Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/pu325ehNvlo3myTBivxepxzDVaM.roa
File:                     pu325ehNvlo3myTBivxepxzDVaM.roa (raw, json)
Hash identifier:          FzWTWRbmynuTvGeOgK2kQqrAp6S4uC1ts2pAF8ELWGQ=
Subject key identifier:   A6:ED:F6:E5:E8:4D:BE:5A:37:9B:24:C1:8A:FC:5E:A7:1C:C3:55:A3
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019C7CF17E4D49CF68E23A9466C2CAF29577
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/pu325ehNvlo3myTBivxepxzDVaM.roa
Signing time:             Fri 20 Feb 2026 21:25:27 +0000
ROA not before:           Fri 20 Feb 2026 21:25:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212706
IP address blocks:        147.45.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7c:f1:7e:4d:49:cf:68:e2:3a:94:66:c2:ca:f2:95:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Feb 20 21:25:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a6edf6e5e84dbe5a379b24c18afc5ea71cc355a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:5c:29:65:5b:ed:bc:9e:1b:07:39:2b:5e:cd:
                    4f:ea:5c:6d:44:a6:4e:f2:f9:07:96:f3:6d:a0:df:
                    48:6a:50:2c:ac:78:95:52:73:cb:f4:4a:3f:66:ce:
                    7c:d7:92:ac:91:59:d6:f5:d5:9b:e9:94:46:e5:4c:
                    7f:68:6b:c7:f5:0c:ba:ee:af:a6:58:e4:4f:b2:fa:
                    98:68:38:0b:95:8f:19:42:3e:20:89:fe:80:05:9a:
                    3e:a8:42:1b:35:f4:ff:6c:20:e7:84:4b:55:43:7b:
                    99:46:14:76:12:85:45:98:23:ab:d2:61:11:4f:60:
                    db:a9:27:f3:b2:78:05:12:b0:b9:f2:a4:31:f9:49:
                    5e:17:0d:a9:47:63:58:c1:38:12:77:21:db:27:5a:
                    ff:67:e4:99:f4:6d:31:2a:b3:f0:70:32:46:da:4b:
                    fa:f3:9e:58:14:f4:95:53:e5:7b:e5:7e:1c:8d:5c:
                    0d:33:1f:90:1c:fc:a4:7a:ad:44:99:7d:fb:36:86:
                    44:aa:67:25:47:95:b4:02:7e:72:ad:d7:eb:64:a8:
                    ed:31:46:fb:69:18:b8:43:15:f0:03:c7:1b:e0:4f:
                    7b:be:5f:19:ea:61:c3:68:0d:48:8c:8d:dd:1a:e0:
                    96:85:0e:e0:f9:d0:79:4a:08:e0:60:c2:d3:eb:10:
                    c7:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:ED:F6:E5:E8:4D:BE:5A:37:9B:24:C1:8A:FC:5E:A7:1C:C3:55:A3
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/pu325ehNvlo3myTBivxepxzDVaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:06:76:b9:fa:0c:06:62:59:97:da:32:fc:3c:11:53:c1:09:
         4c:4e:c2:b3:dc:84:98:65:32:a8:c9:0e:42:87:cf:a2:36:c8:
         51:4b:bf:27:90:9c:ed:85:af:11:a4:f8:53:1b:74:04:c5:cc:
         24:6a:57:42:d8:b1:3a:6b:84:eb:d9:58:60:d8:8b:a8:d5:87:
         9f:b9:39:73:72:93:8d:b5:f6:72:86:f6:f1:b8:a6:09:2e:c6:
         d8:8d:82:4b:73:d2:12:bd:57:86:43:51:4d:09:97:66:8e:56:
         c3:48:75:fd:6e:c3:3e:9c:13:d2:14:bd:00:38:93:90:b7:83:
         22:3d:4c:1a:1c:c6:e7:85:e1:92:5d:f1:ec:2a:4c:36:01:02:
         ee:20:0c:96:ec:2f:ef:2e:97:a8:3f:58:99:de:a0:d1:2b:a5:
         42:e4:6a:66:38:6d:d8:2c:bb:28:da:41:24:eb:03:f9:6c:5a:
         cb:7a:5b:55:72:6e:23:1d:e2:68:99:c4:92:96:ea:48:b6:5f:
         5c:98:4d:e9:72:de:44:d5:63:34:7c:d7:1a:ed:c6:4c:58:16:
         0b:05:95:85:f0:c7:24:05:2d:40:42:e6:e5:a6:85:7c:db:20:
         e3:28:df:d0:d1:28:79:91:32:0c:6d:f2:f1:b8:08:ba:69:e5:
         10:48:00:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx88X5NSc9o4jqUZsLK8pV3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjYwMjIwMjEyNTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmVkZjZlNWU4NGRiZTVhMzc5YjI0YzE4YWZjNWVhNzFjYzM1NWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFwpZVvtvJ4bBzkrXs1P6lxtRKZO
8vkHlvNtoN9IalAsrHiVUnPL9Eo/Zs5815KskVnW9dWb6ZRG5Ux/aGvH9Qy67q+m
WORPsvqYaDgLlY8ZQj4gif6ABZo+qEIbNfT/bCDnhEtVQ3uZRhR2EoVFmCOr0mER
T2DbqSfzsngFErC58qQx+UleFw2pR2NYwTgSdyHbJ1r/Z+SZ9G0xKrPwcDJG2kv6
855YFPSVU+V75X4cjVwNMx+QHPykeq1EmX37NoZEqmclR5W0An5yrdfrZKjtMUb7
aRi4QxXwA8cb4E97vl8Z6mHDaA1IjI3dGuCWhQ7g+dB5SgjgYMLT6xDH7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKbt9uXoTb5aN5skwYr8Xqccw1WjMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvcHUzMjVlaE52bG8zbXlUQml2eGVweHpEVmFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAky11MA0G
CSqGSIb3DQEBCwUAA4IBAQBTBna5+gwGYlmX2jL8PBFTwQlMTsKz3ISYZTKoyQ5C
h8+iNshRS78nkJztha8RpPhTG3QExcwkaldC2LE6a4Tr2Vhg2Iuo1YefuTlzcpON
tfZyhvbxuKYJLsbYjYJLc9ISvVeGQ1FNCZdmjlbDSHX9bsM+nBPSFL0AOJOQt4Mi
PUwaHMbnheGSXfHsKkw2AQLuIAyW7C/vLpeoP1iZ3qDRK6VC5GpmOG3YLLso2kEk
6wP5bFrLeltVcm4jHeJomcSSlupItl9cmE3pct5E1WM0fNca7cZMWBYLBZWF8Mck
BS1AQublpoV82yDjKN/Q0Sh5kTIMbfLxuAi6aeUQSABE
-----END CERTIFICATE-----