Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/2TuOUYelPG8i8vgWoONoIzG61uk.roa
File:                     2TuOUYelPG8i8vgWoONoIzG61uk.roa (raw, json)
Hash identifier:          3yp3E/oT4rA6r1CQPo5SbIqdIKNB8tpMZXgL2Q2VgBE=
Subject key identifier:   D9:3B:8E:51:87:A5:3C:6F:22:F2:F8:16:A0:E3:68:23:31:BA:D6:E9
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       019C7026705B841E235B8E80CE9139F8B11F
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/2TuOUYelPG8i8vgWoONoIzG61uk.roa
Signing time:             Wed 18 Feb 2026 09:48:13 +0000
ROA not before:           Wed 18 Feb 2026 09:48:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3320
IP address blocks:        188.64.182.0/24 maxlen: 24
                          188.64.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:70:26:70:5b:84:1e:23:5b:8e:80:ce:91:39:f8:b1:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Feb 18 09:48:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d93b8e5187a53c6f22f2f816a0e3682331bad6e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:4e:93:77:ce:fc:d0:5e:79:7e:c3:63:0f:e4:
                    22:e1:ef:38:dd:14:2c:80:95:09:f3:fe:37:ac:38:
                    40:db:fe:41:64:13:ff:e2:87:ed:f2:14:3c:da:17:
                    fd:e4:40:62:fa:bb:6b:38:4f:10:67:fe:c4:6e:96:
                    63:12:1f:ac:d2:a1:58:5c:4c:6c:06:4f:e9:ba:2c:
                    3f:df:ee:62:e7:c2:84:4a:48:42:fc:7c:7e:a3:39:
                    6f:db:aa:ed:ef:0f:9c:d5:0b:52:80:8b:4b:fd:de:
                    52:cf:0a:fa:37:ab:ba:8e:9f:20:d6:59:21:b9:9a:
                    62:65:9c:07:ca:ee:dc:e7:6b:e5:24:73:46:26:7c:
                    7d:5b:fc:55:9f:27:63:cf:24:ac:39:3f:7c:a3:02:
                    44:0d:33:50:3d:af:25:dd:28:8c:48:c1:7c:81:d7:
                    80:52:49:f4:ab:71:66:b7:c5:e3:9f:c8:d3:77:8a:
                    fb:24:3e:b6:9e:a7:ce:e8:b0:61:96:44:fb:0e:c3:
                    d5:3d:be:ae:80:3a:e6:4a:e2:6a:89:98:a0:2f:01:
                    06:b4:d2:e7:ed:ea:4d:29:39:fd:55:a6:00:83:81:
                    94:64:33:ee:01:83:75:70:67:ca:48:e1:80:30:cb:
                    5d:f4:b3:8f:bc:0e:b0:79:50:60:09:19:31:f7:97:
                    98:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:3B:8E:51:87:A5:3C:6F:22:F2:F8:16:A0:E3:68:23:31:BA:D6:E9
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/2TuOUYelPG8i8vgWoONoIzG61uk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.64.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:8b:c5:9c:3b:77:4f:b3:e0:52:fa:0c:dd:01:55:e1:5e:1c:
         fc:a5:9c:19:b2:e6:bc:9b:9d:3c:d6:ce:97:37:6b:0a:a9:30:
         ae:ec:35:9f:e4:f1:5c:d3:7e:e9:44:bc:34:2f:7f:df:73:3e:
         a5:2b:d8:fc:a6:f4:a2:04:53:b7:c0:86:7c:8f:98:9f:72:81:
         20:c6:41:a2:b7:df:80:bd:ce:87:5b:44:43:de:ac:5b:53:70:
         f8:c8:c3:c8:7d:d6:8f:43:34:86:7d:a7:3a:37:1c:14:90:de:
         06:cb:9d:52:b6:8c:b1:80:9a:d4:66:3b:45:0b:96:25:dd:ff:
         83:aa:12:25:bf:4c:e4:a0:79:54:ba:a3:fa:f5:35:c3:26:cc:
         0d:b7:f1:e9:d7:a7:45:bf:4c:8c:de:f4:8b:13:cc:33:d7:07:
         68:1c:14:72:ae:71:3b:25:19:a0:eb:fb:99:9b:71:fd:7a:d2:
         76:29:75:e2:57:d2:9e:4c:e9:b0:e0:0f:ed:3f:00:0e:f6:65:
         e3:c2:25:c5:b4:5c:7e:7d:19:6c:65:d4:aa:bb:c3:80:04:d8:
         9b:a4:2f:0c:80:41:d6:5e:75:f7:dd:ed:5c:0b:74:5d:48:a3:
         0c:86:f1:06:e6:a4:e6:dc:72:8d:3a:20:c5:cc:46:bf:a8:7a:
         e5:ca:e7:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxwJnBbhB4jW46AzpE5+LEfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjYwMjE4MDk0ODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTNiOGU1MTg3YTUzYzZmMjJmMmY4MTZhMGUzNjgyMzMxYmFkNmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwk6Td8780F55fsNjD+Qi4e843RQs
gJUJ8/43rDhA2/5BZBP/4oft8hQ82hf95EBi+rtrOE8QZ/7EbpZjEh+s0qFYXExs
Bk/puiw/3+5i58KESkhC/Hx+ozlv26rt7w+c1QtSgItL/d5Szwr6N6u6jp8g1lkh
uZpiZZwHyu7c52vlJHNGJnx9W/xVnydjzySsOT98owJEDTNQPa8l3SiMSMF8gdeA
Ukn0q3Fmt8Xjn8jTd4r7JD62nqfO6LBhlkT7DsPVPb6ugDrmSuJqiZigLwEGtNLn
7epNKTn9VaYAg4GUZDPuAYN1cGfKSOGAMMtd9LOPvA6weVBgCRkx95eYHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNk7jlGHpTxvIvL4FqDjaCMxutbpMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvMlR1T1VZZWxQRzhpOHZnV29PTm9Jekc2MXVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBvEC2MA0G
CSqGSIb3DQEBCwUAA4IBAQBii8WcO3dPs+BS+gzdAVXhXhz8pZwZsua8m5081s6X
N2sKqTCu7DWf5PFc037pRLw0L3/fcz6lK9j8pvSiBFO3wIZ8j5ifcoEgxkGit9+A
vc6HW0RD3qxbU3D4yMPIfdaPQzSGfac6NxwUkN4Gy51StoyxgJrUZjtFC5Yl3f+D
qhIlv0zkoHlUuqP69TXDJswNt/Hp16dFv0yM3vSLE8wz1wdoHBRyrnE7JRmg6/uZ
m3H9etJ2KXXiV9KeTOmw4A/tPwAO9mXjwiXFtFx+fRlsZdSqu8OABNibpC8MgEHW
XnX33e1cC3RdSKMMhvEG5qTm3HKNOiDFzEa/qHrlyudk
-----END CERTIFICATE-----