Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/h96UmOpvP2IiuRa1zdcgkZqRdgo.roa
File:                     h96UmOpvP2IiuRa1zdcgkZqRdgo.roa (raw, json)
Hash identifier:          RVWvN7ouN/57gofsCcbTG1pWvWa8tMFeSDqaezJgkLg=
Subject key identifier:   87:DE:94:98:EA:6F:3F:62:22:B9:16:B5:CD:D7:20:91:9A:91:76:0A
Certificate issuer:       /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial:       019C71356E40EC1FEBB13024C35741B6C087
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/h96UmOpvP2IiuRa1zdcgkZqRdgo.roa
Signing time:             Wed 18 Feb 2026 14:44:12 +0000
ROA not before:           Wed 18 Feb 2026 14:44:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59711
IP address blocks:        205.188.80.0/22 maxlen: 22
                          205.188.224.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 20:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:71:35:6e:40:ec:1f:eb:b1:30:24:c3:57:41:b6:c0:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
        Validity
            Not Before: Feb 18 14:44:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=87de9498ea6f3f6222b916b5cdd720919a91760a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:36:c0:0a:b4:6b:11:a0:39:44:10:00:94:f0:
                    84:f0:e0:dc:8d:9f:5d:db:e0:12:e9:aa:d3:34:b0:
                    22:8b:38:6a:58:9a:0c:6d:ee:80:ab:3b:db:ab:8f:
                    ee:12:30:3a:e9:e4:ef:eb:48:8a:7f:7b:24:e5:e2:
                    b9:84:f8:51:dc:16:cd:f1:af:d3:b9:28:ab:58:d1:
                    06:09:98:ff:45:a5:5a:88:03:10:90:ee:2c:6b:a8:
                    f8:ab:84:a5:02:2f:7c:6c:68:26:a2:4b:e9:4b:21:
                    d5:87:ab:db:c3:08:54:04:0b:38:09:26:d7:c6:56:
                    3c:26:57:71:1d:3a:65:ce:79:9f:4e:a9:4e:f7:5b:
                    c9:ec:2c:4b:80:07:3e:51:dc:f0:9e:58:d3:b1:df:
                    fd:0b:dd:f0:ba:6b:1f:3b:16:62:bc:f1:19:c6:a3:
                    26:a9:86:cf:ff:0a:b7:b8:9d:7c:46:7b:60:26:85:
                    f4:fd:b8:52:26:75:7f:4a:53:f1:53:4c:ef:1b:8e:
                    cb:ff:51:6f:a8:27:25:7c:49:cd:8e:51:22:06:97:
                    e2:03:76:d4:d6:5a:24:b9:6c:16:37:c3:58:11:af:
                    12:d5:e7:31:cf:62:2c:c1:79:fc:e1:58:c7:75:30:
                    bd:98:d2:31:ff:e1:b3:00:8b:8a:eb:20:22:9c:a1:
                    e9:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:DE:94:98:EA:6F:3F:62:22:B9:16:B5:CD:D7:20:91:9A:91:76:0A
            X509v3 Authority Key Identifier:
                keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/h96UmOpvP2IiuRa1zdcgkZqRdgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  205.188.80.0/22
                  205.188.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:24:31:88:9b:a6:07:b4:18:e7:04:f4:a5:c1:c0:71:5b:d2:
         37:37:fe:c2:73:b4:8a:ef:4f:67:5d:45:70:32:ea:55:1a:bf:
         47:61:c6:fd:a2:51:23:80:f8:2d:ec:b9:72:a5:80:24:0b:65:
         c8:f5:20:02:51:ba:f6:88:fe:8f:31:a8:0b:0f:7d:7b:aa:62:
         8a:25:19:9e:04:e9:67:0b:bf:7f:a0:72:a0:67:8d:7f:ea:97:
         1e:f8:04:5e:7c:40:1d:0c:60:c2:84:95:5f:e3:a4:85:2c:fa:
         8f:87:51:b0:49:3f:60:06:e4:7d:01:4f:18:71:ad:b1:95:af:
         4a:bd:73:67:55:fd:f5:a5:32:42:43:69:91:67:46:96:36:29:
         ae:14:c7:37:7f:32:d2:bc:83:c0:2d:c4:7a:20:bc:07:10:ff:
         8c:08:ba:81:61:ac:2a:ec:04:06:8e:74:fd:f9:47:e7:2c:0d:
         68:34:d2:7d:c9:68:3d:d9:33:69:56:d3:dd:c3:26:3a:be:0e:
         2a:a7:cf:ef:11:17:5c:cd:7c:51:1f:2c:b5:57:6b:13:1f:c4:
         f8:5a:10:92:58:f6:50:ed:fc:1c:a9:8d:41:bb:d1:6f:28:f0:
         a7:e8:46:6a:a3:ab:fc:31:65:a6:c6:0f:ae:c5:fc:8f:03:15:
         ba:f3:a4:5c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxxNW5A7B/rsTAkw1dBtsCHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDIxYjI1MjIyMjk5N2JmZTMzYjdlNGIzMTVhYzhkNWUw
Njc5NTQwHhcNMjYwMjE4MTQ0NDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2RlOTQ5OGVhNmYzZjYyMjJiOTE2YjVjZGQ3MjA5MTlhOTE3NjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszbACrRrEaA5RBAAlPCE8ODcjZ9d
2+AS6arTNLAiizhqWJoMbe6Aqzvbq4/uEjA66eTv60iKf3sk5eK5hPhR3BbN8a/T
uSirWNEGCZj/RaVaiAMQkO4sa6j4q4SlAi98bGgmokvpSyHVh6vbwwhUBAs4CSbX
xlY8JldxHTplznmfTqlO91vJ7CxLgAc+UdzwnljTsd/9C93wumsfOxZivPEZxqMm
qYbP/wq3uJ18RntgJoX0/bhSJnV/SlPxU0zvG47L/1FvqCclfEnNjlEiBpfiA3bU
1lokuWwWN8NYEa8S1ecxz2IswXn84VjHdTC9mNIx/+GzAIuK6yAinKHpswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIfelJjqbz9iIrkWtc3XIJGakXYKMB8GA1UdIwQY
MBaAFCECGyUiIpl7/jO35LMVrI1eBnlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMt
NmVhYzYyZTYwZGY3LzEvaDk2VW1PcHZQMklpdVJhMXpkY2drWnFSZGdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMtNmVhYzYyZTYwZGY3
LzEvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCzbxQAwQC
zbzgMA0GCSqGSIb3DQEBCwUAA4IBAQBqJDGIm6YHtBjnBPSlwcBxW9I3N/7Cc7SK
709nXUVwMupVGr9HYcb9olEjgPgt7LlypYAkC2XI9SACUbr2iP6PMagLD317qmKK
JRmeBOlnC79/oHKgZ41/6pce+ARefEAdDGDChJVf46SFLPqPh1GwST9gBuR9AU8Y
ca2xla9KvXNnVf31pTJCQ2mRZ0aWNimuFMc3fzLSvIPALcR6ILwHEP+MCLqBYawq
7AQGjnT9+UfnLA1oNNJ9yWg92TNpVtPdwyY6vg4qp8/vERdczXxRHyy1V2sTH8T4
WhCSWPZQ7fwcqY1Bu9FvKPCn6EZqo6v8MWWmxg+uxfyPAxW686Rc
-----END CERTIFICATE-----