Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/9385aa-1b79-4a02-a092-01eb03684f09/1/v5LcK-vk19mPyJ4_jQDV_tIrM-I.roa
File:                     v5LcK-vk19mPyJ4_jQDV_tIrM-I.roa (raw, json)
Hash identifier:          pIXFlL3PfdAl4ychuA34yURFJsDDcX6O7/3+bFnUols=
Subject key identifier:   BF:92:DC:2B:EB:E4:D7:D9:8F:C8:9E:3F:8D:00:D5:FE:D2:2B:33:E2
Certificate issuer:       /CN=7f51228374742df544aa93058c5a3bd3d1642199
Certificate serial:       019C75CFB7A558AADD6FB92077CAB01E2C4D
Authority key identifier: 7F:51:22:83:74:74:2D:F5:44:AA:93:05:8C:5A:3B:D3:D1:64:21:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f1Eig3R0LfVEqpMFjFo709FkIZk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/9385aa-1b79-4a02-a092-01eb03684f09/1/v5LcK-vk19mPyJ4_jQDV_tIrM-I.roa
Signing time:             Thu 19 Feb 2026 12:11:13 +0000
ROA not before:           Thu 19 Feb 2026 12:11:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212820
IP address blocks:        185.228.144.0/22 maxlen: 22
                          2a02:2878:c000::/34 maxlen: 34
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/9385aa-1b79-4a02-a092-01eb03684f09/1/f1Eig3R0LfVEqpMFjFo709FkIZk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/9385aa-1b79-4a02-a092-01eb03684f09/1/f1Eig3R0LfVEqpMFjFo709FkIZk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f1Eig3R0LfVEqpMFjFo709FkIZk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:75:cf:b7:a5:58:aa:dd:6f:b9:20:77:ca:b0:1e:2c:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f51228374742df544aa93058c5a3bd3d1642199
        Validity
            Not Before: Feb 19 12:11:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bf92dc2bebe4d7d98fc89e3f8d00d5fed22b33e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:2d:f2:ef:35:79:f9:6a:aa:c3:f6:92:94:1a:
                    28:8f:ee:d6:b8:4c:d8:b3:7a:d5:3a:5f:50:ea:b9:
                    73:f8:b0:19:c7:3e:3f:3b:84:73:41:1c:a7:7f:a0:
                    14:7e:57:e4:30:a7:b6:3d:91:e4:f3:32:e5:41:44:
                    c8:a1:5d:70:b6:90:aa:5e:6a:f5:45:c6:18:00:53:
                    b2:70:26:2c:67:22:0b:78:7e:e0:e0:e6:0a:65:aa:
                    d7:44:07:9b:b8:e5:d0:21:57:3d:e0:52:31:70:cc:
                    f8:28:22:2b:9f:ab:93:83:98:ab:78:cc:55:59:98:
                    a0:36:74:29:a9:05:a2:ed:b9:27:7e:b7:19:e9:63:
                    ab:b0:e4:0c:ce:5c:25:e6:ad:ff:b7:03:ea:e7:93:
                    b2:2b:90:46:35:22:b8:7b:cf:82:81:a7:29:de:5f:
                    0a:b6:a0:9c:b8:27:06:ea:d7:64:83:94:08:3e:5a:
                    0a:09:e7:1b:5b:32:19:d1:c2:49:38:a4:a0:b1:4e:
                    ed:76:29:78:b8:87:af:20:7f:3d:4a:55:83:c5:68:
                    84:f3:55:33:e1:6b:07:98:9c:1b:5a:0d:0d:3c:5a:
                    62:f3:21:64:45:f8:46:8b:cc:f3:2f:2b:8a:f3:ba:
                    ac:15:4c:52:be:11:4f:65:c4:ca:2f:59:d9:48:28:
                    00:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:92:DC:2B:EB:E4:D7:D9:8F:C8:9E:3F:8D:00:D5:FE:D2:2B:33:E2
            X509v3 Authority Key Identifier:
                keyid:7F:51:22:83:74:74:2D:F5:44:AA:93:05:8C:5A:3B:D3:D1:64:21:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1Eig3R0LfVEqpMFjFo709FkIZk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/9385aa-1b79-4a02-a092-01eb03684f09/1/v5LcK-vk19mPyJ4_jQDV_tIrM-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/9385aa-1b79-4a02-a092-01eb03684f09/1/f1Eig3R0LfVEqpMFjFo709FkIZk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.144.0/22
                IPv6:
                  2a02:2878:c000::/34

    Signature Algorithm: sha256WithRSAEncryption
         a0:d7:4e:02:6b:e8:f8:5b:f2:89:89:13:30:a9:8e:5a:6b:0d:
         b6:2b:85:de:b2:e4:34:cd:be:c4:5d:a7:ee:fc:38:43:d4:3d:
         ae:ad:df:04:51:20:fc:d4:35:88:1e:d2:e4:c8:ec:4d:54:8e:
         21:57:c9:9a:29:c6:17:8a:a9:83:72:6b:e4:88:0c:a1:e4:bf:
         8c:8a:77:10:28:b4:ad:54:b1:8b:a0:58:78:00:2a:cd:ca:58:
         4c:e9:e2:6b:76:ce:4f:e2:bd:7d:24:09:2f:07:1e:53:22:d8:
         99:5b:cc:c4:aa:e2:7d:7d:46:2b:26:ba:f6:91:1a:db:df:62:
         d5:9f:eb:df:79:03:29:0b:6d:67:af:3b:e5:07:ea:36:c2:ae:
         06:36:28:b4:b9:bd:2d:cc:96:d3:24:e4:5e:f5:4a:6e:e4:8c:
         86:d0:6e:81:6c:64:30:44:4d:bb:3b:fc:b1:02:00:7f:ad:d5:
         c1:c1:ee:b3:f9:87:dc:90:1e:1d:24:0e:67:c8:61:9d:8b:86:
         7e:06:c1:32:63:0c:05:3f:f4:57:99:c2:e2:17:db:d7:82:4d:
         65:d2:f8:c2:a7:0c:72:fc:3d:20:4a:64:d8:bb:ff:98:3d:09:
         42:89:bc:13:0f:bc:aa:ff:44:71:c1:29:fd:6c:ed:9b:e7:4b:
         91:38:55:a2
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZx1z7elWKrdb7kgd8qwHixNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNTEyMjgzNzQ3NDJkZjU0NGFhOTMwNThjNWEzYmQzZDE2
NDIxOTkwHhcNMjYwMjE5MTIxMTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjkyZGMyYmViZTRkN2Q5OGZjODllM2Y4ZDAwZDVmZWQyMmIzM2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4i3y7zV5+Wqqw/aSlBooj+7WuEzY
s3rVOl9Q6rlz+LAZxz4/O4RzQRynf6AUflfkMKe2PZHk8zLlQUTIoV1wtpCqXmr1
RcYYAFOycCYsZyILeH7g4OYKZarXRAebuOXQIVc94FIxcMz4KCIrn6uTg5ireMxV
WZigNnQpqQWi7bknfrcZ6WOrsOQMzlwl5q3/twPq55OyK5BGNSK4e8+Cgacp3l8K
tqCcuCcG6tdkg5QIPloKCecbWzIZ0cJJOKSgsU7tdil4uIevIH89SlWDxWiE81Uz
4WsHmJwbWg0NPFpi8yFkRfhGi8zzLyuK87qsFUxSvhFPZcTKL1nZSCgAcQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFL+S3Cvr5NfZj8ieP40A1f7SKzPiMB8GA1UdIwQY
MBaAFH9RIoN0dC31RKqTBYxaO9PRZCGZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjFFaWczUjBMZlZFcXBNRmpGbzcwOUZrSVprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS85Mzg1YWEtMWI3OS00YTAyLWEwOTIt
MDFlYjAzNjg0ZjA5LzEvdjVMY0stdmsxOW1QeUo0X2pRRFZfdElyTS1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS85Mzg1YWEtMWI3OS00YTAyLWEwOTItMDFlYjAzNjg0ZjA5
LzEvZjFFaWczUjBMZlZFcXBNRmpGbzcwOUZrSVprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQCueSQMA4E
AgACMAgDBgYqAih4wDANBgkqhkiG9w0BAQsFAAOCAQEAoNdOAmvo+FvyiYkTMKmO
WmsNtiuF3rLkNM2+xF2n7vw4Q9Q9rq3fBFEg/NQ1iB7S5MjsTVSOIVfJminGF4qp
g3Jr5IgMoeS/jIp3ECi0rVSxi6BYeAAqzcpYTOnia3bOT+K9fSQJLwceUyLYmVvM
xKrifX1GKya69pEa299i1Z/r33kDKQttZ6875QfqNsKuBjYotLm9LcyW0yTkXvVK
buSMhtBugWxkMERNuzv8sQIAf63VwcHus/mH3JAeHSQOZ8hhnYuGfgbBMmMMBT/0
V5nC4hfb14JNZdL4wqcMcvw9IEpk2Lv/mD0JQom8Ew+8qv9EccEp/Wztm+dLkThV
og==
-----END CERTIFICATE-----