Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/o8u_3aSRBty3hd7jb-zctGFuulI.roa
File:                     o8u_3aSRBty3hd7jb-zctGFuulI.roa (raw, json)
Hash identifier:          eIA03+zKUxVkomCqmVVeVcEdH8W7V0ITpVbhNfJ74mk=
Subject key identifier:   A3:CB:BF:DD:A4:91:06:DC:B7:85:DE:E3:6F:EC:DC:B4:61:6E:BA:52
Certificate issuer:       /CN=8f4669216a2078cb024231f4632eab4da7ee4bc1
Certificate serial:       019C50B34A81C059E65B7C4A756012C770BC
Authority key identifier: 8F:46:69:21:6A:20:78:CB:02:42:31:F4:63:2E:AB:4D:A7:EE:4B:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0ZpIWogeMsCQjH0Yy6rTafuS8E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/o8u_3aSRBty3hd7jb-zctGFuulI.roa
Signing time:             Thu 12 Feb 2026 07:14:13 +0000
ROA not before:           Thu 12 Feb 2026 07:14:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        185.46.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/j0ZpIWogeMsCQjH0Yy6rTafuS8E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/j0ZpIWogeMsCQjH0Yy6rTafuS8E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0ZpIWogeMsCQjH0Yy6rTafuS8E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:50:b3:4a:81:c0:59:e6:5b:7c:4a:75:60:12:c7:70:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4669216a2078cb024231f4632eab4da7ee4bc1
        Validity
            Not Before: Feb 12 07:14:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a3cbbfdda49106dcb785dee36fecdcb4616eba52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:50:2d:02:8f:51:f6:b2:30:64:d9:6d:65:7e:
                    eb:f6:26:e2:a6:79:13:94:8a:08:1a:7d:32:59:91:
                    43:ec:fc:00:08:54:7a:08:71:8b:27:74:02:d0:29:
                    9f:2a:cd:8d:63:ea:02:2d:48:5e:bd:b5:11:89:88:
                    af:50:ce:79:50:21:fd:e1:79:cb:1f:2c:db:86:74:
                    c5:00:a7:9b:d4:db:e0:a5:e6:2c:7e:8f:96:dd:de:
                    ba:1f:24:e4:77:aa:95:35:25:6d:9b:ed:d4:aa:24:
                    d6:cc:48:0e:41:8a:29:37:46:73:d5:08:76:5e:a3:
                    cf:3a:80:20:cc:b3:26:b7:06:2f:38:d5:96:9b:26:
                    44:bc:e0:bb:b7:f8:1d:62:86:ac:ba:10:8b:c1:a8:
                    ba:10:7b:a9:a4:2f:fe:7a:0b:0a:d6:f9:b4:1e:0e:
                    50:54:3a:9d:df:7a:42:88:ff:a8:32:f1:10:d8:23:
                    f5:b5:70:20:4c:2d:e6:b6:df:c9:05:07:6a:49:9d:
                    c1:49:d8:df:cb:7c:f3:27:70:c0:0c:40:a0:b8:57:
                    cb:5e:36:75:38:1c:06:13:25:13:32:62:26:88:b6:
                    93:63:d3:4a:2e:ee:12:d4:3b:01:7b:07:1b:5b:88:
                    2f:d5:96:7a:38:fe:1d:6f:90:2a:a9:9c:30:22:76:
                    fb:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:CB:BF:DD:A4:91:06:DC:B7:85:DE:E3:6F:EC:DC:B4:61:6E:BA:52
            X509v3 Authority Key Identifier:
                keyid:8F:46:69:21:6A:20:78:CB:02:42:31:F4:63:2E:AB:4D:A7:EE:4B:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0ZpIWogeMsCQjH0Yy6rTafuS8E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/o8u_3aSRBty3hd7jb-zctGFuulI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/j0ZpIWogeMsCQjH0Yy6rTafuS8E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:68:54:08:38:24:2f:ef:2f:5d:1b:e4:b7:05:30:8d:78:37:
         33:28:03:b2:4a:f5:fc:85:fc:08:5f:f8:e1:8e:6c:33:0b:e6:
         32:74:43:59:d1:96:93:7e:f9:c0:41:12:99:06:75:ae:45:1d:
         fb:90:b7:4f:56:f3:28:95:1e:99:d3:f2:88:61:40:b1:d0:20:
         d6:03:02:6a:48:25:93:8a:40:13:56:fa:bd:e4:b6:d1:b3:82:
         f1:71:6b:0e:12:cc:23:a4:92:7d:82:1e:45:c8:e5:da:c9:7a:
         68:94:4f:92:b2:73:6b:cf:fd:2f:3b:f7:eb:92:2c:8a:2c:0a:
         58:80:02:99:14:36:a2:69:1c:a1:c7:7f:be:60:ab:f4:3c:f0:
         e9:b8:42:c0:19:a7:4c:d1:cf:c1:5d:14:76:77:69:64:b5:28:
         61:cb:c0:ca:fd:c7:8e:da:01:92:b8:4f:4d:ae:5a:1c:1e:3c:
         c1:0b:2d:7a:af:08:81:5d:d0:24:02:fe:61:f0:53:cc:f4:1f:
         de:90:7c:44:f3:94:14:50:43:ff:31:3c:70:15:46:46:7d:c5:
         d6:71:b6:05:a4:d7:19:72:21:92:00:ed:c1:3a:61:64:b3:2f:
         6d:a3:d1:c6:f9:5d:76:1f:44:8c:84:79:43:58:14:23:d2:8e:
         10:10:b9:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxQs0qBwFnmW3xKdWASx3C8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmNDY2OTIxNmEyMDc4Y2IwMjQyMzFmNDYzMmVhYjRkYTdl
ZTRiYzEwHhcNMjYwMjEyMDcxNDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2NiYmZkZGE0OTEwNmRjYjc4NWRlZTM2ZmVjZGNiNDYxNmViYTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFAtAo9R9rIwZNltZX7r9ibipnkT
lIoIGn0yWZFD7PwACFR6CHGLJ3QC0CmfKs2NY+oCLUhevbURiYivUM55UCH94XnL
HyzbhnTFAKeb1NvgpeYsfo+W3d66HyTkd6qVNSVtm+3UqiTWzEgOQYopN0Zz1Qh2
XqPPOoAgzLMmtwYvONWWmyZEvOC7t/gdYoasuhCLwai6EHuppC/+egsK1vm0Hg5Q
VDqd33pCiP+oMvEQ2CP1tXAgTC3mtt/JBQdqSZ3BSdjfy3zzJ3DADECguFfLXjZ1
OBwGEyUTMmImiLaTY9NKLu4S1DsBewcbW4gv1ZZ6OP4db5AqqZwwInb7xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKPLv92kkQbct4Xe42/s3LRhbrpSMB8GA1UdIwQY
MBaAFI9GaSFqIHjLAkIx9GMuq02n7kvBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajBacElXb2dlTXNDUWpIMFl5NnJUYWZ1UzhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9kYTQ4ZTItZmY2My00YmNkLTgyYTIt
ZDdiOGViNDYwOGUyLzEvbzh1XzNhU1JCdHkzaGQ3amItemN0R0Z1dWxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9kYTQ4ZTItZmY2My00YmNkLTgyYTItZDdiOGViNDYwOGUy
LzEvajBacElXb2dlTXNDUWpIMFl5NnJUYWZ1UzhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuS5yMA0G
CSqGSIb3DQEBCwUAA4IBAQAfaFQIOCQv7y9dG+S3BTCNeDczKAOySvX8hfwIX/jh
jmwzC+YydENZ0ZaTfvnAQRKZBnWuRR37kLdPVvMolR6Z0/KIYUCx0CDWAwJqSCWT
ikATVvq95LbRs4LxcWsOEswjpJJ9gh5FyOXayXpolE+SsnNrz/0vO/frkiyKLApY
gAKZFDaiaRyhx3++YKv0PPDpuELAGadM0c/BXRR2d2lktShhy8DK/ceO2gGSuE9N
rlocHjzBCy16rwiBXdAkAv5h8FPM9B/ekHxE85QUUEP/MTxwFUZGfcXWcbYFpNcZ
ciGSAO3BOmFksy9to9HG+V12H0SMhHlDWBQj0o4QELnG
-----END CERTIFICATE-----