Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0NM6OSy1-2utk4vYfW3N3lcm6CU.roa
File:                     0NM6OSy1-2utk4vYfW3N3lcm6CU.roa (raw, json)
Hash identifier:          T9zHPa+wiHk/vH1viiblf2/lNsxeACCEIu0h4BWNOn0=
Subject key identifier:   D0:D3:3A:39:2C:B5:FB:6B:AD:93:8B:D8:7D:6D:CD:DE:57:26:E8:25
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       019C31C227B31B8A84D5EF198FF6769C14D9
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0NM6OSy1-2utk4vYfW3N3lcm6CU.roa
Signing time:             Fri 06 Feb 2026 07:02:13 +0000
ROA not before:           Fri 06 Feb 2026 07:02:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        147.185.197.0/24 maxlen: 24
                          207.244.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 13:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:31:c2:27:b3:1b:8a:84:d5:ef:19:8f:f6:76:9c:14:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Feb  6 07:02:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d0d33a392cb5fb6bad938bd87d6dcdde5726e825
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:68:d9:15:5e:16:49:dd:a8:86:06:69:12:cb:
                    64:81:54:1a:54:0c:6c:03:a6:cb:75:4b:67:15:f0:
                    57:92:55:c7:51:22:fa:cd:2d:37:d9:31:3e:0c:09:
                    06:60:4e:dd:10:ac:63:29:d7:a8:40:64:df:ed:32:
                    76:9b:79:81:5a:94:a9:ec:d6:c4:f7:c0:f9:d8:9b:
                    a2:7b:cb:5c:d4:02:1a:7f:50:a9:fd:d0:15:18:b6:
                    aa:d2:d6:68:0f:8f:8b:ff:b4:0c:99:ac:82:98:7d:
                    d2:99:be:2a:0c:cd:dc:d2:a0:f6:46:eb:9a:36:84:
                    48:74:a5:87:d8:9d:27:9a:5e:6f:c5:97:f1:d0:b2:
                    77:be:14:26:40:47:a5:88:7e:f1:e7:9c:c0:99:ee:
                    f7:fc:fe:ad:0b:0f:dc:7f:1d:ef:a4:35:5e:31:7d:
                    60:2d:6e:e3:5e:8f:13:48:72:ca:0f:65:b8:7a:4c:
                    94:9c:0c:08:35:6f:76:e0:97:92:60:58:a3:53:c3:
                    b2:ba:1a:00:74:b8:7c:95:92:85:c4:c7:8c:94:1c:
                    76:a6:16:8e:29:09:cc:9f:fd:75:ab:f9:cf:45:08:
                    98:3d:ba:f2:76:11:1d:d3:12:63:82:69:3f:9d:9f:
                    2c:f1:de:46:ac:2b:c8:7b:f8:46:03:79:76:b0:b8:
                    42:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:D3:3A:39:2C:B5:FB:6B:AD:93:8B:D8:7D:6D:CD:DE:57:26:E8:25
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0NM6OSy1-2utk4vYfW3N3lcm6CU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.185.197.0/24
                  207.244.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:88:5e:23:62:d1:16:66:e7:f2:3d:3b:0a:d7:ff:a2:a6:93:
         b8:4c:e4:67:40:65:8a:62:1d:b2:67:cf:89:04:6f:d6:8d:fb:
         09:8a:97:59:76:21:c7:22:44:fa:b3:b6:05:d9:ce:23:77:76:
         0c:cb:4c:29:20:07:c1:02:30:a6:bd:bf:35:95:fd:5f:cd:6a:
         b4:a2:67:74:d7:6b:48:80:38:70:bc:09:00:c8:55:ae:62:dd:
         dc:1b:98:a5:df:9e:00:46:6d:9f:ec:6c:35:e0:d5:54:d2:40:
         5b:20:ee:b1:49:ad:6a:0a:b2:bd:0b:7a:07:f6:09:c7:47:2c:
         bb:d3:27:f6:70:cf:3c:a1:b8:8b:96:76:8e:4f:0d:51:0a:f7:
         67:c0:6c:4c:74:ff:ba:8f:ce:ed:25:06:aa:ae:06:58:e3:d4:
         9d:e7:d5:9f:fe:27:b3:cf:4a:63:66:73:b2:c3:a5:99:46:d0:
         cc:09:d5:ad:a3:c2:e5:45:d7:84:e5:b4:08:5d:26:ec:b9:14:
         86:35:53:92:8a:ed:44:c1:8f:d0:ec:19:a8:36:a5:dc:b4:ba:
         39:56:8a:d7:97:98:97:5e:f4:d3:76:b0:a0:7e:71:2f:8d:e5:
         e1:f4:87:37:87:d7:c4:13:81:d5:53:f4:37:dc:0e:c7:ae:1b:
         c0:b6:cf:ea
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZwxwiezG4qE1e8Zj/Z2nBTZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjYwMjA2MDcwMjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGQzM2EzOTJjYjVmYjZiYWQ5MzhiZDg3ZDZkY2RkZTU3MjZlODI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumjZFV4WSd2ohgZpEstkgVQaVAxs
A6bLdUtnFfBXklXHUSL6zS032TE+DAkGYE7dEKxjKdeoQGTf7TJ2m3mBWpSp7NbE
98D52Juie8tc1AIaf1Cp/dAVGLaq0tZoD4+L/7QMmayCmH3Smb4qDM3c0qD2Ruua
NoRIdKWH2J0nml5vxZfx0LJ3vhQmQEeliH7x55zAme73/P6tCw/cfx3vpDVeMX1g
LW7jXo8TSHLKD2W4ekyUnAwINW924JeSYFijU8OyuhoAdLh8lZKFxMeMlBx2phaO
KQnMn/11q/nPRQiYPbrydhEd0xJjgmk/nZ8s8d5GrCvIe/hGA3l2sLhCsQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNDTOjkstftrrZOL2H1tzd5XJuglMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvME5NNk9TeTEtMnV0azR2WWZXM04zbGNtNkNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAk7nFAwQA
z/TRMA0GCSqGSIb3DQEBCwUAA4IBAQBfiF4jYtEWZufyPTsK1/+ippO4TORnQGWK
Yh2yZ8+JBG/WjfsJipdZdiHHIkT6s7YF2c4jd3YMy0wpIAfBAjCmvb81lf1fzWq0
omd012tIgDhwvAkAyFWuYt3cG5il354ARm2f7Gw14NVU0kBbIO6xSa1qCrK9C3oH
9gnHRyy70yf2cM88obiLlnaOTw1RCvdnwGxMdP+6j87tJQaqrgZY49Sd59Wf/iez
z0pjZnOyw6WZRtDMCdWto8LlRdeE5bQIXSbsuRSGNVOSiu1EwY/Q7BmoNqXctLo5
VorXl5iXXvTTdrCgfnEvjeXh9Ic3h9fEE4HVU/Q33A7HrhvAts/q
-----END CERTIFICATE-----