Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/b4a4c0-c53f-45bb-8e85-a9b4614f0744/1/0WpGctn3iHwcCfz1HyZ1-r-vlc8.roa
File:                     0WpGctn3iHwcCfz1HyZ1-r-vlc8.roa (raw, json)
Hash identifier:          FHZ/JIyqvLJTAVxRV45KR0WJzUtCxqF4aecsFoB2jfo=
Subject key identifier:   D1:6A:46:72:D9:F7:88:7C:1C:09:FC:F5:1F:26:75:FA:BF:AF:95:CF
Certificate issuer:       /CN=afef3844293bad651ffd857c91af0be560aecd61
Certificate serial:       019C6B67070FDF944EAC8C81C73AEE05EEB9
Authority key identifier: AF:EF:38:44:29:3B:AD:65:1F:FD:85:7C:91:AF:0B:E5:60:AE:CD:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r-84RCk7rWUf_YV8ka8L5WCuzWE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/b4a4c0-c53f-45bb-8e85-a9b4614f0744/1/0WpGctn3iHwcCfz1HyZ1-r-vlc8.roa
Signing time:             Tue 17 Feb 2026 11:40:40 +0000
ROA not before:           Tue 17 Feb 2026 11:40:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206466
IP address blocks:        185.185.236.0/22 maxlen: 22
                          2a0b:6880::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/b4a4c0-c53f-45bb-8e85-a9b4614f0744/1/r-84RCk7rWUf_YV8ka8L5WCuzWE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/b4a4c0-c53f-45bb-8e85-a9b4614f0744/1/r-84RCk7rWUf_YV8ka8L5WCuzWE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r-84RCk7rWUf_YV8ka8L5WCuzWE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6b:67:07:0f:df:94:4e:ac:8c:81:c7:3a:ee:05:ee:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afef3844293bad651ffd857c91af0be560aecd61
        Validity
            Not Before: Feb 17 11:40:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d16a4672d9f7887c1c09fcf51f2675fabfaf95cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:15:a3:d4:79:c3:b1:42:39:3f:c0:90:a7:a4:
                    ac:d0:3d:fa:34:53:e9:d4:98:07:d9:64:95:36:2a:
                    98:7e:e1:2e:0b:b2:45:8a:5f:c3:ab:8b:7a:51:ea:
                    30:96:04:31:01:56:0f:26:4a:84:36:5a:5d:28:c0:
                    3a:84:2a:c5:78:a2:91:b1:2a:8f:d6:ec:8e:97:4e:
                    66:13:a8:d1:18:af:49:bd:e5:88:f3:c3:9f:4c:f0:
                    6b:b8:cf:09:4c:86:b4:98:c7:ab:ee:14:37:db:6b:
                    0a:4c:7c:c0:a7:25:d2:04:ff:cb:a0:a8:17:41:45:
                    cd:24:a7:c8:aa:6d:14:35:4d:6a:cf:a3:ff:ae:b2:
                    f9:4f:a3:40:85:3a:c2:6f:20:86:e4:73:4c:27:d8:
                    8c:d4:5b:93:0c:d8:e3:81:c9:02:d3:5d:07:5e:9b:
                    6b:91:40:fb:cd:91:68:17:7e:5c:d7:a6:4b:02:24:
                    67:3b:f8:4a:73:d0:b4:92:f8:9b:b6:1b:c0:d3:3e:
                    f4:cf:31:ad:ab:d3:5a:dd:17:83:b1:fb:a1:70:96:
                    40:0b:e5:a9:15:88:68:cd:44:b7:25:f3:30:c7:a4:
                    3a:a9:3a:1d:0d:e5:64:fc:37:f6:ed:ed:81:c8:9c:
                    2c:34:5e:69:42:27:17:1d:2e:65:00:cf:03:3c:20:
                    b7:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:6A:46:72:D9:F7:88:7C:1C:09:FC:F5:1F:26:75:FA:BF:AF:95:CF
            X509v3 Authority Key Identifier:
                keyid:AF:EF:38:44:29:3B:AD:65:1F:FD:85:7C:91:AF:0B:E5:60:AE:CD:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r-84RCk7rWUf_YV8ka8L5WCuzWE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/b4a4c0-c53f-45bb-8e85-a9b4614f0744/1/0WpGctn3iHwcCfz1HyZ1-r-vlc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/b4a4c0-c53f-45bb-8e85-a9b4614f0744/1/r-84RCk7rWUf_YV8ka8L5WCuzWE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.185.236.0/22
                IPv6:
                  2a0b:6880::/32

    Signature Algorithm: sha256WithRSAEncryption
         4e:a2:a0:64:c6:ca:27:d1:0f:a4:42:14:87:be:2f:0e:f8:19:
         b5:eb:96:c1:da:ad:1a:19:c5:32:75:60:8e:00:9b:ca:78:58:
         b3:f4:23:7b:05:c8:fe:a2:8b:7e:cc:73:68:a6:3e:8a:6e:16:
         57:ee:74:3f:e2:44:f2:f3:ea:ac:7e:25:65:ad:c4:97:e2:bf:
         7f:eb:3c:30:d6:4f:91:e0:87:9f:34:bc:14:5a:ad:5a:e8:52:
         25:5b:8b:87:13:21:fa:d6:8b:c8:f8:7e:05:bf:bf:8e:45:9b:
         90:c7:05:24:58:90:43:d2:52:01:3b:ec:d6:2e:a3:bd:3f:75:
         23:86:47:ab:ce:60:2f:bc:c0:71:19:dd:4e:bd:32:d8:6d:c7:
         9b:69:d9:02:67:ba:fc:79:3c:af:1d:ef:d5:8c:49:50:1a:f4:
         1a:c5:ec:9c:f4:39:8c:55:0f:96:7d:20:d2:c5:ec:3f:7e:0f:
         9e:b9:6d:a7:32:da:23:0e:d6:54:8c:07:34:86:c8:59:31:27:
         5f:58:01:e8:6f:2c:3f:a2:c4:9f:52:fd:d0:b9:9d:88:ec:94:
         6e:b0:ed:97:34:4f:2f:aa:ea:de:da:3e:ff:7b:8d:9c:e4:92:
         49:dc:73:d8:b6:ab:34:4a:ab:57:89:5a:6d:d1:93:ae:d4:e3:
         f7:2d:f0:18
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZxrZwcP35ROrIyBxzruBe65MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZWYzODQ0MjkzYmFkNjUxZmZkODU3YzkxYWYwYmU1NjBh
ZWNkNjEwHhcNMjYwMjE3MTE0MDQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTZhNDY3MmQ5Zjc4ODdjMWMwOWZjZjUxZjI2NzVmYWJmYWY5NWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BWj1HnDsUI5P8CQp6Ss0D36NFPp
1JgH2WSVNiqYfuEuC7JFil/Dq4t6UeowlgQxAVYPJkqENlpdKMA6hCrFeKKRsSqP
1uyOl05mE6jRGK9JveWI88OfTPBruM8JTIa0mMer7hQ322sKTHzApyXSBP/LoKgX
QUXNJKfIqm0UNU1qz6P/rrL5T6NAhTrCbyCG5HNMJ9iM1FuTDNjjgckC010HXptr
kUD7zZFoF35c16ZLAiRnO/hKc9C0kvibthvA0z70zzGtq9Na3ReDsfuhcJZAC+Wp
FYhozUS3JfMwx6Q6qTodDeVk/Df27e2ByJwsNF5pQicXHS5lAM8DPCC3lwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNFqRnLZ94h8HAn89R8mdfq/r5XPMB8GA1UdIwQY
MBaAFK/vOEQpO61lH/2FfJGvC+Vgrs1hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvci04NFJDazdyV1VmX1lWOGthOEw1V0N1eldFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9iNGE0YzAtYzUzZi00NWJiLThlODUt
YTliNDYxNGYwNzQ0LzEvMFdwR2N0bjNpSHdjQ2Z6MUh5WjEtci12bGM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9iNGE0YzAtYzUzZi00NWJiLThlODUtYTliNDYxNGYwNzQ0
LzEvci04NFJDazdyV1VmX1lWOGthOEw1V0N1eldFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubnsMA0E
AgACMAcDBQAqC2iAMA0GCSqGSIb3DQEBCwUAA4IBAQBOoqBkxson0Q+kQhSHvi8O
+Bm165bB2q0aGcUydWCOAJvKeFiz9CN7Bcj+oot+zHNopj6KbhZX7nQ/4kTy8+qs
fiVlrcSX4r9/6zww1k+R4IefNLwUWq1a6FIlW4uHEyH61ovI+H4Fv7+ORZuQxwUk
WJBD0lIBO+zWLqO9P3UjhkerzmAvvMBxGd1OvTLYbcebadkCZ7r8eTyvHe/VjElQ
GvQaxeyc9DmMVQ+WfSDSxew/fg+euW2nMtojDtZUjAc0hshZMSdfWAHobyw/osSf
Uv3QuZ2I7JRusO2XNE8vqure2j7/e42c5JJJ3HPYtqs0SqtXiVpt0ZOu1OP3LfAY
-----END CERTIFICATE-----