Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/2EmYwXBhLPsDOem-9gevs6jod5I.roa
File:                     2EmYwXBhLPsDOem-9gevs6jod5I.roa (raw, json)
Hash identifier:          lPPd5V+ynCELqGzDCWJjhrTAnDqmkJ7HdKeabmACmxo=
Subject key identifier:   D8:49:98:C1:70:61:2C:FB:03:39:E9:BE:F6:07:AF:B3:A8:E8:77:92
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019C6674717973B42A838BEA0085889A1155
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/2EmYwXBhLPsDOem-9gevs6jod5I.roa
Signing time:             Mon 16 Feb 2026 12:37:13 +0000
ROA not before:           Mon 16 Feb 2026 12:37:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        109.122.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:66:74:71:79:73:b4:2a:83:8b:ea:00:85:88:9a:11:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Feb 16 12:37:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d84998c170612cfb0339e9bef607afb3a8e87792
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:10:5b:98:bd:01:f0:de:30:5c:61:20:ed:e5:
                    d4:d3:62:2f:3e:6d:5b:28:d4:ca:1b:75:4f:2e:f4:
                    37:9e:0a:db:20:20:65:ae:5c:8f:3b:6b:af:b2:8e:
                    73:b9:41:38:92:a1:7e:8f:52:81:13:10:f1:04:40:
                    bc:7c:3a:d1:19:d7:76:e7:e7:49:e1:c0:29:f4:3f:
                    14:e9:22:50:44:66:ab:5e:08:47:39:88:86:74:b8:
                    08:4c:d7:c9:0c:e3:9b:6a:67:de:dd:3b:f3:4a:dd:
                    63:30:7b:2b:6a:18:00:de:2b:4f:b9:ff:ff:25:23:
                    cd:65:ec:b5:16:ba:d3:0e:d4:c6:95:88:14:42:6f:
                    61:fe:d4:ff:34:6a:1a:d6:e6:f6:01:0a:3d:19:66:
                    28:c8:ed:fc:3c:58:8f:52:5a:12:ba:5f:d9:0b:8e:
                    1c:86:7f:65:68:53:24:c2:73:00:39:c9:80:31:02:
                    e2:b5:6a:82:42:9c:36:ae:d8:96:98:95:5a:2f:2d:
                    de:20:e3:9e:6e:ab:e9:34:ce:7c:3b:de:08:39:1c:
                    1b:30:24:62:7b:0d:87:c9:c2:a1:6b:2f:4c:a7:9c:
                    e7:62:4c:9e:61:3c:e1:7f:17:bf:20:17:41:2e:0c:
                    6d:35:b5:0f:3c:38:a4:0b:a8:7b:c5:5d:d1:f9:5a:
                    48:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:49:98:C1:70:61:2C:FB:03:39:E9:BE:F6:07:AF:B3:A8:E8:77:92
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/2EmYwXBhLPsDOem-9gevs6jod5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:b7:d5:a3:44:95:97:6b:cc:b3:8a:91:70:2d:4f:92:6d:8f:
         85:34:91:e7:37:79:d9:1a:77:b1:ca:e1:7f:d4:28:32:47:64:
         d8:c3:00:b2:af:14:9e:28:21:0c:b9:58:01:f8:d0:6f:92:8a:
         e0:71:a6:f5:b6:5c:21:1f:c5:45:a4:b2:f3:c2:b0:9a:4d:b9:
         cb:73:26:3a:17:66:b0:b9:ff:cd:eb:23:91:00:56:6d:4c:61:
         f5:3c:fc:93:d1:b7:4f:8a:6e:c4:b9:f1:40:51:9b:52:33:d3:
         8e:77:54:57:db:b9:f2:e9:7f:7d:76:19:c1:75:cc:8b:1a:5a:
         80:13:33:78:00:1d:92:c7:5c:32:f6:17:cb:a1:40:25:4e:8e:
         ee:2a:04:05:75:91:a8:1a:d3:16:1e:68:0c:e4:e1:fe:c3:e8:
         0f:e7:c9:17:0f:18:ba:db:9f:b5:09:13:94:65:fd:2b:a4:85:
         bd:05:67:19:36:da:fb:03:a8:09:fa:2f:72:bb:b9:50:0e:d4:
         35:ef:2a:79:21:65:b5:34:4c:14:fd:46:52:3c:c6:56:e8:00:
         93:b9:5f:e3:58:d8:fa:d7:0f:a0:f1:6f:91:f7:3c:3a:99:da:
         fc:3d:bb:df:c0:16:f5:46:ed:69:00:59:b8:d4:94:6b:bf:2f:
         fc:10:b0:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxmdHF5c7Qqg4vqAIWImhFVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjYwMjE2MTIzNzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODQ5OThjMTcwNjEyY2ZiMDMzOWU5YmVmNjA3YWZiM2E4ZTg3NzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBBbmL0B8N4wXGEg7eXU02IvPm1b
KNTKG3VPLvQ3ngrbICBlrlyPO2uvso5zuUE4kqF+j1KBExDxBEC8fDrRGdd25+dJ
4cAp9D8U6SJQRGarXghHOYiGdLgITNfJDOObamfe3TvzSt1jMHsrahgA3itPuf//
JSPNZey1FrrTDtTGlYgUQm9h/tT/NGoa1ub2AQo9GWYoyO38PFiPUloSul/ZC44c
hn9laFMkwnMAOcmAMQLitWqCQpw2rtiWmJVaLy3eIOOebqvpNM58O94IORwbMCRi
ew2HycKhay9Mp5znYkyeYTzhfxe/IBdBLgxtNbUPPDikC6h7xV3R+VpILQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNhJmMFwYSz7AznpvvYHr7Oo6HeSMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvMkVtWXdYQmhMUHNET2VtLTlnZXZzNmpvZDVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXoqMA0G
CSqGSIb3DQEBCwUAA4IBAQBut9WjRJWXa8yzipFwLU+SbY+FNJHnN3nZGnexyuF/
1CgyR2TYwwCyrxSeKCEMuVgB+NBvkorgcab1tlwhH8VFpLLzwrCaTbnLcyY6F2aw
uf/N6yORAFZtTGH1PPyT0bdPim7EufFAUZtSM9OOd1RX27ny6X99dhnBdcyLGlqA
EzN4AB2Sx1wy9hfLoUAlTo7uKgQFdZGoGtMWHmgM5OH+w+gP58kXDxi625+1CROU
Zf0rpIW9BWcZNtr7A6gJ+i9yu7lQDtQ17yp5IWW1NEwU/UZSPMZW6ACTuV/jWNj6
1w+g8W+R9zw6mdr8PbvfwBb1Ru1pAFm41JRrvy/8ELDG
-----END CERTIFICATE-----