Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ly8SorW7w_Dg6fAIrTVOdpaVPT8.roa
File:                     Ly8SorW7w_Dg6fAIrTVOdpaVPT8.roa (raw, json)
Hash identifier:          HGTHpvo69BEECWSdkFYK6o3wp1FqLkLH4LXf5TzKib4=
Subject key identifier:   2F:2F:12:A2:B5:BB:C3:F0:E0:E9:F0:08:AD:35:4E:76:96:95:3D:3F
Certificate issuer:       /CN=4f2d30b015ec4ef1b0d3c64347c8d1b598293f81
Certificate serial:       019C6DE4BC34BDA0D6E16B5048B2D267BA23
Authority key identifier: 4F:2D:30:B0:15:EC:4E:F1:B0:D3:C6:43:47:C8:D1:B5:98:29:3F:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ly8SorW7w_Dg6fAIrTVOdpaVPT8.roa
Signing time:             Tue 17 Feb 2026 23:17:12 +0000
ROA not before:           Tue 17 Feb 2026 23:17:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42861
IP address blocks:        185.149.144.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6d:e4:bc:34:bd:a0:d6:e1:6b:50:48:b2:d2:67:ba:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f2d30b015ec4ef1b0d3c64347c8d1b598293f81
        Validity
            Not Before: Feb 17 23:17:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2f2f12a2b5bbc3f0e0e9f008ad354e7696953d3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:3a:bf:74:21:b4:1c:1f:d4:fc:6d:a4:82:72:
                    4d:45:77:79:29:bb:12:54:fa:d9:84:da:22:78:9f:
                    f5:7a:28:6c:67:b0:b2:cd:c2:72:de:86:e4:71:fc:
                    03:a3:aa:74:c9:52:7e:42:bf:af:cd:a6:92:e5:91:
                    98:d7:1a:ee:bc:13:70:8c:99:52:06:62:4a:fe:84:
                    8d:e2:a1:d4:c3:fd:b8:e9:fe:87:e3:ea:67:fa:af:
                    50:66:70:b5:2e:6d:d9:1c:0e:7f:c3:da:c2:97:1a:
                    eb:78:57:50:aa:ce:4e:f7:99:bc:f7:e3:a2:1b:c1:
                    86:ce:1f:84:63:1f:26:1a:fb:a7:b2:7b:53:53:dc:
                    df:f3:e5:4d:52:ea:60:e4:d9:84:93:48:4e:ff:2a:
                    5d:95:e4:37:42:54:30:41:15:6c:02:a4:ce:87:38:
                    b9:12:5a:aa:2b:d1:06:96:79:77:04:ce:f1:63:1f:
                    fa:80:96:58:31:33:16:7a:6a:d0:da:07:05:19:60:
                    af:31:db:80:da:69:37:86:4d:32:fa:22:cc:ff:bb:
                    b7:8e:82:63:5b:3e:9d:5f:a1:43:87:3c:39:57:25:
                    8e:32:19:e4:b7:4e:78:13:89:83:86:64:19:d1:1b:
                    19:90:66:07:9d:80:f5:59:98:fa:9e:ac:1b:15:69:
                    68:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:2F:12:A2:B5:BB:C3:F0:E0:E9:F0:08:AD:35:4E:76:96:95:3D:3F
            X509v3 Authority Key Identifier:
                keyid:4F:2D:30:B0:15:EC:4E:F1:B0:D3:C6:43:47:C8:D1:B5:98:29:3F:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ly8SorW7w_Dg6fAIrTVOdpaVPT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:63:f4:d9:a2:1d:43:ab:90:58:2c:88:cc:b7:69:b1:bb:d8:
         97:60:2f:a0:7f:97:f2:61:a2:f7:07:59:84:a5:8d:ea:ed:3c:
         0c:74:12:2b:72:7d:a7:29:8b:4f:29:08:cb:bb:ed:c6:b8:f3:
         1f:a5:71:bf:d5:bb:dd:f6:43:60:fe:5f:22:4d:ab:55:f8:5f:
         ad:fb:af:89:ba:d9:b7:8d:db:9a:d8:20:0c:14:21:ae:c7:83:
         68:fa:d8:bf:57:c8:76:b0:69:ae:24:8c:3b:bc:a7:b2:fe:27:
         e8:34:ee:a9:fc:04:da:25:51:fb:04:5b:38:27:c5:58:ea:af:
         5c:c1:67:75:f0:2d:f6:da:6d:50:33:09:04:e1:85:6f:c3:58:
         98:19:07:5b:fd:81:aa:b7:7a:98:b1:95:34:be:05:cb:41:89:
         b0:09:0f:3a:b0:bf:56:55:4d:be:21:07:da:8e:b2:2a:48:88:
         d4:82:39:24:da:c8:86:58:04:36:19:a3:15:57:c0:12:8d:48:
         f0:b1:9a:1d:86:e9:43:a2:1d:c7:2f:e9:4d:73:77:ed:96:14:
         30:57:90:e4:72:96:48:53:e4:5f:ad:dd:8e:99:39:d6:93:2c:
         2f:7c:01:9d:60:c1:07:a4:87:70:0b:a1:f0:00:66:4b:0c:c3:
         ef:9c:77:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxt5Lw0vaDW4WtQSLLSZ7ojMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMmQzMGIwMTVlYzRlZjFiMGQzYzY0MzQ3YzhkMWI1OTgy
OTNmODEwHhcNMjYwMjE3MjMxNzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjJmMTJhMmI1YmJjM2YwZTBlOWYwMDhhZDM1NGU3Njk2OTUzZDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzq/dCG0HB/U/G2kgnJNRXd5KbsS
VPrZhNoieJ/1eihsZ7CyzcJy3obkcfwDo6p0yVJ+Qr+vzaaS5ZGY1xruvBNwjJlS
BmJK/oSN4qHUw/246f6H4+pn+q9QZnC1Lm3ZHA5/w9rClxrreFdQqs5O95m89+Oi
G8GGzh+EYx8mGvunsntTU9zf8+VNUupg5NmEk0hO/ypdleQ3QlQwQRVsAqTOhzi5
ElqqK9EGlnl3BM7xYx/6gJZYMTMWemrQ2gcFGWCvMduA2mk3hk0y+iLM/7u3joJj
Wz6dX6FDhzw5VyWOMhnkt054E4mDhmQZ0RsZkGYHnYD1WZj6nqwbFWloyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC8vEqK1u8Pw4OnwCK01TnaWlT0/MB8GA1UdIwQY
MBaAFE8tMLAV7E7xsNPGQ0fI0bWYKT+BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHkwd3NCWHNUdkd3MDhaRFI4alJ0WmdwUDRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi85NjY4YjUtNWU5Mi00YzE4LTliYjkt
NDM1MWJiZjc0YzBjLzEvTHk4U29yVzd3X0RnNmZBSXJUVk9kcGFWUFQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi85NjY4YjUtNWU5Mi00YzE4LTliYjktNDM1MWJiZjc0YzBj
LzEvVHkwd3NCWHNUdkd3MDhaRFI4alJ0WmdwUDRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZWQMA0G
CSqGSIb3DQEBCwUAA4IBAQA0Y/TZoh1Dq5BYLIjMt2mxu9iXYC+gf5fyYaL3B1mE
pY3q7TwMdBIrcn2nKYtPKQjLu+3GuPMfpXG/1bvd9kNg/l8iTatV+F+t+6+Jutm3
jdua2CAMFCGux4No+ti/V8h2sGmuJIw7vKey/ifoNO6p/ATaJVH7BFs4J8VY6q9c
wWd18C322m1QMwkE4YVvw1iYGQdb/YGqt3qYsZU0vgXLQYmwCQ86sL9WVU2+IQfa
jrIqSIjUgjkk2siGWAQ2GaMVV8ASjUjwsZodhulDoh3HL+lNc3ftlhQwV5DkcpZI
U+Rfrd2OmTnWkywvfAGdYMEHpIdwC6HwAGZLDMPvnHdP
-----END CERTIFICATE-----