Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/74c76f-5d70-4eef-99f5-131cc48640dc/1/_01xdN9b6VGiDq8TdVfHkv4nsNA.roa
File:                     _01xdN9b6VGiDq8TdVfHkv4nsNA.roa (raw, json)
Hash identifier:          cof+3EhtbeAEqNmK/OvBSq8ShRaGyYdb9JejvgRl8nA=
Subject key identifier:   FF:4D:71:74:DF:5B:E9:51:A2:0E:AF:13:75:57:C7:92:FE:27:B0:D0
Certificate issuer:       /CN=896b339dbcf8411d584008cf029b47c88ab379d5
Certificate serial:       019C6CB2F3BCA8C863ED91E0EC6CA4AEE0C0
Authority key identifier: 89:6B:33:9D:BC:F8:41:1D:58:40:08:CF:02:9B:47:C8:8A:B3:79:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iWsznbz4QR1YQAjPAptHyIqzedU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/74c76f-5d70-4eef-99f5-131cc48640dc/1/_01xdN9b6VGiDq8TdVfHkv4nsNA.roa
Signing time:             Tue 17 Feb 2026 17:43:12 +0000
ROA not before:           Tue 17 Feb 2026 17:43:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     224
IP address blocks:        129.242.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/74c76f-5d70-4eef-99f5-131cc48640dc/1/iWsznbz4QR1YQAjPAptHyIqzedU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/74c76f-5d70-4eef-99f5-131cc48640dc/1/iWsznbz4QR1YQAjPAptHyIqzedU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iWsznbz4QR1YQAjPAptHyIqzedU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 20:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6c:b2:f3:bc:a8:c8:63:ed:91:e0:ec:6c:a4:ae:e0:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=896b339dbcf8411d584008cf029b47c88ab379d5
        Validity
            Not Before: Feb 17 17:43:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ff4d7174df5be951a20eaf137557c792fe27b0d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:bf:a5:e9:1f:94:f6:f5:bb:fe:33:74:92:0c:
                    bf:91:a8:10:5e:9f:fb:4f:08:a9:7f:1f:db:56:d5:
                    c9:da:0a:f6:24:fe:a1:b0:35:53:7a:09:51:86:8d:
                    a2:55:8e:9a:a1:5a:91:56:9b:3d:91:7f:be:cc:b1:
                    f3:bd:9a:a6:64:13:77:05:90:17:d6:a4:37:eb:b2:
                    0c:43:9f:68:b1:27:2f:81:01:32:38:92:e6:80:50:
                    53:53:6d:1f:07:c8:af:4b:95:8c:65:72:5a:6c:59:
                    2e:15:1d:d6:4d:bf:9e:6d:21:c7:cb:33:f8:af:8d:
                    b8:d2:14:7a:ba:f1:ed:de:56:26:0c:58:0a:12:57:
                    bf:00:aa:7a:ae:9e:ca:91:c5:ce:3e:5c:fa:8a:6e:
                    5b:27:f7:81:58:2b:71:22:b4:db:02:68:cb:f0:7d:
                    5d:92:19:d9:71:4f:a0:07:62:10:68:a3:4d:1e:cf:
                    a6:43:a3:4c:28:80:be:7a:b2:8b:2b:bc:90:05:e8:
                    9e:e6:12:f3:03:96:bc:15:d2:38:73:a1:48:08:14:
                    f4:ec:a9:f2:a1:d5:17:75:c1:be:d6:1a:f2:5b:99:
                    75:76:0d:4b:9f:32:b2:91:46:b7:fd:f9:66:45:d4:
                    a5:c4:8c:fe:b7:ec:29:4e:0b:2f:13:5a:99:35:d3:
                    29:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:4D:71:74:DF:5B:E9:51:A2:0E:AF:13:75:57:C7:92:FE:27:B0:D0
            X509v3 Authority Key Identifier:
                keyid:89:6B:33:9D:BC:F8:41:1D:58:40:08:CF:02:9B:47:C8:8A:B3:79:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iWsznbz4QR1YQAjPAptHyIqzedU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/74c76f-5d70-4eef-99f5-131cc48640dc/1/_01xdN9b6VGiDq8TdVfHkv4nsNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/74c76f-5d70-4eef-99f5-131cc48640dc/1/iWsznbz4QR1YQAjPAptHyIqzedU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.242.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         36:9b:d8:ee:04:0f:e3:58:b6:d6:5a:24:77:38:25:0f:fa:24:
         74:c9:87:63:09:56:98:aa:c4:78:f7:fc:f6:f9:74:d5:95:42:
         55:d1:5c:d3:d2:79:ce:d3:90:a6:66:b1:94:f7:de:d0:2c:0b:
         96:90:fb:83:9b:fa:be:df:5f:30:2d:99:98:64:4b:65:c4:0b:
         86:66:df:08:65:72:b9:51:e1:5d:bc:86:8f:5d:e1:75:3c:85:
         12:f0:ca:41:23:4b:82:05:2a:58:91:1a:8f:26:59:ec:b3:11:
         97:14:4d:bf:b3:49:3a:2b:bd:66:98:64:c5:d1:3d:bc:0f:7e:
         cf:8f:e4:4a:a1:8a:f7:67:9a:56:1c:9f:a7:db:92:3d:9f:72:
         f4:93:27:01:03:dc:00:d5:94:80:b7:c6:8a:4f:09:cc:24:3b:
         40:6d:a9:a9:8b:dd:81:5f:ac:e2:20:2b:ba:1d:90:06:e1:95:
         1f:d8:49:da:13:7c:1a:cf:c3:2a:73:4c:6f:0c:6f:dc:ac:7a:
         6d:0a:63:aa:21:5f:79:3c:86:29:22:50:71:20:c0:fb:a3:3f:
         34:85:33:79:6c:ac:41:6b:a7:6a:1d:29:1e:26:b3:0f:8a:42:
         7e:42:52:9f:17:3c:01:60:14:ea:af:e4:8d:ff:2a:05:e7:fe:
         df:8b:6b:17
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZxssvO8qMhj7ZHg7GykruDAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NmIzMzlkYmNmODQxMWQ1ODQwMDhjZjAyOWI0N2M4OGFi
Mzc5ZDUwHhcNMjYwMjE3MTc0MzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjRkNzE3NGRmNWJlOTUxYTIwZWFmMTM3NTU3Yzc5MmZlMjdiMGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxL+l6R+U9vW7/jN0kgy/kagQXp/7
Twipfx/bVtXJ2gr2JP6hsDVTeglRho2iVY6aoVqRVps9kX++zLHzvZqmZBN3BZAX
1qQ367IMQ59osScvgQEyOJLmgFBTU20fB8ivS5WMZXJabFkuFR3WTb+ebSHHyzP4
r4240hR6uvHt3lYmDFgKEle/AKp6rp7KkcXOPlz6im5bJ/eBWCtxIrTbAmjL8H1d
khnZcU+gB2IQaKNNHs+mQ6NMKIC+erKLK7yQBeie5hLzA5a8FdI4c6FICBT07Kny
odUXdcG+1hryW5l1dg1LnzKykUa3/flmRdSlxIz+t+wpTgsvE1qZNdMpcwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFP9NcXTfW+lRog6vE3VXx5L+J7DQMB8GA1UdIwQY
MBaAFIlrM528+EEdWEAIzwKbR8iKs3nVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVdzem5iejRRUjFZUUFqUEFwdEh5SXF6ZWRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS83NGM3NmYtNWQ3MC00ZWVmLTk5ZjUt
MTMxY2M0ODY0MGRjLzEvXzAxeGROOWI2VkdpRHE4VGRWZkhrdjRuc05BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS83NGM3NmYtNWQ3MC00ZWVmLTk5ZjUtMTMxY2M0ODY0MGRj
LzEvaVdzem5iejRRUjFZUUFqUEFwdEh5SXF6ZWRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAgfIwDQYJ
KoZIhvcNAQELBQADggEBADab2O4ED+NYttZaJHc4JQ/6JHTJh2MJVpiqxHj3/Pb5
dNWVQlXRXNPSec7TkKZmsZT33tAsC5aQ+4Ob+r7fXzAtmZhkS2XEC4Zm3whlcrlR
4V28ho9d4XU8hRLwykEjS4IFKliRGo8mWeyzEZcUTb+zSTorvWaYZMXRPbwPfs+P
5EqhivdnmlYcn6fbkj2fcvSTJwED3ADVlIC3xopPCcwkO0BtqamL3YFfrOIgK7od
kAbhlR/YSdoTfBrPwypzTG8Mb9ysem0KY6ohX3k8hikiUHEgwPujPzSFM3lsrEFr
p2odKR4msw+KQn5CUp8XPAFgFOqv5I3/KgXn/t+Laxc=
-----END CERTIFICATE-----