Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/8a7569-ed74-4a92-8627-985ed15c9aeb/1/9l35f4vtEnwERy91rSIzMefrFvk.roa
File:                     9l35f4vtEnwERy91rSIzMefrFvk.roa (raw, json)
Hash identifier:          o4NZxjI3TjEffFvPCpSdso698d9KA9gU7jcbU25ovX4=
Subject key identifier:   F6:5D:F9:7F:8B:ED:12:7C:04:47:2F:75:AD:22:33:31:E7:EB:16:F9
Certificate issuer:       /CN=407c7083460e1a4c72c4bc4276313d3a85944a87
Certificate serial:       019C6B6209347DFA1F0BB4F5972B7F69E679
Authority key identifier: 40:7C:70:83:46:0E:1A:4C:72:C4:BC:42:76:31:3D:3A:85:94:4A:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QHxwg0YOGkxyxLxCdjE9OoWUSoc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/8a7569-ed74-4a92-8627-985ed15c9aeb/1/9l35f4vtEnwERy91rSIzMefrFvk.roa
Signing time:             Tue 17 Feb 2026 11:35:12 +0000
ROA not before:           Tue 17 Feb 2026 11:35:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199811
IP address blocks:        185.210.64.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/8a7569-ed74-4a92-8627-985ed15c9aeb/1/QHxwg0YOGkxyxLxCdjE9OoWUSoc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/8a7569-ed74-4a92-8627-985ed15c9aeb/1/QHxwg0YOGkxyxLxCdjE9OoWUSoc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QHxwg0YOGkxyxLxCdjE9OoWUSoc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 14:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6b:62:09:34:7d:fa:1f:0b:b4:f5:97:2b:7f:69:e6:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=407c7083460e1a4c72c4bc4276313d3a85944a87
        Validity
            Not Before: Feb 17 11:35:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f65df97f8bed127c04472f75ad223331e7eb16f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:4b:9d:ac:77:80:e5:fd:3d:3d:e9:6e:c4:72:
                    39:85:86:26:b9:51:9c:a0:f0:5e:b4:12:99:01:e7:
                    ab:94:5a:8c:5b:77:d3:8a:57:38:3e:ea:8e:5b:fe:
                    6b:db:02:72:0c:e7:2a:05:d3:24:ec:72:b2:9a:bf:
                    62:ed:01:ba:5e:8f:3b:97:3c:df:60:ab:63:06:e0:
                    c0:df:b6:b2:da:5d:4d:e2:29:1d:b0:ff:6e:04:87:
                    09:07:2a:c7:37:3c:8f:ba:81:da:67:5c:ab:93:97:
                    a3:4a:93:98:78:5c:51:f9:b6:b8:98:d6:8e:7d:9c:
                    d6:fc:9a:4d:a2:f3:c6:e9:c6:e3:37:77:a7:20:cf:
                    4c:7e:ce:24:ad:3f:da:3f:06:28:1e:c7:e0:c1:1a:
                    3f:81:46:6c:c1:bc:2b:55:bd:1c:08:28:0f:5a:59:
                    ae:cf:e1:43:e0:26:13:1c:a5:8a:17:71:65:73:8f:
                    24:6e:7e:81:7a:81:06:9e:70:7d:dc:f5:bb:bf:52:
                    21:65:ca:c6:f6:d2:16:02:3a:12:d6:9d:3c:5d:91:
                    34:a4:e1:39:c4:77:c7:d5:9c:9f:63:b3:e4:32:05:
                    f1:91:89:90:59:8d:45:0f:df:36:d8:12:d0:e0:7e:
                    b8:13:5f:b3:c5:66:b2:8d:39:dc:94:71:f0:46:0f:
                    8f:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:5D:F9:7F:8B:ED:12:7C:04:47:2F:75:AD:22:33:31:E7:EB:16:F9
            X509v3 Authority Key Identifier:
                keyid:40:7C:70:83:46:0E:1A:4C:72:C4:BC:42:76:31:3D:3A:85:94:4A:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QHxwg0YOGkxyxLxCdjE9OoWUSoc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8a7569-ed74-4a92-8627-985ed15c9aeb/1/9l35f4vtEnwERy91rSIzMefrFvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8a7569-ed74-4a92-8627-985ed15c9aeb/1/QHxwg0YOGkxyxLxCdjE9OoWUSoc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:f9:e1:26:f0:97:d6:40:22:83:f2:39:24:4e:ee:11:ee:45:
         2c:a9:22:94:bb:5f:c1:b6:37:2d:1f:cc:c5:dd:25:53:21:01:
         c0:ce:1f:7f:a2:e3:75:b4:73:46:61:51:28:59:a4:54:f3:e5:
         c5:52:85:9a:17:4f:d6:f6:c9:3f:cf:5f:85:86:db:61:80:11:
         fa:2a:2a:95:7d:a0:47:9d:67:79:08:e8:44:c3:98:a9:66:41:
         79:d1:3f:95:b5:8d:ac:10:b2:e5:33:75:27:28:4e:1c:97:61:
         b7:03:d4:ed:06:0c:f2:4a:d9:78:72:7e:1a:89:76:b8:29:eb:
         34:2a:16:ac:e1:bd:50:07:22:d7:ec:60:0d:ab:4b:80:7b:cf:
         ee:a7:8e:79:c0:73:65:b6:1e:ee:42:3e:97:e7:ee:d1:7b:9b:
         82:3d:0f:be:ce:cf:83:54:08:12:e6:b9:ed:04:a0:5e:fd:71:
         98:a1:17:0e:6c:60:6f:59:86:5d:c4:59:8d:8d:b4:4f:6b:d4:
         d2:2d:1b:9a:ab:21:1a:9c:97:08:73:1a:89:c2:fb:d2:86:06:
         53:3c:02:6d:b2:66:fe:7b:9d:09:49:2b:d4:db:7d:a8:9f:1f:
         b0:32:00:f5:f1:0d:f8:df:f6:9e:13:55:66:24:76:f6:69:c9:
         18:90:fc:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxrYgk0ffofC7T1lyt/aeZ5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwN2M3MDgzNDYwZTFhNGM3MmM0YmM0Mjc2MzEzZDNhODU5
NDRhODcwHhcNMjYwMjE3MTEzNTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjVkZjk3ZjhiZWQxMjdjMDQ0NzJmNzVhZDIyMzMzMWU3ZWIxNmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4UudrHeA5f09PeluxHI5hYYmuVGc
oPBetBKZAeerlFqMW3fTilc4PuqOW/5r2wJyDOcqBdMk7HKymr9i7QG6Xo87lzzf
YKtjBuDA37ay2l1N4ikdsP9uBIcJByrHNzyPuoHaZ1yrk5ejSpOYeFxR+ba4mNaO
fZzW/JpNovPG6cbjN3enIM9Mfs4krT/aPwYoHsfgwRo/gUZswbwrVb0cCCgPWlmu
z+FD4CYTHKWKF3Flc48kbn6BeoEGnnB93PW7v1IhZcrG9tIWAjoS1p08XZE0pOE5
xHfH1ZyfY7PkMgXxkYmQWY1FD9822BLQ4H64E1+zxWayjTnclHHwRg+PpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPZd+X+L7RJ8BEcvda0iMzHn6xb5MB8GA1UdIwQY
MBaAFEB8cINGDhpMcsS8QnYxPTqFlEqHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUh4d2cwWU9Ha3h5eEx4Q2RqRTlPb1dVU29jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi84YTc1NjktZWQ3NC00YTkyLTg2Mjct
OTg1ZWQxNWM5YWViLzEvOWwzNWY0dnRFbndFUnk5MXJTSXpNZWZyRnZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi84YTc1NjktZWQ3NC00YTkyLTg2MjctOTg1ZWQxNWM5YWVi
LzEvUUh4d2cwWU9Ha3h5eEx4Q2RqRTlPb1dVU29jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudJAMA0G
CSqGSIb3DQEBCwUAA4IBAQBf+eEm8JfWQCKD8jkkTu4R7kUsqSKUu1/BtjctH8zF
3SVTIQHAzh9/ouN1tHNGYVEoWaRU8+XFUoWaF0/W9sk/z1+FhtthgBH6KiqVfaBH
nWd5COhEw5ipZkF50T+VtY2sELLlM3UnKE4cl2G3A9TtBgzyStl4cn4aiXa4Kes0
Khas4b1QByLX7GANq0uAe8/up455wHNlth7uQj6X5+7Re5uCPQ++zs+DVAgS5rnt
BKBe/XGYoRcObGBvWYZdxFmNjbRPa9TSLRuaqyEanJcIcxqJwvvShgZTPAJtsmb+
e50JSSvU232onx+wMgD18Q343/aeE1VmJHb2ackYkPyd
-----END CERTIFICATE-----