Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/cTlliJQGudEc-EL6iDNgBU6q-DI.roa
File:                     cTlliJQGudEc-EL6iDNgBU6q-DI.roa (raw, json)
Hash identifier:          fFq0wxKYSeUMmP8/3JXlsdr3hGg6WxNOxEODFwgQ024=
Subject key identifier:   71:39:65:88:94:06:B9:D1:1C:F8:42:FA:88:33:60:05:4E:AA:F8:32
Certificate issuer:       /CN=a5b0c05731efa4bbe5c2a30ae5189f7785d2d499
Certificate serial:       019C6084ABF55846BD3817DA3D7D0124DD54
Authority key identifier: A5:B0:C0:57:31:EF:A4:BB:E5:C2:A3:0A:E5:18:9F:77:85:D2:D4:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/cTlliJQGudEc-EL6iDNgBU6q-DI.roa
Signing time:             Sun 15 Feb 2026 08:57:13 +0000
ROA not before:           Sun 15 Feb 2026 08:57:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24670
IP address blocks:        193.150.188.0/22 maxlen: 24
                          193.150.189.0/24 maxlen: 24
                          193.150.190.0/24 maxlen: 24
                          193.150.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:60:84:ab:f5:58:46:bd:38:17:da:3d:7d:01:24:dd:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5b0c05731efa4bbe5c2a30ae5189f7785d2d499
        Validity
            Not Before: Feb 15 08:57:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=713965889406b9d11cf842fa883360054eaaf832
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:f8:fb:1f:1b:57:b3:04:86:af:ea:b5:93:44:
                    a6:1f:8c:96:0e:a9:b9:58:f4:0f:cd:50:c7:e0:43:
                    24:3f:2d:ea:f9:ae:1c:ee:88:00:0a:d0:da:17:7c:
                    84:ed:3a:67:31:45:92:9a:65:22:3d:c2:83:28:b4:
                    87:81:24:45:17:dc:0b:d7:03:71:68:c9:43:cf:46:
                    f7:6d:c0:77:66:56:e0:1d:4b:ab:be:4e:25:5f:45:
                    ea:9a:15:87:d5:48:a2:7a:e6:ff:f5:f3:6b:27:e3:
                    04:79:51:01:f2:2c:72:d4:16:07:24:ed:df:58:11:
                    c8:ce:8f:14:96:e4:a1:e8:2f:3c:c4:06:c2:1a:ea:
                    98:42:15:27:b5:f7:f7:5b:57:8c:01:58:68:c2:8a:
                    fb:06:3a:a0:5c:89:56:4a:8b:7b:74:06:a2:8d:b6:
                    32:2f:be:d8:a8:9f:45:88:f4:e0:6e:ef:34:25:6b:
                    e5:c5:d8:8e:b8:db:2c:14:c9:2b:7e:5a:43:a0:c0:
                    45:04:5e:80:b8:5f:76:e0:c2:cc:27:67:13:a3:11:
                    e0:2b:bb:37:89:c1:9a:01:4a:e3:a0:9e:af:f8:93:
                    bd:cb:63:07:9c:e0:b0:cd:bd:74:c7:5d:74:5b:ef:
                    7f:e6:0c:3d:15:c0:af:bd:67:c2:4f:1e:98:b8:3a:
                    14:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:39:65:88:94:06:B9:D1:1C:F8:42:FA:88:33:60:05:4E:AA:F8:32
            X509v3 Authority Key Identifier:
                keyid:A5:B0:C0:57:31:EF:A4:BB:E5:C2:A3:0A:E5:18:9F:77:85:D2:D4:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/cTlliJQGudEc-EL6iDNgBU6q-DI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.150.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:4f:19:99:ad:23:eb:92:b9:56:68:a3:ea:49:5d:3d:6d:e0:
         c7:58:b3:2b:45:05:36:58:4d:0d:7e:a4:2a:73:c8:7e:56:f3:
         5e:43:61:3a:7a:86:8d:a5:25:49:76:3e:23:e8:3a:db:31:48:
         d7:9e:5b:8e:0f:4b:a3:ad:d1:ba:f4:53:d1:c4:38:91:02:92:
         28:fe:ac:26:22:3b:38:4f:2e:8e:dd:60:39:a3:e9:25:3a:34:
         83:7d:a3:ef:e3:53:82:f7:a9:11:a8:56:64:05:9c:a8:c6:cb:
         54:c8:ae:d7:28:1b:5a:69:2e:62:14:b4:8b:d2:57:0e:04:09:
         e6:95:76:9c:c3:e9:95:29:1b:b4:44:ea:ce:8b:28:39:84:1b:
         cb:66:5f:f4:05:96:d5:f8:d5:d3:82:ea:f6:09:a6:5f:26:09:
         9f:d6:e5:7b:46:57:e8:d9:8c:4f:4b:a2:8a:03:7c:75:60:2b:
         a9:9f:a2:0f:a5:ce:42:e4:18:39:91:d5:e8:ec:69:50:cf:dd:
         cd:c4:52:a8:bd:4a:09:d9:07:9f:4d:45:e0:1a:11:01:aa:9c:
         53:b6:82:78:37:bb:aa:f7:2d:5c:f8:49:6b:c5:78:12:b2:e1:
         ee:00:31:99:4e:03:cd:24:6a:d8:ef:c6:30:5f:ec:d9:e9:74:
         fd:2d:df:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxghKv1WEa9OBfaPX0BJN1UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YjBjMDU3MzFlZmE0YmJlNWMyYTMwYWU1MTg5Zjc3ODVk
MmQ0OTkwHhcNMjYwMjE1MDg1NzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTM5NjU4ODk0MDZiOWQxMWNmODQyZmE4ODMzNjAwNTRlYWFmODMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Pj7HxtXswSGr+q1k0SmH4yWDqm5
WPQPzVDH4EMkPy3q+a4c7ogACtDaF3yE7TpnMUWSmmUiPcKDKLSHgSRFF9wL1wNx
aMlDz0b3bcB3ZlbgHUurvk4lX0XqmhWH1Uiieub/9fNrJ+MEeVEB8ixy1BYHJO3f
WBHIzo8UluSh6C88xAbCGuqYQhUntff3W1eMAVhowor7BjqgXIlWSot7dAaijbYy
L77YqJ9FiPTgbu80JWvlxdiOuNssFMkrflpDoMBFBF6AuF924MLMJ2cToxHgK7s3
icGaAUrjoJ6v+JO9y2MHnOCwzb10x110W+9/5gw9FcCvvWfCTx6YuDoUoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHE5ZYiUBrnRHPhC+ogzYAVOqvgyMB8GA1UdIwQY
MBaAFKWwwFcx76S75cKjCuUYn3eF0tSZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGJEQVZ6SHZwTHZsd3FNSzVSaWZkNFhTMUprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8yNTE0OWMtMDkzMi00NjgzLThhYjgt
ZDE1ZmViZGY1ZWNmLzEvY1RsbGlKUUd1ZEVjLUVMNmlETmdCVTZxLURJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8yNTE0OWMtMDkzMi00NjgzLThhYjgtZDE1ZmViZGY1ZWNm
LzEvcGJEQVZ6SHZwTHZsd3FNSzVSaWZkNFhTMUprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwZa8MA0G
CSqGSIb3DQEBCwUAA4IBAQBETxmZrSPrkrlWaKPqSV09beDHWLMrRQU2WE0NfqQq
c8h+VvNeQ2E6eoaNpSVJdj4j6DrbMUjXnluOD0ujrdG69FPRxDiRApIo/qwmIjs4
Ty6O3WA5o+klOjSDfaPv41OC96kRqFZkBZyoxstUyK7XKBtaaS5iFLSL0lcOBAnm
lXacw+mVKRu0ROrOiyg5hBvLZl/0BZbV+NXTgur2CaZfJgmf1uV7Rlfo2YxPS6KK
A3x1YCupn6IPpc5C5Bg5kdXo7GlQz93NxFKovUoJ2QefTUXgGhEBqpxTtoJ4N7uq
9y1c+ElrxXgSsuHuADGZTgPNJGrY78YwX+zZ6XT9Ld/1
-----END CERTIFICATE-----