Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/e63f2e-97b0-4de8-87ed-563a14e86d60/1/RN1T4vywmwHPQadFEzInHppFeFE.roa
File:                     RN1T4vywmwHPQadFEzInHppFeFE.roa (raw, json)
Hash identifier:          A8eCa7/kNYjBFHFZcIxv83rfbT0LWEh2Tlp7MoHKDsw=
Subject key identifier:   44:DD:53:E2:FC:B0:9B:01:CF:41:A7:45:13:32:27:1E:9A:45:78:51
Certificate issuer:       /CN=9e56b51edf39ebf0662b2c834d65d1bd1de82522
Certificate serial:       019C85AD3516E0779CA5CC127E53344E8802
Authority key identifier: 9E:56:B5:1E:DF:39:EB:F0:66:2B:2C:83:4D:65:D1:BD:1D:E8:25:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nla1Ht856_BmKyyDTWXRvR3oJSI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/e63f2e-97b0-4de8-87ed-563a14e86d60/1/RN1T4vywmwHPQadFEzInHppFeFE.roa
Signing time:             Sun 22 Feb 2026 14:07:26 +0000
ROA not before:           Sun 22 Feb 2026 14:07:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200436
IP address blocks:        195.18.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/e63f2e-97b0-4de8-87ed-563a14e86d60/1/nla1Ht856_BmKyyDTWXRvR3oJSI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/e63f2e-97b0-4de8-87ed-563a14e86d60/1/nla1Ht856_BmKyyDTWXRvR3oJSI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nla1Ht856_BmKyyDTWXRvR3oJSI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:85:ad:35:16:e0:77:9c:a5:cc:12:7e:53:34:4e:88:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e56b51edf39ebf0662b2c834d65d1bd1de82522
        Validity
            Not Before: Feb 22 14:07:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=44dd53e2fcb09b01cf41a7451332271e9a457851
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:45:1f:39:b3:76:77:a4:78:13:14:3f:61:34:
                    53:d3:c8:8d:37:2f:d1:ed:cf:58:47:70:51:0d:f8:
                    ab:36:6b:35:b5:68:8a:60:6e:a1:eb:34:cc:e7:20:
                    9c:97:9f:4b:d5:d6:57:f0:59:43:61:14:75:82:59:
                    8b:82:72:b4:26:03:fa:18:33:15:8b:b8:98:a9:86:
                    10:cb:63:58:40:ed:af:db:de:0e:8d:4b:29:cb:ca:
                    2a:97:53:8a:10:0a:9a:3a:73:fa:15:19:3d:65:16:
                    c6:ce:17:f0:e3:21:25:99:9c:9b:24:a6:91:ff:59:
                    c5:7e:8f:87:ad:54:03:ca:cb:a9:a2:e2:4c:9a:32:
                    10:18:3b:eb:eb:77:59:9e:78:55:c2:87:7e:06:2f:
                    48:49:71:ef:59:d9:70:d0:e7:9a:99:53:ff:0a:ed:
                    e6:95:4a:76:4e:9b:53:9f:ee:d8:f7:7f:fe:dc:a5:
                    d9:3a:54:dd:39:5d:7b:ca:4a:3c:a2:8c:b4:a3:43:
                    0d:1d:91:c4:e3:e4:81:8c:5f:62:8b:2f:17:68:e2:
                    44:b3:37:7d:7d:33:46:e9:f8:0d:6d:e8:98:65:1d:
                    7b:0a:c9:df:a7:0e:cd:11:25:25:71:25:51:a0:b7:
                    d8:6a:5a:be:d1:cf:c6:fb:7e:7e:8c:08:32:93:93:
                    86:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:DD:53:E2:FC:B0:9B:01:CF:41:A7:45:13:32:27:1E:9A:45:78:51
            X509v3 Authority Key Identifier:
                keyid:9E:56:B5:1E:DF:39:EB:F0:66:2B:2C:83:4D:65:D1:BD:1D:E8:25:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nla1Ht856_BmKyyDTWXRvR3oJSI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/e63f2e-97b0-4de8-87ed-563a14e86d60/1/RN1T4vywmwHPQadFEzInHppFeFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/e63f2e-97b0-4de8-87ed-563a14e86d60/1/nla1Ht856_BmKyyDTWXRvR3oJSI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.18.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:bc:2e:ee:45:60:7f:20:4c:d0:42:b1:4a:0e:60:c4:f4:f3:
         5e:a9:0f:43:0c:a9:89:17:1c:ba:0e:0a:af:ea:67:f8:b6:5c:
         be:1f:eb:a1:47:41:ea:bd:e7:7e:a8:59:93:e5:7d:eb:37:b1:
         b9:55:ce:33:57:54:31:b8:53:47:81:99:60:b7:31:80:80:57:
         66:f8:d0:d4:3b:6d:c8:40:3b:31:95:f9:78:72:06:dd:01:c2:
         d1:89:fb:41:0a:39:aa:a3:f9:a9:a1:84:53:60:0c:e0:47:63:
         96:a6:b4:c7:fc:1d:11:45:48:38:45:56:ab:3f:05:ac:b5:84:
         73:1a:e2:ae:2c:1a:e7:7c:60:7c:6b:f9:6a:3d:ed:07:44:70:
         f8:2f:d9:ad:12:17:12:93:39:68:62:75:35:ad:e4:76:82:9f:
         5f:da:79:6f:4e:67:3b:04:d5:f2:41:d5:3c:b2:ad:f9:92:1c:
         12:15:0c:be:e6:fd:31:6f:e7:58:10:a8:7f:f6:c6:13:b6:6d:
         36:2d:9d:eb:41:06:46:90:90:b8:b1:a3:38:c1:c1:86:ce:28:
         e0:6e:96:10:01:8f:d9:61:cc:10:ee:04:8c:93:07:55:66:74:
         c6:08:90:8a:00:6d:e7:0b:a8:34:49:f2:d3:59:8d:18:2b:f1:
         0f:e6:a3:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyFrTUW4HecpcwSflM0TogCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNTZiNTFlZGYzOWViZjA2NjJiMmM4MzRkNjVkMWJkMWRl
ODI1MjIwHhcNMjYwMjIyMTQwNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGRkNTNlMmZjYjA5YjAxY2Y0MWE3NDUxMzMyMjcxZTlhNDU3ODUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjUUfObN2d6R4ExQ/YTRT08iNNy/R
7c9YR3BRDfirNms1tWiKYG6h6zTM5yCcl59L1dZX8FlDYRR1glmLgnK0JgP6GDMV
i7iYqYYQy2NYQO2v294OjUspy8oql1OKEAqaOnP6FRk9ZRbGzhfw4yElmZybJKaR
/1nFfo+HrVQDysupouJMmjIQGDvr63dZnnhVwod+Bi9ISXHvWdlw0OeamVP/Cu3m
lUp2TptTn+7Y93/+3KXZOlTdOV17yko8ooy0o0MNHZHE4+SBjF9iiy8XaOJEszd9
fTNG6fgNbeiYZR17Csnfpw7NESUlcSVRoLfYalq+0c/G+35+jAgyk5OGUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFETdU+L8sJsBz0GnRRMyJx6aRXhRMB8GA1UdIwQY
MBaAFJ5WtR7fOevwZissg01l0b0d6CUiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmxhMUh0ODU2X0JtS3l5RFRXWFJ2UjNvSlNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9lNjNmMmUtOTdiMC00ZGU4LTg3ZWQt
NTYzYTE0ZTg2ZDYwLzEvUk4xVDR2eXdtd0hQUWFkRkV6SW5IcHBGZUZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9lNjNmMmUtOTdiMC00ZGU4LTg3ZWQtNTYzYTE0ZTg2ZDYw
LzEvbmxhMUh0ODU2X0JtS3l5RFRXWFJ2UjNvSlNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxIKMA0G
CSqGSIb3DQEBCwUAA4IBAQBDvC7uRWB/IEzQQrFKDmDE9PNeqQ9DDKmJFxy6Dgqv
6mf4tly+H+uhR0Hqved+qFmT5X3rN7G5Vc4zV1QxuFNHgZlgtzGAgFdm+NDUO23I
QDsxlfl4cgbdAcLRiftBCjmqo/mpoYRTYAzgR2OWprTH/B0RRUg4RVarPwWstYRz
GuKuLBrnfGB8a/lqPe0HRHD4L9mtEhcSkzloYnU1reR2gp9f2nlvTmc7BNXyQdU8
sq35khwSFQy+5v0xb+dYEKh/9sYTtm02LZ3rQQZGkJC4saM4wcGGzijgbpYQAY/Z
YcwQ7gSMkwdVZnTGCJCKAG3nC6g0SfLTWY0YK/EP5qMo
-----END CERTIFICATE-----