Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/BWTvXgAXmLi5C-gjg1XGZb6Xx2k.roa
File:                     BWTvXgAXmLi5C-gjg1XGZb6Xx2k.roa (raw, json)
Hash identifier:          42jeeBbxleiQhbuMxXur6p7rLIKmwfR/0QUFcIvSOuI=
Subject key identifier:   05:64:EF:5E:00:17:98:B8:B9:0B:E8:23:83:55:C6:65:BE:97:C7:69
Certificate issuer:       /CN=a0e381b6e76cb9520e8d8f56776eca0fe176cc40
Certificate serial:       019C67E3907886CB9666B3BD9AD907EDE735
Authority key identifier: A0:E3:81:B6:E7:6C:B9:52:0E:8D:8F:56:77:6E:CA:0F:E1:76:CC:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oOOBtudsuVIOjY9Wd27KD-F2zEA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/BWTvXgAXmLi5C-gjg1XGZb6Xx2k.roa
Signing time:             Mon 16 Feb 2026 19:18:12 +0000
ROA not before:           Mon 16 Feb 2026 19:18:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204203
IP address blocks:        185.161.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/oOOBtudsuVIOjY9Wd27KD-F2zEA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/oOOBtudsuVIOjY9Wd27KD-F2zEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oOOBtudsuVIOjY9Wd27KD-F2zEA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:67:e3:90:78:86:cb:96:66:b3:bd:9a:d9:07:ed:e7:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0e381b6e76cb9520e8d8f56776eca0fe176cc40
        Validity
            Not Before: Feb 16 19:18:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0564ef5e001798b8b90be8238355c665be97c769
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:1d:a0:2d:dd:b5:a5:15:21:f3:bb:04:cd:95:
                    37:5c:9f:80:9b:d7:14:ad:7a:ed:6a:f2:63:8d:6e:
                    2c:d8:ff:8f:64:40:bb:4f:93:44:f7:3b:a6:39:50:
                    65:99:d2:4e:b9:11:db:1e:83:06:5c:1f:29:24:4f:
                    9e:3c:59:e9:e4:2e:02:1e:fc:7d:de:03:c7:9c:d5:
                    4a:0b:50:39:9f:a6:5b:9e:4e:db:67:d2:1d:c0:37:
                    33:0a:47:fa:cb:67:8d:59:41:b2:b4:94:d9:8d:cd:
                    27:cd:f8:d5:1e:67:0a:03:97:45:bf:f5:71:7c:f0:
                    37:16:b7:9c:4e:32:9f:f7:3a:f1:b7:a3:ad:22:b6:
                    01:dd:4f:94:90:b1:0f:8a:e3:85:e6:25:5c:7b:de:
                    96:66:5a:7b:12:4c:3b:91:9f:5d:65:68:13:5b:4b:
                    1b:8f:7f:d0:89:de:8a:8c:5b:37:bb:b9:35:8e:03:
                    09:df:e1:44:e0:39:7d:fd:95:c5:f5:fa:6f:7b:e7:
                    48:17:b4:11:bc:ce:6f:34:a3:ab:1b:51:0b:08:a1:
                    5d:d2:7b:fe:fd:80:84:e3:51:64:9a:79:e1:ed:12:
                    dc:d6:f3:e5:66:37:fc:ba:f1:f4:d7:42:b1:54:5f:
                    d6:06:f0:c1:09:f0:27:48:78:d7:b9:3d:d3:f6:cc:
                    40:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:64:EF:5E:00:17:98:B8:B9:0B:E8:23:83:55:C6:65:BE:97:C7:69
            X509v3 Authority Key Identifier:
                keyid:A0:E3:81:B6:E7:6C:B9:52:0E:8D:8F:56:77:6E:CA:0F:E1:76:CC:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oOOBtudsuVIOjY9Wd27KD-F2zEA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/BWTvXgAXmLi5C-gjg1XGZb6Xx2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/oOOBtudsuVIOjY9Wd27KD-F2zEA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:a2:8f:05:9d:e4:cf:61:bb:a2:a9:37:00:1d:1d:bb:4c:64:
         6f:bc:f8:0c:22:18:48:ea:4a:1f:a8:1c:ec:72:64:c7:c9:06:
         1d:88:09:53:ef:8b:02:b9:24:1e:88:c1:12:56:24:07:26:7a:
         62:f5:49:40:42:f4:75:00:e2:79:c1:41:a5:a3:34:aa:eb:d7:
         84:dc:0d:4c:4c:56:ba:31:82:37:90:fd:d9:50:72:67:9e:a4:
         4d:bc:77:7e:7d:73:8e:52:66:92:99:3d:23:62:26:cc:1f:bc:
         1c:e2:55:f6:bd:ac:3d:d2:58:7b:05:a6:86:23:23:1f:72:97:
         76:70:07:eb:25:0d:b8:17:5f:6e:14:c7:d1:25:7f:9c:88:6b:
         19:c2:e2:75:be:c7:95:28:4e:f0:b0:62:66:a2:25:3e:06:6d:
         8f:85:c9:6f:b8:89:0f:00:7c:58:c3:ed:83:1c:cd:c2:5b:96:
         b9:eb:80:24:fb:98:e3:01:3a:27:0b:87:5b:c3:4b:97:8b:c7:
         f4:53:38:4d:ec:c5:b6:0c:b8:37:14:c7:49:51:ad:f2:76:43:
         00:61:0b:45:25:8c:e9:cf:80:07:d6:c5:80:77:23:be:ed:f0:
         94:81:f8:2c:19:51:5f:8c:00:df:d0:54:e7:4c:ca:8d:5c:53:
         f0:bf:fd:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxn45B4hsuWZrO9mtkH7ec1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZTM4MWI2ZTc2Y2I5NTIwZThkOGY1Njc3NmVjYTBmZTE3
NmNjNDAwHhcNMjYwMjE2MTkxODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTY0ZWY1ZTAwMTc5OGI4YjkwYmU4MjM4MzU1YzY2NWJlOTdjNzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4R2gLd21pRUh87sEzZU3XJ+Am9cU
rXrtavJjjW4s2P+PZEC7T5NE9zumOVBlmdJOuRHbHoMGXB8pJE+ePFnp5C4CHvx9
3gPHnNVKC1A5n6Zbnk7bZ9IdwDczCkf6y2eNWUGytJTZjc0nzfjVHmcKA5dFv/Vx
fPA3FrecTjKf9zrxt6OtIrYB3U+UkLEPiuOF5iVce96WZlp7Ekw7kZ9dZWgTW0sb
j3/Qid6KjFs3u7k1jgMJ3+FE4Dl9/ZXF9fpve+dIF7QRvM5vNKOrG1ELCKFd0nv+
/YCE41Fkmnnh7RLc1vPlZjf8uvH010KxVF/WBvDBCfAnSHjXuT3T9sxA2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAVk714AF5i4uQvoI4NVxmW+l8dpMB8GA1UdIwQY
MBaAFKDjgbbnbLlSDo2PVnduyg/hdsxAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb09PQnR1ZHN1VklPalk5V2QyN0tELUYyekVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS84ZTZmMDgtMzBmMC00NmRkLWE3YTEt
YTljMzg0MTI4ZDQyLzEvQldUdlhnQVhtTGk1Qy1namcxWEdaYjZYeDJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS84ZTZmMDgtMzBmMC00NmRkLWE3YTEtYTljMzg0MTI4ZDQy
LzEvb09PQnR1ZHN1VklPalk5V2QyN0tELUYyekVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaEkMA0G
CSqGSIb3DQEBCwUAA4IBAQA9oo8FneTPYbuiqTcAHR27TGRvvPgMIhhI6kofqBzs
cmTHyQYdiAlT74sCuSQeiMESViQHJnpi9UlAQvR1AOJ5wUGlozSq69eE3A1MTFa6
MYI3kP3ZUHJnnqRNvHd+fXOOUmaSmT0jYibMH7wc4lX2vaw90lh7BaaGIyMfcpd2
cAfrJQ24F19uFMfRJX+ciGsZwuJ1vseVKE7wsGJmoiU+Bm2PhclvuIkPAHxYw+2D
HM3CW5a564Ak+5jjATonC4dbw0uXi8f0UzhN7MW2DLg3FMdJUa3ydkMAYQtFJYzp
z4AH1sWAdyO+7fCUgfgsGVFfjADf0FTnTMqNXFPwv/3D
-----END CERTIFICATE-----