Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/tD9Hf3OjVgxUovuHwXboqleAm80.roa
File:                     tD9Hf3OjVgxUovuHwXboqleAm80.roa (raw, json)
Hash identifier:          732o41J6MsdesaihJcheLSFZiIUNvObNNDtzRHo9qH4=
Subject key identifier:   B4:3F:47:7F:73:A3:56:0C:54:A2:FB:87:C1:76:E8:AA:57:80:9B:CD
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       019C6C9C10374849E3DE54DD0D822A1BEB3F
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/tD9Hf3OjVgxUovuHwXboqleAm80.roa
Signing time:             Tue 17 Feb 2026 17:18:12 +0000
ROA not before:           Tue 17 Feb 2026 17:18:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200193
IP address blocks:        213.238.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 08:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6c:9c:10:37:48:49:e3:de:54:dd:0d:82:2a:1b:eb:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Feb 17 17:18:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b43f477f73a3560c54a2fb87c176e8aa57809bcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:16:c8:d8:49:27:95:06:2a:00:fd:cb:ee:ac:
                    5b:13:d5:3a:af:ff:ad:8c:27:c7:03:17:fb:a2:37:
                    33:83:03:cf:7c:39:bc:ee:88:ea:7a:0f:ea:09:b5:
                    5b:ef:ba:f1:7e:00:ac:7e:44:38:5f:5d:cf:60:81:
                    dc:25:8b:b1:31:ca:54:90:0d:fd:95:01:0c:5c:53:
                    9d:0d:8f:80:e6:63:35:b4:53:d5:26:89:e4:dd:35:
                    38:18:41:c5:3d:22:b2:e6:4e:49:cb:18:e0:20:49:
                    78:82:49:77:82:68:2a:45:af:96:10:bb:9c:31:c7:
                    69:5a:a1:fa:13:aa:f2:f3:e1:91:4e:a2:5f:c5:0f:
                    e3:43:4f:09:7f:1f:e9:15:c3:ca:3b:88:e2:38:cc:
                    33:39:ba:a9:9c:ef:6b:f7:6a:f6:73:c4:54:77:50:
                    87:6c:79:df:0d:0e:95:9e:1a:3b:2b:a9:b6:62:a4:
                    0e:48:4e:68:ef:8b:11:e4:2e:ee:23:82:a4:0f:f6:
                    8c:3e:69:57:7b:2d:3a:55:60:62:ff:76:cf:ba:89:
                    9c:15:9f:8e:37:c9:8e:cd:e9:84:1d:aa:a6:10:ff:
                    35:bd:fd:1c:a3:a7:9a:d4:37:59:20:aa:5f:09:dc:
                    e2:ec:c5:77:bf:22:34:6c:ab:d8:19:90:f8:cb:64:
                    c0:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:3F:47:7F:73:A3:56:0C:54:A2:FB:87:C1:76:E8:AA:57:80:9B:CD
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/tD9Hf3OjVgxUovuHwXboqleAm80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:db:cb:2e:89:02:91:a3:63:f1:41:ad:f5:e4:0a:53:c7:d8:
         8d:82:fe:a6:5d:85:20:46:29:c5:a6:48:14:56:e2:74:46:17:
         af:63:57:d5:90:e7:78:8b:55:22:47:4b:05:a7:78:47:1b:0b:
         ab:7c:9b:af:71:df:99:7d:bd:33:f8:5b:e7:db:f1:d5:cb:58:
         8f:06:2a:e8:03:f3:68:a3:89:e7:75:dd:82:12:95:3c:fd:c2:
         95:5b:13:5b:e0:75:8d:f2:17:7e:c1:3c:f6:25:2b:6b:90:e3:
         ba:0f:c0:f2:c6:6f:bd:ba:af:f3:ef:69:8f:52:c3:62:a4:04:
         76:c4:fd:71:49:34:67:3b:01:b7:a2:15:85:9c:c8:aa:c3:1a:
         35:38:9d:c2:de:92:c8:75:d9:63:15:0c:3c:1c:06:ec:e5:50:
         b7:0e:32:bf:31:92:a9:a2:f1:e2:5e:d8:f4:3c:d9:79:97:64:
         a6:0a:64:a8:5f:d9:d2:4f:f5:68:1a:e8:4a:82:cc:f0:c1:3f:
         e7:9c:42:d9:20:a1:8a:d3:01:4d:2e:3a:02:22:e2:ef:34:5a:
         5b:a2:03:71:93:d2:fe:f2:2e:0e:80:9b:04:17:4d:20:86:43:
         ba:51:60:3d:17:28:6f:3f:dd:15:8b:16:d4:ad:24:c8:28:05:
         d3:35:b5:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxsnBA3SEnj3lTdDYIqG+s/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjYwMjE3MTcxODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDNmNDc3ZjczYTM1NjBjNTRhMmZiODdjMTc2ZThhYTU3ODA5YmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0RbI2EknlQYqAP3L7qxbE9U6r/+t
jCfHAxf7ojczgwPPfDm87ojqeg/qCbVb77rxfgCsfkQ4X13PYIHcJYuxMcpUkA39
lQEMXFOdDY+A5mM1tFPVJonk3TU4GEHFPSKy5k5JyxjgIEl4gkl3gmgqRa+WELuc
McdpWqH6E6ry8+GRTqJfxQ/jQ08Jfx/pFcPKO4jiOMwzObqpnO9r92r2c8RUd1CH
bHnfDQ6Vnho7K6m2YqQOSE5o74sR5C7uI4KkD/aMPmlXey06VWBi/3bPuomcFZ+O
N8mOzemEHaqmEP81vf0co6ea1DdZIKpfCdzi7MV3vyI0bKvYGZD4y2TAVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLQ/R39zo1YMVKL7h8F26KpXgJvNMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvdEQ5SGYzT2pWZ3hVb3Z1SHdYYm9xbGVBbTgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e6tMA0G
CSqGSIb3DQEBCwUAA4IBAQCr28suiQKRo2PxQa315ApTx9iNgv6mXYUgRinFpkgU
VuJ0RhevY1fVkOd4i1UiR0sFp3hHGwurfJuvcd+Zfb0z+Fvn2/HVy1iPBiroA/No
o4nndd2CEpU8/cKVWxNb4HWN8hd+wTz2JStrkOO6D8Dyxm+9uq/z72mPUsNipAR2
xP1xSTRnOwG3ohWFnMiqwxo1OJ3C3pLIddljFQw8HAbs5VC3DjK/MZKpovHiXtj0
PNl5l2SmCmSoX9nST/VoGuhKgszwwT/nnELZIKGK0wFNLjoCIuLvNFpbogNxk9L+
8i4OgJsEF00ghkO6UWA9FyhvP90VixbUrSTIKAXTNbUY
-----END CERTIFICATE-----