Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/cOL7BOKAJYOJxPSrnov-oNaIuRs.roa
File:                     cOL7BOKAJYOJxPSrnov-oNaIuRs.roa (raw, json)
Hash identifier:          g8VERbJXRbI2dU9SyaKhLOuOuH0cRbFR+I6mLnbuocs=
Subject key identifier:   70:E2:FB:04:E2:80:25:83:89:C4:F4:AB:9E:8B:FE:A0:D6:88:B9:1B
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       019C6A9B5F3B778EEB30BCA01727F5463765
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/cOL7BOKAJYOJxPSrnov-oNaIuRs.roa
Signing time:             Tue 17 Feb 2026 07:58:13 +0000
ROA not before:           Tue 17 Feb 2026 07:58:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401776
IP address blocks:        109.229.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6a:9b:5f:3b:77:8e:eb:30:bc:a0:17:27:f5:46:37:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Feb 17 07:58:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=70e2fb04e280258389c4f4ab9e8bfea0d688b91b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:04:32:5b:88:ae:88:79:92:43:69:76:a2:12:
                    81:9b:42:c4:d2:01:40:87:75:95:7a:af:21:0a:5e:
                    d5:69:e2:44:c2:d4:80:f1:f3:c3:d6:bf:58:3a:ac:
                    a9:d7:e4:a2:87:72:55:f2:7e:82:49:2b:8b:4e:b2:
                    e1:28:a1:2c:a4:6e:65:61:3c:dd:bc:8e:aa:6c:1e:
                    db:d6:9b:b3:e9:b5:37:e7:71:db:45:07:01:ff:75:
                    bb:32:a0:10:90:99:39:3a:7c:65:87:b9:f4:a0:35:
                    f8:19:8e:a9:59:85:4a:c9:1b:a5:e4:9d:35:38:c8:
                    be:87:35:32:8b:be:29:31:02:29:b1:82:88:52:f1:
                    c4:41:9f:74:f3:40:92:62:42:4e:e9:89:59:ef:81:
                    c4:89:60:1c:56:86:fd:24:7e:0e:3e:33:37:20:99:
                    e1:7c:8b:0a:04:5e:1c:6f:e2:30:f3:70:16:f6:50:
                    15:83:b1:40:c7:db:37:9e:1f:ef:ec:98:66:b4:c8:
                    bf:4d:40:50:e0:a8:d8:11:e5:c6:3e:69:f0:6d:2d:
                    5b:4c:e5:86:8a:02:ad:a0:d9:56:cd:36:19:84:da:
                    07:1d:06:b2:17:56:87:96:ec:b4:2e:6d:24:ef:6f:
                    d7:1a:04:46:77:b0:a7:64:c1:a8:a0:84:db:f5:d3:
                    34:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:E2:FB:04:E2:80:25:83:89:C4:F4:AB:9E:8B:FE:A0:D6:88:B9:1B
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/cOL7BOKAJYOJxPSrnov-oNaIuRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.229.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:0f:9e:ef:43:ca:58:c5:eb:a7:20:c4:65:27:23:5e:bd:c8:
         d5:a5:44:70:e4:e7:78:d8:bc:1c:b4:11:15:8c:85:06:a9:fc:
         33:b5:37:69:1f:8e:66:4a:20:3b:b7:41:90:3b:1a:55:db:b7:
         a8:64:b7:a6:fb:b6:59:ed:ec:93:ea:ba:1b:4e:c4:98:2c:b4:
         e7:c6:4f:6a:78:b2:81:dc:ad:c4:38:59:f1:63:3f:d1:de:cf:
         d3:cc:b5:5f:e5:b0:21:91:c0:86:8f:a7:ef:85:f3:84:66:df:
         7b:00:f2:4c:5a:42:d0:69:f4:d0:a2:65:24:ce:3e:b8:52:05:
         9f:30:78:a6:7b:bd:cb:2d:75:10:f5:72:d6:e4:48:ca:91:e6:
         16:1d:17:01:e6:94:53:a6:ff:7a:6e:f6:f0:55:20:44:42:b0:
         07:4c:b6:7a:57:a0:18:fb:f9:4e:7f:e4:56:a8:dc:72:df:15:
         96:62:56:39:ce:f6:6a:72:c9:38:6b:c5:1e:27:3d:19:36:64:
         82:93:52:4f:a1:3b:bf:19:a7:44:4f:ca:7d:9c:7a:19:9d:d5:
         73:c3:72:2f:bc:35:dc:32:27:98:ca:02:d8:4a:55:46:fd:0e:
         d3:97:85:9a:9c:31:ba:89:f4:7d:f9:63:10:2b:d8:34:a2:29:
         ff:ab:23:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxqm187d47rMLygFyf1RjdlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjYwMjE3MDc1ODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGUyZmIwNGUyODAyNTgzODljNGY0YWI5ZThiZmVhMGQ2ODhiOTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQQyW4iuiHmSQ2l2ohKBm0LE0gFA
h3WVeq8hCl7VaeJEwtSA8fPD1r9YOqyp1+Sih3JV8n6CSSuLTrLhKKEspG5lYTzd
vI6qbB7b1puz6bU353HbRQcB/3W7MqAQkJk5Onxlh7n0oDX4GY6pWYVKyRul5J01
OMi+hzUyi74pMQIpsYKIUvHEQZ9080CSYkJO6YlZ74HEiWAcVob9JH4OPjM3IJnh
fIsKBF4cb+Iw83AW9lAVg7FAx9s3nh/v7JhmtMi/TUBQ4KjYEeXGPmnwbS1bTOWG
igKtoNlWzTYZhNoHHQayF1aHluy0Lm0k72/XGgRGd7CnZMGooITb9dM0vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDi+wTigCWDicT0q56L/qDWiLkbMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvY09MN0JPS0FKWU9KeFBTcm5vdi1vTmFJdVJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbeXaMA0G
CSqGSIb3DQEBCwUAA4IBAQA1D57vQ8pYxeunIMRlJyNevcjVpURw5Od42LwctBEV
jIUGqfwztTdpH45mSiA7t0GQOxpV27eoZLem+7ZZ7eyT6robTsSYLLTnxk9qeLKB
3K3EOFnxYz/R3s/TzLVf5bAhkcCGj6fvhfOEZt97APJMWkLQafTQomUkzj64UgWf
MHime73LLXUQ9XLW5EjKkeYWHRcB5pRTpv96bvbwVSBEQrAHTLZ6V6AY+/lOf+RW
qNxy3xWWYlY5zvZqcsk4a8UeJz0ZNmSCk1JPoTu/GadET8p9nHoZndVzw3IvvDXc
MieYygLYSlVG/Q7Tl4WanDG6ifR9+WMQK9g0oin/qyPU
-----END CERTIFICATE-----