Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/a1c95f-f3e3-4531-a465-e90d9830e8c5/1/HTkWVqwWdYMU9-z901Fkn7FF9qw.roa
File:                     HTkWVqwWdYMU9-z901Fkn7FF9qw.roa (raw, json)
Hash identifier:          84JM0NxqvFzDNFSOBlDrmX34vQu0On4QXXv7AseJZbk=
Subject key identifier:   1D:39:16:56:AC:16:75:83:14:F7:EC:FD:D3:51:64:9F:B1:45:F6:AC
Certificate issuer:       /CN=615758aea479d4f32a9e89e9808f30edfc23b2e7
Certificate serial:       019C4C54831D7ED2CBF524D48F6CB0E97232
Authority key identifier: 61:57:58:AE:A4:79:D4:F3:2A:9E:89:E9:80:8F:30:ED:FC:23:B2:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YVdYrqR51PMqnonpgI8w7fwjsuc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/a1c95f-f3e3-4531-a465-e90d9830e8c5/1/HTkWVqwWdYMU9-z901Fkn7FF9qw.roa
Signing time:             Wed 11 Feb 2026 10:52:12 +0000
ROA not before:           Wed 11 Feb 2026 10:52:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13335
IP address blocks:        185.41.148.0/24 maxlen: 24
                          2a07:8240::/48 maxlen: 48
                          2a07:8240:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/a1c95f-f3e3-4531-a465-e90d9830e8c5/1/YVdYrqR51PMqnonpgI8w7fwjsuc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/a1c95f-f3e3-4531-a465-e90d9830e8c5/1/YVdYrqR51PMqnonpgI8w7fwjsuc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YVdYrqR51PMqnonpgI8w7fwjsuc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4c:54:83:1d:7e:d2:cb:f5:24:d4:8f:6c:b0:e9:72:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=615758aea479d4f32a9e89e9808f30edfc23b2e7
        Validity
            Not Before: Feb 11 10:52:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1d391656ac16758314f7ecfdd351649fb145f6ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:08:a1:cc:c5:00:eb:fc:8f:3a:4a:3c:67:eb:
                    76:c2:92:2b:4f:92:0d:3d:84:61:cf:85:9f:ba:84:
                    6c:f4:97:32:be:59:bc:07:27:84:72:4d:ea:2c:53:
                    33:58:5a:ae:a6:10:b4:db:18:80:ea:28:66:43:c6:
                    6f:c4:21:59:f6:1e:7e:c6:3c:9b:67:73:c1:14:f7:
                    62:28:03:53:4c:72:2a:5d:05:1d:46:f9:36:ae:65:
                    94:3a:81:a7:be:2a:81:dc:18:f1:ff:c8:18:43:61:
                    67:b4:98:b9:97:a0:01:89:55:c5:da:ab:a1:83:3b:
                    ef:04:ac:4c:2c:6f:a1:51:09:dd:ea:80:12:cd:14:
                    43:d4:e5:d1:6b:bd:24:4f:65:1e:e6:9a:dc:eb:05:
                    1d:1d:0a:e3:8c:94:1c:b5:1a:55:b1:95:14:a4:1b:
                    34:2b:f1:f6:6c:b4:08:aa:e9:5f:20:f8:fe:4b:35:
                    56:c5:74:bf:e4:3f:2e:57:e8:8c:4a:8b:3e:73:f2:
                    c2:a8:2d:8c:c2:94:f7:3c:e8:ba:0b:d6:fe:1e:75:
                    ed:ae:4a:81:ef:f2:95:e2:ab:04:fc:69:8a:e9:58:
                    92:16:bc:9d:6c:ea:f5:ee:ba:0b:10:cb:bc:fa:be:
                    d2:99:06:d9:73:19:f9:a3:97:9f:3e:40:2e:9d:15:
                    f7:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:39:16:56:AC:16:75:83:14:F7:EC:FD:D3:51:64:9F:B1:45:F6:AC
            X509v3 Authority Key Identifier:
                keyid:61:57:58:AE:A4:79:D4:F3:2A:9E:89:E9:80:8F:30:ED:FC:23:B2:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YVdYrqR51PMqnonpgI8w7fwjsuc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/a1c95f-f3e3-4531-a465-e90d9830e8c5/1/HTkWVqwWdYMU9-z901Fkn7FF9qw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/a1c95f-f3e3-4531-a465-e90d9830e8c5/1/YVdYrqR51PMqnonpgI8w7fwjsuc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.41.148.0/24
                IPv6:
                  2a07:8240::/47

    Signature Algorithm: sha256WithRSAEncryption
         4a:2e:a0:c3:5b:31:4c:91:3f:0a:2e:29:d5:b7:ad:02:ca:e2:
         47:ae:d4:ce:2a:fd:75:f1:64:31:81:d0:73:30:b8:fd:79:53:
         a9:c3:c5:39:b2:a4:89:d3:17:81:7e:a9:51:48:48:42:68:68:
         24:64:fd:8e:1c:25:57:a5:67:9b:59:d8:1b:23:ac:f5:9e:a2:
         4f:f1:a3:98:b7:09:b1:18:80:e6:10:db:a9:a0:e1:97:ea:df:
         48:16:df:21:65:36:62:1b:3c:0c:59:16:70:81:9d:e2:18:b0:
         ed:70:94:dc:1c:6f:f9:d0:eb:5a:a0:6b:72:f9:42:2e:db:0c:
         3e:8e:bb:32:17:9d:61:74:f7:d2:87:9b:80:d8:cf:87:b1:07:
         b1:f2:8f:c2:24:a1:c6:85:cc:f3:fe:59:0d:75:1b:7b:d2:10:
         43:c9:d1:63:4f:81:44:55:51:47:80:ce:c0:96:fc:66:11:80:
         df:f0:a3:c5:aa:f6:71:1f:bb:63:d5:97:bb:16:72:b8:39:0b:
         4c:33:10:58:a1:ba:e0:a4:87:2f:fa:1d:e7:e0:b2:1c:99:8e:
         eb:82:b1:f0:c7:de:e2:ab:6b:97:d5:3f:b7:a9:c4:53:dc:9f:
         d1:b0:ec:5f:ab:c5:b8:68:06:1f:ad:df:e9:4f:80:90:64:36:
         10:8c:69:a1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZxMVIMdftLL9STUj2yw6XIyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxNTc1OGFlYTQ3OWQ0ZjMyYTllODllOTgwOGYzMGVkZmMy
M2IyZTcwHhcNMjYwMjExMTA1MjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDM5MTY1NmFjMTY3NTgzMTRmN2VjZmRkMzUxNjQ5ZmIxNDVmNmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0QihzMUA6/yPOko8Z+t2wpIrT5IN
PYRhz4WfuoRs9Jcyvlm8ByeEck3qLFMzWFquphC02xiA6ihmQ8ZvxCFZ9h5+xjyb
Z3PBFPdiKANTTHIqXQUdRvk2rmWUOoGnviqB3Bjx/8gYQ2FntJi5l6ABiVXF2quh
gzvvBKxMLG+hUQnd6oASzRRD1OXRa70kT2Ue5prc6wUdHQrjjJQctRpVsZUUpBs0
K/H2bLQIqulfIPj+SzVWxXS/5D8uV+iMSos+c/LCqC2MwpT3POi6C9b+HnXtrkqB
7/KV4qsE/GmK6ViSFrydbOr17roLEMu8+r7SmQbZcxn5o5efPkAunRX32QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB05FlasFnWDFPfs/dNRZJ+xRfasMB8GA1UdIwQY
MBaAFGFXWK6kedTzKp6J6YCPMO38I7LnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVZkWXJxUjUxUE1xbm9ucGdJOHc3Zndqc3VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9hMWM5NWYtZjNlMy00NTMxLWE0NjUt
ZTkwZDk4MzBlOGM1LzEvSFRrV1Zxd1dkWU1VOS16OTAxRmtuN0ZGOXF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9hMWM5NWYtZjNlMy00NTMxLWE0NjUtZTkwZDk4MzBlOGM1
LzEvWVZkWXJxUjUxUE1xbm9ucGdJOHc3Zndqc3VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuSmUMA8E
AgACMAkDBwEqB4JAAAAwDQYJKoZIhvcNAQELBQADggEBAEouoMNbMUyRPwouKdW3
rQLK4keu1M4q/XXxZDGB0HMwuP15U6nDxTmypInTF4F+qVFISEJoaCRk/Y4cJVel
Z5tZ2BsjrPWeok/xo5i3CbEYgOYQ26mg4Zfq30gW3yFlNmIbPAxZFnCBneIYsO1w
lNwcb/nQ61qga3L5Qi7bDD6OuzIXnWF099KHm4DYz4exB7Hyj8IkocaFzPP+WQ11
G3vSEEPJ0WNPgURVUUeAzsCW/GYRgN/wo8Wq9nEfu2PVl7sWcrg5C0wzEFihuuCk
hy/6HefgshyZjuuCsfDH3uKra5fVP7epxFPcn9Gw7F+rxbhoBh+t3+lPgJBkNhCM
aaE=
-----END CERTIFICATE-----