Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/4vFcGx6iOJgMghCds6quqXhDtYU.roa
File:                     4vFcGx6iOJgMghCds6quqXhDtYU.roa (raw, json)
Hash identifier:          MbjteR0WXqm+r6uunsjBD/pIafPq8ejohJVjOzKkIs0=
Subject key identifier:   E2:F1:5C:1B:1E:A2:38:98:0C:82:10:9D:B3:AA:AE:A9:78:43:B5:85
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019C6FC56574DCA499E1DDA8F991B0B43BE1
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/4vFcGx6iOJgMghCds6quqXhDtYU.roa
Signing time:             Wed 18 Feb 2026 08:02:13 +0000
ROA not before:           Wed 18 Feb 2026 08:02:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25198
IP address blocks:        178.253.221.0/24 maxlen: 24
                          212.69.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6f:c5:65:74:dc:a4:99:e1:dd:a8:f9:91:b0:b4:3b:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Feb 18 08:02:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e2f15c1b1ea238980c82109db3aaaea97843b585
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:cc:46:17:a0:1f:42:ff:b4:fc:87:7c:9b:78:
                    f7:5c:b3:50:eb:8f:05:94:07:71:58:ce:be:16:f4:
                    0b:3e:49:89:5b:ba:20:8b:b7:40:37:49:df:85:f3:
                    c6:2b:2d:b9:42:1b:d2:2d:45:11:04:42:20:d9:ba:
                    8e:79:17:9a:f5:46:4c:03:8f:e5:3b:e7:b4:fb:7d:
                    b8:b3:ea:f6:31:35:df:95:e5:2f:e8:d1:88:2b:c8:
                    cf:89:c5:66:2a:7d:a8:7b:87:dd:1f:4a:cd:80:1e:
                    51:e0:15:1a:b1:a7:62:0e:95:35:cb:4a:b1:2b:29:
                    ad:62:34:db:d8:5c:c3:72:96:8a:99:64:4e:67:ee:
                    1e:54:0e:75:87:73:2a:f4:93:a7:60:45:fb:09:96:
                    2a:d6:44:8e:28:f2:a0:e8:c3:41:db:50:4e:25:31:
                    09:30:95:c4:d1:8d:3f:17:df:26:56:e5:b5:6d:60:
                    b2:87:c9:0b:99:a1:6d:3d:fa:e3:e4:ce:3e:51:7d:
                    f5:9b:43:70:08:c8:9c:58:a8:c9:a3:99:37:22:4d:
                    e4:d4:81:d8:ce:c0:e8:b8:3d:d4:ee:b5:bf:0c:96:
                    d9:b4:33:f0:93:fe:19:11:59:16:f1:0e:4b:26:bb:
                    6a:c8:86:a1:4a:3f:f8:8b:e5:a8:6d:d2:85:97:df:
                    a7:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:F1:5C:1B:1E:A2:38:98:0C:82:10:9D:B3:AA:AE:A9:78:43:B5:85
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/4vFcGx6iOJgMghCds6quqXhDtYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.221.0/24
                  212.69.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:8e:4c:66:24:59:a2:1d:a3:48:e3:b1:f5:ae:22:2c:51:38:
         69:94:1b:a4:7d:f2:11:5f:ed:6f:89:1a:8f:8d:eb:49:d1:25:
         40:1d:fa:0e:5c:c1:80:a9:cc:fd:b7:6c:2e:b1:17:f7:0a:2c:
         81:f5:af:3b:f9:bb:6c:84:a5:7b:c5:41:1e:e3:0a:6f:7d:dc:
         e2:cd:bd:d1:8c:34:0c:65:74:39:dc:3a:af:de:09:30:c5:c0:
         49:c8:a5:bf:1f:b9:5c:9c:6c:4b:7e:8a:35:9b:57:68:d3:df:
         08:18:55:3f:3b:df:43:17:e0:c6:0e:57:c8:b6:00:1c:85:af:
         af:ad:03:72:ce:b6:19:c3:b6:96:9a:b6:a0:ec:b5:b8:a7:22:
         0e:9d:aa:c1:94:41:a3:8e:b3:b9:3d:25:31:ca:e6:73:6f:b6:
         b3:61:db:01:0d:c9:94:78:ef:fc:c0:1a:ec:cf:19:23:eb:40:
         98:7f:7d:f7:38:0c:4e:8c:09:c6:c8:84:6d:32:55:20:74:f3:
         0b:e0:23:7a:40:41:5e:68:06:c8:c8:f2:46:d1:29:ac:33:d6:
         bc:c9:83:1b:73:2f:ab:fe:55:f7:95:c3:8d:2e:6f:a7:ec:bf:
         99:87:d9:1f:f5:14:ba:24:56:74:f2:e5:ff:da:63:bb:a7:12:
         31:7c:f8:04
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxvxWV03KSZ4d2o+ZGwtDvhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwMjE4MDgwMjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmYxNWMxYjFlYTIzODk4MGM4MjEwOWRiM2FhYWVhOTc4NDNiNTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8xGF6AfQv+0/Id8m3j3XLNQ648F
lAdxWM6+FvQLPkmJW7ogi7dAN0nfhfPGKy25QhvSLUURBEIg2bqOeRea9UZMA4/l
O+e0+324s+r2MTXfleUv6NGIK8jPicVmKn2oe4fdH0rNgB5R4BUasadiDpU1y0qx
KymtYjTb2FzDcpaKmWROZ+4eVA51h3Mq9JOnYEX7CZYq1kSOKPKg6MNB21BOJTEJ
MJXE0Y0/F98mVuW1bWCyh8kLmaFtPfrj5M4+UX31m0NwCMicWKjJo5k3Ik3k1IHY
zsDouD3U7rW/DJbZtDPwk/4ZEVkW8Q5LJrtqyIahSj/4i+WobdKFl9+nWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOLxXBseojiYDIIQnbOqrql4Q7WFMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvNHZGY0d4NmlPSmdNZ2hDZHM2cXVxWGhEdFlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsv3dAwQA
1EUIMA0GCSqGSIb3DQEBCwUAA4IBAQBRjkxmJFmiHaNI47H1riIsUThplBukffIR
X+1viRqPjetJ0SVAHfoOXMGAqcz9t2wusRf3CiyB9a87+btshKV7xUEe4wpvfdzi
zb3RjDQMZXQ53Dqv3gkwxcBJyKW/H7lcnGxLfoo1m1do098IGFU/O99DF+DGDlfI
tgAcha+vrQNyzrYZw7aWmrag7LW4pyIOnarBlEGjjrO5PSUxyuZzb7azYdsBDcmU
eO/8wBrszxkj60CYf333OAxOjAnGyIRtMlUgdPML4CN6QEFeaAbIyPJG0SmsM9a8
yYMbcy+r/lX3lcONLm+n7L+Zh9kf9RS6JFZ08uX/2mO7pxIxfPgE
-----END CERTIFICATE-----