Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/qd72DKJaICZWiagHwebWP0vFOJ8.roa
File:                     qd72DKJaICZWiagHwebWP0vFOJ8.roa (raw, json)
Hash identifier:          /V0/an8AE34Kq1g8LUh0t2FSys6TP8h7lRi/4uGrR90=
Subject key identifier:   A9:DE:F6:0C:A2:5A:20:26:56:89:A8:07:C1:E6:D6:3F:4B:C5:38:9F
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       019C767DA9ED73BDAA568F616E3021282151
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/qd72DKJaICZWiagHwebWP0vFOJ8.roa
Signing time:             Thu 19 Feb 2026 15:21:12 +0000
ROA not before:           Thu 19 Feb 2026 15:21:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13287
IP address blocks:        95.111.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:76:7d:a9:ed:73:bd:aa:56:8f:61:6e:30:21:28:21:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Feb 19 15:21:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a9def60ca25a20265689a807c1e6d63f4bc5389f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:c1:76:e7:be:ee:ed:08:dc:9a:ca:92:32:93:
                    22:7b:e6:46:b6:32:eb:6d:f1:e6:e0:ce:46:bf:cb:
                    f4:0a:d8:c2:d8:e7:b9:1a:01:5f:31:8e:00:cf:7e:
                    ba:0c:e0:16:38:15:b9:fb:36:6f:7d:b1:f2:60:7f:
                    e3:4e:23:bb:24:17:50:37:10:b0:39:54:b3:f6:31:
                    83:08:a4:eb:21:a3:ac:d0:80:27:e1:45:8b:16:11:
                    3b:2b:64:6b:c0:e3:a5:fc:49:3d:97:a4:3c:05:33:
                    f6:97:fe:0c:51:fe:23:2b:23:c0:95:42:e0:ac:b3:
                    89:fe:6d:1f:c6:ae:31:4f:ed:11:0c:c7:f8:dc:da:
                    81:4e:17:ac:12:b4:3a:28:27:47:d6:8f:99:17:50:
                    f7:fc:6a:d7:be:97:71:7a:c0:42:8b:7b:50:0c:d0:
                    5e:3a:6b:43:3c:d9:28:38:6d:a9:64:ab:5c:b0:dd:
                    a9:71:21:11:67:da:b4:7f:26:a8:60:04:b5:58:fb:
                    2b:34:ca:be:80:0b:f6:b7:2d:55:08:aa:4c:a4:df:
                    91:3f:40:1a:8f:57:3f:f4:d3:5b:a7:a1:08:40:dc:
                    69:c5:1f:ea:eb:ca:c6:d0:67:ca:a9:d4:50:7c:6a:
                    53:46:0a:41:2c:3e:51:47:31:5a:2b:31:64:55:13:
                    63:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:DE:F6:0C:A2:5A:20:26:56:89:A8:07:C1:E6:D6:3F:4B:C5:38:9F
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/qd72DKJaICZWiagHwebWP0vFOJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.111.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:2e:b7:b4:63:90:85:5c:78:9a:ee:da:e9:a4:42:95:64:26:
         a5:49:bc:ce:7a:54:85:90:95:42:ca:4a:f6:e1:ac:45:55:97:
         40:0b:25:14:b8:0b:72:83:7f:cc:9c:8d:a6:93:f0:e2:ea:f3:
         0b:cf:38:f0:6d:3c:0d:7a:36:17:0e:bf:27:25:09:a2:43:4b:
         9e:1a:7a:7e:68:d7:cc:a9:dd:90:4a:af:06:30:d1:6f:9c:d1:
         da:10:cf:15:cd:ec:40:41:3d:05:0e:ad:43:66:b3:89:c0:78:
         ad:e8:83:d7:52:53:e4:d3:48:c5:2c:33:9b:03:d2:d7:66:7f:
         e2:8b:69:e7:2c:59:62:f5:8c:6a:a3:3c:c9:36:75:cb:e9:08:
         51:c0:42:44:e9:7f:db:8e:41:67:01:d0:ea:b5:6e:76:80:51:
         18:f8:82:30:a1:06:25:c4:03:d5:b0:44:63:a3:e6:be:71:7f:
         ea:97:27:7f:f8:ea:71:fb:38:db:92:ea:b4:08:10:41:bd:a1:
         1c:b2:78:90:eb:7a:9a:e3:ae:6c:46:92:4a:bb:c2:70:71:5b:
         dd:49:03:84:38:d6:73:7e:76:8b:44:09:d0:f4:82:be:82:6f:
         59:42:a0:b3:6a:a4:39:b2:f7:49:47:a3:e1:ac:87:a8:dd:15:
         c9:43:6d:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx2fantc72qVo9hbjAhKCFRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjYwMjE5MTUyMTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWRlZjYwY2EyNWEyMDI2NTY4OWE4MDdjMWU2ZDYzZjRiYzUzODlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMF2577u7QjcmsqSMpMie+ZGtjLr
bfHm4M5Gv8v0CtjC2Oe5GgFfMY4Az366DOAWOBW5+zZvfbHyYH/jTiO7JBdQNxCw
OVSz9jGDCKTrIaOs0IAn4UWLFhE7K2RrwOOl/Ek9l6Q8BTP2l/4MUf4jKyPAlULg
rLOJ/m0fxq4xT+0RDMf43NqBThesErQ6KCdH1o+ZF1D3/GrXvpdxesBCi3tQDNBe
OmtDPNkoOG2pZKtcsN2pcSERZ9q0fyaoYAS1WPsrNMq+gAv2ty1VCKpMpN+RP0Aa
j1c/9NNbp6EIQNxpxR/q68rG0GfKqdRQfGpTRgpBLD5RRzFaKzFkVRNjeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKne9gyiWiAmVomoB8Hm1j9LxTifMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvcWQ3MkRLSmFJQ1pXaWFnSHdlYldQMHZGT0o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX2+RMA0G
CSqGSIb3DQEBCwUAA4IBAQAkLre0Y5CFXHia7trppEKVZCalSbzOelSFkJVCykr2
4axFVZdACyUUuAtyg3/MnI2mk/Di6vMLzzjwbTwNejYXDr8nJQmiQ0ueGnp+aNfM
qd2QSq8GMNFvnNHaEM8VzexAQT0FDq1DZrOJwHit6IPXUlPk00jFLDObA9LXZn/i
i2nnLFli9YxqozzJNnXL6QhRwEJE6X/bjkFnAdDqtW52gFEY+IIwoQYlxAPVsERj
o+a+cX/qlyd/+Opx+zjbkuq0CBBBvaEcsniQ63qa465sRpJKu8JwcVvdSQOEONZz
fnaLRAnQ9IK+gm9ZQqCzaqQ5svdJR6PhrIeo3RXJQ23H
-----END CERTIFICATE-----