Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/oOmWYS79EfLZM1YUVX02Dm8sbCI.roa
File:                     oOmWYS79EfLZM1YUVX02Dm8sbCI.roa (raw, json)
Hash identifier:          UMtyOefWK95ZFcwkFudLsDtrliJckAkSIFBXdWfp+zQ=
Subject key identifier:   A0:E9:96:61:2E:FD:11:F2:D9:33:56:14:55:7D:36:0E:6F:2C:6C:22
Certificate issuer:       /CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
Certificate serial:       019C6692A815156022FCB426285DAED80E61
Authority key identifier: F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/oOmWYS79EfLZM1YUVX02Dm8sbCI.roa
Signing time:             Mon 16 Feb 2026 13:10:13 +0000
ROA not before:           Mon 16 Feb 2026 13:10:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35830
IP address blocks:        45.80.106.0/23 maxlen: 23
                          212.119.40.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:66:92:a8:15:15:60:22:fc:b4:26:28:5d:ae:d8:0e:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
        Validity
            Not Before: Feb 16 13:10:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a0e996612efd11f2d9335614557d360e6f2c6c22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:9d:70:23:51:99:1c:dc:b9:e8:50:2e:61:63:
                    72:96:5e:ec:2f:85:af:6c:19:2b:1d:d8:3c:df:cf:
                    cb:f4:02:be:da:5b:9a:61:2b:cc:8a:1f:4a:5a:c3:
                    76:8d:35:e7:d0:08:3e:9c:41:f2:a6:c6:b5:62:87:
                    d2:38:84:09:b6:bb:24:2b:79:d3:be:a6:2a:8c:0c:
                    69:53:9d:7c:10:79:a7:9b:64:b2:c9:37:38:ad:6b:
                    cd:f1:43:a3:8c:95:66:a7:16:bc:bb:6e:cf:95:3f:
                    37:b0:00:fc:d4:2e:24:43:a2:dd:79:5a:00:b6:d0:
                    a8:4b:a2:22:38:e9:bf:e7:52:e1:bf:67:cd:05:4d:
                    fe:08:8b:ff:fb:95:64:97:a5:96:e2:70:ad:d1:ff:
                    63:3e:db:da:03:f1:cf:13:0e:84:73:ac:0f:70:ec:
                    cb:30:65:f1:6e:32:9d:27:52:24:2d:64:7a:bd:df:
                    2e:61:f9:5e:73:3c:9d:21:0d:c9:e1:f1:da:7c:33:
                    d3:6f:cb:cd:2b:60:59:38:ea:3b:cb:2b:21:62:86:
                    d8:51:38:f7:fc:30:34:f3:95:e0:5e:ee:ec:6b:79:
                    24:a4:ae:ad:b5:24:06:0d:27:5f:a8:4e:fb:34:86:
                    60:9f:f2:50:31:38:33:7a:46:ae:fb:83:50:b8:20:
                    8f:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:E9:96:61:2E:FD:11:F2:D9:33:56:14:55:7D:36:0E:6F:2C:6C:22
            X509v3 Authority Key Identifier:
                keyid:F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/oOmWYS79EfLZM1YUVX02Dm8sbCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.106.0/23
                  212.119.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2b:d8:48:93:39:e7:83:31:55:bc:50:bb:c5:1a:dc:2b:17:41:
         f8:e0:a5:52:b6:d9:d4:cc:78:0c:ca:c9:46:f1:10:14:84:a1:
         a4:73:18:86:90:05:d6:4b:5e:01:a6:18:ff:38:e6:c1:9d:77:
         e7:71:0e:20:77:98:43:02:f6:42:76:26:5d:2d:d3:39:6c:43:
         4f:6a:39:cc:0d:2b:d8:80:ba:83:27:91:10:82:66:e0:aa:11:
         ef:14:e6:54:4e:e9:56:f5:ec:7b:23:80:85:20:3e:43:24:01:
         ed:ca:b6:5e:39:c9:bf:44:95:42:0a:13:b8:86:25:01:cc:fa:
         d5:cd:03:e9:d2:d8:79:db:8d:5b:43:46:ae:11:e5:bf:f2:1e:
         99:77:cd:62:b7:a6:75:a6:d1:a1:17:6c:2d:5c:b1:f9:24:ec:
         9b:17:a8:ed:04:7e:02:03:1f:7e:15:82:ef:4b:3c:e2:e5:ce:
         04:d6:51:91:72:67:76:87:25:25:e0:d5:6e:0f:d8:f1:6e:e5:
         c9:37:d9:66:e5:50:00:63:41:5b:23:bf:74:9f:5d:77:4e:2e:
         2d:c2:ef:fb:2c:bb:b6:89:d4:ab:e7:f2:73:a6:c3:9a:19:61:
         c6:7e:8e:52:a6:35:47:3f:6f:64:35:ef:b8:ea:b4:fc:ba:27:
         48:35:2e:b7
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZxmkqgVFWAi/LQmKF2u2A5hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NjUxYjExOTRmMTJlOThlNzBkM2RhNzhlZmU0ZGQyNDY3
Y2Q0MjMwHhcNMjYwMjE2MTMxMDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGU5OTY2MTJlZmQxMWYyZDkzMzU2MTQ1NTdkMzYwZTZmMmM2YzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA851wI1GZHNy56FAuYWNyll7sL4Wv
bBkrHdg838/L9AK+2luaYSvMih9KWsN2jTXn0Ag+nEHypsa1YofSOIQJtrskK3nT
vqYqjAxpU518EHmnm2SyyTc4rWvN8UOjjJVmpxa8u27PlT83sAD81C4kQ6LdeVoA
ttCoS6IiOOm/51Lhv2fNBU3+CIv/+5Vkl6WW4nCt0f9jPtvaA/HPEw6Ec6wPcOzL
MGXxbjKdJ1IkLWR6vd8uYfleczydIQ3J4fHafDPTb8vNK2BZOOo7yyshYobYUTj3
/DA085XgXu7sa3kkpK6ttSQGDSdfqE77NIZgn/JQMTgzekau+4NQuCCPwQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKDplmEu/RHy2TNWFFV9Ng5vLGwiMB8GA1UdIwQY
MBaAFPhlGxGU8S6Y5w09p47+TdJGfNQjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1HVWJFWlR4THBqbkRUMm5qdjVOMGtaODFDTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjli
LWExYjdjZWVmYTE2Yy8xL29PbVdZUzc5RWZMWk0xWVVWWDAyRG04c2JDSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjliLWExYjdjZWVmYTE2
Yy8xLzEtR1ViRVpUeExwam5EVDJuanY1TjBrWjgxQ00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAEtUGoD
BAHUdygwDQYJKoZIhvcNAQELBQADggEBACvYSJM554MxVbxQu8Ua3CsXQfjgpVK2
2dTMeAzKyUbxEBSEoaRzGIaQBdZLXgGmGP845sGdd+dxDiB3mEMC9kJ2Jl0t0zls
Q09qOcwNK9iAuoMnkRCCZuCqEe8U5lRO6Vb17HsjgIUgPkMkAe3Ktl45yb9ElUIK
E7iGJQHM+tXNA+nS2HnbjVtDRq4R5b/yHpl3zWK3pnWm0aEXbC1csfkk7JsXqO0E
fgIDH34Vgu9LPOLlzgTWUZFyZ3aHJSXg1W4P2PFu5ck32WblUABjQVsjv3SfXXdO
Li3C7/ssu7aJ1Kvn8nOmw5oZYcZ+jlKmNUc/b2Q177jqtPy6J0g1Lrc=
-----END CERTIFICATE-----