Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/7f4653-dec1-4735-9ff7-eb3c9a2e7eea/1/70JHdnkKgsjKCsL3ulG1wQpZGp4.roa
File:                     70JHdnkKgsjKCsL3ulG1wQpZGp4.roa (raw, json)
Hash identifier:          +7UX7nSd4wTkbsTAwwas6oJrJFj4JuJ4qtAQ6S+C8Y8=
Subject key identifier:   EF:42:47:76:79:0A:82:C8:CA:0A:C2:F7:BA:51:B5:C1:0A:59:1A:9E
Certificate issuer:       /CN=8f14003d657ecbe5f9b6f4947b8ca72adace9d29
Certificate serial:       019C47C8CCD64A438DC9E1D137C8E8F2E38C
Authority key identifier: 8F:14:00:3D:65:7E:CB:E5:F9:B6:F4:94:7B:8C:A7:2A:DA:CE:9D:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jxQAPWV-y-X5tvSUe4ynKtrOnSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/7f4653-dec1-4735-9ff7-eb3c9a2e7eea/1/70JHdnkKgsjKCsL3ulG1wQpZGp4.roa
Signing time:             Tue 10 Feb 2026 13:41:07 +0000
ROA not before:           Tue 10 Feb 2026 13:41:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205769
IP address blocks:        149.249.252.0/22 maxlen: 22
                          185.207.60.0/22 maxlen: 22
                          2a0b:1ec0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/7f4653-dec1-4735-9ff7-eb3c9a2e7eea/1/jxQAPWV-y-X5tvSUe4ynKtrOnSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/7f4653-dec1-4735-9ff7-eb3c9a2e7eea/1/jxQAPWV-y-X5tvSUe4ynKtrOnSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jxQAPWV-y-X5tvSUe4ynKtrOnSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:47:c8:cc:d6:4a:43:8d:c9:e1:d1:37:c8:e8:f2:e3:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f14003d657ecbe5f9b6f4947b8ca72adace9d29
        Validity
            Not Before: Feb 10 13:41:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ef424776790a82c8ca0ac2f7ba51b5c10a591a9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:a1:8f:b7:f9:db:dc:b3:8c:3b:bc:7e:ac:c7:
                    69:2b:f6:4b:b5:44:f1:e8:49:41:5a:3f:4a:df:f0:
                    bc:cc:25:b1:e0:99:ea:6e:3c:c8:56:79:b6:54:9a:
                    01:39:59:ad:11:d0:04:b4:e5:66:55:6e:bc:45:98:
                    c9:3d:9c:0a:f9:14:29:d9:a3:50:2d:55:4e:fe:68:
                    ae:06:5d:12:a4:62:12:b8:0a:f3:84:1f:d6:83:e0:
                    9b:a0:ae:43:3f:6e:fd:8b:73:26:5d:f4:97:95:3b:
                    75:e5:96:27:26:2e:9a:5c:b6:bc:c5:56:eb:c4:a0:
                    08:b8:ba:1c:ad:54:81:d3:ed:89:f0:a5:b1:36:15:
                    73:f7:a0:aa:e2:ca:5a:8c:92:f2:48:b7:94:18:33:
                    73:63:48:07:69:1d:fe:9a:12:02:75:b3:09:28:8d:
                    36:8c:73:ee:0a:ae:51:f1:31:71:6c:5f:5e:98:90:
                    9f:85:57:7a:8c:28:40:f3:f7:dd:68:8b:2b:5f:63:
                    03:ec:dc:c1:e0:37:14:5c:99:ea:06:b0:15:ed:4f:
                    38:e3:c7:12:61:d5:54:26:b9:14:91:22:26:91:4a:
                    ab:52:4d:2b:da:74:81:97:d6:55:f3:42:89:55:8b:
                    5a:5d:0d:af:9e:84:f9:eb:94:b8:73:90:ee:f3:65:
                    d0:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:42:47:76:79:0A:82:C8:CA:0A:C2:F7:BA:51:B5:C1:0A:59:1A:9E
            X509v3 Authority Key Identifier:
                keyid:8F:14:00:3D:65:7E:CB:E5:F9:B6:F4:94:7B:8C:A7:2A:DA:CE:9D:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jxQAPWV-y-X5tvSUe4ynKtrOnSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/7f4653-dec1-4735-9ff7-eb3c9a2e7eea/1/70JHdnkKgsjKCsL3ulG1wQpZGp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/7f4653-dec1-4735-9ff7-eb3c9a2e7eea/1/jxQAPWV-y-X5tvSUe4ynKtrOnSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.249.252.0/22
                  185.207.60.0/22
                IPv6:
                  2a0b:1ec0::/32

    Signature Algorithm: sha256WithRSAEncryption
         92:5e:fb:14:8b:65:63:79:33:36:09:1c:84:c0:42:a5:01:24:
         6d:f3:37:d2:27:43:3a:1c:49:40:bf:10:ca:61:ee:c4:ac:90:
         79:1a:85:24:26:b0:26:4e:03:49:56:31:94:bb:18:f9:13:79:
         d1:69:e0:fd:af:3a:00:27:ee:4d:e7:a3:6d:97:c9:4f:05:83:
         d0:57:d7:f8:20:9f:d6:0c:40:ab:e8:8b:a0:1b:06:28:48:25:
         8f:22:03:e6:82:56:62:5d:2c:e5:67:a6:51:66:0d:69:aa:60:
         05:ce:1a:9c:1e:b3:15:9e:b9:ba:6f:02:cc:2a:13:6d:66:ca:
         8f:bb:ff:5a:3b:23:65:a8:36:b0:a1:a3:79:19:d9:56:c9:44:
         77:7e:a1:90:5d:f1:82:98:21:71:91:c1:3d:e6:2e:3b:f4:2f:
         00:12:e7:89:3f:a2:97:d8:f0:4a:00:05:69:a0:44:93:1e:bc:
         92:2b:9d:48:98:b4:3c:e5:0a:fd:e0:1a:31:96:84:6d:28:a8:
         d3:2b:1f:0b:db:1a:bd:55:a1:c5:7c:76:a1:fd:33:02:a8:03:
         cc:30:d2:3a:e7:25:1b:b0:d8:0e:f4:93:b4:56:91:51:ba:27:
         34:84:59:15:15:dc:18:c5:b0:18:18:ef:f3:6e:14:12:58:44:
         7b:22:bf:8b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZxHyMzWSkONyeHRN8jo8uOMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMTQwMDNkNjU3ZWNiZTVmOWI2ZjQ5NDdiOGNhNzJhZGFj
ZTlkMjkwHhcNMjYwMjEwMTM0MTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjQyNDc3Njc5MGE4MmM4Y2EwYWMyZjdiYTUxYjVjMTBhNTkxYTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0aGPt/nb3LOMO7x+rMdpK/ZLtUTx
6ElBWj9K3/C8zCWx4JnqbjzIVnm2VJoBOVmtEdAEtOVmVW68RZjJPZwK+RQp2aNQ
LVVO/miuBl0SpGISuArzhB/Wg+CboK5DP279i3MmXfSXlTt15ZYnJi6aXLa8xVbr
xKAIuLocrVSB0+2J8KWxNhVz96Cq4spajJLySLeUGDNzY0gHaR3+mhICdbMJKI02
jHPuCq5R8TFxbF9emJCfhVd6jChA8/fdaIsrX2MD7NzB4DcUXJnqBrAV7U8448cS
YdVUJrkUkSImkUqrUk0r2nSBl9ZV80KJVYtaXQ2vnoT565S4c5Du82XQ1wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFO9CR3Z5CoLIygrC97pRtcEKWRqeMB8GA1UdIwQY
MBaAFI8UAD1lfsvl+bb0lHuMpyrazp0pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanhRQVBXVi15LVg1dHZTVWU0eW5LdHJPblNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS83ZjQ2NTMtZGVjMS00NzM1LTlmZjct
ZWIzYzlhMmU3ZWVhLzEvNzBKSGRua0tnc2pLQ3NMM3VsRzF3UXBaR3A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS83ZjQ2NTMtZGVjMS00NzM1LTlmZjctZWIzYzlhMmU3ZWVh
LzEvanhRQVBXVi15LVg1dHZTVWU0eW5LdHJPblNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQClfn8AwQC
uc88MA0EAgACMAcDBQAqCx7AMA0GCSqGSIb3DQEBCwUAA4IBAQCSXvsUi2VjeTM2
CRyEwEKlASRt8zfSJ0M6HElAvxDKYe7ErJB5GoUkJrAmTgNJVjGUuxj5E3nRaeD9
rzoAJ+5N56Ntl8lPBYPQV9f4IJ/WDECr6IugGwYoSCWPIgPmglZiXSzlZ6ZRZg1p
qmAFzhqcHrMVnrm6bwLMKhNtZsqPu/9aOyNlqDawoaN5GdlWyUR3fqGQXfGCmCFx
kcE95i479C8AEueJP6KX2PBKAAVpoESTHrySK51ImLQ85Qr94BoxloRtKKjTKx8L
2xq9VaHFfHah/TMCqAPMMNI65yUbsNgO9JO0VpFRuic0hFkVFdwYxbAYGO/zbhQS
WER7Ir+L
-----END CERTIFICATE-----