Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/8a7569-ed74-4a92-8627-985ed15c9aeb/1/_DMWomZ-zw9r2w8AsNSptLxDmfA.roa
File:                     _DMWomZ-zw9r2w8AsNSptLxDmfA.roa (raw, json)
Hash identifier:          5DRqqMVL9GM/PG8SfYwPRoOqjNYLEPPU5+fO2uX+eWE=
Subject key identifier:   FC:33:16:A2:66:7E:CF:0F:6B:DB:0F:00:B0:D4:A9:B4:BC:43:99:F0
Certificate issuer:       /CN=407c7083460e1a4c72c4bc4276313d3a85944a87
Certificate serial:       019C6B62097DBD8D4A5557FE7664FBCFE43E
Authority key identifier: 40:7C:70:83:46:0E:1A:4C:72:C4:BC:42:76:31:3D:3A:85:94:4A:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QHxwg0YOGkxyxLxCdjE9OoWUSoc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/8a7569-ed74-4a92-8627-985ed15c9aeb/1/_DMWomZ-zw9r2w8AsNSptLxDmfA.roa
Signing time:             Tue 17 Feb 2026 11:35:12 +0000
ROA not before:           Tue 17 Feb 2026 11:35:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204572
IP address blocks:        45.86.216.0/22 maxlen: 22
                          2a0b:55c0::/29 maxlen: 29
                          2a0e:e880::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/8a7569-ed74-4a92-8627-985ed15c9aeb/1/QHxwg0YOGkxyxLxCdjE9OoWUSoc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/8a7569-ed74-4a92-8627-985ed15c9aeb/1/QHxwg0YOGkxyxLxCdjE9OoWUSoc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QHxwg0YOGkxyxLxCdjE9OoWUSoc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6b:62:09:7d:bd:8d:4a:55:57:fe:76:64:fb:cf:e4:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=407c7083460e1a4c72c4bc4276313d3a85944a87
        Validity
            Not Before: Feb 17 11:35:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fc3316a2667ecf0f6bdb0f00b0d4a9b4bc4399f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:9f:12:c3:cc:e7:7f:ab:d3:1d:00:52:9b:0d:
                    ca:36:e6:39:5c:af:05:5e:53:1d:be:55:1e:6d:7c:
                    46:94:f2:4b:e7:1b:28:dd:8b:f6:0f:f0:6e:df:27:
                    aa:27:42:7d:75:6f:15:28:65:40:03:fd:81:cb:90:
                    e8:89:80:1a:a9:a3:79:f5:5f:ca:31:09:74:30:06:
                    52:96:66:fd:47:d8:37:40:c2:ec:92:b6:df:8b:60:
                    fb:70:fd:ed:a0:56:7d:4f:6c:73:59:7a:b7:84:a7:
                    2c:fe:42:82:75:dd:38:f1:d5:32:92:68:60:5f:c1:
                    ec:9d:06:b6:46:bf:ef:a2:84:c1:01:36:5b:9f:4b:
                    7d:07:7f:8d:5e:f2:56:11:23:fa:71:f5:d1:a2:61:
                    4f:75:15:b1:4d:01:0b:0e:4f:29:57:1f:a6:4f:a5:
                    3c:57:61:df:a3:db:c1:7a:09:c5:5b:96:6e:af:a8:
                    f1:99:67:cd:b7:7b:b7:a1:1d:37:c2:32:d3:4d:b4:
                    5d:3c:da:25:0b:40:5f:88:46:f1:bf:84:7d:f1:a8:
                    b7:57:b6:1f:be:44:37:67:5f:49:9a:40:6b:34:71:
                    3c:bf:f7:bf:83:78:90:7a:e6:58:9b:25:c8:48:d8:
                    33:f9:c0:ec:7a:1a:2e:f8:a5:2a:4e:69:6f:f5:12:
                    8b:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:33:16:A2:66:7E:CF:0F:6B:DB:0F:00:B0:D4:A9:B4:BC:43:99:F0
            X509v3 Authority Key Identifier:
                keyid:40:7C:70:83:46:0E:1A:4C:72:C4:BC:42:76:31:3D:3A:85:94:4A:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QHxwg0YOGkxyxLxCdjE9OoWUSoc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8a7569-ed74-4a92-8627-985ed15c9aeb/1/_DMWomZ-zw9r2w8AsNSptLxDmfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8a7569-ed74-4a92-8627-985ed15c9aeb/1/QHxwg0YOGkxyxLxCdjE9OoWUSoc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.216.0/22
                IPv6:
                  2a0b:55c0::/29
                  2a0e:e880::/29

    Signature Algorithm: sha256WithRSAEncryption
         32:97:73:46:dc:6c:92:92:77:d1:e3:5f:3c:df:58:44:1a:d7:
         2d:d3:11:94:55:4c:7e:b3:cc:94:0c:a8:76:bf:09:f6:70:b9:
         6f:47:61:69:f3:c8:21:aa:60:0c:80:ba:e2:40:32:a7:4e:82:
         1e:81:77:51:dd:82:f9:65:df:01:c8:f4:f5:e6:e4:c8:84:6a:
         28:68:47:47:9e:ca:51:4b:23:16:69:ae:87:97:5b:0f:7a:f6:
         11:65:2e:e3:f8:f8:df:41:45:11:11:cc:ff:02:b5:fb:b3:a9:
         d5:03:e6:a4:59:70:11:f2:0d:56:a3:c9:7a:d9:19:37:ae:6c:
         47:08:2e:fd:ae:65:f9:3d:3a:70:5a:e2:ec:50:c7:70:79:e1:
         68:63:bd:0d:57:97:ff:b6:fa:63:7a:cb:13:0f:86:01:6c:e8:
         f9:e1:e9:bb:5a:60:d2:d3:1d:eb:75:0b:5c:d2:de:3e:0f:c3:
         36:1a:bf:0e:14:eb:1d:8c:dc:86:f6:95:2a:68:24:35:a4:34:
         26:8e:67:e6:c9:bb:e5:e8:62:58:a8:6a:7b:7c:9a:07:86:e5:
         c6:b1:8d:2d:9d:8e:fd:7e:89:02:10:40:15:6f:d9:52:f5:5e:
         0f:bd:6c:88:f8:07:f4:f5:17:00:60:15:40:f4:9f:75:d8:ef:
         4d:38:df:3f
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZxrYgl9vY1KVVf+dmT7z+Q+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwN2M3MDgzNDYwZTFhNGM3MmM0YmM0Mjc2MzEzZDNhODU5
NDRhODcwHhcNMjYwMjE3MTEzNTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzMzMTZhMjY2N2VjZjBmNmJkYjBmMDBiMGQ0YTliNGJjNDM5OWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Z8Sw8znf6vTHQBSmw3KNuY5XK8F
XlMdvlUebXxGlPJL5xso3Yv2D/Bu3yeqJ0J9dW8VKGVAA/2By5DoiYAaqaN59V/K
MQl0MAZSlmb9R9g3QMLskrbfi2D7cP3toFZ9T2xzWXq3hKcs/kKCdd048dUykmhg
X8HsnQa2Rr/vooTBATZbn0t9B3+NXvJWESP6cfXRomFPdRWxTQELDk8pVx+mT6U8
V2Hfo9vBegnFW5Zur6jxmWfNt3u3oR03wjLTTbRdPNolC0BfiEbxv4R98ai3V7Yf
vkQ3Z19JmkBrNHE8v/e/g3iQeuZYmyXISNgz+cDsehou+KUqTmlv9RKLxQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFPwzFqJmfs8Pa9sPALDUqbS8Q5nwMB8GA1UdIwQY
MBaAFEB8cINGDhpMcsS8QnYxPTqFlEqHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUh4d2cwWU9Ha3h5eEx4Q2RqRTlPb1dVU29jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi84YTc1NjktZWQ3NC00YTkyLTg2Mjct
OTg1ZWQxNWM5YWViLzEvX0RNV29tWi16dzlyMnc4QXNOU3B0THhEbWZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi84YTc1NjktZWQ3NC00YTkyLTg2MjctOTg1ZWQxNWM5YWVi
LzEvUUh4d2cwWU9Ha3h5eEx4Q2RqRTlPb1dVU29jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQCLVbYMBQE
AgACMA4DBQMqC1XAAwUDKg7ogDANBgkqhkiG9w0BAQsFAAOCAQEAMpdzRtxskpJ3
0eNfPN9YRBrXLdMRlFVMfrPMlAyodr8J9nC5b0dhafPIIapgDIC64kAyp06CHoF3
Ud2C+WXfAcj09ebkyIRqKGhHR57KUUsjFmmuh5dbD3r2EWUu4/j430FFERHM/wK1
+7Op1QPmpFlwEfINVqPJetkZN65sRwgu/a5l+T06cFri7FDHcHnhaGO9DVeX/7b6
Y3rLEw+GAWzo+eHpu1pg0tMd63ULXNLePg/DNhq/DhTrHYzchvaVKmgkNaQ0Jo5n
5sm75ehiWKhqe3yaB4blxrGNLZ2O/X6JAhBAFW/ZUvVeD71siPgH9PUXAGAVQPSf
ddjvTTjfPw==
-----END CERTIFICATE-----