Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8yH3ygjrMA6jeHrsqLsAlWCdUcM.roa
File:                     8yH3ygjrMA6jeHrsqLsAlWCdUcM.roa (raw, json)
Hash identifier:          dShHVvsbPdVLUnujwbFi0MaA7DL0ntBwHPMhNT/DvWQ=
Subject key identifier:   F3:21:F7:CA:08:EB:30:0E:A3:78:7A:EC:A8:BB:00:95:60:9D:51:C3
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019C714E2726173A13815AC45A5DA8DEFC79
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8yH3ygjrMA6jeHrsqLsAlWCdUcM.roa
Signing time:             Wed 18 Feb 2026 15:11:13 +0000
ROA not before:           Wed 18 Feb 2026 15:11:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1931
IP address blocks:        185.19.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:71:4e:27:26:17:3a:13:81:5a:c4:5a:5d:a8:de:fc:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Feb 18 15:11:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f321f7ca08eb300ea3787aeca8bb0095609d51c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:72:3b:39:a8:ed:45:58:a3:f1:11:7b:34:7f:
                    65:3d:5f:d5:2c:22:43:e8:dd:c8:99:50:5d:f5:d2:
                    79:99:3d:4b:85:28:73:9d:d0:42:21:b3:7c:c6:06:
                    07:16:65:21:94:ae:f9:96:6b:8b:b4:04:15:7e:c9:
                    d0:b3:03:f4:e2:2e:76:2c:bf:ff:5c:ee:6d:d0:71:
                    ad:52:48:69:3b:ab:cc:09:92:cd:25:cc:40:67:c4:
                    33:93:7c:b1:bd:c2:cd:76:83:25:a5:10:31:05:9b:
                    6a:25:80:94:e4:d7:8f:13:68:f4:d3:c1:d0:9e:ac:
                    d9:8e:13:18:41:12:b1:d8:f2:3b:3f:29:1e:0b:0e:
                    b8:26:ae:29:6e:3b:a2:11:ec:a2:d0:55:8f:9a:cf:
                    ae:d7:45:56:e0:47:99:aa:f8:cc:41:37:6f:eb:47:
                    00:50:0b:13:1e:f8:b6:50:af:c4:2d:e0:92:76:0c:
                    30:1e:7f:a6:01:07:c2:2b:cc:f9:ad:0c:5a:11:73:
                    ee:ba:98:14:15:cf:0d:60:df:2a:63:68:d4:6c:49:
                    1d:20:0e:15:a5:21:53:6d:7a:3e:ca:47:f3:3b:b0:
                    17:42:ed:c6:72:14:3e:05:66:e4:33:f9:c7:90:de:
                    24:fc:5a:9f:51:4a:6e:f4:f1:9a:dc:d8:f8:0e:88:
                    54:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:21:F7:CA:08:EB:30:0E:A3:78:7A:EC:A8:BB:00:95:60:9D:51:C3
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8yH3ygjrMA6jeHrsqLsAlWCdUcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:83:80:68:0e:ee:36:6c:e9:4c:07:ce:86:55:62:42:2f:35:
         fb:e1:da:33:1d:90:c1:a3:37:c2:f0:4e:9f:56:48:43:33:6b:
         6b:d1:44:d9:d6:16:7e:08:a7:54:6f:33:a9:64:ed:44:0e:0d:
         05:8e:82:3a:d6:86:7a:db:8e:1d:1e:71:f1:b8:4b:2d:0a:75:
         92:58:78:a3:58:e6:f9:a9:68:9e:79:1d:53:aa:40:a8:33:19:
         46:34:fe:2e:66:3d:6c:4c:0a:49:6d:e0:e2:4e:d0:ef:17:c0:
         40:81:57:11:06:4b:a1:a5:5f:10:00:f9:52:b6:88:a8:3a:17:
         8e:cb:41:48:a6:44:f4:df:a1:80:b8:0c:3a:9a:47:58:df:8d:
         fe:b2:c3:1c:21:69:34:4f:56:fd:42:0a:4e:0f:d3:87:0a:bc:
         15:3c:bd:c0:f0:83:c7:c5:2a:09:ae:1e:ec:28:bd:b6:40:4f:
         d2:0b:cb:0c:1f:b0:6f:ae:2e:65:c9:e7:d4:60:13:7b:a8:e1:
         25:9d:b8:2c:70:61:ff:e9:3d:4e:ba:e5:10:31:26:b5:22:f0:
         ed:60:58:86:b8:75:27:2f:f6:4c:1b:f8:34:da:44:63:c0:17:
         33:44:80:c2:20:d6:82:f1:0a:91:72:91:eb:f5:a4:46:02:dc:
         c8:32:cf:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxxTicmFzoTgVrEWl2o3vx5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMjE4MTUxMTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzIxZjdjYTA4ZWIzMDBlYTM3ODdhZWNhOGJiMDA5NTYwOWQ1MWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3I7OajtRVij8RF7NH9lPV/VLCJD
6N3ImVBd9dJ5mT1LhShzndBCIbN8xgYHFmUhlK75lmuLtAQVfsnQswP04i52LL//
XO5t0HGtUkhpO6vMCZLNJcxAZ8Qzk3yxvcLNdoMlpRAxBZtqJYCU5NePE2j008HQ
nqzZjhMYQRKx2PI7PykeCw64Jq4pbjuiEeyi0FWPms+u10VW4EeZqvjMQTdv60cA
UAsTHvi2UK/ELeCSdgwwHn+mAQfCK8z5rQxaEXPuupgUFc8NYN8qY2jUbEkdIA4V
pSFTbXo+ykfzO7AXQu3GchQ+BWbkM/nHkN4k/FqfUUpu9PGa3Nj4DohUgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPMh98oI6zAOo3h67Ki7AJVgnVHDMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvOHlIM3lnanJNQTZqZUhyc3FMc0FsV0NkVWNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRMoMA0G
CSqGSIb3DQEBCwUAA4IBAQA6g4BoDu42bOlMB86GVWJCLzX74dozHZDBozfC8E6f
VkhDM2tr0UTZ1hZ+CKdUbzOpZO1EDg0FjoI61oZ6244dHnHxuEstCnWSWHijWOb5
qWieeR1TqkCoMxlGNP4uZj1sTApJbeDiTtDvF8BAgVcRBkuhpV8QAPlStoioOheO
y0FIpkT036GAuAw6mkdY343+ssMcIWk0T1b9QgpOD9OHCrwVPL3A8IPHxSoJrh7s
KL22QE/SC8sMH7Bvri5lyefUYBN7qOElnbgscGH/6T1OuuUQMSa1IvDtYFiGuHUn
L/ZMG/g02kRjwBczRIDCINaC8QqRcpHr9aRGAtzIMs/Z
-----END CERTIFICATE-----