Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/c41c74-0b82-40e7-a0bf-0aae1ccd874b/1/RMGuyqGEK-Mf0ND2J7tE_iXZm6I.roa
File:                     RMGuyqGEK-Mf0ND2J7tE_iXZm6I.roa (raw, json)
Hash identifier:          foJHHN0cXIMwmw8TTKyWj85dYsuNNUZjIEYeeGM5A5Y=
Subject key identifier:   44:C1:AE:CA:A1:84:2B:E3:1F:D0:D0:F6:27:BB:44:FE:25:D9:9B:A2
Certificate issuer:       /CN=78b04fbafaa36b71fcd36eca50b5fe0e88dd3551
Certificate serial:       019C4D0F48D3CB0B8E8E18B34CAB72220F2A
Authority key identifier: 78:B0:4F:BA:FA:A3:6B:71:FC:D3:6E:CA:50:B5:FE:0E:88:DD:35:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eLBPuvqja3H8027KULX-DojdNVE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/c41c74-0b82-40e7-a0bf-0aae1ccd874b/1/RMGuyqGEK-Mf0ND2J7tE_iXZm6I.roa
Signing time:             Wed 11 Feb 2026 14:16:13 +0000
ROA not before:           Wed 11 Feb 2026 14:16:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216083
IP address blocks:        109.236.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/c41c74-0b82-40e7-a0bf-0aae1ccd874b/1/eLBPuvqja3H8027KULX-DojdNVE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/c41c74-0b82-40e7-a0bf-0aae1ccd874b/1/eLBPuvqja3H8027KULX-DojdNVE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eLBPuvqja3H8027KULX-DojdNVE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 05:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4d:0f:48:d3:cb:0b:8e:8e:18:b3:4c:ab:72:22:0f:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78b04fbafaa36b71fcd36eca50b5fe0e88dd3551
        Validity
            Not Before: Feb 11 14:16:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=44c1aecaa1842be31fd0d0f627bb44fe25d99ba2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:4c:e6:55:6a:d8:ed:76:f4:2c:01:4a:c8:67:
                    84:ad:99:4c:cb:6e:28:89:0d:85:a2:60:5d:3c:32:
                    7f:31:f5:d1:79:41:84:4a:22:75:85:7d:09:38:bb:
                    98:0e:8b:cb:3c:38:af:de:de:e6:03:35:8e:c0:71:
                    fe:8e:04:9a:22:72:3f:86:1a:db:e7:b0:af:a9:2d:
                    59:ed:e6:33:71:85:10:7c:51:e6:73:0a:da:ac:81:
                    5d:fa:02:99:ca:a8:34:6f:d5:37:6a:2a:c7:57:fa:
                    92:e2:c2:a6:46:9e:d4:d6:9f:62:d0:0d:ef:51:d1:
                    fb:49:ce:ef:b2:6e:17:c0:12:ed:f3:84:b9:ad:f3:
                    82:45:c9:85:c3:f4:6a:04:53:7e:a4:87:73:52:26:
                    27:3a:09:4b:95:06:ef:d5:b7:0e:d8:a6:1c:0f:ac:
                    d4:3b:ad:fd:03:60:52:7b:cf:f0:22:28:14:a1:14:
                    aa:f0:95:41:f3:cf:c0:0e:b3:7c:c8:5c:04:d5:d3:
                    0a:4d:9f:0a:2b:5a:06:f3:88:f1:b7:25:78:b5:91:
                    66:b1:93:af:75:9c:df:4d:0c:41:0c:3d:81:e8:c2:
                    fe:ed:be:47:47:de:f7:86:9d:7a:46:86:1c:74:26:
                    c9:30:60:a2:af:7b:2c:84:d8:38:da:ba:72:d5:92:
                    e6:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:C1:AE:CA:A1:84:2B:E3:1F:D0:D0:F6:27:BB:44:FE:25:D9:9B:A2
            X509v3 Authority Key Identifier:
                keyid:78:B0:4F:BA:FA:A3:6B:71:FC:D3:6E:CA:50:B5:FE:0E:88:DD:35:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eLBPuvqja3H8027KULX-DojdNVE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/c41c74-0b82-40e7-a0bf-0aae1ccd874b/1/RMGuyqGEK-Mf0ND2J7tE_iXZm6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/c41c74-0b82-40e7-a0bf-0aae1ccd874b/1/eLBPuvqja3H8027KULX-DojdNVE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.236.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:cd:ff:84:0e:48:31:85:d3:1b:22:6c:dc:74:5a:62:2f:21:
         88:8e:fc:ac:d0:b5:68:eb:94:34:4a:c6:6c:2e:63:31:c6:2d:
         81:be:28:af:7c:78:b7:a4:7b:a9:2f:a7:09:70:d2:bf:21:73:
         21:7a:44:ad:de:2b:30:d8:df:26:f0:a1:f8:4d:51:44:17:24:
         e6:69:84:65:6f:60:38:40:b7:35:95:c5:1b:e6:66:6d:e7:67:
         55:b6:db:5d:c4:54:6c:0a:63:e5:77:22:dd:e0:cd:d9:c1:67:
         3b:8d:30:53:de:54:ab:7d:af:d7:e3:e4:8c:97:9d:d0:3f:4e:
         99:b7:bd:6c:37:c0:c0:dd:db:f2:f4:c1:77:12:93:c9:06:8d:
         b0:22:a4:40:ac:c7:f3:18:a7:88:81:77:e7:89:8b:89:08:82:
         a8:c2:68:28:7f:98:d1:77:fa:05:ef:f7:12:0c:6b:8b:81:db:
         56:fb:c7:41:c0:27:4b:60:fd:55:59:ae:35:34:51:07:71:dd:
         e4:c4:ff:d4:6d:81:60:9d:c3:22:a0:69:aa:74:f9:6e:91:87:
         88:be:85:8b:0e:d8:2f:9e:87:ab:8c:51:69:0d:cf:7d:1e:22:
         f4:5e:c2:bd:aa:2d:7d:bf:9e:48:29:66:92:f7:45:09:60:04:
         bb:e7:5f:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxND0jTywuOjhizTKtyIg8qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4YjA0ZmJhZmFhMzZiNzFmY2QzNmVjYTUwYjVmZTBlODhk
ZDM1NTEwHhcNMjYwMjExMTQxNjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGMxYWVjYWExODQyYmUzMWZkMGQwZjYyN2JiNDRmZTI1ZDk5YmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkzmVWrY7Xb0LAFKyGeErZlMy24o
iQ2FomBdPDJ/MfXReUGESiJ1hX0JOLuYDovLPDiv3t7mAzWOwHH+jgSaInI/hhrb
57CvqS1Z7eYzcYUQfFHmcwrarIFd+gKZyqg0b9U3airHV/qS4sKmRp7U1p9i0A3v
UdH7Sc7vsm4XwBLt84S5rfOCRcmFw/RqBFN+pIdzUiYnOglLlQbv1bcO2KYcD6zU
O639A2BSe8/wIigUoRSq8JVB88/ADrN8yFwE1dMKTZ8KK1oG84jxtyV4tZFmsZOv
dZzfTQxBDD2B6ML+7b5HR973hp16RoYcdCbJMGCir3sshNg42rpy1ZLmwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFETBrsqhhCvjH9DQ9ie7RP4l2ZuiMB8GA1UdIwQY
MBaAFHiwT7r6o2tx/NNuylC1/g6I3TVRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUxCUHV2cWphM0g4MDI3S1VMWC1Eb2pkTlZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9jNDFjNzQtMGI4Mi00MGU3LWEwYmYt
MGFhZTFjY2Q4NzRiLzEvUk1HdXlxR0VLLU1mME5EMko3dEVfaVhabTZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9jNDFjNzQtMGI4Mi00MGU3LWEwYmYtMGFhZTFjY2Q4NzRi
LzEvZUxCUHV2cWphM0g4MDI3S1VMWC1Eb2pkTlZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbex+MA0G
CSqGSIb3DQEBCwUAA4IBAQBPzf+EDkgxhdMbImzcdFpiLyGIjvys0LVo65Q0SsZs
LmMxxi2BviivfHi3pHupL6cJcNK/IXMhekSt3isw2N8m8KH4TVFEFyTmaYRlb2A4
QLc1lcUb5mZt52dVtttdxFRsCmPldyLd4M3ZwWc7jTBT3lSrfa/X4+SMl53QP06Z
t71sN8DA3dvy9MF3EpPJBo2wIqRArMfzGKeIgXfniYuJCIKowmgof5jRd/oF7/cS
DGuLgdtW+8dBwCdLYP1VWa41NFEHcd3kxP/UbYFgncMioGmqdPlukYeIvoWLDtgv
noerjFFpDc99HiL0XsK9qi19v55IKWaS90UJYAS751/N
-----END CERTIFICATE-----