Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/1R7h_wZhp_xxY9H_mngh36eF568.roa
File:                     1R7h_wZhp_xxY9H_mngh36eF568.roa (raw, json)
Hash identifier:          XHhZWlRzYf4o0swQwybTv+9LiLjvzb0GDOX/kg+FBwg=
Subject key identifier:   D5:1E:E1:FF:06:61:A7:FC:71:63:D1:FF:9A:78:21:DF:A7:85:E7:AF
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       019C561353CFB4C96A46B00F571C8F645284
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/1R7h_wZhp_xxY9H_mngh36eF568.roa
Signing time:             Fri 13 Feb 2026 08:17:12 +0000
ROA not before:           Fri 13 Feb 2026 08:17:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63199
IP address blocks:        109.229.223.0/24 maxlen: 24
                          185.253.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:56:13:53:cf:b4:c9:6a:46:b0:0f:57:1c:8f:64:52:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Feb 13 08:17:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d51ee1ff0661a7fc7163d1ff9a7821dfa785e7af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:92:5f:50:0b:68:42:3c:1c:dc:f6:23:c7:18:
                    51:ba:23:4f:45:b7:63:f5:52:fa:4c:6c:f3:ee:2c:
                    a7:eb:4f:fc:da:ce:c0:eb:5d:09:e9:65:c7:74:d0:
                    df:90:b3:44:6c:cf:a2:52:50:95:2b:2d:12:a2:02:
                    8a:e1:47:fa:06:2e:b3:d4:a9:52:9a:7e:3d:4e:90:
                    72:9f:84:3e:72:71:14:b2:fa:5d:34:3a:70:41:1c:
                    e7:33:6e:8c:6f:a5:9c:13:e5:57:87:e5:2e:82:e4:
                    22:9b:b4:05:7b:b0:e2:9c:47:6a:59:e3:80:cb:ec:
                    29:7d:29:3c:67:2c:8d:98:90:d7:7d:47:ee:ea:d1:
                    58:6c:d0:d4:11:bb:59:b2:23:59:67:f9:c0:be:52:
                    05:13:22:5a:a8:27:9e:9e:d1:f9:1c:f7:9d:02:09:
                    8d:70:a8:f4:bf:35:32:06:3b:1a:7f:ea:74:d3:28:
                    03:09:d2:42:d6:58:f6:6f:40:a5:51:9b:98:b5:28:
                    75:95:d5:85:90:08:19:71:fa:3f:72:02:75:f4:2d:
                    78:1a:8e:c2:c1:3e:69:57:e0:82:64:b1:ec:1e:9e:
                    d4:c7:ba:c6:58:9a:93:a3:18:f0:75:ac:8f:be:f5:
                    f7:67:46:95:59:5d:8c:4a:c2:ed:fa:4b:a4:2a:c6:
                    e6:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:1E:E1:FF:06:61:A7:FC:71:63:D1:FF:9A:78:21:DF:A7:85:E7:AF
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/1R7h_wZhp_xxY9H_mngh36eF568.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.229.223.0/24
                  185.253.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:e9:be:0f:f0:90:ad:60:21:bb:de:81:d0:47:6f:1b:f8:f2:
         f0:d3:93:34:60:31:78:e7:46:01:c4:57:1b:60:31:be:0e:58:
         9d:f4:06:5b:53:2e:f0:6f:58:32:14:d9:1d:e3:2f:14:40:51:
         67:23:d8:fc:9c:ba:b3:c2:1b:3a:3a:68:f3:3d:de:4a:d7:20:
         1f:59:83:0d:17:8c:15:00:d7:89:22:cd:54:c7:9a:a0:4a:8d:
         75:82:96:c4:c1:18:09:63:05:ae:89:eb:37:17:75:94:17:71:
         f4:37:c6:70:87:39:39:b8:6c:d1:80:9b:e5:6e:69:15:36:5c:
         a6:bc:f0:c4:fd:60:84:2c:60:7f:52:06:59:e3:8d:ec:4e:9b:
         17:aa:72:ea:29:c3:cd:02:06:e9:f5:9f:30:41:1f:e6:e2:b6:
         d9:0e:c5:2f:67:ca:5d:17:2c:66:ea:54:6a:95:4b:56:ed:5d:
         c4:6b:e0:88:95:0c:3f:76:c1:5e:f4:b5:30:2c:54:32:2e:3d:
         6e:77:c5:54:b7:6c:1e:1b:e6:96:f6:70:33:7b:41:1f:4c:81:
         09:c2:5a:64:9c:91:03:29:ab:02:e7:67:77:c0:b9:47:76:b8:
         27:64:10:42:7a:77:90:1b:1a:01:40:3e:f7:a0:80:38:7d:8b:
         67:97:24:02
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxWE1PPtMlqRrAPVxyPZFKEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjYwMjEzMDgxNzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTFlZTFmZjA2NjFhN2ZjNzE2M2QxZmY5YTc4MjFkZmE3ODVlN2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpJfUAtoQjwc3PYjxxhRuiNPRbdj
9VL6TGzz7iyn60/82s7A610J6WXHdNDfkLNEbM+iUlCVKy0SogKK4Uf6Bi6z1KlS
mn49TpByn4Q+cnEUsvpdNDpwQRznM26Mb6WcE+VXh+UuguQim7QFe7DinEdqWeOA
y+wpfSk8ZyyNmJDXfUfu6tFYbNDUEbtZsiNZZ/nAvlIFEyJaqCeentH5HPedAgmN
cKj0vzUyBjsaf+p00ygDCdJC1lj2b0ClUZuYtSh1ldWFkAgZcfo/cgJ19C14Go7C
wT5pV+CCZLHsHp7Ux7rGWJqToxjwdayPvvX3Z0aVWV2MSsLt+kukKsbmJQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNUe4f8GYaf8cWPR/5p4Id+nheevMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvMVI3aF93WmhwX3h4WTlIX21uZ2gzNmVGNTY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbeXfAwQA
uf09MA0GCSqGSIb3DQEBCwUAA4IBAQA16b4P8JCtYCG73oHQR28b+PLw05M0YDF4
50YBxFcbYDG+Dlid9AZbUy7wb1gyFNkd4y8UQFFnI9j8nLqzwhs6OmjzPd5K1yAf
WYMNF4wVANeJIs1Ux5qgSo11gpbEwRgJYwWuies3F3WUF3H0N8Zwhzk5uGzRgJvl
bmkVNlymvPDE/WCELGB/UgZZ443sTpsXqnLqKcPNAgbp9Z8wQR/m4rbZDsUvZ8pd
Fyxm6lRqlUtW7V3Ea+CIlQw/dsFe9LUwLFQyLj1ud8VUt2weG+aW9nAze0EfTIEJ
wlpknJEDKasC52d3wLlHdrgnZBBCeneQGxoBQD73oIA4fYtnlyQC
-----END CERTIFICATE-----