Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e81c1a-0c87-4825-bccc-36b7b1de045d/1/AGVrI7h1W1sZnmEHrQIXxLRxF1Q.roa
File:                     AGVrI7h1W1sZnmEHrQIXxLRxF1Q.roa (raw, json)
Hash identifier:          K1nbjcJomqgMcH/NVsTCJWhMoSmEDtw4c8u/MMrHlso=
Subject key identifier:   00:65:6B:23:B8:75:5B:5B:19:9E:61:07:AD:02:17:C4:B4:71:17:54
Certificate issuer:       /CN=1fd9cec9ed1fd4f41c0b1e30efb96c861553be36
Certificate serial:       019C49AC464E262C2DB67571C246E57A3ED7
Authority key identifier: 1F:D9:CE:C9:ED:1F:D4:F4:1C:0B:1E:30:EF:B9:6C:86:15:53:BE:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H9nOye0f1PQcCx4w77lshhVTvjY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e81c1a-0c87-4825-bccc-36b7b1de045d/1/AGVrI7h1W1sZnmEHrQIXxLRxF1Q.roa
Signing time:             Tue 10 Feb 2026 22:29:12 +0000
ROA not before:           Tue 10 Feb 2026 22:29:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214453
IP address blocks:        95.143.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e81c1a-0c87-4825-bccc-36b7b1de045d/1/H9nOye0f1PQcCx4w77lshhVTvjY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e81c1a-0c87-4825-bccc-36b7b1de045d/1/H9nOye0f1PQcCx4w77lshhVTvjY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H9nOye0f1PQcCx4w77lshhVTvjY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:49:ac:46:4e:26:2c:2d:b6:75:71:c2:46:e5:7a:3e:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fd9cec9ed1fd4f41c0b1e30efb96c861553be36
        Validity
            Not Before: Feb 10 22:29:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=00656b23b8755b5b199e6107ad0217c4b4711754
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:f7:8b:b7:ef:82:b1:b2:22:40:0f:b3:55:56:
                    ae:e1:e0:ac:da:4d:dc:22:c1:ae:07:b9:b2:80:f4:
                    53:8e:5a:75:f3:bb:5e:74:06:00:e7:d1:fb:27:99:
                    0b:15:ad:fb:80:f4:05:22:44:1f:00:19:ab:44:b7:
                    c3:c4:e6:34:50:93:e1:1a:cd:71:11:b3:9f:52:26:
                    27:3a:16:14:bf:17:a6:5f:61:c6:8c:4d:2b:64:db:
                    67:67:26:84:55:f6:75:42:73:16:d8:77:1a:e7:ee:
                    1a:bc:bb:ca:c3:b9:73:e4:dc:aa:fd:17:38:d4:c7:
                    57:f6:56:91:c7:7f:ce:ae:95:2c:a9:6a:72:30:cf:
                    b4:cd:03:4e:de:1d:8c:e5:9d:c0:ec:1f:5e:9c:2c:
                    a6:f4:0e:7c:ac:d9:12:5f:25:38:e6:2e:b8:ae:b4:
                    7e:04:5d:2b:2b:e6:4e:3f:3e:5a:f9:91:57:a3:f8:
                    dd:0a:55:4d:d3:56:e5:c3:1c:8b:44:38:a7:3d:4f:
                    77:07:38:75:2d:38:4c:56:e7:ec:e4:3b:8b:dd:97:
                    e3:1a:68:9b:d4:cb:c0:ca:e8:e4:fe:52:4e:d3:c3:
                    42:3f:88:34:34:4b:f9:a2:6c:8d:81:a9:68:48:49:
                    93:f9:96:ba:0e:80:c0:2c:61:06:3b:c2:cd:ef:81:
                    05:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:65:6B:23:B8:75:5B:5B:19:9E:61:07:AD:02:17:C4:B4:71:17:54
            X509v3 Authority Key Identifier:
                keyid:1F:D9:CE:C9:ED:1F:D4:F4:1C:0B:1E:30:EF:B9:6C:86:15:53:BE:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H9nOye0f1PQcCx4w77lshhVTvjY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e81c1a-0c87-4825-bccc-36b7b1de045d/1/AGVrI7h1W1sZnmEHrQIXxLRxF1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e81c1a-0c87-4825-bccc-36b7b1de045d/1/H9nOye0f1PQcCx4w77lshhVTvjY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.143.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:33:38:be:f3:bb:79:26:84:3a:11:ed:fa:a2:00:a3:1f:93:
         2e:a8:0a:ce:33:89:f5:fc:78:85:36:dd:d8:93:48:dc:af:71:
         12:6e:92:f0:66:62:ba:5c:e5:db:8d:83:4f:47:d6:22:39:06:
         37:7a:d5:17:3d:f3:39:13:b9:b8:ad:a4:72:ad:4d:9a:b5:a2:
         53:6e:04:78:85:16:25:d3:2d:3c:8b:ee:97:0a:52:1d:c5:a3:
         84:19:40:58:12:ba:38:bd:aa:6e:cc:4e:a1:b9:6d:47:f6:17:
         ed:e3:c7:ee:b0:83:01:d2:78:98:b3:20:28:f8:d8:73:a2:3f:
         4b:9f:a5:a8:bb:02:1a:82:30:60:fe:b6:a4:93:0c:9b:b4:1e:
         ac:81:68:a6:81:0a:6e:f2:42:bd:22:0a:a4:43:af:e2:18:f6:
         1d:63:d3:e1:35:59:bf:bd:49:1a:74:53:1b:2b:65:a4:ac:ab:
         34:67:8b:cc:00:fc:7e:8e:71:88:eb:4d:04:0b:07:7e:97:34:
         71:17:27:68:19:9a:34:8e:17:5a:50:19:c4:0e:33:d0:44:a4:
         57:14:2a:61:14:8c:07:64:cd:1d:f4:da:4e:1c:90:90:59:1d:
         d6:3a:39:62:c9:2b:4b:96:67:62:d0:cc:89:64:8a:bc:93:91:
         60:33:e1:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxJrEZOJiwttnVxwkblej7XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZDljZWM5ZWQxZmQ0ZjQxYzBiMWUzMGVmYjk2Yzg2MTU1
M2JlMzYwHhcNMjYwMjEwMjIyOTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDY1NmIyM2I4NzU1YjViMTk5ZTYxMDdhZDAyMTdjNGI0NzExNzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPeLt++CsbIiQA+zVVau4eCs2k3c
IsGuB7mygPRTjlp187tedAYA59H7J5kLFa37gPQFIkQfABmrRLfDxOY0UJPhGs1x
EbOfUiYnOhYUvxemX2HGjE0rZNtnZyaEVfZ1QnMW2Hca5+4avLvKw7lz5Nyq/Rc4
1MdX9laRx3/OrpUsqWpyMM+0zQNO3h2M5Z3A7B9enCym9A58rNkSXyU45i64rrR+
BF0rK+ZOPz5a+ZFXo/jdClVN01blwxyLRDinPU93Bzh1LThMVufs5DuL3ZfjGmib
1MvAyujk/lJO08NCP4g0NEv5omyNgaloSEmT+Za6DoDALGEGO8LN74EF7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFABlayO4dVtbGZ5hB60CF8S0cRdUMB8GA1UdIwQY
MBaAFB/ZzsntH9T0HAseMO+5bIYVU742MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDluT3llMGYxUFFjQ3g0dzc3bHNoaFZUdmpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lODFjMWEtMGM4Ny00ODI1LWJjY2Mt
MzZiN2IxZGUwNDVkLzEvQUdWckk3aDFXMXNabm1FSHJRSVh4TFJ4RjFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lODFjMWEtMGM4Ny00ODI1LWJjY2MtMzZiN2IxZGUwNDVk
LzEvSDluT3llMGYxUFFjQ3g0dzc3bHNoaFZUdmpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX49jMA0G
CSqGSIb3DQEBCwUAA4IBAQBkMzi+87t5JoQ6Ee36ogCjH5MuqArOM4n1/HiFNt3Y
k0jcr3ESbpLwZmK6XOXbjYNPR9YiOQY3etUXPfM5E7m4raRyrU2ataJTbgR4hRYl
0y08i+6XClIdxaOEGUBYEro4vapuzE6huW1H9hft48fusIMB0niYsyAo+Nhzoj9L
n6WouwIagjBg/rakkwybtB6sgWimgQpu8kK9IgqkQ6/iGPYdY9PhNVm/vUkadFMb
K2WkrKs0Z4vMAPx+jnGI600ECwd+lzRxFydoGZo0jhdaUBnEDjPQRKRXFCphFIwH
ZM0d9NpOHJCQWR3WOjliyStLlmdi0MyJZIq8k5FgM+Gk
-----END CERTIFICATE-----