Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/ZmXLh1J9Xmy73iSSoVN46_YQwHo.roa
File:                     ZmXLh1J9Xmy73iSSoVN46_YQwHo.roa (raw, json)
Hash identifier:          Nfu70ZEy2CNxqwZi4lWPMgcPZh/TWEMvjyeFCkRBt0Q=
Subject key identifier:   66:65:CB:87:52:7D:5E:6C:BB:DE:24:92:A1:53:78:EB:F6:10:C0:7A
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019C7474BE5E16441CDF294A046BD33802DC
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/ZmXLh1J9Xmy73iSSoVN46_YQwHo.roa
Signing time:             Thu 19 Feb 2026 05:52:13 +0000
ROA not before:           Thu 19 Feb 2026 05:52:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214918
IP address blocks:        194.176.184.0/24 maxlen: 24
                          217.156.22.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:74:74:be:5e:16:44:1c:df:29:4a:04:6b:d3:38:02:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Feb 19 05:52:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6665cb87527d5e6cbbde2492a15378ebf610c07a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b0:b5:8c:8a:87:43:e0:cc:48:92:17:dc:17:
                    c9:d8:b5:cb:8a:2b:66:9a:31:40:ac:16:df:0f:d4:
                    11:23:53:f9:00:9f:69:c8:82:b9:a3:63:9b:8c:ee:
                    46:cf:bc:43:42:70:27:04:8b:35:2b:3a:dd:9e:6b:
                    82:d4:50:96:40:58:41:c1:e1:13:28:a9:8e:7d:e1:
                    67:b5:36:73:ea:23:5c:46:6b:f8:46:fd:14:60:5e:
                    ac:da:59:94:1b:ca:42:d3:60:75:53:fb:10:f8:5b:
                    fa:63:f0:73:e2:88:6e:d7:ac:e0:a8:6c:40:f9:77:
                    57:d4:58:36:e5:f9:75:82:75:b1:37:cd:09:ad:c0:
                    a0:ec:d0:e7:cf:50:b0:90:33:bf:6f:dc:36:fb:5b:
                    34:2b:eb:51:f9:3b:a9:9e:65:ef:81:77:e7:7b:cd:
                    e7:c8:b2:e4:4e:5c:44:e9:af:08:d2:46:f6:30:75:
                    ae:3a:6c:eb:6f:2a:99:b3:09:61:7d:f0:cf:ed:67:
                    d8:f1:3e:d2:78:ee:e6:d3:5b:32:df:34:f9:57:cf:
                    d9:2a:a0:24:ae:62:77:b4:c4:2b:dc:91:46:22:5a:
                    30:c5:90:9c:d7:89:f8:4c:25:f7:d0:5d:2e:11:c1:
                    fb:4b:11:17:40:35:81:30:09:71:8e:ec:07:61:01:
                    67:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:65:CB:87:52:7D:5E:6C:BB:DE:24:92:A1:53:78:EB:F6:10:C0:7A
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/ZmXLh1J9Xmy73iSSoVN46_YQwHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.176.184.0/24
                  217.156.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:9b:67:7b:52:e2:61:ca:67:10:07:be:fb:f6:62:3d:83:d7:
         e2:4b:ba:b2:6f:9b:a3:3e:7b:97:e4:14:d7:cc:d0:4f:86:e9:
         78:82:1e:dc:53:8f:a2:07:24:16:20:03:77:5f:1d:5b:ad:54:
         83:7c:69:6a:22:36:6a:1b:f5:11:f7:64:a3:eb:d6:47:5b:31:
         8e:bb:37:13:59:b4:b3:4b:0e:87:ac:b8:bd:5a:e8:63:1f:dd:
         83:5a:ce:d7:8e:28:18:f9:b1:b9:e9:44:d7:10:f9:b3:f2:d9:
         22:2a:cb:59:60:a2:aa:77:6d:ab:6f:6b:c1:d8:29:86:13:e8:
         39:6e:5f:9e:11:9a:26:d2:8c:e7:26:fb:b8:8d:62:b5:9a:b8:
         73:6c:c4:d5:56:a6:35:28:79:07:f6:7e:03:0d:de:32:78:69:
         d4:c3:46:41:b9:32:a2:71:6f:19:9c:d8:12:3a:7f:12:12:2c:
         9d:e4:c5:74:43:e6:fb:6a:ab:44:2c:f7:9e:a5:f7:e7:2d:d3:
         66:63:cf:d0:52:a8:fa:07:e3:25:55:93:f0:4e:24:4c:9f:fe:
         26:03:3d:17:c3:75:cf:d9:5f:f1:36:f7:dc:22:d7:27:aa:e6:
         34:a5:58:12:ad:b0:38:1d:e4:b2:3e:cb:dc:8f:af:0f:e3:6d:
         86:e2:d8:26
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZx0dL5eFkQc3ylKBGvTOALcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjYwMjE5MDU1MjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjY1Y2I4NzUyN2Q1ZTZjYmJkZTI0OTJhMTUzNzhlYmY2MTBjMDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLC1jIqHQ+DMSJIX3BfJ2LXLiitm
mjFArBbfD9QRI1P5AJ9pyIK5o2ObjO5Gz7xDQnAnBIs1KzrdnmuC1FCWQFhBweET
KKmOfeFntTZz6iNcRmv4Rv0UYF6s2lmUG8pC02B1U/sQ+Fv6Y/Bz4ohu16zgqGxA
+XdX1Fg25fl1gnWxN80JrcCg7NDnz1CwkDO/b9w2+1s0K+tR+TupnmXvgXfne83n
yLLkTlxE6a8I0kb2MHWuOmzrbyqZswlhffDP7WfY8T7SeO7m01sy3zT5V8/ZKqAk
rmJ3tMQr3JFGIlowxZCc14n4TCX30F0uEcH7SxEXQDWBMAlxjuwHYQFn4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGZly4dSfV5su94kkqFTeOv2EMB6MB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvWm1YTGgxSjlYbXk3M2lTU29WTjQ2X1lRd0hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwrC4AwQB
2ZwWMA0GCSqGSIb3DQEBCwUAA4IBAQCDm2d7UuJhymcQB7779mI9g9fiS7qyb5uj
PnuX5BTXzNBPhul4gh7cU4+iByQWIAN3Xx1brVSDfGlqIjZqG/UR92Sj69ZHWzGO
uzcTWbSzSw6HrLi9WuhjH92DWs7XjigY+bG56UTXEPmz8tkiKstZYKKqd22rb2vB
2CmGE+g5bl+eEZom0oznJvu4jWK1mrhzbMTVVqY1KHkH9n4DDd4yeGnUw0ZBuTKi
cW8ZnNgSOn8SEiyd5MV0Q+b7aqtELPeepffnLdNmY8/QUqj6B+MlVZPwTiRMn/4m
Az0Xw3XP2V/xNvfcItcnquY0pVgSrbA4HeSyPsvcj68P422G4tgm
-----END CERTIFICATE-----