Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/x0cR6jRtni_l8MuSLZAtEqFxSP0.roa
File:                     x0cR6jRtni_l8MuSLZAtEqFxSP0.roa (raw, json)
Hash identifier:          yoZ8H34hrukbP1OK2g71bu2hsQg8D//pklb5IZbtw1Y=
Subject key identifier:   C7:47:11:EA:34:6D:9E:2F:E5:F0:CB:92:2D:90:2D:12:A1:71:48:FD
Certificate issuer:       /CN=844969780141824cd0acbfa5a784611eeb0a7ddb
Certificate serial:       019C9F5046B1EDBF464BCB01F5497BA3EA57
Authority key identifier: 84:49:69:78:01:41:82:4C:D0:AC:BF:A5:A7:84:61:1E:EB:0A:7D:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hElpeAFBgkzQrL-lp4RhHusKfds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/x0cR6jRtni_l8MuSLZAtEqFxSP0.roa
Signing time:             Fri 27 Feb 2026 13:36:04 +0000
ROA not before:           Fri 27 Feb 2026 13:36:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215238
IP address blocks:        188.125.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/hElpeAFBgkzQrL-lp4RhHusKfds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/hElpeAFBgkzQrL-lp4RhHusKfds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hElpeAFBgkzQrL-lp4RhHusKfds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9f:50:46:b1:ed:bf:46:4b:cb:01:f5:49:7b:a3:ea:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=844969780141824cd0acbfa5a784611eeb0a7ddb
        Validity
            Not Before: Feb 27 13:36:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c74711ea346d9e2fe5f0cb922d902d12a17148fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:66:8b:de:6e:c3:10:40:76:81:c6:67:1e:be:
                    8c:fd:e7:95:40:c6:e4:c3:2d:ee:b5:1e:bf:17:81:
                    41:8e:fa:b0:86:d6:b9:ab:43:5b:92:63:9c:cd:bb:
                    99:8b:0e:8d:f9:53:ed:51:3d:1c:9c:b7:ed:28:bc:
                    86:04:fd:06:1c:7e:bf:a9:fe:bc:32:8f:81:be:34:
                    a4:26:0d:57:c9:d7:a5:ae:d6:a8:d8:0b:39:9d:0f:
                    60:f6:88:1f:c0:24:84:7b:f1:21:6c:7b:d7:d5:80:
                    3a:89:55:4b:30:e4:61:5e:08:61:a8:cc:22:2f:b1:
                    f2:ea:6d:86:6e:d7:7b:9d:89:ce:eb:73:d0:29:c1:
                    b2:31:cc:7a:16:02:15:c1:e7:49:d8:96:c9:20:26:
                    1a:72:d7:9b:ad:a5:98:f3:8d:9c:c9:49:75:ff:c2:
                    03:5f:aa:01:33:2a:b9:cb:31:e6:1f:26:f7:62:c8:
                    0a:86:b2:1c:b1:b1:15:fa:95:3a:5e:62:98:fe:87:
                    31:18:d3:29:ff:c6:ef:d3:7e:e5:a2:6b:c3:8b:06:
                    75:e6:1f:5b:27:65:64:ba:4a:af:6e:80:50:c0:b9:
                    f4:44:54:86:c6:66:3f:14:29:d4:0a:12:eb:44:54:
                    21:f6:31:58:0e:60:4d:67:2b:8d:79:db:7f:4e:5c:
                    c4:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:47:11:EA:34:6D:9E:2F:E5:F0:CB:92:2D:90:2D:12:A1:71:48:FD
            X509v3 Authority Key Identifier:
                keyid:84:49:69:78:01:41:82:4C:D0:AC:BF:A5:A7:84:61:1E:EB:0A:7D:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hElpeAFBgkzQrL-lp4RhHusKfds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/x0cR6jRtni_l8MuSLZAtEqFxSP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/hElpeAFBgkzQrL-lp4RhHusKfds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.125.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:73:18:14:ec:2b:a4:cf:10:e4:c9:2c:d0:2c:f2:ae:31:e6:
         e9:bd:eb:5d:9a:21:06:18:7a:2f:ee:57:ce:18:21:24:4d:0c:
         54:96:61:ad:1e:0b:fd:e7:67:9f:72:a4:80:e5:7e:84:87:35:
         b2:47:24:4f:49:3c:11:fc:ae:59:a0:80:c4:7f:56:cb:87:cf:
         5d:53:50:af:d1:15:ca:b0:bf:f5:f7:f1:2c:90:b0:b4:59:4b:
         c6:6b:d9:d3:c0:d1:45:8e:dd:80:6a:be:16:46:92:c5:46:ab:
         18:6f:c4:79:70:23:dc:79:b0:a6:b1:d3:38:a3:08:0a:0a:77:
         26:52:5a:56:c5:07:90:bf:21:f8:c3:93:f5:ba:16:af:ba:6a:
         f3:c3:e3:4e:6d:0e:36:3d:ff:39:37:ab:a1:a1:82:01:68:ec:
         77:21:fe:cb:22:2d:53:f5:92:0e:ae:d9:57:8b:88:55:10:28:
         b9:28:7a:8e:dd:bb:a0:ad:45:cb:25:96:1b:27:b6:e7:8a:99:
         b6:fc:8d:80:25:93:01:58:c5:3f:5f:dc:75:f7:62:ba:b6:a0:
         2a:1c:4c:3d:d2:9b:5b:4b:bd:4a:ec:0a:7e:c5:ac:8d:aa:e4:
         80:d8:41:40:b9:8e:09:26:cd:17:40:76:bf:86:77:42:dd:91:
         a2:6c:00:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyfUEax7b9GS8sB9Ul7o+pXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NDk2OTc4MDE0MTgyNGNkMGFjYmZhNWE3ODQ2MTFlZWIw
YTdkZGIwHhcNMjYwMjI3MTMzNjA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzQ3MTFlYTM0NmQ5ZTJmZTVmMGNiOTIyZDkwMmQxMmExNzE0OGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGaL3m7DEEB2gcZnHr6M/eeVQMbk
wy3utR6/F4FBjvqwhta5q0NbkmOczbuZiw6N+VPtUT0cnLftKLyGBP0GHH6/qf68
Mo+BvjSkJg1Xydelrtao2As5nQ9g9ogfwCSEe/EhbHvX1YA6iVVLMORhXghhqMwi
L7Hy6m2Gbtd7nYnO63PQKcGyMcx6FgIVwedJ2JbJICYactebraWY842cyUl1/8ID
X6oBMyq5yzHmHyb3YsgKhrIcsbEV+pU6XmKY/ocxGNMp/8bv037lomvDiwZ15h9b
J2VkukqvboBQwLn0RFSGxmY/FCnUChLrRFQh9jFYDmBNZyuNedt/TlzEewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMdHEeo0bZ4v5fDLki2QLRKhcUj9MB8GA1UdIwQY
MBaAFIRJaXgBQYJM0Ky/paeEYR7rCn3bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEVscGVBRkJna3pRckwtbHA0UmhIdXNLZmRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9lNjJmOTUtYWJiZC00MzBkLTgxNjAt
MDRhYzE3ODgxYWE5LzEveDBjUjZqUnRuaV9sOE11U0xaQXRFcUZ4U1AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9lNjJmOTUtYWJiZC00MzBkLTgxNjAtMDRhYzE3ODgxYWE5
LzEvaEVscGVBRkJna3pRckwtbHA0UmhIdXNLZmRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvH2mMA0G
CSqGSIb3DQEBCwUAA4IBAQBYcxgU7CukzxDkySzQLPKuMebpvetdmiEGGHov7lfO
GCEkTQxUlmGtHgv952efcqSA5X6EhzWyRyRPSTwR/K5ZoIDEf1bLh89dU1Cv0RXK
sL/19/EskLC0WUvGa9nTwNFFjt2Aar4WRpLFRqsYb8R5cCPcebCmsdM4owgKCncm
UlpWxQeQvyH4w5P1uhavumrzw+NObQ42Pf85N6uhoYIBaOx3If7LIi1T9ZIOrtlX
i4hVECi5KHqO3bugrUXLJZYbJ7bnipm2/I2AJZMBWMU/X9x192K6tqAqHEw90ptb
S71K7Ap+xayNquSA2EFAuY4JJs0XQHa/hndC3ZGibAC1
-----END CERTIFICATE-----