Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/kHJAbRZAn8BmDoNVsIR_1TrPdwU.roa
File:                     kHJAbRZAn8BmDoNVsIR_1TrPdwU.roa (raw, json)
Hash identifier:          MQR9UxJH6mrGqbSYbaZNH4TCjTvPKDgCy2uSCTLGIl4=
Subject key identifier:   90:72:40:6D:16:40:9F:C0:66:0E:83:55:B0:84:7F:D5:3A:CF:77:05
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       019C46E6BF4CC153481AC6E2CAA30B161B16
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/kHJAbRZAn8BmDoNVsIR_1TrPdwU.roa
Signing time:             Tue 10 Feb 2026 09:34:13 +0000
ROA not before:           Tue 10 Feb 2026 09:34:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29802
IP address blocks:        91.103.124.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:46:e6:bf:4c:c1:53:48:1a:c6:e2:ca:a3:0b:16:1b:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Feb 10 09:34:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9072406d16409fc0660e8355b0847fd53acf7705
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:13:10:83:38:07:91:92:34:2c:1b:c9:76:f6:
                    c5:b5:e7:31:f0:e5:79:e0:6b:12:6b:a1:49:b1:17:
                    28:6e:25:8a:28:ff:b0:47:ca:62:2b:76:0a:c4:21:
                    12:c9:84:10:a3:5b:aa:c2:e7:e3:18:ef:4a:24:26:
                    9d:d9:6a:2c:67:4d:46:43:0a:51:d4:c5:ed:0d:c4:
                    68:40:16:f1:75:63:92:ad:60:98:b2:c8:3b:00:2d:
                    86:dc:dc:3c:48:c6:7f:c5:db:21:ee:2a:f9:33:65:
                    57:a7:d6:40:37:d4:60:f3:50:c1:4b:cb:2f:83:d8:
                    76:6e:5b:64:8c:55:76:63:8e:19:12:4e:da:78:97:
                    a1:5b:05:57:f8:17:b6:92:d6:6d:50:de:3d:b5:87:
                    b9:42:a9:22:74:f5:6b:45:32:bd:0f:42:9d:b9:b5:
                    52:a2:36:79:79:63:4c:6f:37:3a:e2:f1:79:e7:e1:
                    e7:4d:a5:a3:20:ab:f2:02:74:be:2b:4c:25:bf:bd:
                    5b:02:6b:d9:44:bb:b6:07:11:ae:cd:8e:cf:4f:5f:
                    5a:d3:69:be:80:ca:bb:9c:57:15:09:35:32:14:81:
                    7c:e1:01:77:d6:e6:f1:83:e4:b5:06:1a:5e:2b:08:
                    5b:14:85:47:a7:7d:63:08:05:ce:af:2a:bd:6c:f6:
                    13:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:72:40:6D:16:40:9F:C0:66:0E:83:55:B0:84:7F:D5:3A:CF:77:05
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/kHJAbRZAn8BmDoNVsIR_1TrPdwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.103.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:57:58:d7:2b:9d:e2:30:f9:88:6a:8d:f2:f7:c8:6a:e8:3a:
         b6:3d:45:9f:88:f6:ee:b3:61:3c:93:d7:d0:91:68:ae:68:9e:
         5c:fc:ae:7d:01:65:f7:4f:e1:b5:94:38:1b:7e:8f:98:28:24:
         18:75:b6:15:02:53:b8:8a:62:e6:6b:16:a0:51:e8:3f:a7:a1:
         62:76:6b:53:1e:c2:71:13:b9:6c:f5:99:d4:bf:37:7a:6d:f5:
         22:44:82:b6:66:98:4f:88:9e:d6:87:29:13:ea:58:50:e2:a0:
         48:82:cf:57:c7:b2:7c:d8:de:a1:b6:74:39:bc:a7:1d:4b:9d:
         34:67:26:98:2f:89:f7:a7:bd:ec:af:1c:29:ad:9a:6c:2f:c4:
         aa:02:86:0d:25:ff:dd:71:43:a6:4d:90:f6:30:e9:39:87:ff:
         38:37:7a:8e:9e:df:84:6f:5c:d9:80:c1:94:99:e9:19:6c:d4:
         85:86:13:57:21:ec:89:02:52:dd:4c:96:10:20:19:6e:e0:c1:
         7e:e9:9b:05:83:0d:3a:72:cb:54:4a:94:91:8c:d6:6e:a5:42:
         ac:1f:f8:ac:fc:94:3e:38:32:fe:84:96:85:52:05:f2:ae:20:
         30:81:82:41:ac:6b:12:76:e7:9e:5b:ca:71:94:6c:93:d8:a5:
         3c:c4:79:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxG5r9MwVNIGsbiyqMLFhsWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjYwMjEwMDkzNDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDcyNDA2ZDE2NDA5ZmMwNjYwZTgzNTViMDg0N2ZkNTNhY2Y3NzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1hMQgzgHkZI0LBvJdvbFtecx8OV5
4GsSa6FJsRcobiWKKP+wR8piK3YKxCESyYQQo1uqwufjGO9KJCad2WosZ01GQwpR
1MXtDcRoQBbxdWOSrWCYssg7AC2G3Nw8SMZ/xdsh7ir5M2VXp9ZAN9Rg81DBS8sv
g9h2bltkjFV2Y44ZEk7aeJehWwVX+Be2ktZtUN49tYe5QqkidPVrRTK9D0KdubVS
ojZ5eWNMbzc64vF55+HnTaWjIKvyAnS+K0wlv71bAmvZRLu2BxGuzY7PT19a02m+
gMq7nFcVCTUyFIF84QF31ubxg+S1BhpeKwhbFIVHp31jCAXOryq9bPYTxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJByQG0WQJ/AZg6DVbCEf9U6z3cFMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEva0hKQWJSWkFuOEJtRG9OVnNJUl8xVHJQZHdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW2d8MA0G
CSqGSIb3DQEBCwUAA4IBAQAJV1jXK53iMPmIao3y98hq6Dq2PUWfiPbus2E8k9fQ
kWiuaJ5c/K59AWX3T+G1lDgbfo+YKCQYdbYVAlO4imLmaxagUeg/p6FidmtTHsJx
E7ls9ZnUvzd6bfUiRIK2ZphPiJ7WhykT6lhQ4qBIgs9Xx7J82N6htnQ5vKcdS500
ZyaYL4n3p73srxwprZpsL8SqAoYNJf/dcUOmTZD2MOk5h/84N3qOnt+Eb1zZgMGU
mekZbNSFhhNXIeyJAlLdTJYQIBlu4MF+6ZsFgw06cstUSpSRjNZupUKsH/is/JQ+
ODL+hJaFUgXyriAwgYJBrGsSdueeW8pxlGyT2KU8xHlD
-----END CERTIFICATE-----