Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/KgW45DZx_DcJtzWbEmqe_9ujUwM.roa
File:                     KgW45DZx_DcJtzWbEmqe_9ujUwM.roa (raw, json)
Hash identifier:          cJajKXPZ3rzY+l0kpAt9PPDaDs8ahPGZq60DZ4ImsJ0=
Subject key identifier:   2A:05:B8:E4:36:71:FC:37:09:B7:35:9B:12:6A:9E:FF:DB:A3:53:03
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019C6F7B3C1DA96698C9DF5DC09D6F5E25F6
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/KgW45DZx_DcJtzWbEmqe_9ujUwM.roa
Signing time:             Wed 18 Feb 2026 06:41:13 +0000
ROA not before:           Wed 18 Feb 2026 06:41:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     10753
IP address blocks:        178.254.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6f:7b:3c:1d:a9:66:98:c9:df:5d:c0:9d:6f:5e:25:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Feb 18 06:41:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a05b8e43671fc3709b7359b126a9effdba35303
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:80:98:18:dc:31:de:3a:1f:df:c5:c6:11:b3:
                    cb:80:b3:1e:7d:22:0d:18:80:e0:5c:1b:11:a4:40:
                    ca:48:bb:f4:86:c1:c8:11:d1:c3:ed:36:0a:c5:e2:
                    77:19:8b:dd:5a:13:34:dd:68:45:bc:62:69:60:09:
                    b3:9c:01:97:67:0b:4e:07:4d:e1:8c:76:1d:f5:bd:
                    5a:e2:64:55:00:76:0d:5e:9b:ff:37:76:ca:69:9d:
                    0a:dd:db:12:c9:55:46:19:c9:1e:62:39:fd:b9:18:
                    bb:f3:63:0b:72:1f:1e:76:81:10:00:4b:29:04:86:
                    4b:b9:05:21:18:29:f1:81:ac:22:14:2a:c4:41:70:
                    92:25:7b:76:06:92:c3:62:87:8f:24:4a:6b:cf:a4:
                    5d:40:df:8c:4a:c7:bf:04:32:5a:96:98:56:da:10:
                    b0:04:64:9b:fb:39:7b:90:0e:14:bb:ec:94:69:3d:
                    dd:f8:99:7b:89:a7:87:ae:0e:7b:cb:16:e4:f0:ff:
                    f0:71:90:52:f4:8e:99:41:bd:c1:89:2e:12:88:95:
                    32:69:0a:5e:41:bb:4f:a5:87:e2:da:97:cb:b9:ea:
                    12:11:3c:ae:a9:d5:64:13:09:47:a0:31:22:50:20:
                    73:19:0f:e7:c9:50:4d:51:49:ab:61:d7:2f:e8:bd:
                    83:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:05:B8:E4:36:71:FC:37:09:B7:35:9B:12:6A:9E:FF:DB:A3:53:03
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/KgW45DZx_DcJtzWbEmqe_9ujUwM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.254.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:ad:f6:67:38:c7:d5:a0:92:49:5e:6a:9e:00:d8:57:e4:28:
         5b:7a:e8:07:7a:c7:6b:ce:a0:7d:a0:d0:90:8c:a4:b8:6f:bd:
         bb:40:a3:75:be:29:b5:ce:d7:eb:11:5b:d5:80:00:4d:f5:2e:
         09:0b:0c:01:d6:32:36:66:88:00:a9:5a:68:c1:a3:99:ce:f4:
         02:e4:b8:9a:c9:0a:f9:4f:d7:a9:62:6f:3e:07:91:ee:03:a9:
         f9:82:85:4e:7f:69:ba:79:52:f5:ac:29:ee:0e:72:1f:38:86:
         11:db:0b:b4:8c:ac:21:88:88:bd:c8:c1:85:86:63:f2:92:bb:
         ee:49:97:4c:2a:6d:36:4d:dc:10:36:20:bf:48:58:03:68:32:
         6d:b6:ba:72:56:fe:7a:d4:e4:ee:3c:27:a5:fc:f2:a0:3d:1d:
         22:cb:62:5c:3e:0d:35:c3:ba:da:29:4e:7e:d3:80:d2:e0:62:
         10:2e:b1:dd:9a:c2:07:90:8b:ce:a9:76:6d:e5:91:03:5b:72:
         a1:bc:34:a4:9a:22:14:1d:74:96:cf:2f:f5:de:3d:84:9a:88:
         48:76:35:b3:03:d9:af:92:b2:af:4d:dc:8f:69:a2:f2:6a:3f:
         b6:98:f6:4d:e1:c4:6c:b5:45:b6:8d:de:21:6c:77:41:1d:47:
         56:1d:4a:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxvezwdqWaYyd9dwJ1vXiX2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjYwMjE4MDY0MTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTA1YjhlNDM2NzFmYzM3MDliNzM1OWIxMjZhOWVmZmRiYTM1MzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuICYGNwx3jof38XGEbPLgLMefSIN
GIDgXBsRpEDKSLv0hsHIEdHD7TYKxeJ3GYvdWhM03WhFvGJpYAmznAGXZwtOB03h
jHYd9b1a4mRVAHYNXpv/N3bKaZ0K3dsSyVVGGckeYjn9uRi782MLch8edoEQAEsp
BIZLuQUhGCnxgawiFCrEQXCSJXt2BpLDYoePJEprz6RdQN+MSse/BDJalphW2hCw
BGSb+zl7kA4Uu+yUaT3d+Jl7iaeHrg57yxbk8P/wcZBS9I6ZQb3BiS4SiJUyaQpe
QbtPpYfi2pfLueoSETyuqdVkEwlHoDEiUCBzGQ/nyVBNUUmrYdcv6L2DRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCoFuOQ2cfw3Cbc1mxJqnv/bo1MDMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvS2dXNDVEWnhfRGNKdHpXYkVtcWVfOXVqVXdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv6xMA0G
CSqGSIb3DQEBCwUAA4IBAQBErfZnOMfVoJJJXmqeANhX5ChbeugHesdrzqB9oNCQ
jKS4b727QKN1vim1ztfrEVvVgABN9S4JCwwB1jI2ZogAqVpowaOZzvQC5LiayQr5
T9epYm8+B5HuA6n5goVOf2m6eVL1rCnuDnIfOIYR2wu0jKwhiIi9yMGFhmPykrvu
SZdMKm02TdwQNiC/SFgDaDJttrpyVv561OTuPCel/PKgPR0iy2JcPg01w7raKU5+
04DS4GIQLrHdmsIHkIvOqXZt5ZEDW3KhvDSkmiIUHXSWzy/13j2EmohIdjWzA9mv
krKvTdyPaaLyaj+2mPZN4cRstUW2jd4hbHdBHUdWHUpn
-----END CERTIFICATE-----