Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/7bc8da-cb82-4abc-b2f0-13b4b80c54ba/1/MGtxVWyhVK0lWfP7HIuyo6Z779c.roa
File:                     MGtxVWyhVK0lWfP7HIuyo6Z779c.roa (raw, json)
Hash identifier:          8WjcCYYvvx1tso1uS8oBUcI7fs9A/6vnMSY/6bY059M=
Subject key identifier:   30:6B:71:55:6C:A1:54:AD:25:59:F3:FB:1C:8B:B2:A3:A6:7B:EF:D7
Certificate issuer:       /CN=1732f334d8abb68ef822546d8f6f8e81563c6fd9
Certificate serial:       019C75A5994C970342B7BDBF8BFF167CB49B
Authority key identifier: 17:32:F3:34:D8:AB:B6:8E:F8:22:54:6D:8F:6F:8E:81:56:3C:6F:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FzLzNNirto74IlRtj2-OgVY8b9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/7bc8da-cb82-4abc-b2f0-13b4b80c54ba/1/MGtxVWyhVK0lWfP7HIuyo6Z779c.roa
Signing time:             Thu 19 Feb 2026 11:25:12 +0000
ROA not before:           Thu 19 Feb 2026 11:25:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47951
IP address blocks:        91.103.136.0/24 maxlen: 24
                          2a13:1d40::/29 maxlen: 29
                          2a13:1d40::/30 maxlen: 30
                          2a13:1d44::/30 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/7bc8da-cb82-4abc-b2f0-13b4b80c54ba/1/FzLzNNirto74IlRtj2-OgVY8b9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/7bc8da-cb82-4abc-b2f0-13b4b80c54ba/1/FzLzNNirto74IlRtj2-OgVY8b9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FzLzNNirto74IlRtj2-OgVY8b9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:75:a5:99:4c:97:03:42:b7:bd:bf:8b:ff:16:7c:b4:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1732f334d8abb68ef822546d8f6f8e81563c6fd9
        Validity
            Not Before: Feb 19 11:25:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=306b71556ca154ad2559f3fb1c8bb2a3a67befd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:4f:cc:6b:13:57:11:4c:2f:84:68:37:e5:af:
                    06:fe:31:a0:af:21:f5:23:ef:b6:97:29:29:f5:5c:
                    f6:c4:ea:76:b9:8c:53:20:f9:04:1b:b8:38:07:cd:
                    3e:15:34:c4:27:40:33:44:9b:de:f5:b2:d8:17:3b:
                    20:38:e9:28:5d:51:d1:9d:3e:38:84:23:b1:8d:f1:
                    fd:0b:b4:39:53:1b:cf:52:d9:7a:4f:1c:28:ae:94:
                    13:cd:08:da:ed:79:86:07:f2:bf:ca:f2:ee:49:bc:
                    f3:09:4f:e7:8c:a9:a2:d4:c6:2d:5d:f2:72:75:54:
                    d4:92:72:15:0d:9d:4b:f9:68:09:f8:5e:af:4d:d7:
                    87:00:d4:31:86:e5:0f:36:d4:ec:c1:e4:91:0b:97:
                    c7:0a:da:e3:06:b6:5f:b4:b4:df:f3:21:56:7d:32:
                    56:3a:a2:fe:5a:18:e8:2b:62:47:77:dc:87:ec:fb:
                    a1:b9:a9:04:d6:8c:2c:ba:87:5b:14:82:19:36:07:
                    d8:75:d8:8b:4d:a3:8c:4d:74:18:21:7f:ba:aa:9a:
                    ec:30:62:83:8e:3c:24:36:bc:42:5f:ea:49:fc:3c:
                    49:e3:42:a9:a6:20:fb:b0:8e:d7:82:07:52:ec:18:
                    35:5d:cb:c5:45:c2:29:75:c6:30:2d:69:4d:a5:a1:
                    79:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:6B:71:55:6C:A1:54:AD:25:59:F3:FB:1C:8B:B2:A3:A6:7B:EF:D7
            X509v3 Authority Key Identifier:
                keyid:17:32:F3:34:D8:AB:B6:8E:F8:22:54:6D:8F:6F:8E:81:56:3C:6F:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FzLzNNirto74IlRtj2-OgVY8b9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/7bc8da-cb82-4abc-b2f0-13b4b80c54ba/1/MGtxVWyhVK0lWfP7HIuyo6Z779c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/7bc8da-cb82-4abc-b2f0-13b4b80c54ba/1/FzLzNNirto74IlRtj2-OgVY8b9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.103.136.0/24
                IPv6:
                  2a13:1d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         3c:8b:84:2f:7b:c4:d4:b3:ec:90:8c:86:82:55:72:2c:37:76:
         71:1a:01:a8:87:1d:78:8a:3c:6b:5e:29:ff:15:e0:4d:fa:78:
         13:20:7a:21:45:6c:72:37:57:6e:08:8a:17:1b:fc:ec:c5:85:
         30:c5:1d:6b:82:ee:b9:ff:a3:c9:74:bb:07:5b:84:2d:46:4f:
         f0:13:12:6f:9d:9f:a5:08:91:4a:87:fe:74:5c:70:a1:70:93:
         ce:76:f4:c1:1d:51:1a:3c:d4:65:be:a9:97:48:ec:db:a7:1b:
         b7:8b:47:a6:61:9d:52:97:2f:54:94:a8:6c:af:42:cf:4e:6a:
         f4:5a:99:84:16:ea:ce:08:06:c7:76:32:0f:9d:14:35:e7:c9:
         c6:1c:59:fe:2e:ee:b5:d4:47:81:4a:85:d8:d2:5d:d8:bc:8c:
         4d:5a:88:57:d6:d5:1e:39:30:88:c8:3f:80:c1:36:b3:d5:1e:
         d1:ef:96:26:6d:6a:02:07:9e:f1:e3:0a:72:9f:eb:2a:29:cb:
         9f:5b:90:75:6c:48:7c:45:34:52:f1:ea:7e:d8:91:72:29:21:
         be:e1:aa:15:6e:b5:ce:3f:c9:f1:35:c4:1b:6d:98:f0:52:70:
         47:52:ea:37:c4:92:22:fb:b8:ad:3c:36:42:27:ca:86:64:56:
         a0:9d:61:82
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZx1pZlMlwNCt72/i/8WfLSbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MzJmMzM0ZDhhYmI2OGVmODIyNTQ2ZDhmNmY4ZTgxNTYz
YzZmZDkwHhcNMjYwMjE5MTEyNTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDZiNzE1NTZjYTE1NGFkMjU1OWYzZmIxYzhiYjJhM2E2N2JlZmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0/MaxNXEUwvhGg35a8G/jGgryH1
I++2lykp9Vz2xOp2uYxTIPkEG7g4B80+FTTEJ0AzRJve9bLYFzsgOOkoXVHRnT44
hCOxjfH9C7Q5UxvPUtl6TxworpQTzQja7XmGB/K/yvLuSbzzCU/njKmi1MYtXfJy
dVTUknIVDZ1L+WgJ+F6vTdeHANQxhuUPNtTsweSRC5fHCtrjBrZftLTf8yFWfTJW
OqL+WhjoK2JHd9yH7PuhuakE1owsuodbFIIZNgfYddiLTaOMTXQYIX+6qprsMGKD
jjwkNrxCX+pJ/DxJ40KppiD7sI7XggdS7Bg1XcvFRcIpdcYwLWlNpaF59QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDBrcVVsoVStJVnz+xyLsqOme+/XMB8GA1UdIwQY
MBaAFBcy8zTYq7aO+CJUbY9vjoFWPG/ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnpMek5OaXJ0bzc0SWxSdGoyLU9nVlk4YjlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC83YmM4ZGEtY2I4Mi00YWJjLWIyZjAt
MTNiNGI4MGM1NGJhLzEvTUd0eFZXeWhWSzBsV2ZQN0hJdXlvNlo3NzljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC83YmM4ZGEtY2I4Mi00YWJjLWIyZjAtMTNiNGI4MGM1NGJh
LzEvRnpMek5OaXJ0bzc0SWxSdGoyLU9nVlk4YjlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW2eIMA0E
AgACMAcDBQMqEx1AMA0GCSqGSIb3DQEBCwUAA4IBAQA8i4Qve8TUs+yQjIaCVXIs
N3ZxGgGohx14ijxrXin/FeBN+ngTIHohRWxyN1duCIoXG/zsxYUwxR1rgu65/6PJ
dLsHW4QtRk/wExJvnZ+lCJFKh/50XHChcJPOdvTBHVEaPNRlvqmXSOzbpxu3i0em
YZ1Sly9UlKhsr0LPTmr0WpmEFurOCAbHdjIPnRQ158nGHFn+Lu611EeBSoXY0l3Y
vIxNWohX1tUeOTCIyD+AwTaz1R7R75YmbWoCB57x4wpyn+sqKcufW5B1bEh8RTRS
8ep+2JFyKSG+4aoVbrXOP8nxNcQbbZjwUnBHUuo3xJIi+7itPDZCJ8qGZFagnWGC
-----END CERTIFICATE-----