Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/b4c97b-e005-4cd6-8335-8091ebce3bbf/1/NStJJ9e183cFfxVciTY49OglbNU.roa
File:                     NStJJ9e183cFfxVciTY49OglbNU.roa (raw, json)
Hash identifier:          yb2BwVREODItjweWlbnW4dYNiNyWxIQNgI0RjZN1nJI=
Subject key identifier:   35:2B:49:27:D7:B5:F3:77:05:7F:15:5C:89:36:38:F4:E8:25:6C:D5
Certificate issuer:       /CN=e05d28f149793a3d72e8ef041e9c9e0d9a66b21e
Certificate serial:       019C7008385873877B0B765F38D0DE50BBAB
Authority key identifier: E0:5D:28:F1:49:79:3A:3D:72:E8:EF:04:1E:9C:9E:0D:9A:66:B2:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4F0o8Ul5Oj1y6O8EHpyeDZpmsh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/b4c97b-e005-4cd6-8335-8091ebce3bbf/1/NStJJ9e183cFfxVciTY49OglbNU.roa
Signing time:             Wed 18 Feb 2026 09:15:12 +0000
ROA not before:           Wed 18 Feb 2026 09:15:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203110
IP address blocks:        185.138.170.0/24 maxlen: 24
                          185.138.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/b4c97b-e005-4cd6-8335-8091ebce3bbf/1/4F0o8Ul5Oj1y6O8EHpyeDZpmsh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/b4c97b-e005-4cd6-8335-8091ebce3bbf/1/4F0o8Ul5Oj1y6O8EHpyeDZpmsh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4F0o8Ul5Oj1y6O8EHpyeDZpmsh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:70:08:38:58:73:87:7b:0b:76:5f:38:d0:de:50:bb:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e05d28f149793a3d72e8ef041e9c9e0d9a66b21e
        Validity
            Not Before: Feb 18 09:15:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=352b4927d7b5f377057f155c893638f4e8256cd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:20:2c:c6:02:79:16:c2:1e:b8:92:cc:7b:21:
                    e1:80:e0:c3:8e:46:06:88:c0:ad:24:0e:1c:74:79:
                    8d:fd:ed:a5:08:bf:88:84:23:06:29:8e:e9:9a:a2:
                    38:a5:92:69:f6:93:54:f4:06:77:3f:66:9b:27:bc:
                    5c:2e:12:70:00:24:a1:a0:0f:db:df:17:da:ed:f0:
                    87:ab:71:40:88:7e:00:76:9e:d9:4d:32:d4:64:86:
                    53:3e:4a:a6:43:33:4c:40:c3:4f:2c:32:04:0c:ee:
                    60:ec:bb:fd:1e:20:8d:ab:e6:90:c6:51:71:f5:bf:
                    8a:2d:3e:12:f7:d0:6f:f2:5e:10:20:c3:cd:31:5b:
                    62:ba:15:92:77:a1:ad:90:88:fb:5f:82:79:d4:37:
                    5f:6c:32:50:e6:55:1a:7b:08:8a:e8:07:c0:ae:a0:
                    72:c9:a5:de:4f:00:c2:d8:42:6b:56:dc:fb:0a:27:
                    9a:c1:12:41:18:59:b1:48:5a:4d:21:72:41:77:4a:
                    5b:bc:d7:3e:b7:8d:f7:88:8a:bf:ad:89:91:54:98:
                    fd:40:2a:aa:29:9e:17:26:62:2d:7c:2c:9a:98:23:
                    4b:6b:4c:2f:b9:4a:07:44:42:e6:18:1f:7e:b4:5c:
                    3a:72:f8:13:26:a8:4e:aa:63:e2:38:2b:74:fc:a9:
                    36:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:2B:49:27:D7:B5:F3:77:05:7F:15:5C:89:36:38:F4:E8:25:6C:D5
            X509v3 Authority Key Identifier:
                keyid:E0:5D:28:F1:49:79:3A:3D:72:E8:EF:04:1E:9C:9E:0D:9A:66:B2:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4F0o8Ul5Oj1y6O8EHpyeDZpmsh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/b4c97b-e005-4cd6-8335-8091ebce3bbf/1/NStJJ9e183cFfxVciTY49OglbNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/b4c97b-e005-4cd6-8335-8091ebce3bbf/1/4F0o8Ul5Oj1y6O8EHpyeDZpmsh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:6a:38:81:8e:97:6a:ce:37:10:4a:29:68:b6:e2:e8:e8:e1:
         f0:83:ad:e9:66:18:27:c5:1a:df:55:bf:00:f5:8b:00:e1:28:
         d0:c3:99:55:8b:af:4d:20:05:9c:64:a8:28:3e:fd:2a:7e:ff:
         79:5e:96:28:48:fb:f3:21:ce:6e:73:ad:e7:c1:86:a7:2a:38:
         6b:d6:66:23:b5:82:58:d5:69:df:54:42:68:a8:fe:c7:bc:08:
         ea:56:6e:fc:63:25:5c:f6:01:94:69:24:d4:54:5a:07:52:43:
         fe:62:ee:64:ee:f1:c3:b4:e0:6f:d2:0b:99:39:c5:2a:23:df:
         89:e4:86:39:33:0e:2f:b8:68:7d:fc:b5:e8:12:21:3a:6a:e4:
         89:8f:6d:48:29:2c:20:d2:52:8c:92:77:d7:4b:42:e7:d0:e2:
         1b:f0:e1:ee:8f:93:50:f2:37:b6:b5:94:34:52:03:be:89:65:
         9c:44:fb:ac:c7:0f:3c:96:46:0b:61:ca:ce:fc:df:68:31:1e:
         8c:e3:f3:a8:53:dc:43:35:d1:ff:32:0a:08:62:a5:43:44:4d:
         d3:3c:fe:fe:6b:6e:c4:c8:3c:6c:f2:00:d6:53:db:92:5f:54:
         a9:6d:f6:ee:14:1b:a1:ef:fb:82:22:49:d3:8e:cf:27:37:99:
         47:84:a0:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxwCDhYc4d7C3ZfONDeULurMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNWQyOGYxNDk3OTNhM2Q3MmU4ZWYwNDFlOWM5ZTBkOWE2
NmIyMWUwHhcNMjYwMjE4MDkxNTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTJiNDkyN2Q3YjVmMzc3MDU3ZjE1NWM4OTM2MzhmNGU4MjU2Y2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCAsxgJ5FsIeuJLMeyHhgODDjkYG
iMCtJA4cdHmN/e2lCL+IhCMGKY7pmqI4pZJp9pNU9AZ3P2abJ7xcLhJwACShoA/b
3xfa7fCHq3FAiH4Adp7ZTTLUZIZTPkqmQzNMQMNPLDIEDO5g7Lv9HiCNq+aQxlFx
9b+KLT4S99Bv8l4QIMPNMVtiuhWSd6GtkIj7X4J51DdfbDJQ5lUaewiK6AfArqBy
yaXeTwDC2EJrVtz7CieawRJBGFmxSFpNIXJBd0pbvNc+t433iIq/rYmRVJj9QCqq
KZ4XJmItfCyamCNLa0wvuUoHRELmGB9+tFw6cvgTJqhOqmPiOCt0/Kk2fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDUrSSfXtfN3BX8VXIk2OPToJWzVMB8GA1UdIwQY
MBaAFOBdKPFJeTo9cujvBB6cng2aZrIeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEYwbzhVbDVPajF5Nk84RUhweWVEWnBtc2g0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9iNGM5N2ItZTAwNS00Y2Q2LTgzMzUt
ODA5MWViY2UzYmJmLzEvTlN0Sko5ZTE4M2NGZnhWY2lUWTQ5T2dsYk5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9iNGM5N2ItZTAwNS00Y2Q2LTgzMzUtODA5MWViY2UzYmJm
LzEvNEYwbzhVbDVPajF5Nk84RUhweWVEWnBtc2g0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuYqqMA0G
CSqGSIb3DQEBCwUAA4IBAQACajiBjpdqzjcQSilotuLo6OHwg63pZhgnxRrfVb8A
9YsA4SjQw5lVi69NIAWcZKgoPv0qfv95XpYoSPvzIc5uc63nwYanKjhr1mYjtYJY
1WnfVEJoqP7HvAjqVm78YyVc9gGUaSTUVFoHUkP+Yu5k7vHDtOBv0guZOcUqI9+J
5IY5Mw4vuGh9/LXoEiE6auSJj21IKSwg0lKMknfXS0Ln0OIb8OHuj5NQ8je2tZQ0
UgO+iWWcRPusxw88lkYLYcrO/N9oMR6M4/OoU9xDNdH/MgoIYqVDRE3TPP7+a27E
yDxs8gDWU9uSX1SpbfbuFBuh7/uCIknTjs8nN5lHhKBA
-----END CERTIFICATE-----