Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/92e95f-e5d2-49ca-b9c4-f7a77c441f1c/1/pjVyRWgLsMdox-VVuZ-NaPLETvs.roa
File:                     pjVyRWgLsMdox-VVuZ-NaPLETvs.roa (raw, json)
Hash identifier:          9UbRxa/hD4Pj6lxQzvJSYegiW7ncLSeA+lrKDXMCizI=
Subject key identifier:   A6:35:72:45:68:0B:B0:C7:68:C7:E5:55:B9:9F:8D:68:F2:C4:4E:FB
Certificate issuer:       /CN=dfb86d5e74c1234f36f219b05d743bb3a2e2afda
Certificate serial:       019C4751DC126655CD13ED160D86E0D6B8E4
Authority key identifier: DF:B8:6D:5E:74:C1:23:4F:36:F2:19:B0:5D:74:3B:B3:A2:E2:AF:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/37htXnTBI0828hmwXXQ7s6Lir9o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/92e95f-e5d2-49ca-b9c4-f7a77c441f1c/1/pjVyRWgLsMdox-VVuZ-NaPLETvs.roa
Signing time:             Tue 10 Feb 2026 11:31:12 +0000
ROA not before:           Tue 10 Feb 2026 11:31:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200736
IP address blocks:        176.121.224.0/20 maxlen: 24
                          176.121.240.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/92e95f-e5d2-49ca-b9c4-f7a77c441f1c/1/37htXnTBI0828hmwXXQ7s6Lir9o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/92e95f-e5d2-49ca-b9c4-f7a77c441f1c/1/37htXnTBI0828hmwXXQ7s6Lir9o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/37htXnTBI0828hmwXXQ7s6Lir9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:47:51:dc:12:66:55:cd:13:ed:16:0d:86:e0:d6:b8:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfb86d5e74c1234f36f219b05d743bb3a2e2afda
        Validity
            Not Before: Feb 10 11:31:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a6357245680bb0c768c7e555b99f8d68f2c44efb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:e3:63:21:61:3a:3f:13:7b:a5:c6:a9:ce:35:
                    0a:f4:86:cf:c2:3f:fc:4c:fd:ae:2d:a2:61:30:47:
                    ef:0a:08:60:08:1d:30:80:da:97:f0:53:ec:a4:63:
                    2c:2a:8b:d0:9d:0d:81:9d:2d:c0:dc:05:f0:d7:88:
                    22:7d:0e:cc:0d:a5:44:4a:f9:99:2a:e4:a5:4f:f2:
                    2a:bd:0f:70:fd:78:e3:ca:fc:e9:a4:50:11:08:df:
                    d2:de:6c:07:10:2a:a8:4b:48:89:b4:9c:82:24:af:
                    d6:17:6b:3c:5d:f3:67:e2:80:14:34:ba:f3:4e:49:
                    b5:61:c8:d4:d3:af:6c:fb:8e:1f:bd:81:17:14:a3:
                    53:68:9b:ca:18:b2:9b:94:a6:a2:e5:03:a1:51:8d:
                    ec:21:a9:69:63:d1:40:28:6c:df:1c:da:a3:33:ea:
                    28:6a:85:25:f4:48:71:f2:ac:d6:1d:a5:08:8e:63:
                    ff:9f:77:6a:f3:8b:61:9a:e8:d1:ce:c7:71:b5:90:
                    21:6f:98:57:2b:1e:8a:5e:9b:1a:43:37:4c:61:40:
                    16:25:5a:bc:37:ab:24:9a:bf:70:0c:f6:4a:9e:d1:
                    b2:bd:b8:16:df:1a:d3:40:14:ca:bc:99:a7:b2:c8:
                    b7:42:1f:de:02:6c:0b:0a:81:4c:01:bc:ff:39:e1:
                    fd:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:35:72:45:68:0B:B0:C7:68:C7:E5:55:B9:9F:8D:68:F2:C4:4E:FB
            X509v3 Authority Key Identifier:
                keyid:DF:B8:6D:5E:74:C1:23:4F:36:F2:19:B0:5D:74:3B:B3:A2:E2:AF:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/37htXnTBI0828hmwXXQ7s6Lir9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/92e95f-e5d2-49ca-b9c4-f7a77c441f1c/1/pjVyRWgLsMdox-VVuZ-NaPLETvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/92e95f-e5d2-49ca-b9c4-f7a77c441f1c/1/37htXnTBI0828hmwXXQ7s6Lir9o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.121.224.0-176.121.247.255

    Signature Algorithm: sha256WithRSAEncryption
         7c:e0:3f:21:55:5e:e8:3a:a9:a2:d9:27:ea:d1:c0:56:74:03:
         ca:49:93:6c:59:5a:29:d2:96:1e:01:96:ff:a7:ea:82:b8:b5:
         7a:7e:b6:a1:b5:a3:ed:56:5b:91:79:4d:fe:30:f7:ca:03:8c:
         97:0c:29:e0:d1:56:e1:73:ef:2c:23:b2:fe:32:b1:c4:ee:8a:
         4c:56:4e:b1:28:1e:0c:49:f6:9d:eb:e3:cf:41:d4:67:a4:36:
         73:50:ec:c5:a1:a7:fc:92:a5:e3:7c:90:12:3d:00:05:c6:5d:
         8c:ea:33:d3:78:16:d8:76:56:5a:2d:7a:50:ac:3a:6a:dd:8c:
         42:4a:d3:9f:d9:26:21:12:ed:9a:fb:c4:ec:34:61:83:b4:19:
         09:a8:90:26:c4:c8:f5:a1:51:35:af:a4:fa:a4:8f:e7:55:b3:
         87:80:08:9b:08:79:76:36:77:c5:f4:0b:3b:d8:3f:ab:bd:7e:
         0c:d7:b2:53:dd:0a:37:22:1e:ca:c9:76:04:b4:46:8b:5e:90:
         a4:c0:2b:fa:60:31:18:7f:e0:f8:83:90:2d:ce:6a:11:05:0d:
         b9:21:b8:87:ec:60:60:e9:52:57:e2:2e:31:c5:73:7c:98:d5:
         57:5a:76:04:4d:86:3b:92:18:d5:7f:f6:16:8b:19:c3:50:eb:
         77:ab:cd:dd
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZxHUdwSZlXNE+0WDYbg1rjkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmYjg2ZDVlNzRjMTIzNGYzNmYyMTliMDVkNzQzYmIzYTJl
MmFmZGEwHhcNMjYwMjEwMTEzMTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjM1NzI0NTY4MGJiMGM3NjhjN2U1NTViOTlmOGQ2OGYyYzQ0ZWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuuNjIWE6PxN7pcapzjUK9IbPwj/8
TP2uLaJhMEfvCghgCB0wgNqX8FPspGMsKovQnQ2BnS3A3AXw14gifQ7MDaVESvmZ
KuSlT/IqvQ9w/XjjyvzppFARCN/S3mwHECqoS0iJtJyCJK/WF2s8XfNn4oAUNLrz
Tkm1YcjU069s+44fvYEXFKNTaJvKGLKblKai5QOhUY3sIalpY9FAKGzfHNqjM+oo
aoUl9Ehx8qzWHaUIjmP/n3dq84thmujRzsdxtZAhb5hXKx6KXpsaQzdMYUAWJVq8
N6skmr9wDPZKntGyvbgW3xrTQBTKvJmnssi3Qh/eAmwLCoFMAbz/OeH9RwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKY1ckVoC7DHaMflVbmfjWjyxE77MB8GA1UdIwQY
MBaAFN+4bV50wSNPNvIZsF10O7Oi4q/aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzdodFhuVEJJMDgyOGhtd1hYUTdzNkxpcjlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC85MmU5NWYtZTVkMi00OWNhLWI5YzQt
ZjdhNzdjNDQxZjFjLzEvcGpWeVJXZ0xzTWRveC1WVnVaLU5hUExFVHZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC85MmU5NWYtZTVkMi00OWNhLWI5YzQtZjdhNzdjNDQxZjFj
LzEvMzdodFhuVEJJMDgyOGhtd1hYUTdzNkxpcjlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAWweeAD
BAOwefAwDQYJKoZIhvcNAQELBQADggEBAHzgPyFVXug6qaLZJ+rRwFZ0A8pJk2xZ
WinSlh4Blv+n6oK4tXp+tqG1o+1WW5F5Tf4w98oDjJcMKeDRVuFz7ywjsv4yscTu
ikxWTrEoHgxJ9p3r489B1GekNnNQ7MWhp/ySpeN8kBI9AAXGXYzqM9N4Fth2Vlot
elCsOmrdjEJK05/ZJiES7Zr7xOw0YYO0GQmokCbEyPWhUTWvpPqkj+dVs4eACJsI
eXY2d8X0CzvYP6u9fgzXslPdCjciHsrJdgS0RotekKTAK/pgMRh/4PiDkC3OahEF
DbkhuIfsYGDpUlfiLjHFc3yY1VdadgRNhjuSGNV/9haLGcNQ63erzd0=
-----END CERTIFICATE-----