Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/VL9J2cB4uZmZqZwEvTu0UX4NW-Q.roa
File:                     VL9J2cB4uZmZqZwEvTu0UX4NW-Q.roa (raw, json)
Hash identifier:          0Tpo2UtvZ+2EjLRlI+OvIbjl3xdulUmUtnsf36hBSfw=
Subject key identifier:   54:BF:49:D9:C0:78:B9:99:99:A9:9C:04:BD:3B:B4:51:7E:0D:5B:E4
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019C39896CFCA876521CCB89068F7E2A015C
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/VL9J2cB4uZmZqZwEvTu0UX4NW-Q.roa
Signing time:             Sat 07 Feb 2026 19:17:13 +0000
ROA not before:           Sat 07 Feb 2026 19:17:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214762
IP address blocks:        89.144.32.0/24 maxlen: 24
                          89.144.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:39:89:6c:fc:a8:76:52:1c:cb:89:06:8f:7e:2a:01:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Feb  7 19:17:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=54bf49d9c078b99999a99c04bd3bb4517e0d5be4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:dc:4c:26:39:f6:30:49:e6:c1:c7:07:a5:ec:
                    33:45:d0:ca:25:9d:ba:59:b8:7f:12:9b:58:2b:82:
                    db:31:b5:fe:ee:52:fa:a9:07:4b:17:7f:e6:33:ea:
                    49:02:99:ac:c8:b2:0d:43:7f:ae:41:f2:6a:3d:62:
                    55:4f:2d:11:9c:03:6b:4f:be:d1:f6:53:a6:aa:73:
                    84:1f:c7:71:c0:7c:d0:48:b0:59:eb:46:1d:c4:d4:
                    de:9a:e6:91:4a:d5:35:ea:ce:cb:72:1c:f3:c4:9b:
                    c4:87:6e:a4:e0:42:61:78:e9:77:d3:23:b8:33:ad:
                    27:60:5f:eb:c3:76:90:f1:de:3f:1b:fa:a9:5a:f3:
                    41:2a:aa:0d:d8:a8:94:80:ca:70:ae:fb:67:b4:79:
                    76:32:df:01:fe:7d:e2:a9:56:81:05:c3:b3:ae:47:
                    47:9c:6a:41:db:0d:51:78:2e:17:9c:5b:3c:61:71:
                    d8:f3:ca:1a:3c:fa:cf:b0:a8:e9:84:3f:f7:23:24:
                    4a:ef:b2:7b:09:fe:47:00:26:a6:a1:32:92:72:ea:
                    a6:71:3f:d1:f5:41:9a:d8:a9:25:e9:8d:98:90:16:
                    b7:ff:4b:25:9e:8b:f8:8b:44:25:ea:e8:1c:2f:33:
                    7e:74:d9:53:11:18:bf:9c:f3:52:ae:f5:af:75:65:
                    a5:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:BF:49:D9:C0:78:B9:99:99:A9:9C:04:BD:3B:B4:51:7E:0D:5B:E4
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/VL9J2cB4uZmZqZwEvTu0UX4NW-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.144.32.0/24
                  89.144.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:77:6f:59:02:8a:10:b2:dd:af:f2:5f:90:97:0a:31:7e:94:
         42:47:87:ea:81:7c:1c:ef:03:78:92:c3:f5:a5:2c:cd:0e:e1:
         1b:30:b2:af:76:1e:f8:af:9c:36:a2:c7:98:b4:9e:7d:e5:09:
         55:ba:d0:27:d1:a0:80:88:dd:40:76:18:f1:17:75:de:4d:34:
         84:fc:65:9f:d0:c3:49:48:b6:e4:de:c6:ab:16:a6:a5:8b:33:
         7f:18:07:c2:c2:6e:77:6d:ed:69:72:99:4c:a5:7a:f2:fe:a1:
         06:72:2b:0e:a3:20:61:34:40:f1:b9:4d:d1:f5:e7:e9:96:79:
         6c:f6:5a:53:91:a6:87:cb:6c:28:c8:0b:fa:be:ca:a7:e6:d6:
         ed:ba:ce:6e:af:b2:6a:76:36:5b:be:73:5c:13:32:fe:02:d4:
         25:b4:bc:71:c0:aa:3f:a2:09:b3:2e:7c:af:03:c6:bd:f7:6e:
         60:67:2e:17:cb:60:27:6d:75:08:43:49:a4:42:73:37:1c:e0:
         f7:49:46:f9:9c:86:6e:e7:da:8d:3a:65:69:9f:53:6f:54:7c:
         43:a2:a9:0e:1f:a7:94:a0:e3:b5:42:b2:97:9b:f1:b1:2e:b3:
         7e:93:d3:35:3d:39:19:d1:a9:78:dd:57:f1:b3:ab:20:fd:0c:
         21:e6:c5:0c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZw5iWz8qHZSHMuJBo9+KgFcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwMjA3MTkxNzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGJmNDlkOWMwNzhiOTk5OTlhOTljMDRiZDNiYjQ1MTdlMGQ1YmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdxMJjn2MEnmwccHpewzRdDKJZ26
Wbh/EptYK4LbMbX+7lL6qQdLF3/mM+pJApmsyLINQ3+uQfJqPWJVTy0RnANrT77R
9lOmqnOEH8dxwHzQSLBZ60YdxNTemuaRStU16s7LchzzxJvEh26k4EJheOl30yO4
M60nYF/rw3aQ8d4/G/qpWvNBKqoN2KiUgMpwrvtntHl2Mt8B/n3iqVaBBcOzrkdH
nGpB2w1ReC4XnFs8YXHY88oaPPrPsKjphD/3IyRK77J7Cf5HACamoTKScuqmcT/R
9UGa2Kkl6Y2YkBa3/0slnov4i0Ql6ugcLzN+dNlTERi/nPNSrvWvdWWlxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFS/SdnAeLmZmamcBL07tFF+DVvkMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvVkw5SjJjQjR1Wm1acVp3RXZUdTBVWDROVy1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWZAgAwQA
WZAsMA0GCSqGSIb3DQEBCwUAA4IBAQBZd29ZAooQst2v8l+QlwoxfpRCR4fqgXwc
7wN4ksP1pSzNDuEbMLKvdh74r5w2oseYtJ595QlVutAn0aCAiN1AdhjxF3XeTTSE
/GWf0MNJSLbk3sarFqalizN/GAfCwm53be1pcplMpXry/qEGcisOoyBhNEDxuU3R
9efplnls9lpTkaaHy2woyAv6vsqn5tbtus5ur7JqdjZbvnNcEzL+AtQltLxxwKo/
ogmzLnyvA8a9925gZy4Xy2AnbXUIQ0mkQnM3HOD3SUb5nIZu59qNOmVpn1NvVHxD
oqkOH6eUoOO1QrKXm/GxLrN+k9M1PTkZ0al43Vfxs6sg/Qwh5sUM
-----END CERTIFICATE-----