Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/uBecXrloW4prw2ylSn0_Ivng2VY.roa
File:                     uBecXrloW4prw2ylSn0_Ivng2VY.roa (raw, json)
Hash identifier:          yFhPh9rE6yKyFP6xCMVODHQKX7tLrcXL5wGXXwvK1tU=
Subject key identifier:   B8:17:9C:5E:B9:68:5B:8A:6B:C3:6C:A5:4A:7D:3F:22:F9:E0:D9:56
Certificate issuer:       /CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Certificate serial:       019C67064BF20F4625F9F6B82F1290D216AD
Authority key identifier: 52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/uBecXrloW4prw2ylSn0_Ivng2VY.roa
Signing time:             Mon 16 Feb 2026 15:16:31 +0000
ROA not before:           Mon 16 Feb 2026 15:16:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15830
IP address blocks:        185.68.196.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:67:06:4b:f2:0f:46:25:f9:f6:b8:2f:12:90:d2:16:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
        Validity
            Not Before: Feb 16 15:16:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b8179c5eb9685b8a6bc36ca54a7d3f22f9e0d956
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:00:22:2d:67:37:fb:fa:93:6e:63:22:ca:ed:
                    c9:c7:20:42:58:9d:69:cd:b2:3f:a8:4e:57:61:c7:
                    10:68:73:4b:91:5e:12:a7:7c:c7:2b:d2:6a:f5:b0:
                    68:c2:6b:6a:4b:9a:1a:d6:4f:28:a0:f4:a7:85:c1:
                    c5:a7:db:b1:5b:82:77:a2:43:cb:2b:d1:7c:42:30:
                    de:68:3d:b6:e0:ac:2c:02:83:7c:f7:c8:66:9a:05:
                    42:68:b2:d8:a4:46:8c:5b:eb:01:c0:85:43:62:37:
                    76:c4:b7:b8:aa:81:6b:67:93:7a:7e:96:7b:39:cb:
                    0d:23:37:87:c4:f2:ea:af:9e:10:53:70:7c:5d:56:
                    e2:3d:7a:1a:06:61:eb:97:a7:18:80:1e:00:52:1b:
                    0a:44:67:a7:7f:21:4f:46:0b:37:39:e1:63:48:60:
                    ab:f1:f6:45:62:4c:07:c9:41:70:d7:bc:20:ea:c9:
                    ff:c1:51:69:dd:31:1c:dc:6b:11:2c:a8:83:ad:89:
                    9c:e8:4f:90:02:f8:31:4e:2a:7a:bb:c1:8f:9f:4f:
                    f5:66:41:36:74:83:a3:c9:16:b7:0f:2f:5e:e2:d4:
                    10:29:da:c9:6a:85:0e:16:5c:31:35:38:e1:1f:17:
                    0b:d1:f4:f3:cb:8c:cd:f9:44:71:a3:16:aa:76:8f:
                    3d:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:17:9C:5E:B9:68:5B:8A:6B:C3:6C:A5:4A:7D:3F:22:F9:E0:D9:56
            X509v3 Authority Key Identifier:
                keyid:52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/uBecXrloW4prw2ylSn0_Ivng2VY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.68.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:26:c0:d0:0a:65:c1:87:f6:4c:57:69:d5:65:b2:4f:94:97:
         fa:62:e6:91:09:e1:79:bc:c4:5a:ab:8e:b2:2b:6e:1f:96:dc:
         ae:2e:bd:19:d0:7d:fc:38:f2:b8:5d:ae:07:1b:39:1f:ad:89:
         61:fa:50:11:f2:14:da:d1:8d:13:9d:bb:81:73:8c:d9:d8:97:
         fa:ef:6b:27:b7:03:b2:dc:6d:4c:1e:ae:8d:80:ef:ee:ad:95:
         1c:a7:1d:d1:1e:c5:80:d9:06:26:d6:3b:a4:b1:65:cb:8a:af:
         a2:30:51:54:4b:3e:6a:f7:6e:71:c2:36:18:c7:fc:18:e4:85:
         ea:77:f1:8c:e8:66:9e:12:4e:08:e2:03:c0:72:37:3c:7d:85:
         e4:29:92:79:e5:1b:e4:4b:83:c3:d7:48:09:6e:93:02:a4:8f:
         6e:41:3a:b0:9e:48:5c:44:df:a7:21:d1:32:85:da:f4:7f:eb:
         d2:6c:48:b8:aa:b5:e8:12:d0:b3:27:e1:f3:57:fb:81:7e:b9:
         1e:eb:a7:1d:e1:8d:92:72:d2:32:52:62:87:11:a9:0f:d8:b7:
         2b:fd:09:f5:ef:08:24:98:e5:c1:6d:03:b5:ba:23:d0:69:df:
         c5:05:54:4d:61:9d:4e:68:2e:84:69:8f:02:39:4b:93:3f:30:
         0c:da:ff:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxnBkvyD0Yl+fa4LxKQ0hatMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZGM5YzIxOGI1MTBjMDdiYzY2NTliMDlmYmQzMmFmZTY4
YWJmZDIwHhcNMjYwMjE2MTUxNjMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODE3OWM1ZWI5Njg1YjhhNmJjMzZjYTU0YTdkM2YyMmY5ZTBkOTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwAiLWc3+/qTbmMiyu3JxyBCWJ1p
zbI/qE5XYccQaHNLkV4Sp3zHK9Jq9bBowmtqS5oa1k8ooPSnhcHFp9uxW4J3okPL
K9F8QjDeaD224KwsAoN898hmmgVCaLLYpEaMW+sBwIVDYjd2xLe4qoFrZ5N6fpZ7
OcsNIzeHxPLqr54QU3B8XVbiPXoaBmHrl6cYgB4AUhsKRGenfyFPRgs3OeFjSGCr
8fZFYkwHyUFw17wg6sn/wVFp3TEc3GsRLKiDrYmc6E+QAvgxTip6u8GPn0/1ZkE2
dIOjyRa3Dy9e4tQQKdrJaoUOFlwxNTjhHxcL0fTzy4zN+URxoxaqdo89gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLgXnF65aFuKa8NspUp9PyL54NlWMB8GA1UdIwQY
MBaAFFLcnCGLUQwHvGZZsJ+9Mq/mir/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYt
NTJmOTdiMjc3ZDFmLzEvdUJlY1hybG9XNHBydzJ5bFNuMF9Jdm5nMlZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYtNTJmOTdiMjc3ZDFm
LzEvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUTEMA0G
CSqGSIb3DQEBCwUAA4IBAQCOJsDQCmXBh/ZMV2nVZbJPlJf6YuaRCeF5vMRaq46y
K24fltyuLr0Z0H38OPK4Xa4HGzkfrYlh+lAR8hTa0Y0TnbuBc4zZ2Jf672sntwOy
3G1MHq6NgO/urZUcpx3RHsWA2QYm1juksWXLiq+iMFFUSz5q925xwjYYx/wY5IXq
d/GM6GaeEk4I4gPAcjc8fYXkKZJ55RvkS4PD10gJbpMCpI9uQTqwnkhcRN+nIdEy
hdr0f+vSbEi4qrXoEtCzJ+HzV/uBfrke66cd4Y2SctIyUmKHEakP2Lcr/Qn17wgk
mOXBbQO1uiPQad/FBVRNYZ1OaC6EaY8COUuTPzAM2v+D
-----END CERTIFICATE-----