Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/9a5324-4659-4aa3-a3d1-166124c0c545/1/O860BZXE4oCrVhgqCDhjxlkYiZY.roa
File:                     O860BZXE4oCrVhgqCDhjxlkYiZY.roa (raw, json)
Hash identifier:          WAAeKTz5adCSs3a4JZFRxzoY1WO2G1GDA+qRkP/2UHM=
Subject key identifier:   3B:CE:B4:05:95:C4:E2:80:AB:56:18:2A:08:38:63:C6:59:18:89:96
Certificate issuer:       /CN=53d4e8e9f4a230b0e56858765f7130acd34e9e2d
Certificate serial:       019C518E193B3342747009F66CE0A467AB31
Authority key identifier: 53:D4:E8:E9:F4:A2:30:B0:E5:68:58:76:5F:71:30:AC:D3:4E:9E:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U9To6fSiMLDlaFh2X3EwrNNOni0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/9a5324-4659-4aa3-a3d1-166124c0c545/1/O860BZXE4oCrVhgqCDhjxlkYiZY.roa
Signing time:             Thu 12 Feb 2026 11:13:12 +0000
ROA not before:           Thu 12 Feb 2026 11:13:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204762
IP address blocks:        62.133.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/9a5324-4659-4aa3-a3d1-166124c0c545/1/U9To6fSiMLDlaFh2X3EwrNNOni0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/9a5324-4659-4aa3-a3d1-166124c0c545/1/U9To6fSiMLDlaFh2X3EwrNNOni0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U9To6fSiMLDlaFh2X3EwrNNOni0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:51:8e:19:3b:33:42:74:70:09:f6:6c:e0:a4:67:ab:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53d4e8e9f4a230b0e56858765f7130acd34e9e2d
        Validity
            Not Before: Feb 12 11:13:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3bceb40595c4e280ab56182a083863c659188996
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:15:33:14:ce:36:50:f4:0b:6d:bb:dd:c6:f7:
                    5c:d0:e2:00:8b:c7:47:92:fe:a6:c2:b5:10:f6:a6:
                    4c:80:a1:52:af:88:5f:09:2c:a0:7d:7c:c9:04:6a:
                    ae:e1:c3:3d:08:5f:4f:52:95:6d:da:3d:cf:ce:f1:
                    41:83:c4:29:03:85:09:63:cd:fe:d3:92:b0:e2:b5:
                    ba:68:57:9d:96:29:df:0b:93:a7:5f:55:35:96:a9:
                    fc:1c:06:2b:97:02:b7:59:92:b8:8d:99:ba:cd:18:
                    a7:76:64:16:63:93:69:5e:d8:4d:96:ab:fc:ef:30:
                    e4:af:fb:9b:16:c4:cf:77:3c:1f:18:c5:5f:41:ca:
                    f7:b5:4d:49:49:88:0f:52:2c:cb:8a:0e:4e:2c:a5:
                    76:58:76:47:e3:06:a3:7a:07:04:11:0e:b9:4c:68:
                    39:0a:fe:11:1f:05:e7:07:cf:60:d0:c4:8e:55:69:
                    a5:dd:7f:25:44:d1:5b:0a:f8:01:56:ee:5b:98:33:
                    5c:c3:f6:14:ca:f3:f1:cc:89:6d:1e:73:82:60:88:
                    97:b2:17:00:13:ca:0d:12:57:ba:2e:70:6f:a4:f2:
                    1f:0c:cd:9b:f1:77:5c:c2:fa:cd:49:50:a1:0f:5f:
                    14:dd:d7:07:bb:f0:3d:c8:41:77:38:75:07:f5:7c:
                    73:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:CE:B4:05:95:C4:E2:80:AB:56:18:2A:08:38:63:C6:59:18:89:96
            X509v3 Authority Key Identifier:
                keyid:53:D4:E8:E9:F4:A2:30:B0:E5:68:58:76:5F:71:30:AC:D3:4E:9E:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U9To6fSiMLDlaFh2X3EwrNNOni0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/9a5324-4659-4aa3-a3d1-166124c0c545/1/O860BZXE4oCrVhgqCDhjxlkYiZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/9a5324-4659-4aa3-a3d1-166124c0c545/1/U9To6fSiMLDlaFh2X3EwrNNOni0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.133.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:87:04:a8:c7:18:61:31:b3:e2:bd:5b:53:56:42:2a:37:ef:
         ba:0b:63:d0:4a:82:a0:0c:7a:79:3e:54:87:9d:96:50:30:a9:
         a7:a1:c4:34:ea:f4:57:4b:cb:4a:62:12:26:69:d0:a3:58:f9:
         22:d0:3e:62:88:a1:40:91:c2:ef:9d:44:89:eb:00:a4:62:33:
         9a:d0:7a:7a:2a:e8:d3:38:f4:9d:a0:99:59:f9:28:27:fe:8e:
         cf:3d:47:1e:49:41:83:30:32:b6:55:de:16:a8:89:51:d6:d8:
         7c:15:c8:4b:6c:54:60:55:99:23:53:1c:ca:bf:1f:d6:9e:f4:
         14:58:b1:15:84:43:c0:96:d6:ba:7f:da:b1:fe:74:45:7c:1e:
         14:25:5c:e9:2c:3c:af:fa:44:43:73:24:ff:63:6e:bf:0d:f1:
         be:0c:35:6e:8e:a9:7a:f6:79:53:1a:bd:ae:8b:d1:db:b3:a8:
         0c:de:29:8c:47:74:38:32:53:0c:3c:1c:e2:aa:94:a0:ff:45:
         da:9c:32:53:7a:b9:c0:7f:02:ba:00:b7:7a:d6:85:d5:c6:45:
         fe:ad:7b:04:59:50:45:4c:08:8e:ee:f9:3a:43:61:91:6a:94:
         1b:2a:00:26:f7:24:83:6e:b3:af:26:b9:b2:30:f7:a7:1f:6b:
         a1:f9:7a:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxRjhk7M0J0cAn2bOCkZ6sxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzZDRlOGU5ZjRhMjMwYjBlNTY4NTg3NjVmNzEzMGFjZDM0
ZTllMmQwHhcNMjYwMjEyMTExMzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmNlYjQwNTk1YzRlMjgwYWI1NjE4MmEwODM4NjNjNjU5MTg4OTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRUzFM42UPQLbbvdxvdc0OIAi8dH
kv6mwrUQ9qZMgKFSr4hfCSygfXzJBGqu4cM9CF9PUpVt2j3PzvFBg8QpA4UJY83+
05Kw4rW6aFedlinfC5OnX1U1lqn8HAYrlwK3WZK4jZm6zRindmQWY5NpXthNlqv8
7zDkr/ubFsTPdzwfGMVfQcr3tU1JSYgPUizLig5OLKV2WHZH4wajegcEEQ65TGg5
Cv4RHwXnB89g0MSOVWml3X8lRNFbCvgBVu5bmDNcw/YUyvPxzIltHnOCYIiXshcA
E8oNEle6LnBvpPIfDM2b8XdcwvrNSVChD18U3dcHu/A9yEF3OHUH9XxzbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDvOtAWVxOKAq1YYKgg4Y8ZZGImWMB8GA1UdIwQY
MBaAFFPU6On0ojCw5WhYdl9xMKzTTp4tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTlUbzZmU2lNTERsYUZoMlgzRXdyTk5PbmkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC85YTUzMjQtNDY1OS00YWEzLWEzZDEt
MTY2MTI0YzBjNTQ1LzEvTzg2MEJaWEU0b0NyVmhncUNEaGp4bGtZaVpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC85YTUzMjQtNDY1OS00YWEzLWEzZDEtMTY2MTI0YzBjNTQ1
LzEvVTlUbzZmU2lNTERsYUZoMlgzRXdyTk5PbmkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPoU6MA0G
CSqGSIb3DQEBCwUAA4IBAQBDhwSoxxhhMbPivVtTVkIqN++6C2PQSoKgDHp5PlSH
nZZQMKmnocQ06vRXS8tKYhImadCjWPki0D5iiKFAkcLvnUSJ6wCkYjOa0Hp6KujT
OPSdoJlZ+Sgn/o7PPUceSUGDMDK2Vd4WqIlR1th8FchLbFRgVZkjUxzKvx/WnvQU
WLEVhEPAlta6f9qx/nRFfB4UJVzpLDyv+kRDcyT/Y26/DfG+DDVujql69nlTGr2u
i9Hbs6gM3imMR3Q4MlMMPBziqpSg/0XanDJTernAfwK6ALd61oXVxkX+rXsEWVBF
TAiO7vk6Q2GRapQbKgAm9ySDbrOvJrmyMPenH2uh+Xov
-----END CERTIFICATE-----