Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/87b267-49c2-4269-9f66-00bcd9b91c1b/1/mOZvAMLraqykK52-jzGD-yHlcnw.roa
File:                     mOZvAMLraqykK52-jzGD-yHlcnw.roa (raw, json)
Hash identifier:          HgyR01q3fui7+YF0vuXYroeZjeOmGgCJNhWLmBZNBqI=
Subject key identifier:   98:E6:6F:00:C2:EB:6A:AC:A4:2B:9D:BE:8F:31:83:FB:21:E5:72:7C
Certificate issuer:       /CN=dc90e0aee1ecc31066cb744f8a7feedefb3f7930
Certificate serial:       019C7110CF2FBF74A180595DB87E7AC10887
Authority key identifier: DC:90:E0:AE:E1:EC:C3:10:66:CB:74:4F:8A:7F:EE:DE:FB:3F:79:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JDgruHswxBmy3RPin_u3vs_eTA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/87b267-49c2-4269-9f66-00bcd9b91c1b/1/mOZvAMLraqykK52-jzGD-yHlcnw.roa
Signing time:             Wed 18 Feb 2026 14:04:12 +0000
ROA not before:           Wed 18 Feb 2026 14:04:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     939
IP address blocks:        45.152.192.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/87b267-49c2-4269-9f66-00bcd9b91c1b/1/3JDgruHswxBmy3RPin_u3vs_eTA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/87b267-49c2-4269-9f66-00bcd9b91c1b/1/3JDgruHswxBmy3RPin_u3vs_eTA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JDgruHswxBmy3RPin_u3vs_eTA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 13:50:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:71:10:cf:2f:bf:74:a1:80:59:5d:b8:7e:7a:c1:08:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc90e0aee1ecc31066cb744f8a7feedefb3f7930
        Validity
            Not Before: Feb 18 14:04:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=98e66f00c2eb6aaca42b9dbe8f3183fb21e5727c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:24:61:1e:1c:a8:dd:a1:d9:57:38:e3:64:70:
                    81:c7:ca:17:60:0d:f4:ec:db:74:18:c4:d2:22:81:
                    6b:b6:ae:d2:dc:da:12:f3:97:d8:5f:36:84:31:2e:
                    51:d2:90:98:02:4c:41:aa:a7:8b:6a:ff:10:31:3a:
                    57:6f:8a:73:24:18:9b:7e:eb:ab:9f:53:b2:6b:d1:
                    ee:00:de:92:f5:d9:04:ee:f7:55:6d:2c:ba:62:88:
                    f9:80:3c:9c:7b:8b:ff:f4:95:e4:c7:a7:b0:a1:a7:
                    9e:8b:24:6f:c5:c5:c3:99:72:7a:67:73:ae:19:6c:
                    97:28:fe:0d:54:78:cc:23:8d:3c:ac:4b:2e:7a:e6:
                    59:da:51:44:a8:31:8d:57:9a:09:1e:b3:dd:67:08:
                    89:82:0f:c7:47:e6:52:7e:3d:b4:24:7e:61:fe:69:
                    08:38:c9:f8:bb:ee:74:f2:3a:26:9f:98:ab:01:d0:
                    fa:c2:82:d9:2b:e5:59:95:0d:a7:51:5b:2a:34:ba:
                    6d:42:15:57:b7:01:f7:d1:9f:f4:3d:a0:67:1e:ee:
                    b8:d6:72:4c:74:03:5d:74:10:94:85:6b:52:61:7c:
                    56:47:19:3a:78:61:be:fd:d1:19:31:d1:1d:0e:e3:
                    5a:de:6d:0e:f1:f1:76:40:b1:42:5d:b6:69:5e:06:
                    b2:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:E6:6F:00:C2:EB:6A:AC:A4:2B:9D:BE:8F:31:83:FB:21:E5:72:7C
            X509v3 Authority Key Identifier:
                keyid:DC:90:E0:AE:E1:EC:C3:10:66:CB:74:4F:8A:7F:EE:DE:FB:3F:79:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JDgruHswxBmy3RPin_u3vs_eTA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/87b267-49c2-4269-9f66-00bcd9b91c1b/1/mOZvAMLraqykK52-jzGD-yHlcnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/87b267-49c2-4269-9f66-00bcd9b91c1b/1/3JDgruHswxBmy3RPin_u3vs_eTA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         99:38:88:a7:17:04:2a:47:b3:02:47:d6:25:58:a6:72:90:42:
         e0:6d:d9:c3:26:ce:88:fb:08:24:58:aa:f3:58:7f:a1:64:2f:
         77:26:9c:e5:e4:55:28:c7:a7:57:b6:5c:89:5b:98:6b:14:c1:
         0d:81:8c:8f:78:56:ba:9a:4e:55:47:5e:c3:91:30:4b:f8:56:
         09:72:c0:dd:a7:0c:ec:2c:6e:58:53:05:c9:32:22:bf:68:ed:
         f4:f2:33:9f:44:f3:c9:7b:94:b8:ed:e5:dc:a8:47:2e:2f:fc:
         25:99:d3:1a:8f:4b:d7:d0:dd:4f:c6:12:d4:5a:ff:15:b5:72:
         27:31:1e:47:c0:74:88:6f:e7:d6:21:78:e4:99:e8:fc:de:6e:
         0b:d5:e1:00:31:78:ac:64:4b:0b:6c:9c:ef:e9:83:06:3a:9f:
         23:4d:2a:b6:a4:ea:5c:92:31:f2:0e:0d:06:36:cc:c4:c3:c9:
         5c:83:15:86:4f:49:f8:ba:85:29:54:f5:6b:9a:44:7e:8c:03:
         95:09:8c:1f:33:76:94:de:4e:49:ac:bc:d3:d5:23:a6:ca:7f:
         15:59:6e:ec:57:12:55:31:52:1c:ef:2e:82:25:d7:2b:b7:d8:
         d0:a1:86:7a:95:e0:5b:64:0f:4d:1f:ac:5c:95:b9:0e:1c:e6:
         4b:ee:df:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxxEM8vv3ShgFlduH56wQiHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjOTBlMGFlZTFlY2MzMTA2NmNiNzQ0ZjhhN2ZlZWRlZmIz
Zjc5MzAwHhcNMjYwMjE4MTQwNDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGU2NmYwMGMyZWI2YWFjYTQyYjlkYmU4ZjMxODNmYjIxZTU3MjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiCRhHhyo3aHZVzjjZHCBx8oXYA30
7Nt0GMTSIoFrtq7S3NoS85fYXzaEMS5R0pCYAkxBqqeLav8QMTpXb4pzJBibfuur
n1Oya9HuAN6S9dkE7vdVbSy6Yoj5gDyce4v/9JXkx6ewoaeeiyRvxcXDmXJ6Z3Ou
GWyXKP4NVHjMI408rEsueuZZ2lFEqDGNV5oJHrPdZwiJgg/HR+ZSfj20JH5h/mkI
OMn4u+508jomn5irAdD6woLZK+VZlQ2nUVsqNLptQhVXtwH30Z/0PaBnHu641nJM
dANddBCUhWtSYXxWRxk6eGG+/dEZMdEdDuNa3m0O8fF2QLFCXbZpXgay3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJjmbwDC62qspCudvo8xg/sh5XJ8MB8GA1UdIwQY
MBaAFNyQ4K7h7MMQZst0T4p/7t77P3kwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0pEZ3J1SHN3eEJteTNSUGluX3UzdnNfZVRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi84N2IyNjctNDljMi00MjY5LTlmNjYt
MDBiY2Q5YjkxYzFiLzEvbU9adkFNTHJhcXlrSzUyLWp6R0QteUhsY253LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi84N2IyNjctNDljMi00MjY5LTlmNjYtMDBiY2Q5YjkxYzFi
LzEvM0pEZ3J1SHN3eEJteTNSUGluX3UzdnNfZVRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZjAMA0G
CSqGSIb3DQEBCwUAA4IBAQCZOIinFwQqR7MCR9YlWKZykELgbdnDJs6I+wgkWKrz
WH+hZC93Jpzl5FUox6dXtlyJW5hrFMENgYyPeFa6mk5VR17DkTBL+FYJcsDdpwzs
LG5YUwXJMiK/aO308jOfRPPJe5S47eXcqEcuL/wlmdMaj0vX0N1PxhLUWv8VtXIn
MR5HwHSIb+fWIXjkmej83m4L1eEAMXisZEsLbJzv6YMGOp8jTSq2pOpckjHyDg0G
NszEw8lcgxWGT0n4uoUpVPVrmkR+jAOVCYwfM3aU3k5JrLzT1SOmyn8VWW7sVxJV
MVIc7y6CJdcrt9jQoYZ6leBbZA9NH6xclbkOHOZL7t/X
-----END CERTIFICATE-----