Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/hTp1-Doz8c2Qca1ErrzkPEV_AFk.roa
File:                     hTp1-Doz8c2Qca1ErrzkPEV_AFk.roa (raw, json)
Hash identifier:          AlixrLmHvGlFkEqD89bP0Zf27MhY2LgFlTXRNr9lhKs=
Subject key identifier:   85:3A:75:F8:3A:33:F1:CD:90:71:AD:44:AE:BC:E4:3C:45:7F:00:59
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019C52A0C45E871EBCDFF142E8D209F9B961
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/hTp1-Doz8c2Qca1ErrzkPEV_AFk.roa
Signing time:             Thu 12 Feb 2026 16:13:13 +0000
ROA not before:           Thu 12 Feb 2026 16:13:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201132
IP address blocks:        89.144.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:52:a0:c4:5e:87:1e:bc:df:f1:42:e8:d2:09:f9:b9:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Feb 12 16:13:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=853a75f83a33f1cd9071ad44aebce43c457f0059
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:7e:e7:a8:51:81:5d:18:35:89:a1:60:05:16:
                    64:fa:70:c5:87:4c:be:32:08:63:4a:25:0d:45:4c:
                    70:8d:14:b2:5e:8c:9e:bf:76:52:61:a9:c7:3f:34:
                    38:30:1c:22:19:ec:94:6f:a5:35:93:c1:f0:af:87:
                    a1:c0:6a:fb:82:75:ab:a1:8a:4e:f5:7c:6e:47:2f:
                    4f:2c:34:f4:d2:5a:57:c0:7d:39:3c:86:ea:ee:b3:
                    71:fc:00:f2:3e:2c:00:97:66:44:89:9c:1b:ed:7e:
                    29:77:bb:db:57:e7:d2:46:16:df:ea:2f:36:e4:cb:
                    c8:40:91:8a:50:5a:51:64:c8:61:07:88:ff:b3:9c:
                    c4:64:37:0c:87:32:17:2e:56:61:f7:bf:e4:e6:da:
                    0a:9c:3a:18:4a:88:db:65:00:7e:8a:ce:e7:91:9e:
                    1b:91:e3:33:3f:7b:ec:83:b4:fa:29:a8:4e:94:20:
                    b7:81:4e:1a:84:07:d6:ab:54:1f:9b:22:3c:1f:1b:
                    08:40:b5:58:27:1d:48:46:6d:8d:60:01:31:a2:f9:
                    0a:35:08:49:c4:d2:31:4f:71:f4:25:8a:af:7f:14:
                    9c:f5:ce:23:9d:15:a5:e3:f2:9f:05:0a:68:88:3e:
                    e3:35:2a:d1:72:36:77:02:91:da:77:5b:ae:08:ae:
                    50:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:3A:75:F8:3A:33:F1:CD:90:71:AD:44:AE:BC:E4:3C:45:7F:00:59
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/hTp1-Doz8c2Qca1ErrzkPEV_AFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.144.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:39:d4:f0:9c:97:27:69:e9:20:c1:ec:b4:6a:4b:94:ef:b4:
         a1:0c:78:11:18:2a:ae:3e:b9:99:d7:77:ec:00:c5:65:7f:e0:
         a3:72:b7:d3:89:3b:b5:65:6c:70:33:54:30:ac:00:24:80:64:
         ec:43:b3:49:df:16:d2:3f:7b:4c:73:c5:0b:7f:80:0b:8e:9f:
         b2:41:31:c6:89:22:7e:42:0e:fa:de:56:34:4e:85:67:76:dd:
         03:02:5c:e2:6a:5a:37:ca:a8:fe:60:31:9d:42:9d:85:c4:8d:
         55:ec:ed:0f:5b:3d:67:0e:5b:b3:fa:fa:9a:e4:ca:de:60:73:
         c6:ee:9d:54:d3:9c:ec:bb:d6:ca:1f:3d:25:b2:f1:8c:fd:59:
         f5:2d:9e:22:25:d9:7c:3f:e9:58:7a:10:76:37:69:4f:81:c9:
         2d:8a:8b:78:e2:3b:e8:97:5b:36:43:c8:b4:39:4f:f0:37:32:
         32:4c:e6:b8:04:c3:1a:25:4b:b0:af:67:d8:07:cf:d9:3f:a5:
         b3:fa:4f:ac:1d:16:e2:6a:7b:4d:74:3f:ab:0f:d1:4a:42:48:
         f6:65:c7:2b:ec:69:4c:17:14:c0:fb:97:d2:d3:90:47:60:6b:
         fb:25:f9:83:be:1b:72:a4:31:4c:10:e1:9f:09:7b:f0:f4:f7:
         1a:95:57:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxSoMRehx683/FC6NIJ+blhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwMjEyMTYxMzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTNhNzVmODNhMzNmMWNkOTA3MWFkNDRhZWJjZTQzYzQ1N2YwMDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx37nqFGBXRg1iaFgBRZk+nDFh0y+
MghjSiUNRUxwjRSyXoyev3ZSYanHPzQ4MBwiGeyUb6U1k8Hwr4ehwGr7gnWroYpO
9XxuRy9PLDT00lpXwH05PIbq7rNx/ADyPiwAl2ZEiZwb7X4pd7vbV+fSRhbf6i82
5MvIQJGKUFpRZMhhB4j/s5zEZDcMhzIXLlZh97/k5toKnDoYSojbZQB+is7nkZ4b
keMzP3vsg7T6KahOlCC3gU4ahAfWq1QfmyI8HxsIQLVYJx1IRm2NYAExovkKNQhJ
xNIxT3H0JYqvfxSc9c4jnRWl4/KfBQpoiD7jNSrRcjZ3ApHad1uuCK5QewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIU6dfg6M/HNkHGtRK685DxFfwBZMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvaFRwMS1Eb3o4YzJRY2ExRXJyemtQRVZfQUZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWZAsMA0G
CSqGSIb3DQEBCwUAA4IBAQC7OdTwnJcnaekgwey0akuU77ShDHgRGCquPrmZ13fs
AMVlf+CjcrfTiTu1ZWxwM1QwrAAkgGTsQ7NJ3xbSP3tMc8ULf4ALjp+yQTHGiSJ+
Qg763lY0ToVndt0DAlzialo3yqj+YDGdQp2FxI1V7O0PWz1nDluz+vqa5MreYHPG
7p1U05zsu9bKHz0lsvGM/Vn1LZ4iJdl8P+lYehB2N2lPgcktiot44jvol1s2Q8i0
OU/wNzIyTOa4BMMaJUuwr2fYB8/ZP6Wz+k+sHRbiantNdD+rD9FKQkj2Zccr7GlM
FxTA+5fS05BHYGv7JfmDvhtypDFMEOGfCXvw9PcalVfo
-----END CERTIFICATE-----