Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/080569-3bb5-46de-82ba-a630c2ea23f9/1/tTSKZ9SBm5TzwVGPFr99l5iaN7Y.roa
File:                     tTSKZ9SBm5TzwVGPFr99l5iaN7Y.roa (raw, json)
Hash identifier:          6iyRKX1ykzt8wMyhT1hUZtasJQSEcc9fv+Jwo+YKOD8=
Subject key identifier:   B5:34:8A:67:D4:81:9B:94:F3:C1:51:8F:16:BF:7D:97:98:9A:37:B6
Certificate issuer:       /CN=d43b22130aa9a7734254769ec13bfe171fa1e28b
Certificate serial:       019C74F308AD8E7DE1754F82F18B2D07AE29
Authority key identifier: D4:3B:22:13:0A:A9:A7:73:42:54:76:9E:C1:3B:FE:17:1F:A1:E2:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1DsiEwqpp3NCVHaewTv-Fx-h4os.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/080569-3bb5-46de-82ba-a630c2ea23f9/1/tTSKZ9SBm5TzwVGPFr99l5iaN7Y.roa
Signing time:             Thu 19 Feb 2026 08:10:10 +0000
ROA not before:           Thu 19 Feb 2026 08:10:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57922
IP address blocks:        5.250.253.0/24 maxlen: 24
                          2a0f:4d00::/29 maxlen: 48
                          2a0f:4d00:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/080569-3bb5-46de-82ba-a630c2ea23f9/1/1DsiEwqpp3NCVHaewTv-Fx-h4os.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/080569-3bb5-46de-82ba-a630c2ea23f9/1/1DsiEwqpp3NCVHaewTv-Fx-h4os.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1DsiEwqpp3NCVHaewTv-Fx-h4os.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:74:f3:08:ad:8e:7d:e1:75:4f:82:f1:8b:2d:07:ae:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d43b22130aa9a7734254769ec13bfe171fa1e28b
        Validity
            Not Before: Feb 19 08:10:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b5348a67d4819b94f3c1518f16bf7d97989a37b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:8a:92:61:16:bf:89:89:c8:f5:cb:42:e3:e1:
                    ec:39:46:c8:0d:e4:75:61:5e:f2:12:e2:aa:08:eb:
                    8b:fd:68:33:b4:c7:9a:96:bb:16:6d:a5:67:67:2a:
                    fa:6c:75:b9:f5:ae:d2:ba:31:de:e0:38:9a:58:f7:
                    d8:b1:b3:c5:51:b3:c6:27:5d:a4:c6:33:78:de:4b:
                    fa:ef:98:1c:e5:76:30:3a:63:b9:e4:ba:85:61:89:
                    61:be:96:58:7a:c4:a1:fa:e9:cc:1a:c2:35:18:a7:
                    97:3d:af:24:b1:42:82:15:e2:cd:2e:69:4f:68:3d:
                    b2:7c:61:89:82:82:d3:73:39:ac:b6:0b:b0:ba:2b:
                    08:18:32:da:7c:13:84:76:aa:98:2a:1f:c3:9e:c9:
                    fc:44:01:e0:ec:41:32:b0:d4:db:2b:5e:0b:86:bd:
                    b6:6a:be:fb:97:b5:8e:4d:b5:42:0f:36:1b:99:d8:
                    e1:32:0f:9b:8d:b9:56:25:cb:c4:08:cd:d5:ce:57:
                    17:bf:30:8b:cf:ad:4f:ce:e2:b5:12:7b:6b:23:ec:
                    f4:87:ff:6b:45:d4:d1:70:b8:76:68:6d:b4:41:4e:
                    d4:c4:21:6c:23:0b:c2:ab:d0:8e:c3:43:3b:19:d6:
                    dd:0f:37:3f:32:3a:4e:8e:02:cd:c4:9b:f7:41:d4:
                    ba:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:34:8A:67:D4:81:9B:94:F3:C1:51:8F:16:BF:7D:97:98:9A:37:B6
            X509v3 Authority Key Identifier:
                keyid:D4:3B:22:13:0A:A9:A7:73:42:54:76:9E:C1:3B:FE:17:1F:A1:E2:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DsiEwqpp3NCVHaewTv-Fx-h4os.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/080569-3bb5-46de-82ba-a630c2ea23f9/1/tTSKZ9SBm5TzwVGPFr99l5iaN7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/080569-3bb5-46de-82ba-a630c2ea23f9/1/1DsiEwqpp3NCVHaewTv-Fx-h4os.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.250.253.0/24
                IPv6:
                  2a0f:4d00::/29

    Signature Algorithm: sha256WithRSAEncryption
         11:28:e0:57:2e:ad:ce:b0:b1:eb:56:10:06:fc:e2:e3:05:2b:
         4e:58:36:f3:19:f7:23:13:ed:cb:53:75:0c:9f:cf:e1:14:fd:
         b0:15:38:04:66:19:d4:10:12:e6:a5:83:17:82:3c:b7:32:7d:
         e7:73:41:7c:26:1e:e2:aa:06:da:06:8f:e1:28:17:cb:3d:18:
         aa:84:27:43:17:09:11:21:2e:d9:a2:50:8a:bc:3a:fb:a2:e7:
         6d:04:a3:c0:9b:79:30:8b:de:a7:4b:4e:55:66:8f:c6:b3:9e:
         6f:b9:2f:b0:c5:97:41:16:0a:fd:f7:ba:fc:3f:93:b2:6c:23:
         64:d4:67:3e:88:36:9e:c6:18:3a:95:fc:8c:8f:5f:d9:bf:13:
         4d:2f:24:af:ea:0c:4f:b4:d5:88:ef:a7:52:09:6a:e3:44:38:
         df:af:fd:84:fb:4f:d1:88:23:aa:8e:00:77:ac:aa:b1:01:db:
         71:a4:23:40:dd:2d:ae:38:55:eb:55:98:00:23:67:a8:e0:55:
         ce:55:fd:b4:5d:13:b3:c3:4e:d4:59:ae:5c:2c:8d:61:35:c0:
         58:0a:31:d9:36:b6:54:b1:c3:fe:51:25:ed:19:a1:9c:dc:3c:
         06:f6:41:9e:d4:73:d6:41:d2:9d:da:1e:f6:3c:87:da:d5:e5:
         ad:c3:59:9d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZx08witjn3hdU+C8YstB64pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0M2IyMjEzMGFhOWE3NzM0MjU0NzY5ZWMxM2JmZTE3MWZh
MWUyOGIwHhcNMjYwMjE5MDgxMDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTM0OGE2N2Q0ODE5Yjk0ZjNjMTUxOGYxNmJmN2Q5Nzk4OWEzN2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4qSYRa/iYnI9ctC4+HsOUbIDeR1
YV7yEuKqCOuL/WgztMealrsWbaVnZyr6bHW59a7SujHe4DiaWPfYsbPFUbPGJ12k
xjN43kv675gc5XYwOmO55LqFYYlhvpZYesSh+unMGsI1GKeXPa8ksUKCFeLNLmlP
aD2yfGGJgoLTczmstguwuisIGDLafBOEdqqYKh/Dnsn8RAHg7EEysNTbK14Lhr22
ar77l7WOTbVCDzYbmdjhMg+bjblWJcvECM3VzlcXvzCLz61PzuK1EntrI+z0h/9r
RdTRcLh2aG20QU7UxCFsIwvCq9COw0M7GdbdDzc/MjpOjgLNxJv3QdS6SQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLU0imfUgZuU88FRjxa/fZeYmje2MB8GA1UdIwQY
MBaAFNQ7IhMKqadzQlR2nsE7/hcfoeKLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURzaUV3cXBwM05DVkhhZXdUdi1GeC1oNG9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8wODA1NjktM2JiNS00NmRlLTgyYmEt
YTYzMGMyZWEyM2Y5LzEvdFRTS1o5U0JtNVR6d1ZHUEZyOTlsNWlhTjdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8wODA1NjktM2JiNS00NmRlLTgyYmEtYTYzMGMyZWEyM2Y5
LzEvMURzaUV3cXBwM05DVkhhZXdUdi1GeC1oNG9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQABfr9MA0E
AgACMAcDBQMqD00AMA0GCSqGSIb3DQEBCwUAA4IBAQARKOBXLq3OsLHrVhAG/OLj
BStOWDbzGfcjE+3LU3UMn8/hFP2wFTgEZhnUEBLmpYMXgjy3Mn3nc0F8Jh7iqgba
Bo/hKBfLPRiqhCdDFwkRIS7ZolCKvDr7oudtBKPAm3kwi96nS05VZo/Gs55vuS+w
xZdBFgr997r8P5OybCNk1Gc+iDaexhg6lfyMj1/ZvxNNLySv6gxPtNWI76dSCWrj
RDjfr/2E+0/RiCOqjgB3rKqxAdtxpCNA3S2uOFXrVZgAI2eo4FXOVf20XROzw07U
Wa5cLI1hNcBYCjHZNrZUscP+USXtGaGc3DwG9kGe1HPWQdKd2h72PIfa1eWtw1md
-----END CERTIFICATE-----