Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/tLf5ip-0tWoMgAwYuoZfyo8CpBU.roa
File:                     tLf5ip-0tWoMgAwYuoZfyo8CpBU.roa (raw, json)
Hash identifier:          PQveRSA2vw+ZAZ9XdzrjIK3UE1FOAh6fR0K2OuWyFVk=
Subject key identifier:   B4:B7:F9:8A:9F:B4:B5:6A:0C:80:0C:18:BA:86:5F:CA:8F:02:A4:15
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       019C7A41B8206F9A17F944A4A7A03F9A1923
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/tLf5ip-0tWoMgAwYuoZfyo8CpBU.roa
Signing time:             Fri 20 Feb 2026 08:54:13 +0000
ROA not before:           Fri 20 Feb 2026 08:54:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214025
IP address blocks:        109.229.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7a:41:b8:20:6f:9a:17:f9:44:a4:a7:a0:3f:9a:19:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Feb 20 08:54:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b4b7f98a9fb4b56a0c800c18ba865fca8f02a415
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:27:21:3b:89:b9:46:f9:5b:7c:85:21:aa:b2:
                    4c:91:98:26:5a:1b:52:95:47:ed:c2:49:74:46:ff:
                    bf:37:39:ff:eb:e3:e0:a4:1d:4a:01:fa:d5:05:16:
                    35:d9:14:b7:30:d1:65:d1:95:36:f8:9a:d0:5b:81:
                    a6:00:cf:f5:62:10:4e:17:3b:16:9e:31:b1:2c:32:
                    65:c1:a7:d4:b8:9f:6c:73:60:42:55:a9:4b:69:51:
                    21:2f:a6:d2:6e:61:ad:84:d8:28:12:57:80:a8:dc:
                    0a:bf:6c:52:84:73:1a:32:d5:38:c6:ae:3b:07:8d:
                    1f:93:01:19:bc:e1:7c:05:47:3e:c4:64:11:eb:95:
                    ac:26:a6:c2:ec:0f:58:b8:50:b5:31:82:a8:7d:e8:
                    43:70:4e:ee:f8:d4:06:64:32:8d:24:9d:06:c4:10:
                    10:b9:46:57:f7:10:e8:e9:0b:b2:9b:10:f5:ca:00:
                    11:8b:e8:19:80:0f:12:f5:68:24:3d:ea:78:80:bc:
                    2c:7f:1c:0e:95:3f:2b:d6:68:52:f3:03:67:ac:3a:
                    34:6f:f1:71:b3:d5:75:da:69:e7:27:cd:fc:2c:55:
                    78:32:59:5e:aa:d5:b7:19:25:bd:ad:64:eb:73:29:
                    b4:07:ad:96:4e:0a:a3:c3:9c:8a:aa:22:2a:f0:a5:
                    73:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:B7:F9:8A:9F:B4:B5:6A:0C:80:0C:18:BA:86:5F:CA:8F:02:A4:15
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/tLf5ip-0tWoMgAwYuoZfyo8CpBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.229.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:e7:26:73:de:45:f5:ac:3a:a8:ab:78:7d:ec:fc:6c:d3:11:
         ba:b1:31:2f:65:2b:8b:0f:66:39:bb:8b:44:0d:88:76:e0:45:
         e8:56:d6:ba:8a:7b:5e:56:23:e2:c3:81:fa:cb:db:43:ee:a0:
         c0:57:1a:fd:7f:eb:52:6a:79:9a:87:b2:66:4c:38:b2:78:47:
         d8:d6:ec:f5:8f:13:0b:1e:ac:56:6b:75:01:51:4f:6b:ba:bf:
         ec:94:80:d1:b7:54:62:04:4b:62:ce:e3:95:40:0b:40:84:37:
         5a:08:2f:67:b1:53:7d:0f:2b:1a:69:ca:b9:33:81:e6:60:50:
         70:3d:84:ae:0f:ea:40:87:d0:d0:be:83:cc:ae:cf:59:ef:07:
         37:64:bb:cd:ee:6a:d1:52:52:55:d5:3b:00:63:e4:59:08:d4:
         a2:db:86:4f:9e:4a:a6:ab:27:89:4c:cc:3b:12:5c:f7:d1:79:
         43:25:38:8c:38:e5:b5:4f:f7:d4:5b:43:d8:d7:13:8e:48:95:
         f4:44:33:ec:bb:3d:5e:e0:3f:66:c2:91:3f:48:86:a7:b5:5d:
         2b:2e:d5:e9:b8:b2:23:10:dc:bf:7a:f0:55:84:29:2a:64:82:
         77:08:66:c0:8d:f4:be:32:b6:4d:d1:71:61:e2:c9:60:dc:38:
         dc:62:f9:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx6Qbggb5oX+USkp6A/mhkjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjYwMjIwMDg1NDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGI3Zjk4YTlmYjRiNTZhMGM4MDBjMThiYTg2NWZjYThmMDJhNDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSchO4m5RvlbfIUhqrJMkZgmWhtS
lUftwkl0Rv+/Nzn/6+PgpB1KAfrVBRY12RS3MNFl0ZU2+JrQW4GmAM/1YhBOFzsW
njGxLDJlwafUuJ9sc2BCValLaVEhL6bSbmGthNgoEleAqNwKv2xShHMaMtU4xq47
B40fkwEZvOF8BUc+xGQR65WsJqbC7A9YuFC1MYKofehDcE7u+NQGZDKNJJ0GxBAQ
uUZX9xDo6QuymxD1ygARi+gZgA8S9WgkPep4gLwsfxwOlT8r1mhS8wNnrDo0b/Fx
s9V12mnnJ838LFV4MlleqtW3GSW9rWTrcym0B62WTgqjw5yKqiIq8KVzvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLS3+YqftLVqDIAMGLqGX8qPAqQVMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvdExmNWlwLTB0V29NZ0F3WXVvWmZ5bzhDcEJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbeXaMA0G
CSqGSIb3DQEBCwUAA4IBAQB45yZz3kX1rDqoq3h97Pxs0xG6sTEvZSuLD2Y5u4tE
DYh24EXoVta6inteViPiw4H6y9tD7qDAVxr9f+tSanmah7JmTDiyeEfY1uz1jxML
HqxWa3UBUU9rur/slIDRt1RiBEtizuOVQAtAhDdaCC9nsVN9Dysaacq5M4HmYFBw
PYSuD+pAh9DQvoPMrs9Z7wc3ZLvN7mrRUlJV1TsAY+RZCNSi24ZPnkqmqyeJTMw7
Elz30XlDJTiMOOW1T/fUW0PY1xOOSJX0RDPsuz1e4D9mwpE/SIantV0rLtXpuLIj
ENy/evBVhCkqZIJ3CGbAjfS+MrZN0XFh4slg3DjcYvmV
-----END CERTIFICATE-----