Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/Pg6WcfGC8AkvBSVyCvKxqgdMGlM.roa
File:                     Pg6WcfGC8AkvBSVyCvKxqgdMGlM.roa (raw, json)
Hash identifier:          2K2U6cGOTmQqLf6zsnhVRf79y+nh5CGpqyhhe8CMkU8=
Subject key identifier:   3E:0E:96:71:F1:82:F0:09:2F:05:25:72:0A:F2:B1:AA:07:4C:1A:53
Certificate issuer:       /CN=b45999899f76d2e2e4ccdfc817f9879cfac06bbe
Certificate serial:       019C512DF7E988B308F311853898179180F7
Authority key identifier: B4:59:99:89:9F:76:D2:E2:E4:CC:DF:C8:17:F9:87:9C:FA:C0:6B:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/Pg6WcfGC8AkvBSVyCvKxqgdMGlM.roa
Signing time:             Thu 12 Feb 2026 09:28:12 +0000
ROA not before:           Thu 12 Feb 2026 09:28:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     46559
IP address blocks:        80.174.108.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:51:2d:f7:e9:88:b3:08:f3:11:85:38:98:17:91:80:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b45999899f76d2e2e4ccdfc817f9879cfac06bbe
        Validity
            Not Before: Feb 12 09:28:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3e0e9671f182f0092f0525720af2b1aa074c1a53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:c4:93:2d:df:75:c2:e5:a5:ec:f4:76:6c:bc:
                    24:6a:40:ed:5c:9e:70:eb:b9:3e:ee:d7:7f:b7:3c:
                    85:6f:5a:f3:73:73:fd:25:c4:b8:06:06:b5:38:62:
                    37:11:6e:42:5f:26:02:b9:80:1f:fb:d2:07:12:15:
                    bd:fe:64:45:34:7b:89:70:db:d7:43:6a:b3:0c:e5:
                    df:c3:08:a7:59:f1:30:45:77:dc:8c:9f:9b:76:ac:
                    ce:af:92:69:d4:c7:5d:50:21:34:4f:6f:4c:95:3d:
                    4c:95:4e:7a:df:3d:f8:27:79:68:66:f7:44:09:e5:
                    a8:4d:93:03:54:52:24:7f:76:e9:d3:5b:1f:b9:64:
                    48:55:7f:c9:51:eb:4f:66:02:43:d3:b1:02:9e:6c:
                    3e:6c:71:13:de:3e:3c:36:32:6a:41:c8:1f:20:46:
                    cb:b4:36:a8:92:91:8d:7a:79:1b:0b:f8:73:49:17:
                    6b:d2:02:ff:cf:0d:2d:1c:c8:eb:a5:a1:e7:6c:21:
                    b6:d2:85:ea:c8:d7:52:ef:4c:7a:67:85:30:fe:90:
                    39:de:da:32:08:be:fb:16:86:67:6e:de:7f:57:a3:
                    bd:00:cb:87:7f:58:9e:c2:f1:ab:5f:87:2c:52:22:
                    9a:20:b2:2b:a8:dd:45:1e:ea:e8:c2:85:fd:76:7d:
                    1a:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:0E:96:71:F1:82:F0:09:2F:05:25:72:0A:F2:B1:AA:07:4C:1A:53
            X509v3 Authority Key Identifier:
                keyid:B4:59:99:89:9F:76:D2:E2:E4:CC:DF:C8:17:F9:87:9C:FA:C0:6B:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/Pg6WcfGC8AkvBSVyCvKxqgdMGlM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.174.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d0:44:cd:60:49:2c:e5:3e:7c:9b:f4:95:c2:bb:21:ab:1b:56:
         67:df:53:3d:91:84:a9:ed:8f:45:ae:fe:e8:5f:1e:33:54:42:
         a8:44:91:a8:67:64:b1:29:44:03:09:c1:08:19:a4:6f:a2:b5:
         60:f8:15:dc:0e:14:1f:93:05:36:10:27:b4:c4:03:6d:76:98:
         de:58:c3:0e:b0:cc:f1:d8:f1:1f:ca:24:be:52:49:5a:4a:9c:
         9c:cb:bf:10:f4:67:d2:af:13:c2:c9:d9:74:ec:d8:22:02:83:
         a1:92:e2:4e:ee:97:6f:c2:67:75:bc:ef:d9:e1:1a:8f:f1:15:
         27:f6:d6:4d:7c:92:5b:dc:3e:bb:84:5f:55:8b:a0:f2:ae:36:
         95:07:eb:ed:cc:98:e7:a4:7a:9c:b7:09:84:85:0d:d6:97:5c:
         50:a2:0a:b9:41:54:71:45:17:c8:9a:39:1d:9a:22:4a:37:40:
         0b:96:7d:51:b5:dc:c2:59:81:83:d4:c8:51:e0:af:e4:b6:c9:
         42:64:09:46:3e:2e:e8:5a:ed:3b:64:b7:09:c7:37:03:79:f8:
         d4:ae:2d:4d:7a:a1:64:c1:a1:33:57:9e:c6:c2:8d:b3:63:3f:
         4c:27:83:79:98:09:47:bc:d7:a0:42:24:d4:dc:82:c1:de:57:
         e5:5f:40:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxRLffpiLMI8xGFOJgXkYD3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NTk5OTg5OWY3NmQyZTJlNGNjZGZjODE3Zjk4NzljZmFj
MDZiYmUwHhcNMjYwMjEyMDkyODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTBlOTY3MWYxODJmMDA5MmYwNTI1NzIwYWYyYjFhYTA3NGMxYTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA48STLd91wuWl7PR2bLwkakDtXJ5w
67k+7td/tzyFb1rzc3P9JcS4Bga1OGI3EW5CXyYCuYAf+9IHEhW9/mRFNHuJcNvX
Q2qzDOXfwwinWfEwRXfcjJ+bdqzOr5Jp1MddUCE0T29MlT1MlU563z34J3loZvdE
CeWoTZMDVFIkf3bp01sfuWRIVX/JUetPZgJD07ECnmw+bHET3j48NjJqQcgfIEbL
tDaokpGNenkbC/hzSRdr0gL/zw0tHMjrpaHnbCG20oXqyNdS70x6Z4Uw/pA53toy
CL77FoZnbt5/V6O9AMuHf1iewvGrX4csUiKaILIrqN1FHurowoX9dn0aUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD4OlnHxgvAJLwUlcgrysaoHTBpTMB8GA1UdIwQY
MBaAFLRZmYmfdtLi5MzfyBf5h5z6wGu+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEZtWmlaOTIwdUxrek5fSUZfbUhuUHJBYTc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9jYjdiMjEtMzM1Yy00MmNhLTg1OWUt
NzM0MjhmOWM3YmZmLzEvUGc2V2NmR0M4QWt2QlNWeUN2S3hxZ2RNR2xNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9jYjdiMjEtMzM1Yy00MmNhLTg1OWUtNzM0MjhmOWM3YmZm
LzEvdEZtWmlaOTIwdUxrek5fSUZfbUhuUHJBYTc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUK5sMA0G
CSqGSIb3DQEBCwUAA4IBAQDQRM1gSSzlPnyb9JXCuyGrG1Zn31M9kYSp7Y9Frv7o
Xx4zVEKoRJGoZ2SxKUQDCcEIGaRvorVg+BXcDhQfkwU2ECe0xANtdpjeWMMOsMzx
2PEfyiS+UklaSpycy78Q9GfSrxPCydl07NgiAoOhkuJO7pdvwmd1vO/Z4RqP8RUn
9tZNfJJb3D67hF9Vi6DyrjaVB+vtzJjnpHqctwmEhQ3Wl1xQogq5QVRxRRfImjkd
miJKN0ALln1RtdzCWYGD1MhR4K/ktslCZAlGPi7oWu07ZLcJxzcDefjUri1NeqFk
waEzV57Gwo2zYz9MJ4N5mAlHvNegQiTU3ILB3lflX0BY
-----END CERTIFICATE-----