Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/5e61d8-d1bf-4f2a-a32e-f5d6b752ae34/1/p3wpRRs-f7GQUm8KtIUlma6wjSs.roa
File:                     p3wpRRs-f7GQUm8KtIUlma6wjSs.roa (raw, json)
Hash identifier:          90E81RrURGxHLOrJQ2EQ5/Y8TtYWMesX5r41cRtv1NA=
Subject key identifier:   A7:7C:29:45:1B:3E:7F:B1:90:52:6F:0A:B4:85:25:99:AE:B0:8D:2B
Certificate issuer:       /CN=b5189d9ea82d5fbb66d6c11f187633476034e0de
Certificate serial:       019C7AC12F6CF805878521D6239128959F17
Authority key identifier: B5:18:9D:9E:A8:2D:5F:BB:66:D6:C1:1F:18:76:33:47:60:34:E0:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tRidnqgtX7tm1sEfGHYzR2A04N4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/5e61d8-d1bf-4f2a-a32e-f5d6b752ae34/1/p3wpRRs-f7GQUm8KtIUlma6wjSs.roa
Signing time:             Fri 20 Feb 2026 11:13:26 +0000
ROA not before:           Fri 20 Feb 2026 11:13:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48678
IP address blocks:        46.36.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/5e61d8-d1bf-4f2a-a32e-f5d6b752ae34/1/tRidnqgtX7tm1sEfGHYzR2A04N4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/5e61d8-d1bf-4f2a-a32e-f5d6b752ae34/1/tRidnqgtX7tm1sEfGHYzR2A04N4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tRidnqgtX7tm1sEfGHYzR2A04N4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7a:c1:2f:6c:f8:05:87:85:21:d6:23:91:28:95:9f:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5189d9ea82d5fbb66d6c11f187633476034e0de
        Validity
            Not Before: Feb 20 11:13:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a77c29451b3e7fb190526f0ab4852599aeb08d2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:2d:07:0e:9f:8a:ce:92:43:f8:d1:10:31:73:
                    51:80:e6:47:30:e2:cd:1e:f2:ba:9d:6a:31:cd:4c:
                    c4:68:0c:62:b7:1a:97:a2:91:a4:cd:f3:1b:d2:5c:
                    32:8a:a9:ba:99:4b:e8:91:f4:98:b4:4f:9a:13:02:
                    7c:4a:cc:c9:9f:12:56:a7:e7:40:1d:7f:cf:1f:fa:
                    29:38:23:f4:f3:eb:f2:29:36:d3:59:40:68:20:f1:
                    ed:3c:07:40:c9:26:e8:96:f4:4b:43:fe:61:51:51:
                    92:7d:99:e1:de:69:19:c0:a2:2d:df:21:7b:d4:ec:
                    d5:b2:6f:58:f6:e7:0f:57:68:3d:ff:4c:8b:e7:55:
                    28:9a:ad:07:1b:41:a5:cc:35:70:32:7d:ed:68:09:
                    8e:da:dc:ef:96:8a:47:4e:7b:72:d0:9f:06:e4:04:
                    86:aa:63:62:ab:73:27:94:a6:11:5e:72:1b:09:09:
                    b2:0b:df:d7:53:01:b3:ef:77:25:02:96:47:18:69:
                    6e:04:e0:79:f4:77:cd:18:f6:c0:e0:66:93:97:5e:
                    5a:1b:be:b4:cf:e9:ee:73:b5:95:de:b5:30:b3:b8:
                    c0:5d:87:9e:2b:5a:a1:86:94:0a:e7:c9:78:95:f5:
                    0b:26:23:e3:e8:34:a7:e9:f5:cd:3f:80:2d:5a:df:
                    7e:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:7C:29:45:1B:3E:7F:B1:90:52:6F:0A:B4:85:25:99:AE:B0:8D:2B
            X509v3 Authority Key Identifier:
                keyid:B5:18:9D:9E:A8:2D:5F:BB:66:D6:C1:1F:18:76:33:47:60:34:E0:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tRidnqgtX7tm1sEfGHYzR2A04N4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/5e61d8-d1bf-4f2a-a32e-f5d6b752ae34/1/p3wpRRs-f7GQUm8KtIUlma6wjSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/5e61d8-d1bf-4f2a-a32e-f5d6b752ae34/1/tRidnqgtX7tm1sEfGHYzR2A04N4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.36.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:4a:a7:66:9c:e7:a4:4d:1b:2c:2a:a2:5a:79:5e:a9:31:b7:
         02:da:5e:c9:04:11:48:e8:d1:9b:63:5f:3e:c8:dc:92:11:e8:
         c9:a5:a6:3b:ca:b4:c0:85:3d:43:fa:03:d4:5a:32:d5:e8:76:
         fb:a8:29:c1:93:fd:51:03:92:9f:70:74:29:1e:e7:f0:86:16:
         73:9a:5d:c5:6f:2f:26:ef:18:af:2c:75:6e:a1:5a:51:3a:eb:
         09:90:2b:b0:8a:c2:a1:00:39:25:5b:84:b4:a6:f1:f9:26:f4:
         71:dc:6f:99:f0:2a:84:a6:f2:a8:88:58:b3:75:72:b4:8c:aa:
         aa:e9:06:a7:c5:c5:18:0c:9d:ce:b9:16:3c:cb:47:a0:e5:54:
         82:86:b8:ac:62:82:60:60:1d:99:36:33:c7:2d:4f:86:15:6e:
         15:1a:e9:4c:8e:64:01:41:2c:58:e3:e1:0e:ed:12:85:49:03:
         0e:e7:f8:63:ed:5c:d2:56:19:db:b3:26:17:e7:e1:b3:4b:30:
         b6:5b:45:96:f9:35:dd:be:78:39:ed:c2:be:13:76:11:82:fc:
         eb:75:23:6d:69:fe:87:32:66:8e:e7:95:38:7f:50:4f:cf:d0:
         22:0a:c9:cd:fe:73:04:b5:5b:fb:dc:ff:a0:1a:59:9b:ec:42:
         64:05:75:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx6wS9s+AWHhSHWI5EolZ8XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1MTg5ZDllYTgyZDVmYmI2NmQ2YzExZjE4NzYzMzQ3NjAz
NGUwZGUwHhcNMjYwMjIwMTExMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzdjMjk0NTFiM2U3ZmIxOTA1MjZmMGFiNDg1MjU5OWFlYjA4ZDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAui0HDp+KzpJD+NEQMXNRgOZHMOLN
HvK6nWoxzUzEaAxitxqXopGkzfMb0lwyiqm6mUvokfSYtE+aEwJ8SszJnxJWp+dA
HX/PH/opOCP08+vyKTbTWUBoIPHtPAdAySbolvRLQ/5hUVGSfZnh3mkZwKIt3yF7
1OzVsm9Y9ucPV2g9/0yL51Uomq0HG0GlzDVwMn3taAmO2tzvlopHTnty0J8G5ASG
qmNiq3MnlKYRXnIbCQmyC9/XUwGz73clApZHGGluBOB59HfNGPbA4GaTl15aG760
z+nuc7WV3rUws7jAXYeeK1qhhpQK58l4lfULJiPj6DSn6fXNP4AtWt9+ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKd8KUUbPn+xkFJvCrSFJZmusI0rMB8GA1UdIwQY
MBaAFLUYnZ6oLV+7ZtbBHxh2M0dgNODeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFJpZG5xZ3RYN3RtMXNFZkdIWXpSMkEwNE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi81ZTYxZDgtZDFiZi00ZjJhLWEzMmUt
ZjVkNmI3NTJhZTM0LzEvcDN3cFJScy1mN0dRVW04S3RJVWxtYTZ3alNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi81ZTYxZDgtZDFiZi00ZjJhLWEzMmUtZjVkNmI3NTJhZTM0
LzEvdFJpZG5xZ3RYN3RtMXNFZkdIWXpSMkEwNE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiTJMA0G
CSqGSIb3DQEBCwUAA4IBAQBxSqdmnOekTRssKqJaeV6pMbcC2l7JBBFI6NGbY18+
yNySEejJpaY7yrTAhT1D+gPUWjLV6Hb7qCnBk/1RA5KfcHQpHufwhhZzml3Fby8m
7xivLHVuoVpROusJkCuwisKhADklW4S0pvH5JvRx3G+Z8CqEpvKoiFizdXK0jKqq
6QanxcUYDJ3OuRY8y0eg5VSChrisYoJgYB2ZNjPHLU+GFW4VGulMjmQBQSxY4+EO
7RKFSQMO5/hj7VzSVhnbsyYX5+GzSzC2W0WW+TXdvng57cK+E3YRgvzrdSNtaf6H
MmaO55U4f1BPz9AiCsnN/nMEtVv73P+gGlmb7EJkBXUQ
-----END CERTIFICATE-----