Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/z7i3oCwf_Qpw5gqNt0oYPUSi-b8.roa
File:                     z7i3oCwf_Qpw5gqNt0oYPUSi-b8.roa (raw, json)
Hash identifier:          aDcSWwpQa60hVZqjbs3Kj1FtoB4LClmi5fcRO4N+uHE=
Subject key identifier:   CF:B8:B7:A0:2C:1F:FD:0A:70:E6:0A:8D:B7:4A:18:3D:44:A2:F9:BF
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019C6FDC48F337B614C878DCFD31D737D1F3
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/z7i3oCwf_Qpw5gqNt0oYPUSi-b8.roa
Signing time:             Wed 18 Feb 2026 08:27:13 +0000
ROA not before:           Wed 18 Feb 2026 08:27:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        178.253.210.0/24 maxlen: 24
                          188.255.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6f:dc:48:f3:37:b6:14:c8:78:dc:fd:31:d7:37:d1:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Feb 18 08:27:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cfb8b7a02c1ffd0a70e60a8db74a183d44a2f9bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:98:fe:f3:69:b2:22:2b:1f:4f:61:54:30:81:
                    23:55:71:68:f6:22:5b:19:61:a8:87:4a:6a:27:c5:
                    b2:85:32:2a:5e:7d:dd:2a:4c:fe:21:b9:29:e1:6e:
                    7f:31:63:45:fd:2c:79:97:d0:47:65:d3:18:93:d2:
                    4d:52:d9:74:b3:e8:ee:65:db:33:95:5e:54:80:69:
                    5e:b8:53:77:c1:55:ee:e9:37:ad:55:b3:5e:a0:20:
                    49:08:5c:39:54:ad:79:1b:5e:45:e0:4c:dc:16:e4:
                    9b:80:ee:cb:6b:0d:ae:70:4e:b0:0d:8b:5b:e5:14:
                    a2:b0:7d:5f:c2:33:7a:fb:fa:23:0e:8d:82:18:7b:
                    0a:5c:e7:3a:93:72:ab:54:92:ab:73:00:21:53:bf:
                    d9:01:00:89:ca:b1:8f:eb:57:f7:99:ff:44:4f:e5:
                    53:0a:a5:5b:a5:dd:4c:bd:92:3c:e5:4c:22:c1:21:
                    98:84:2f:3d:8d:d8:92:d6:a9:6a:7c:7a:6c:bf:8a:
                    23:8f:4c:d4:91:17:ab:48:b1:a3:25:94:d3:e4:a2:
                    ee:4f:21:12:b1:f3:94:ba:81:b0:00:09:11:be:36:
                    9b:09:0d:64:64:a7:b9:12:7f:ae:56:ee:c8:ff:f9:
                    65:32:99:b7:12:7a:24:3a:aa:30:99:ee:9c:83:47:
                    f3:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:B8:B7:A0:2C:1F:FD:0A:70:E6:0A:8D:B7:4A:18:3D:44:A2:F9:BF
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/z7i3oCwf_Qpw5gqNt0oYPUSi-b8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.210.0/24
                  188.255.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:d9:04:7c:be:6b:6e:73:83:00:eb:16:62:5c:c1:cb:f9:69:
         dc:80:46:28:90:bc:d5:fc:4b:ea:79:35:48:b5:c3:52:3e:b2:
         a2:d9:7c:c1:8b:29:3f:35:5a:f6:73:7c:97:4e:1a:9a:48:2e:
         67:5e:14:44:7c:50:17:97:e9:ca:e3:d5:99:10:7a:e6:2f:be:
         68:bd:c1:bd:7b:e0:65:fe:ec:93:f7:fc:01:7e:f3:fa:a6:60:
         c2:d1:42:31:fa:09:c7:92:e8:df:04:41:a5:08:27:57:9f:6d:
         4a:5c:67:9c:dd:8d:84:97:23:84:e3:4d:cf:9e:66:9d:7b:1a:
         9b:54:51:93:12:d4:40:04:7b:df:dc:d4:ed:78:e0:b9:c1:01:
         8f:ab:db:c8:d7:10:ed:d8:cd:8a:60:70:0c:22:9b:cd:0a:7e:
         ad:2f:58:91:b9:97:37:91:f0:60:92:5b:42:b9:ab:7d:e5:20:
         13:3f:e6:18:70:0a:e5:e2:8a:5c:20:ed:2b:6b:41:30:6f:83:
         59:78:84:f4:1d:1a:04:4a:1b:b6:47:c6:15:5e:d7:c1:91:bd:
         1f:49:a1:d3:9f:31:88:4e:68:a5:29:de:0b:40:88:c2:0f:1a:
         84:32:73:ee:55:91:e0:ba:c9:ec:73:0b:8f:6e:34:bc:0b:90:
         79:27:4f:ac
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxv3EjzN7YUyHjc/THXN9HzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwMjE4MDgyNzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmI4YjdhMDJjMWZmZDBhNzBlNjBhOGRiNzRhMTgzZDQ0YTJmOWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5j+82myIisfT2FUMIEjVXFo9iJb
GWGoh0pqJ8WyhTIqXn3dKkz+Ibkp4W5/MWNF/Sx5l9BHZdMYk9JNUtl0s+juZdsz
lV5UgGleuFN3wVXu6TetVbNeoCBJCFw5VK15G15F4EzcFuSbgO7Law2ucE6wDYtb
5RSisH1fwjN6+/ojDo2CGHsKXOc6k3KrVJKrcwAhU7/ZAQCJyrGP61f3mf9ET+VT
CqVbpd1MvZI85UwiwSGYhC89jdiS1qlqfHpsv4ojj0zUkRerSLGjJZTT5KLuTyES
sfOUuoGwAAkRvjabCQ1kZKe5En+uVu7I//llMpm3EnokOqowme6cg0fzfwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM+4t6AsH/0KcOYKjbdKGD1Eovm/MB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvejdpM29Dd2ZfUXB3NWdxTnQwb1lQVVNpLWI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsv3SAwQA
vP/BMA0GCSqGSIb3DQEBCwUAA4IBAQCK2QR8vmtuc4MA6xZiXMHL+WncgEYokLzV
/EvqeTVItcNSPrKi2XzBiyk/NVr2c3yXThqaSC5nXhREfFAXl+nK49WZEHrmL75o
vcG9e+Bl/uyT9/wBfvP6pmDC0UIx+gnHkujfBEGlCCdXn21KXGec3Y2ElyOE403P
nmadexqbVFGTEtRABHvf3NTteOC5wQGPq9vI1xDt2M2KYHAMIpvNCn6tL1iRuZc3
kfBgkltCuat95SATP+YYcArl4opcIO0ra0Ewb4NZeIT0HRoEShu2R8YVXtfBkb0f
SaHTnzGITmilKd4LQIjCDxqEMnPuVZHgusnscwuPbjS8C5B5J0+s
-----END CERTIFICATE-----