Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/SiRODOPT6QuLh41OB1rJZD2_oPE.roa
File:                     SiRODOPT6QuLh41OB1rJZD2_oPE.roa (raw, json)
Hash identifier:          SRhUARiE6AcPykXvIISS/nISj8cxdq3mSKlJoNU8SGQ=
Subject key identifier:   4A:24:4E:0C:E3:D3:E9:0B:8B:87:8D:4E:07:5A:C9:64:3D:BF:A0:F1
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       019C51A9911ED97551BA0B4D1D872F90EABE
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/SiRODOPT6QuLh41OB1rJZD2_oPE.roa
Signing time:             Thu 12 Feb 2026 11:43:13 +0000
ROA not before:           Thu 12 Feb 2026 11:43:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208185
IP address blocks:        89.43.46.0/24 maxlen: 24
                          188.215.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 13:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:51:a9:91:1e:d9:75:51:ba:0b:4d:1d:87:2f:90:ea:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Feb 12 11:43:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4a244e0ce3d3e90b8b878d4e075ac9643dbfa0f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:40:d1:c7:17:4b:1f:9c:fc:90:2f:43:30:b0:
                    b1:73:4f:03:a4:b8:e1:33:6f:9e:f6:64:7a:81:34:
                    4f:69:77:21:97:ce:f9:1a:b8:25:2b:c1:fc:21:c8:
                    2c:d7:7d:5f:16:13:a1:7d:d2:77:dc:d3:d4:80:af:
                    49:61:9e:27:a7:6f:0a:f2:25:75:8a:1c:99:b4:18:
                    24:46:fe:50:d4:58:0b:15:23:b9:f1:13:9f:c9:37:
                    a4:c2:5a:40:c0:41:7b:7c:ef:d8:ab:41:56:19:3a:
                    be:c9:ff:ff:ad:2f:ec:a4:a8:ec:e0:2d:f8:88:15:
                    36:d3:c3:5f:ee:fb:0b:8d:98:60:a3:6c:2f:21:9d:
                    30:ef:15:88:ce:5e:6f:66:f1:48:e6:3f:c2:16:3d:
                    e3:ea:23:5b:14:16:72:63:04:f1:ff:12:b5:95:8a:
                    38:19:66:e8:d8:58:ca:40:22:6d:f2:4c:3f:0b:0e:
                    30:69:81:11:35:2e:94:54:43:94:8f:ce:cc:20:73:
                    24:46:db:a0:62:ef:6c:e8:6d:7d:93:7b:4f:29:15:
                    be:e9:9e:a4:7b:35:39:4b:37:6c:43:3d:30:26:27:
                    50:e6:ab:35:d8:57:63:52:4a:f1:e0:9d:e0:6e:b1:
                    bd:4a:59:86:79:b7:88:fb:f7:7c:78:9a:39:76:87:
                    2f:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:24:4E:0C:E3:D3:E9:0B:8B:87:8D:4E:07:5A:C9:64:3D:BF:A0:F1
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/SiRODOPT6QuLh41OB1rJZD2_oPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.43.46.0/24
                  188.215.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:85:46:6f:71:51:9e:bb:61:e5:50:0e:df:61:76:97:87:67:
         38:fd:6b:66:06:4f:f0:59:ce:a7:c0:ae:9d:2a:4c:1a:85:c7:
         ff:6f:01:a8:4d:6d:ec:69:66:73:5f:8f:71:2e:f6:ac:6c:b3:
         db:6e:85:ec:45:77:cd:d4:0d:75:2c:54:26:36:be:d6:f7:e7:
         4b:4c:13:dd:4a:d1:70:73:4d:56:a5:f5:ab:2c:c7:9c:80:73:
         5c:be:a4:6b:96:95:23:fb:90:57:2e:18:92:1f:fe:44:64:46:
         be:54:6e:c9:ef:ba:95:64:90:88:3a:00:9c:df:4f:f5:75:ff:
         9c:76:d1:c7:87:82:9f:cc:08:48:2b:40:a7:41:c5:fb:64:9e:
         36:c1:3d:80:6b:69:29:eb:21:d2:d3:a2:ba:1e:56:0e:8c:47:
         1f:0b:11:3a:55:c9:43:a3:18:94:f9:6f:14:63:ca:c9:42:f0:
         b4:e3:ff:aa:9a:24:71:80:1b:50:6c:e9:32:cb:ce:a4:13:29:
         6d:3a:bc:68:0f:d9:79:57:f2:c9:ab:7e:90:fc:82:e4:a0:5f:
         bb:71:df:f9:e7:dd:8e:90:66:fa:40:d2:fb:ee:36:f6:4a:62:
         47:45:e2:18:13:25:f5:74:52:a6:1f:b9:d3:26:c9:b3:1b:37:
         d9:e6:ed:84
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxRqZEe2XVRugtNHYcvkOq+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjYwMjEyMTE0MzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTI0NGUwY2UzZDNlOTBiOGI4NzhkNGUwNzVhYzk2NDNkYmZhMGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEDRxxdLH5z8kC9DMLCxc08DpLjh
M2+e9mR6gTRPaXchl875GrglK8H8Icgs131fFhOhfdJ33NPUgK9JYZ4np28K8iV1
ihyZtBgkRv5Q1FgLFSO58ROfyTekwlpAwEF7fO/Yq0FWGTq+yf//rS/spKjs4C34
iBU208Nf7vsLjZhgo2wvIZ0w7xWIzl5vZvFI5j/CFj3j6iNbFBZyYwTx/xK1lYo4
GWbo2FjKQCJt8kw/Cw4waYERNS6UVEOUj87MIHMkRtugYu9s6G19k3tPKRW+6Z6k
ezU5SzdsQz0wJidQ5qs12FdjUkrx4J3gbrG9SlmGebeI+/d8eJo5docv3wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEokTgzj0+kLi4eNTgdayWQ9v6DxMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvU2lST0RPUFQ2UXVMaDQxT0IxckpaRDJfb1BFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSsuAwQA
vNdIMA0GCSqGSIb3DQEBCwUAA4IBAQC/hUZvcVGeu2HlUA7fYXaXh2c4/WtmBk/w
Wc6nwK6dKkwahcf/bwGoTW3saWZzX49xLvasbLPbboXsRXfN1A11LFQmNr7W9+dL
TBPdStFwc01WpfWrLMecgHNcvqRrlpUj+5BXLhiSH/5EZEa+VG7J77qVZJCIOgCc
30/1df+cdtHHh4KfzAhIK0CnQcX7ZJ42wT2Aa2kp6yHS06K6HlYOjEcfCxE6VclD
oxiU+W8UY8rJQvC04/+qmiRxgBtQbOkyy86kEyltOrxoD9l5V/LJq36Q/ILkoF+7
cd/5592OkGb6QNL77jb2SmJHReIYEyX1dFKmH7nTJsmzGzfZ5u2E
-----END CERTIFICATE-----