Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/Rb9KBoBLJn6K8gQhZg2wL_hnX2Q.roa
File:                     Rb9KBoBLJn6K8gQhZg2wL_hnX2Q.roa (raw, json)
Hash identifier:          Pnn1XhHhvI1FVLr7IXQzdyTXVT364mukcsmYH/cxMhg=
Subject key identifier:   45:BF:4A:06:80:4B:26:7E:8A:F2:04:21:66:0D:B0:2F:F8:67:5F:64
Certificate issuer:       /CN=ec9c685cf6671cc656f92e764557a38378f2827c
Certificate serial:       019C4340E75D2AAB16536AB60E7C0B9740F9
Authority key identifier: EC:9C:68:5C:F6:67:1C:C6:56:F9:2E:76:45:57:A3:83:78:F2:82:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/Rb9KBoBLJn6K8gQhZg2wL_hnX2Q.roa
Signing time:             Mon 09 Feb 2026 16:34:12 +0000
ROA not before:           Mon 09 Feb 2026 16:34:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8881
IP address blocks:        212.114.42.0/24 maxlen: 24
                          212.114.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:43:40:e7:5d:2a:ab:16:53:6a:b6:0e:7c:0b:97:40:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec9c685cf6671cc656f92e764557a38378f2827c
        Validity
            Not Before: Feb  9 16:34:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=45bf4a06804b267e8af20421660db02ff8675f64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b6:ea:38:d9:51:5e:bb:db:04:a8:bf:65:40:
                    61:d0:b4:57:04:ac:ad:21:2f:12:63:2b:2c:84:39:
                    1f:02:37:ab:ee:c4:98:f7:27:87:0c:68:c2:f9:b2:
                    9f:e3:9d:93:74:37:8a:5f:53:75:bb:93:6c:d4:54:
                    8e:12:07:13:89:9a:e0:97:14:da:36:8e:72:97:5c:
                    83:55:28:8d:88:af:50:38:5d:d5:fc:e2:48:b9:14:
                    79:62:d3:5e:8f:6b:b1:1f:ca:5d:95:89:fd:19:5c:
                    19:ad:66:e0:40:fa:c5:b3:62:ea:56:ae:3c:eb:c1:
                    52:a5:92:ea:b5:e4:d0:09:e5:de:66:5a:38:af:da:
                    ad:53:9f:0a:c1:24:6a:4c:db:f9:0d:a2:8d:05:9a:
                    3a:64:03:78:64:0c:91:ee:8e:1f:a4:53:65:af:73:
                    90:d8:06:5d:bd:af:84:37:29:f9:36:72:04:e1:00:
                    42:13:ac:02:3e:18:bd:7d:38:c4:34:ba:24:17:df:
                    86:5b:26:06:00:67:ed:4b:e6:dd:94:57:97:cb:c3:
                    9f:d2:11:a8:58:02:85:65:bf:7a:5d:b0:45:b0:3e:
                    71:3e:69:4d:db:3e:ac:16:d8:6b:9b:7f:b5:79:77:
                    ee:4d:41:3d:f5:a3:25:54:c5:ea:6c:98:94:0e:bf:
                    c8:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:BF:4A:06:80:4B:26:7E:8A:F2:04:21:66:0D:B0:2F:F8:67:5F:64
            X509v3 Authority Key Identifier:
                keyid:EC:9C:68:5C:F6:67:1C:C6:56:F9:2E:76:45:57:A3:83:78:F2:82:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/Rb9KBoBLJn6K8gQhZg2wL_hnX2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.114.42.0/24
                  212.114.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:37:9a:52:06:ad:2e:80:22:a1:51:bc:ea:d7:00:07:d2:71:
         0b:9a:e0:f3:0a:87:c2:38:9a:4f:f4:a0:01:e2:ea:70:0a:32:
         6e:3f:9a:e7:ec:fa:e9:37:f3:37:38:6d:40:5e:db:b6:28:91:
         cb:a8:f5:a3:6e:ad:88:47:cf:63:99:eb:48:b2:07:ce:f2:f8:
         34:18:8c:75:75:7f:0a:b0:2f:b7:5b:0c:5e:5b:94:69:f2:72:
         ad:e6:b6:0d:7e:f0:c8:ea:49:fe:ae:14:3a:f0:5a:27:6d:81:
         b0:8b:47:17:87:32:c0:26:72:e9:fb:a4:0c:20:ea:f1:4f:65:
         d6:7f:aa:21:c8:02:16:36:95:25:93:84:70:b8:9a:df:f8:e3:
         3f:fd:21:15:08:c0:3b:25:77:24:07:4c:78:65:56:5c:cc:33:
         1a:aa:d1:b3:ff:c3:ba:5c:01:dd:13:4d:7e:ab:15:d5:2d:fd:
         49:09:25:0f:e8:91:d3:98:73:33:6e:c5:fa:f2:8a:d8:13:ea:
         5c:61:82:9f:a2:68:5d:bc:2a:1a:cd:09:b4:5d:14:36:fe:32:
         54:d9:ca:4c:7c:f6:e7:40:52:17:8f:4e:45:3e:80:d7:09:10:
         4c:ec:b6:0c:56:96:12:4c:77:2a:b5:cb:ae:cd:b2:af:9e:eb:
         40:33:90:fa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxDQOddKqsWU2q2DnwLl0D5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjOWM2ODVjZjY2NzFjYzY1NmY5MmU3NjQ1NTdhMzgzNzhm
MjgyN2MwHhcNMjYwMjA5MTYzNDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWJmNGEwNjgwNGIyNjdlOGFmMjA0MjE2NjBkYjAyZmY4Njc1ZjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorbqONlRXrvbBKi/ZUBh0LRXBKyt
IS8SYysshDkfAjer7sSY9yeHDGjC+bKf452TdDeKX1N1u5Ns1FSOEgcTiZrglxTa
No5yl1yDVSiNiK9QOF3V/OJIuRR5YtNej2uxH8pdlYn9GVwZrWbgQPrFs2LqVq48
68FSpZLqteTQCeXeZlo4r9qtU58KwSRqTNv5DaKNBZo6ZAN4ZAyR7o4fpFNlr3OQ
2AZdva+ENyn5NnIE4QBCE6wCPhi9fTjENLokF9+GWyYGAGftS+bdlFeXy8Of0hGo
WAKFZb96XbBFsD5xPmlN2z6sFthrm3+1eXfuTUE99aMlVMXqbJiUDr/IFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEW/SgaASyZ+ivIEIWYNsC/4Z19kMB8GA1UdIwQY
MBaAFOycaFz2ZxzGVvkudkVXo4N48oJ8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0p4b1hQWm5ITVpXLVM1MlJWZWpnM2p5Z253LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9lOWI1NmUtM2I1Yi00M2IxLThiYjUt
YmFiNDhkYWI0Y2Q2LzEvUmI5S0JvQkxKbjZLOGdRaFpnMndMX2huWDJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9lOWI1NmUtM2I1Yi00M2IxLThiYjUtYmFiNDhkYWI0Y2Q2
LzEvN0p4b1hQWm5ITVpXLVM1MlJWZWpnM2p5Z253LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1HIqAwQA
1HIvMA0GCSqGSIb3DQEBCwUAA4IBAQAMN5pSBq0ugCKhUbzq1wAH0nELmuDzCofC
OJpP9KAB4upwCjJuP5rn7PrpN/M3OG1AXtu2KJHLqPWjbq2IR89jmetIsgfO8vg0
GIx1dX8KsC+3WwxeW5Rp8nKt5rYNfvDI6kn+rhQ68FonbYGwi0cXhzLAJnLp+6QM
IOrxT2XWf6ohyAIWNpUlk4RwuJrf+OM//SEVCMA7JXckB0x4ZVZczDMaqtGz/8O6
XAHdE01+qxXVLf1JCSUP6JHTmHMzbsX68orYE+pcYYKfomhdvCoazQm0XRQ2/jJU
2cpMfPbnQFIXj05FPoDXCRBM7LYMVpYSTHcqtcuuzbKvnutAM5D6
-----END CERTIFICATE-----