Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/fceb02-b0f1-4917-85c2-706ab3e83d1d/1/9gGSBVdoMqiDjRpMvCx2xmyD74c.roa
File:                     9gGSBVdoMqiDjRpMvCx2xmyD74c.roa (raw, json)
Hash identifier:          NKCr7+PeOZuiE60zEjyMYDN68eBiZ4Wy2UIX8ZkkZo4=
Subject key identifier:   F6:01:92:05:57:68:32:A8:83:8D:1A:4C:BC:2C:76:C6:6C:83:EF:87
Certificate issuer:       /CN=a3c077b83772a002d5c4f8b9218ec0dc7f040cbf
Certificate serial:       019C7CDC6E5BBC4D72DED5C3DA1AEBCEE9AC
Authority key identifier: A3:C0:77:B8:37:72:A0:02:D5:C4:F8:B9:21:8E:C0:DC:7F:04:0C:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o8B3uDdyoALVxPi5IY7A3H8EDL8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/fceb02-b0f1-4917-85c2-706ab3e83d1d/1/9gGSBVdoMqiDjRpMvCx2xmyD74c.roa
Signing time:             Fri 20 Feb 2026 21:02:26 +0000
ROA not before:           Fri 20 Feb 2026 21:02:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206287
IP address blocks:        185.190.112.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/fceb02-b0f1-4917-85c2-706ab3e83d1d/1/o8B3uDdyoALVxPi5IY7A3H8EDL8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/fceb02-b0f1-4917-85c2-706ab3e83d1d/1/o8B3uDdyoALVxPi5IY7A3H8EDL8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o8B3uDdyoALVxPi5IY7A3H8EDL8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7c:dc:6e:5b:bc:4d:72:de:d5:c3:da:1a:eb:ce:e9:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3c077b83772a002d5c4f8b9218ec0dc7f040cbf
        Validity
            Not Before: Feb 20 21:02:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f6019205576832a8838d1a4cbc2c76c66c83ef87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:75:5b:8c:f3:17:43:44:aa:73:5e:a0:5f:c1:
                    33:e2:d6:b1:93:c1:6e:6e:29:5e:80:83:b3:31:51:
                    e9:7d:1a:0a:96:67:29:f1:c0:04:db:50:a3:c7:44:
                    c8:11:de:53:76:23:99:04:99:68:ec:ca:a6:ba:6d:
                    3c:17:7d:df:e9:f2:ee:e6:b7:2a:82:0c:51:54:c2:
                    f6:cf:f2:81:a9:f3:43:69:a5:9e:73:99:93:98:31:
                    fe:a2:b0:eb:92:2c:d6:5e:ec:3e:a6:47:fb:cb:ba:
                    d2:ec:67:91:cf:8d:8e:77:a6:40:4c:04:7f:a0:e8:
                    bd:fe:37:fd:a7:82:15:30:52:c7:83:de:09:81:eb:
                    dc:6f:11:83:77:90:58:11:93:04:98:c2:d8:21:2c:
                    cf:06:8c:94:7c:5d:03:1d:5f:56:88:d1:de:18:3f:
                    1d:19:4f:a2:01:66:ea:28:6b:59:d0:b6:3b:8e:10:
                    af:43:34:72:94:df:08:c2:30:25:e2:2e:9d:35:e1:
                    2b:ae:50:e8:ce:a1:88:ce:2f:0d:96:1a:01:b9:b5:
                    30:e4:15:52:f8:80:66:cc:ba:b5:2d:ac:69:7f:ff:
                    de:7b:9a:9e:ea:4d:df:15:e1:ef:f6:48:cf:83:42:
                    ec:64:9c:0c:c9:69:9c:a3:95:73:03:e8:8f:e0:18:
                    bc:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:01:92:05:57:68:32:A8:83:8D:1A:4C:BC:2C:76:C6:6C:83:EF:87
            X509v3 Authority Key Identifier:
                keyid:A3:C0:77:B8:37:72:A0:02:D5:C4:F8:B9:21:8E:C0:DC:7F:04:0C:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o8B3uDdyoALVxPi5IY7A3H8EDL8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/fceb02-b0f1-4917-85c2-706ab3e83d1d/1/9gGSBVdoMqiDjRpMvCx2xmyD74c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/fceb02-b0f1-4917-85c2-706ab3e83d1d/1/o8B3uDdyoALVxPi5IY7A3H8EDL8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3f:9a:81:48:76:e5:fd:be:f8:45:b3:d2:58:79:d0:50:7b:be:
         cc:f4:a9:41:5d:51:62:a7:51:35:64:9f:56:69:bb:ea:ae:23:
         3f:69:0e:0f:91:78:d5:1d:3d:0a:7a:77:64:57:8f:a1:fb:4b:
         46:87:2b:eb:14:52:22:dc:5b:02:5c:8c:47:f1:e9:32:a8:df:
         7f:55:e3:c0:8a:e3:74:0c:a7:2a:26:13:51:00:ed:70:5d:bc:
         29:14:fd:22:d3:f9:c0:f7:1a:41:ba:ad:38:fc:31:0a:a1:15:
         7b:7e:b3:d2:d5:ad:46:d0:10:41:94:0a:7d:6a:bb:de:c1:f0:
         cb:4d:87:48:7d:d5:2c:ac:ab:9d:4f:39:cd:e7:54:04:df:71:
         3a:3e:c6:f3:fe:33:8e:c2:8d:c9:cd:38:e3:98:9a:a1:93:a2:
         71:3f:a0:d4:6a:87:28:d3:ac:92:ee:e6:e9:71:dc:3c:2f:d0:
         94:eb:ac:86:e8:9c:3f:cb:1d:e9:75:a5:5b:6b:85:08:39:22:
         a3:27:c9:5d:c8:1f:ba:95:2c:d4:01:2a:bd:4f:ba:95:67:ab:
         41:ad:af:72:03:dd:d3:7d:c7:8b:41:06:93:d3:62:f1:cd:2e:
         49:63:0e:f7:3b:7f:84:2e:32:15:ad:5b:4f:37:75:1e:be:1b:
         50:0d:94:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx83G5bvE1y3tXD2hrrzumsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzYzA3N2I4Mzc3MmEwMDJkNWM0ZjhiOTIxOGVjMGRjN2Yw
NDBjYmYwHhcNMjYwMjIwMjEwMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjAxOTIwNTU3NjgzMmE4ODM4ZDFhNGNiYzJjNzZjNjZjODNlZjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5nVbjPMXQ0Sqc16gX8Ez4taxk8Fu
bilegIOzMVHpfRoKlmcp8cAE21Cjx0TIEd5TdiOZBJlo7Mqmum08F33f6fLu5rcq
ggxRVML2z/KBqfNDaaWec5mTmDH+orDrkizWXuw+pkf7y7rS7GeRz42Od6ZATAR/
oOi9/jf9p4IVMFLHg94JgevcbxGDd5BYEZMEmMLYISzPBoyUfF0DHV9WiNHeGD8d
GU+iAWbqKGtZ0LY7jhCvQzRylN8IwjAl4i6dNeErrlDozqGIzi8NlhoBubUw5BVS
+IBmzLq1Laxpf//ee5qe6k3fFeHv9kjPg0LsZJwMyWmco5VzA+iP4Bi8FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPYBkgVXaDKog40aTLwsdsZsg++HMB8GA1UdIwQY
MBaAFKPAd7g3cqAC1cT4uSGOwNx/BAy/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzhCM3VEZHlvQUxWeFBpNUlZN0EzSDhFREw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9mY2ViMDItYjBmMS00OTE3LTg1YzIt
NzA2YWIzZTgzZDFkLzEvOWdHU0JWZG9NcWlEalJwTXZDeDJ4bXlENzRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9mY2ViMDItYjBmMS00OTE3LTg1YzItNzA2YWIzZTgzZDFk
LzEvbzhCM3VEZHlvQUxWeFBpNUlZN0EzSDhFREw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCub5wMA0G
CSqGSIb3DQEBCwUAA4IBAQA/moFIduX9vvhFs9JYedBQe77M9KlBXVFip1E1ZJ9W
abvqriM/aQ4PkXjVHT0KendkV4+h+0tGhyvrFFIi3FsCXIxH8ekyqN9/VePAiuN0
DKcqJhNRAO1wXbwpFP0i0/nA9xpBuq04/DEKoRV7frPS1a1G0BBBlAp9arvewfDL
TYdIfdUsrKudTznN51QE33E6Psbz/jOOwo3JzTjjmJqhk6JxP6DUaoco06yS7ubp
cdw8L9CU66yG6Jw/yx3pdaVba4UIOSKjJ8ldyB+6lSzUASq9T7qVZ6tBra9yA93T
fceLQQaT02LxzS5JYw73O3+ELjIVrVtPN3UevhtQDZT8
-----END CERTIFICATE-----