
            X509v3 Authority Key Identifier:
                keyid:D2:5E:FE:54:4B:63:57:C7:FB:C2:81:B2:E4:1B:1C:B2:E7:43:E8:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0l7-VEtjV8f7woGy5BscsudD6Jw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7d8b41-bc66-4a5f-82e6-a82cbbc73675/1/xYx_vOW7vkTjvjtpiy67I2LnOhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7d8b41-bc66-4a5f-82e6-a82cbbc73675/1/0l7-VEtjV8f7woGy5BscsudD6Jw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.153.159.191/32

    Signature Algorithm: sha256WithRSAEncryption
         30:4d:f4:6e:a5:59:34:4a:04:a9:9c:53:f1:01:fa:01:88:16:
         b3:40:37:43:dd:59:2b:8f:61:8d:af:fe:44:e0:e0:ba:ca:10:
         72:5b:c5:96:54:82:96:de:9a:fd:f7:d4:5e:79:80:f4:a2:26:
         06:ec:21:fc:33:10:3b:be:f9:c8:2d:37:d9:bc:c4:f8:04:0c:
         a7:1a:17:e2:a9:d0:a3:51:c0:aa:f0:53:ca:70:fd:ae:ff:66:
         57:43:fc:cc:79:3c:a1:6f:55:cc:17:95:ae:09:e3:88:56:2f:
         dd:51:02:ed:3c:f7:6c:3d:f3:54:e5:41:45:c7:00:cc:b0:5e:
         2a:0b:33:b0:cf:d7:06:ba:1a:96:b0:04:55:e4:08:8c:76:d8:
         b1:5b:a2:73:e2:c2:ce:a9:85:40:a5:d3:40:02:8d:6a:3a:31:
         f0:8f:19:10:d9:40:4f:c1:66:da:7e:06:80:7f:99:7f:5c:eb:
         c0:a6:20:0a:87:2e:25:de:20:cd:df:c8:d5:da:84:96:ca:70:
         c3:de:06:fb:52:4e:ec:e6:c3:d4:6a:4d:5a:61:3d:77:30:53:
         d0:28:98:28:8a:96:94:c3:64:aa:e6:b0:73:8e:f1:71:cc:93:
         fd:f7:b3:f9:19:28:0a:46:72:f4:fc:c7:12:90:89:c3:38:1a:
         e1:48:f1:47
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZx5ZRKi39j/LkR7fwhSqyceMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNWVmZTU0NGI2MzU3YzdmYmMyODFiMmU0MWIxY2IyZTc0
M2U4OWMwHhcNMjYwMjIwMDQ1MzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNThjN2ZiY2U1YmJiZTQ0ZTNiZTNiNjk4YjJlYmIyMzYyZTczYTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7IbVMkUzAd+1WhQQNTFQl5Sgym37
M1YI+BLqnHeBJebn+vuUH0EvFqs3+EFkOgcEGWuswaejJ1jCYIKCvSRLHrZwm5qp
xPjS2BGoLBF/3+QhnqJoFo5UrvY6dpHxXdtv6Lzmpn/sBNK8DxdtTh45WazPC0nj
xOiYIBWZ2DwFk8i/85Th6laFI26GsEXWoCLEwLvZma0jtjVF5396/a/7raOw/mGS
tU/uR5a0D6wmXdWLWkPYfV0vLK1Od+gl4sITr+gKdv6x14lzuQor8Gfd4vnhQ3i+
QrmZmFxURXKXtTsjDTQEbcxHKPsvmRMrztK8psLmfDWtm5IxqkW8OCb/wwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMWMf7zlu75E4747aYsuuyNi5zoRMB8GA1UdIwQY
MBaAFNJe/lRLY1fH+8KBsuQbHLLnQ+icMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGw3LVZFdGpWOGY3d29HeTVCc2NzdWRENkp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83ZDhiNDEtYmM2Ni00YTVmLTgyZTYt
YTgyY2JiYzczNjc1LzEveFl4X3ZPVzd2a1Rqdmp0cGl5NjdJMkxuT2hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83ZDhiNDEtYmM2Ni00YTVmLTgyZTYtYTgyY2JiYzczNjc1
LzEvMGw3LVZFdGpWOGY3d29HeTVCc2NzdWRENkp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUAwpmfvzAN
BgkqhkiG9w0BAQsFAAOCAQEAME30bqVZNEoEqZxT8QH6AYgWs0A3Q91ZK49hja/+
RODgusoQclvFllSClt6a/ffUXnmA9KImBuwh/DMQO775yC032bzE+AQMpxoX4qnQ
o1HAqvBTynD9rv9mV0P8zHk8oW9VzBeVrgnjiFYv3VEC7Tz3bD3zVOVBRccAzLBe
KgszsM/XBroalrAEVeQIjHbYsVuic+LCzqmFQKXTQAKNajox8I8ZENlAT8Fm2n4G
gH+Zf1zrwKYgCocuJd4gzd/I1dqElspww94G+1JO7ObD1GpNWmE9dzBT0CiYKIqW
lMNkquawc47xccyT/fez+RkoCkZy9PzHEpCJwzga4UjxRw==
-----END CERTIFICATE-----