Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/wNO6x8Dk3pBmhe-Fh_MoTYOdrn0.roa
File:                     wNO6x8Dk3pBmhe-Fh_MoTYOdrn0.roa (raw, json)
Hash identifier:          9YYezbXZAOxpkOLdVY7PgUwgj7fQYNDyoaNHIbLYI0A=
Subject key identifier:   C0:D3:BA:C7:C0:E4:DE:90:66:85:EF:85:87:F3:28:4D:83:9D:AE:7D
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       019C6B3F41327B49FFF174586DC712E121AF
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/wNO6x8Dk3pBmhe-Fh_MoTYOdrn0.roa
Signing time:             Tue 17 Feb 2026 10:57:13 +0000
ROA not before:           Tue 17 Feb 2026 10:57:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215096
IP address blocks:        171.22.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6b:3f:41:32:7b:49:ff:f1:74:58:6d:c7:12:e1:21:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Feb 17 10:57:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c0d3bac7c0e4de906685ef8587f3284d839dae7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:bc:55:d9:57:39:af:0f:47:dc:ca:d3:4b:1c:
                    eb:19:93:04:5e:d6:c2:a2:d4:18:d1:37:45:97:80:
                    81:c2:25:cf:18:27:ac:c3:7e:f7:2c:54:d1:0e:56:
                    62:08:bc:e9:f3:a5:37:d2:85:9a:6d:6d:91:a3:32:
                    15:5f:b2:0f:b4:1c:2e:cb:d6:88:b3:dc:27:f3:ff:
                    56:21:9a:ba:13:6b:c5:f6:d6:02:6a:7d:15:54:89:
                    a1:7b:51:9e:1d:2f:7d:8e:eb:ca:99:c1:14:f4:0d:
                    8c:a1:d0:2b:47:04:58:89:1e:32:50:af:4e:0b:c8:
                    71:66:72:89:7f:c2:9f:cf:eb:fe:0e:83:4f:81:3a:
                    6e:19:db:13:20:49:3a:0f:22:a7:2d:f9:89:d1:2b:
                    8e:1b:9b:03:f4:21:c5:d3:32:e2:44:09:8b:b9:b5:
                    fa:17:8d:1f:50:53:c6:5c:0d:50:90:ba:82:33:9c:
                    35:05:14:cd:c0:81:e2:80:fc:70:e4:1a:31:da:93:
                    bf:83:b8:58:53:5f:72:85:70:27:9d:66:1c:bd:54:
                    28:7c:f6:af:4b:fd:1e:1a:d5:50:e8:ab:a9:0d:45:
                    d9:9f:22:a2:5e:14:20:e6:5b:03:f0:99:e9:7a:4c:
                    87:c7:60:5d:f6:e0:6b:c5:77:99:67:19:ee:84:01:
                    e2:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:D3:BA:C7:C0:E4:DE:90:66:85:EF:85:87:F3:28:4D:83:9D:AE:7D
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/wNO6x8Dk3pBmhe-Fh_MoTYOdrn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:de:17:91:31:85:db:e0:dc:bb:07:10:c4:15:fc:d2:58:78:
         43:fe:52:6f:71:e0:e5:cc:54:8d:56:a7:d5:48:ce:a7:28:40:
         f9:3f:a1:39:c3:b9:ac:48:94:e5:a1:a4:30:49:23:b0:0c:b5:
         3d:e5:b8:3d:2c:db:62:a8:91:ec:ad:e5:5f:4e:4d:de:49:8c:
         81:c3:ee:86:09:2b:44:e7:04:32:82:f4:42:b7:0f:73:33:0c:
         3d:2e:a0:e8:f4:37:03:9f:60:9e:26:3a:5b:4b:1f:51:20:d3:
         5c:b5:68:31:f3:86:20:02:fe:39:4a:32:cb:1b:06:41:78:d6:
         54:c8:4c:4c:34:9a:d6:12:49:a9:45:52:50:ad:89:51:89:4e:
         d9:5f:66:1e:50:bd:a9:b3:b9:92:50:35:5d:5e:cf:15:12:ac:
         b7:68:5f:07:65:72:a4:73:f8:f5:e7:c2:eb:0a:8e:4b:e6:93:
         76:e8:fc:f3:9e:bf:42:15:3a:40:98:62:6c:78:3b:0c:17:7d:
         fc:4d:7e:aa:73:b0:61:0e:63:86:a2:6b:a9:89:33:a0:b3:03:
         97:7b:2c:a8:28:30:b3:ec:2b:cc:99:a7:a6:a2:74:d7:1c:d3:
         31:9e:9b:30:43:5c:23:9c:79:1d:da:9a:15:ba:07:47:cf:5a:
         fb:8a:0f:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxrP0Eye0n/8XRYbccS4SGvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjYwMjE3MTA1NzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGQzYmFjN2MwZTRkZTkwNjY4NWVmODU4N2YzMjg0ZDgzOWRhZTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LxV2Vc5rw9H3MrTSxzrGZMEXtbC
otQY0TdFl4CBwiXPGCesw373LFTRDlZiCLzp86U30oWabW2RozIVX7IPtBwuy9aI
s9wn8/9WIZq6E2vF9tYCan0VVImhe1GeHS99juvKmcEU9A2ModArRwRYiR4yUK9O
C8hxZnKJf8Kfz+v+DoNPgTpuGdsTIEk6DyKnLfmJ0SuOG5sD9CHF0zLiRAmLubX6
F40fUFPGXA1QkLqCM5w1BRTNwIHigPxw5Box2pO/g7hYU19yhXAnnWYcvVQofPav
S/0eGtVQ6KupDUXZnyKiXhQg5lsD8JnpekyHx2Bd9uBrxXeZZxnuhAHi/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMDTusfA5N6QZoXvhYfzKE2Dna59MB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvd05PNng4RGszcEJtaGUtRmhfTW9UWU9kcm4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqxa0MA0G
CSqGSIb3DQEBCwUAA4IBAQAi3heRMYXb4Ny7BxDEFfzSWHhD/lJvceDlzFSNVqfV
SM6nKED5P6E5w7msSJTloaQwSSOwDLU95bg9LNtiqJHsreVfTk3eSYyBw+6GCStE
5wQygvRCtw9zMww9LqDo9DcDn2CeJjpbSx9RINNctWgx84YgAv45SjLLGwZBeNZU
yExMNJrWEkmpRVJQrYlRiU7ZX2YeUL2ps7mSUDVdXs8VEqy3aF8HZXKkc/j158Lr
Co5L5pN26Pzznr9CFTpAmGJseDsMF338TX6qc7BhDmOGomupiTOgswOXeyyoKDCz
7CvMmaemonTXHNMxnpswQ1wjnHkd2poVugdHz1r7ig+w
-----END CERTIFICATE-----