Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/zLMAY1Q0XdWgZEDzB54ODnJ61Fc.roa
File:                     zLMAY1Q0XdWgZEDzB54ODnJ61Fc.roa (raw, json)
Hash identifier:          9HJq4nBdDYh3plgXx2Yf3DlxX8vzCFlzEoL5n+klIYU=
Subject key identifier:   CC:B3:00:63:54:34:5D:D5:A0:64:40:F3:07:9E:0E:0E:72:7A:D4:57
Certificate issuer:       /CN=95b30111b0b720a209f788c8b90f60380b465c2e
Certificate serial:       019C75FBA9B01B40EAFBAD12E228170F8665
Authority key identifier: 95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/zLMAY1Q0XdWgZEDzB54ODnJ61Fc.roa
Signing time:             Thu 19 Feb 2026 12:59:13 +0000
ROA not before:           Thu 19 Feb 2026 12:59:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203212
IP address blocks:        185.142.44.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:75:fb:a9:b0:1b:40:ea:fb:ad:12:e2:28:17:0f:86:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95b30111b0b720a209f788c8b90f60380b465c2e
        Validity
            Not Before: Feb 19 12:59:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ccb3006354345dd5a06440f3079e0e0e727ad457
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:63:50:85:d3:31:81:3a:af:51:47:3b:9a:e0:
                    56:31:b6:63:b0:44:e9:cf:90:98:5c:2f:7e:a1:b7:
                    4b:dc:15:21:ae:24:5e:57:55:19:66:f6:8a:75:33:
                    5f:3a:95:09:22:89:d8:65:70:fe:25:d6:b8:da:b6:
                    5d:f9:d8:11:c2:4e:53:56:bf:fd:fc:fc:e1:54:32:
                    91:67:55:4c:53:22:2f:64:2c:14:37:5c:f7:f8:82:
                    6f:4f:6f:d2:a6:12:88:c6:ed:5c:63:ef:f5:1b:a7:
                    04:c4:7b:c9:0a:01:38:37:e7:72:e5:48:a4:19:b1:
                    66:9b:b7:82:f0:89:cc:0d:4c:e6:de:9a:48:84:6e:
                    ed:2b:77:e1:21:f9:2f:34:d2:84:29:6a:52:7d:b0:
                    44:6e:a9:b1:78:b4:8a:54:2b:ff:8c:c8:c0:47:83:
                    e7:2d:a7:55:26:75:5e:4f:cc:91:03:84:6e:8d:63:
                    3c:2d:02:d8:67:5f:7b:b5:87:55:16:0d:16:1b:78:
                    d9:a5:54:34:e7:32:db:4f:1b:bb:51:60:70:bb:f0:
                    84:c7:89:9a:cf:da:4b:1d:2f:ad:43:45:6d:b1:eb:
                    10:94:c9:30:a9:e5:2b:31:52:8e:42:06:99:55:51:
                    3a:ca:74:18:d0:49:5c:6b:17:6c:2c:3e:45:4e:2c:
                    06:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:B3:00:63:54:34:5D:D5:A0:64:40:F3:07:9E:0E:0E:72:7A:D4:57
            X509v3 Authority Key Identifier:
                keyid:95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/zLMAY1Q0XdWgZEDzB54ODnJ61Fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c2:1d:5d:5b:9d:b3:b9:c9:b2:a4:f0:3b:c5:44:58:ff:05:21:
         34:8f:40:c6:27:03:97:73:d6:d7:a7:57:09:6e:9b:d1:b2:35:
         bc:db:64:24:5c:e8:a9:c3:f3:a5:58:15:a7:15:81:89:0b:6c:
         48:22:58:21:61:9b:38:20:e2:b8:29:6d:ad:7c:0b:90:eb:d6:
         d3:82:e5:7d:f1:25:89:61:4c:e6:ca:b6:fe:87:37:e6:cd:ea:
         3a:c7:2d:f1:0b:20:6a:90:f7:fd:21:e7:e2:b6:5a:30:4c:d2:
         35:5a:d1:f1:07:38:6b:2d:b9:ba:02:e5:73:6f:54:88:38:67:
         bc:3d:c6:a8:06:fc:d8:27:65:e2:47:0b:24:40:9a:b0:6d:0a:
         a9:a8:ee:ef:aa:21:3c:b7:03:4d:29:88:74:8a:ba:fd:c8:71:
         91:3c:40:97:68:d4:47:03:37:4e:53:68:5e:74:3a:9d:30:a6:
         45:9f:17:9e:86:c2:74:0a:a5:e9:db:71:c1:c2:31:95:48:7d:
         12:76:75:9a:a4:57:78:be:18:ea:ed:b3:74:d5:9d:60:92:dc:
         4c:6c:73:50:7c:0e:ad:d2:56:62:24:8f:72:fb:2e:7d:f5:c9:
         f3:2f:21:bd:36:6d:93:8c:8c:ef:87:6f:c1:4d:db:ef:41:42:
         20:7c:30:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx1+6mwG0Dq+60S4igXD4ZlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1YjMwMTExYjBiNzIwYTIwOWY3ODhjOGI5MGY2MDM4MGI0
NjVjMmUwHhcNMjYwMjE5MTI1OTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2IzMDA2MzU0MzQ1ZGQ1YTA2NDQwZjMwNzllMGUwZTcyN2FkNDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2NQhdMxgTqvUUc7muBWMbZjsETp
z5CYXC9+obdL3BUhriReV1UZZvaKdTNfOpUJIonYZXD+Jda42rZd+dgRwk5TVr/9
/PzhVDKRZ1VMUyIvZCwUN1z3+IJvT2/SphKIxu1cY+/1G6cExHvJCgE4N+dy5Uik
GbFmm7eC8InMDUzm3ppIhG7tK3fhIfkvNNKEKWpSfbBEbqmxeLSKVCv/jMjAR4Pn
LadVJnVeT8yRA4RujWM8LQLYZ197tYdVFg0WG3jZpVQ05zLbTxu7UWBwu/CEx4ma
z9pLHS+tQ0VtsesQlMkwqeUrMVKOQgaZVVE6ynQY0ElcaxdsLD5FTiwGewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMyzAGNUNF3VoGRA8weeDg5yetRXMB8GA1UdIwQY
MBaAFJWzARGwtyCiCfeIyLkPYDgLRlwuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmIt
OTE2NDZiZjAxNTNkLzEvekxNQVkxUTBYZFdnWkVEekI1NE9Ebko2MUZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmItOTE2NDZiZjAxNTNk
LzEvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuY4sMA0G
CSqGSIb3DQEBCwUAA4IBAQDCHV1bnbO5ybKk8DvFRFj/BSE0j0DGJwOXc9bXp1cJ
bpvRsjW822QkXOipw/OlWBWnFYGJC2xIIlghYZs4IOK4KW2tfAuQ69bTguV98SWJ
YUzmyrb+hzfmzeo6xy3xCyBqkPf9IefitlowTNI1WtHxBzhrLbm6AuVzb1SIOGe8
PcaoBvzYJ2XiRwskQJqwbQqpqO7vqiE8twNNKYh0irr9yHGRPECXaNRHAzdOU2he
dDqdMKZFnxeehsJ0CqXp23HBwjGVSH0SdnWapFd4vhjq7bN01Z1gktxMbHNQfA6t
0lZiJI9y+y599cnzLyG9Nm2TjIzvh2/BTdvvQUIgfDBB
-----END CERTIFICATE-----