Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/CXhP_3m-LOaCVQrTkJa2Sb27ksA.roa
File:                     CXhP_3m-LOaCVQrTkJa2Sb27ksA.roa (raw, json)
Hash identifier:          sfb5+k2so64LSdIxcEVx0iNQS5EDn06N3XBxzrUftyU=
Subject key identifier:   09:78:4F:FF:79:BE:2C:E6:82:55:0A:D3:90:96:B6:49:BD:BB:92:C0
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019C5C3E9ECDE1C0821AA6230D0C0724814D
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/CXhP_3m-LOaCVQrTkJa2Sb27ksA.roa
Signing time:             Sat 14 Feb 2026 13:02:13 +0000
ROA not before:           Sat 14 Feb 2026 13:02:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63199
IP address blocks:        81.18.48.0/24 maxlen: 24
                          178.253.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 17:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:5c:3e:9e:cd:e1:c0:82:1a:a6:23:0d:0c:07:24:81:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Feb 14 13:02:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=09784fff79be2ce682550ad39096b649bdbb92c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:63:d3:02:77:fa:15:51:e0:3c:0d:a7:db:a8:
                    8c:36:ac:b6:6c:15:02:cc:85:4e:63:fe:55:93:28:
                    4b:5c:40:a1:46:55:ea:28:fc:32:09:8f:1e:4a:88:
                    d2:d7:59:a2:6a:7f:0c:19:32:79:e1:d6:5b:62:2f:
                    ab:d1:ee:f6:43:85:ee:d2:51:cf:d6:da:1f:46:2e:
                    55:b3:fd:ef:59:1e:da:16:fa:87:7b:09:91:6e:b8:
                    dd:0a:d1:b6:3a:b2:e0:02:90:9a:01:dc:f4:14:63:
                    a0:3f:27:76:a0:73:bc:44:d6:d2:8c:80:17:60:08:
                    5e:b6:6d:16:15:ce:6e:4f:1d:0e:f6:3a:e4:56:ef:
                    81:bf:fd:e3:87:90:99:2a:8e:e5:d2:f0:31:aa:a7:
                    6a:61:b2:66:1c:ed:fa:ef:7f:61:c5:0e:61:cf:ab:
                    d1:73:f1:9b:fa:f0:32:51:e2:0a:1e:fc:50:f4:72:
                    ba:88:40:0b:92:36:6d:a9:29:a1:b2:8d:3f:c8:b3:
                    83:60:0b:16:a3:33:ea:ee:2a:7b:00:41:29:88:7f:
                    92:c5:04:a2:17:a1:2a:87:21:94:b5:a9:42:3c:04:
                    3e:10:f8:8e:b3:83:e5:0c:5e:79:b2:8f:f3:ee:83:
                    2b:cb:4f:15:fb:5c:8d:e3:97:01:6c:28:d2:97:25:
                    45:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:78:4F:FF:79:BE:2C:E6:82:55:0A:D3:90:96:B6:49:BD:BB:92:C0
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/CXhP_3m-LOaCVQrTkJa2Sb27ksA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.18.48.0/24
                  178.253.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:f3:72:d1:37:ab:5c:70:ad:b1:51:e0:1b:5e:d6:f6:ef:4e:
         02:88:7b:19:7b:91:21:dd:8e:45:d5:46:b1:33:db:83:1e:cf:
         3c:54:79:db:6f:72:dc:b7:d9:ed:12:73:3a:60:58:5d:15:3a:
         f4:73:73:77:8e:0e:0b:0e:d9:62:8c:26:55:d7:73:87:c5:c8:
         64:f6:02:6b:32:14:a1:b1:84:b2:24:86:8e:7f:b4:d5:55:ff:
         5d:b0:c7:4c:e1:28:3b:91:bf:bb:f9:c5:8f:5d:e8:4b:0a:65:
         2b:50:c4:88:8b:19:97:40:4e:b4:a0:33:11:a9:88:94:c6:84:
         77:3c:46:14:47:bc:66:0f:89:d7:2d:97:6e:30:68:85:d4:e2:
         d0:96:cd:6f:5b:a8:79:29:11:bf:4e:62:65:8b:d4:05:0c:86:
         7e:53:e5:32:b9:e0:53:4e:01:9d:0a:77:c4:de:1d:7d:65:74:
         27:bb:73:12:2a:03:f4:59:6b:25:7f:1f:3f:28:d2:b7:a2:34:
         96:06:81:58:e5:94:0d:0c:4f:91:aa:1c:f0:37:8f:9a:f3:8f:
         3b:98:57:8a:07:92:71:0d:7b:3b:65:09:fd:4b:77:cd:c5:66:
         e7:3f:a4:a5:a9:5e:a8:54:cf:56:77:ac:54:32:d8:be:cf:dd:
         7f:11:00:7e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxcPp7N4cCCGqYjDQwHJIFNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwMjE0MTMwMjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTc4NGZmZjc5YmUyY2U2ODI1NTBhZDM5MDk2YjY0OWJkYmI5MmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2PTAnf6FVHgPA2n26iMNqy2bBUC
zIVOY/5VkyhLXEChRlXqKPwyCY8eSojS11mian8MGTJ54dZbYi+r0e72Q4Xu0lHP
1tofRi5Vs/3vWR7aFvqHewmRbrjdCtG2OrLgApCaAdz0FGOgPyd2oHO8RNbSjIAX
YAhetm0WFc5uTx0O9jrkVu+Bv/3jh5CZKo7l0vAxqqdqYbJmHO36739hxQ5hz6vR
c/Gb+vAyUeIKHvxQ9HK6iEALkjZtqSmhso0/yLODYAsWozPq7ip7AEEpiH+SxQSi
F6EqhyGUtalCPAQ+EPiOs4PlDF55so/z7oMry08V+1yN45cBbCjSlyVFaQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAl4T/95vizmglUK05CWtkm9u5LAMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvQ1hoUF8zbS1MT2FDVlFyVGtKYTJTYjI3a3NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAURIwAwQA
sv3lMA0GCSqGSIb3DQEBCwUAA4IBAQB883LRN6tccK2xUeAbXtb2704CiHsZe5Eh
3Y5F1UaxM9uDHs88VHnbb3Lct9ntEnM6YFhdFTr0c3N3jg4LDtlijCZV13OHxchk
9gJrMhShsYSyJIaOf7TVVf9dsMdM4Sg7kb+7+cWPXehLCmUrUMSIixmXQE60oDMR
qYiUxoR3PEYUR7xmD4nXLZduMGiF1OLQls1vW6h5KRG/TmJli9QFDIZ+U+UyueBT
TgGdCnfE3h19ZXQnu3MSKgP0WWslfx8/KNK3ojSWBoFY5ZQNDE+RqhzwN4+a8487
mFeKB5JxDXs7ZQn9S3fNxWbnP6SlqV6oVM9Wd6xUMti+z91/EQB+
-----END CERTIFICATE-----