Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/35a75a-fa28-455c-a9d7-42538495a253/1/mQhTuTKEwu8zhwzyt5PaOFOOFgo.roa
File:                     mQhTuTKEwu8zhwzyt5PaOFOOFgo.roa (raw, json)
Hash identifier:          f0RTXa3+LdAMLeM1vR+W1zWxntSZGi5bAcnStMVW9ME=
Subject key identifier:   99:08:53:B9:32:84:C2:EF:33:87:0C:F2:B7:93:DA:38:53:8E:16:0A
Certificate issuer:       /CN=4d581f316a4510cd718f05cdfda47f60b5240dfb
Certificate serial:       019C89C4916185730AE1510F029650472FD3
Authority key identifier: 4D:58:1F:31:6A:45:10:CD:71:8F:05:CD:FD:A4:7F:60:B5:24:0D:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVgfMWpFEM1xjwXN_aR_YLUkDfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/35a75a-fa28-455c-a9d7-42538495a253/1/mQhTuTKEwu8zhwzyt5PaOFOOFgo.roa
Signing time:             Mon 23 Feb 2026 09:11:26 +0000
ROA not before:           Mon 23 Feb 2026 09:11:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200782
IP address blocks:        194.31.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/35a75a-fa28-455c-a9d7-42538495a253/1/TVgfMWpFEM1xjwXN_aR_YLUkDfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/35a75a-fa28-455c-a9d7-42538495a253/1/TVgfMWpFEM1xjwXN_aR_YLUkDfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVgfMWpFEM1xjwXN_aR_YLUkDfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 03:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:89:c4:91:61:85:73:0a:e1:51:0f:02:96:50:47:2f:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d581f316a4510cd718f05cdfda47f60b5240dfb
        Validity
            Not Before: Feb 23 09:11:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=990853b93284c2ef33870cf2b793da38538e160a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:cf:ed:90:a7:09:6e:af:ee:8d:32:6b:ef:ef:
                    b1:07:e1:16:ad:c3:ba:f2:52:cb:a5:bf:10:3e:87:
                    f9:17:8f:31:6c:4f:c3:2e:b6:5f:b1:e6:c5:5b:27:
                    5d:e4:5d:26:a6:a9:bb:63:4d:e6:0b:7a:a0:f9:0b:
                    43:66:2c:c0:86:c0:08:2f:c7:47:bc:02:64:8b:30:
                    49:66:6c:c3:36:12:d6:8d:c8:52:de:b8:b7:97:eb:
                    00:e8:9a:6c:7b:5d:2c:44:34:74:d2:8c:21:92:cf:
                    9c:c6:70:29:76:e6:9e:c4:58:6d:d2:60:98:42:85:
                    57:a5:1a:bf:11:f6:6b:0a:db:c1:02:09:d0:5a:84:
                    04:2a:f4:7a:6b:6d:66:1d:d5:e2:24:6d:6c:e2:05:
                    04:4e:e0:ba:38:1f:93:53:63:b2:e7:fa:e3:86:06:
                    89:ff:9c:b4:3a:c6:f5:0a:3f:58:a6:c9:5d:74:04:
                    b7:1a:85:ee:f4:ad:81:2e:93:55:99:9c:96:e1:77:
                    8f:cf:14:36:46:d9:77:e2:26:54:a3:df:8b:a7:78:
                    3b:b6:91:1c:de:22:13:04:01:5d:bf:ae:4b:b3:05:
                    9b:19:5f:5c:05:9a:53:6f:08:86:16:bd:b4:33:57:
                    47:d0:19:ef:5a:eb:3b:32:0b:df:99:7c:ba:3a:4c:
                    5a:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:08:53:B9:32:84:C2:EF:33:87:0C:F2:B7:93:DA:38:53:8E:16:0A
            X509v3 Authority Key Identifier:
                keyid:4D:58:1F:31:6A:45:10:CD:71:8F:05:CD:FD:A4:7F:60:B5:24:0D:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVgfMWpFEM1xjwXN_aR_YLUkDfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/35a75a-fa28-455c-a9d7-42538495a253/1/mQhTuTKEwu8zhwzyt5PaOFOOFgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/35a75a-fa28-455c-a9d7-42538495a253/1/TVgfMWpFEM1xjwXN_aR_YLUkDfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:b1:87:21:fc:34:21:3d:53:2c:cc:48:67:98:d0:d3:18:a5:
         de:fa:a1:74:47:a1:61:ff:19:fd:a0:68:08:3b:b1:4d:7f:25:
         19:6a:3e:0f:2e:73:7a:f1:33:53:bd:c6:6a:38:54:c5:db:91:
         75:1b:97:4b:f0:9d:cb:46:07:f1:0e:9c:46:07:94:fc:d7:ec:
         ce:64:0a:61:a2:98:8d:fd:fe:49:ec:fa:4e:86:bd:de:ea:a6:
         96:2a:14:51:b5:df:40:04:46:77:1f:d0:a1:0c:d2:0e:b1:0d:
         ca:ff:b7:50:11:60:26:8c:1d:70:c0:c6:4b:87:38:91:6a:c9:
         2d:13:d7:ee:9d:37:9f:f7:39:0e:ef:01:c8:fc:10:5d:04:a7:
         77:0c:2d:c2:3f:40:00:ee:a9:34:52:59:4c:1f:8b:a8:fe:82:
         8d:cf:4d:90:52:f0:9a:5f:a0:68:dd:1e:fd:5e:7c:fd:34:63:
         74:76:a2:9f:c8:91:65:26:a7:3b:45:bd:af:ff:43:f6:66:f5:
         2c:7d:da:37:f5:5b:7f:94:c8:00:d7:c9:f8:ae:ad:34:6a:df:
         57:26:14:bf:3c:8e:d5:a6:2a:98:fc:c8:6a:4d:83:17:d1:4c:
         b4:dc:98:6b:3f:15:2c:2a:82:83:78:d0:ca:95:dd:b9:4c:cb:
         71:ab:1e:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyJxJFhhXMK4VEPApZQRy/TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNTgxZjMxNmE0NTEwY2Q3MThmMDVjZGZkYTQ3ZjYwYjUy
NDBkZmIwHhcNMjYwMjIzMDkxMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTA4NTNiOTMyODRjMmVmMzM4NzBjZjJiNzkzZGEzODUzOGUxNjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8/tkKcJbq/ujTJr7++xB+EWrcO6
8lLLpb8QPof5F48xbE/DLrZfsebFWydd5F0mpqm7Y03mC3qg+QtDZizAhsAIL8dH
vAJkizBJZmzDNhLWjchS3ri3l+sA6Jpse10sRDR00owhks+cxnApduaexFht0mCY
QoVXpRq/EfZrCtvBAgnQWoQEKvR6a21mHdXiJG1s4gUETuC6OB+TU2Oy5/rjhgaJ
/5y0Osb1Cj9YpslddAS3GoXu9K2BLpNVmZyW4XePzxQ2Rtl34iZUo9+Lp3g7tpEc
3iITBAFdv65LswWbGV9cBZpTbwiGFr20M1dH0BnvWus7MgvfmXy6OkxaBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJkIU7kyhMLvM4cM8reT2jhTjhYKMB8GA1UdIwQY
MBaAFE1YHzFqRRDNcY8Fzf2kf2C1JA37MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZnZk1XcEZFTTF4andYTl9hUl9ZTFVrRGZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8zNWE3NWEtZmEyOC00NTVjLWE5ZDct
NDI1Mzg0OTVhMjUzLzEvbVFoVHVUS0V3dTh6aHd6eXQ1UGFPRk9PRmdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8zNWE3NWEtZmEyOC00NTVjLWE5ZDctNDI1Mzg0OTVhMjUz
LzEvVFZnZk1XcEZFTTF4andYTl9hUl9ZTFVrRGZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh/eMA0G
CSqGSIb3DQEBCwUAA4IBAQBnsYch/DQhPVMszEhnmNDTGKXe+qF0R6Fh/xn9oGgI
O7FNfyUZaj4PLnN68TNTvcZqOFTF25F1G5dL8J3LRgfxDpxGB5T81+zOZAphopiN
/f5J7PpOhr3e6qaWKhRRtd9ABEZ3H9ChDNIOsQ3K/7dQEWAmjB1wwMZLhziRaskt
E9funTef9zkO7wHI/BBdBKd3DC3CP0AA7qk0UllMH4uo/oKNz02QUvCaX6Bo3R79
Xnz9NGN0dqKfyJFlJqc7Rb2v/0P2ZvUsfdo39Vt/lMgA18n4rq00at9XJhS/PI7V
piqY/MhqTYMX0Uy03JhrPxUsKoKDeNDKld25TMtxqx5N
-----END CERTIFICATE-----