Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/R_kCep0eF-iG5HEs5UJG62QZYlg.roa
File:                     R_kCep0eF-iG5HEs5UJG62QZYlg.roa (raw, json)
Hash identifier:          EZQ1PqaJpmJqP33VWR7r2Bq64btBeVlZuT1AF/+ALxc=
Subject key identifier:   47:F9:02:7A:9D:1E:17:E8:86:E4:71:2C:E5:42:46:EB:64:19:62:58
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019C4CCA1A93F5CE80D24C53249C0F7C0D19
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/R_kCep0eF-iG5HEs5UJG62QZYlg.roa
Signing time:             Wed 11 Feb 2026 13:00:39 +0000
ROA not before:           Wed 11 Feb 2026 13:00:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     28762
IP address blocks:        89.125.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4c:ca:1a:93:f5:ce:80:d2:4c:53:24:9c:0f:7c:0d:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Feb 11 13:00:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=47f9027a9d1e17e886e4712ce54246eb64196258
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:77:c5:31:6e:0c:ed:7f:b7:d8:4e:36:0a:30:
                    c0:17:17:3f:46:58:ad:bf:3d:c8:5e:36:14:29:28:
                    4a:98:79:98:4e:db:0d:64:5b:8d:51:a3:20:77:af:
                    2c:f8:da:fd:58:80:6d:f5:a6:f7:25:ac:db:30:71:
                    57:d5:7b:7b:d1:8e:a4:03:eb:7b:49:f3:c4:c4:ad:
                    9a:b0:04:d4:78:4c:99:b3:2c:49:4a:d4:8b:fd:3b:
                    8a:50:fe:03:66:db:fe:8a:5d:a2:c2:d6:f9:4f:b8:
                    04:cf:b0:b0:b3:2c:ed:e3:77:1c:77:b2:e3:c7:7a:
                    d2:e0:93:1e:fe:b8:4b:76:d8:7e:e6:52:c3:73:d2:
                    92:1a:5a:9c:16:96:18:63:43:a8:5a:dc:7b:c9:8a:
                    4e:17:9d:e3:71:7a:c7:7c:e4:1c:39:8f:c0:1f:7b:
                    d6:ef:51:e3:42:a8:8d:c7:0e:26:8d:ee:e6:61:84:
                    03:55:d2:05:b1:2e:84:2e:e1:9c:27:48:37:7d:d9:
                    1b:ac:6a:34:32:fc:b3:9a:c5:8f:f1:01:3b:a7:25:
                    e2:ba:c8:b1:02:bc:7d:91:0e:d8:e7:24:49:43:12:
                    48:43:2d:7b:c2:0e:9e:5c:7c:2b:23:01:40:e4:09:
                    28:70:e5:28:d4:fd:84:56:87:3d:10:1b:c4:3c:3f:
                    04:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:F9:02:7A:9D:1E:17:E8:86:E4:71:2C:E5:42:46:EB:64:19:62:58
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/R_kCep0eF-iG5HEs5UJG62QZYlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.125.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:12:b5:87:94:4e:d7:02:b0:3d:43:fa:9b:5c:7d:e1:6d:87:
         df:2f:57:d4:9a:46:9c:d1:9d:36:df:3b:1c:b9:1b:b2:5b:a7:
         e5:09:3a:ea:72:01:99:78:22:69:01:57:cc:77:8d:30:a0:ea:
         20:73:b4:6a:7e:a8:a7:58:99:32:a9:2f:a8:36:30:dd:d0:84:
         68:ca:17:86:f1:b6:68:02:9c:28:24:85:60:df:3c:64:b5:21:
         83:0b:6f:41:ba:18:75:9a:ec:71:e0:fa:b8:8f:f1:3f:50:ee:
         f3:f4:13:16:cc:e9:61:5b:68:01:8a:78:93:38:99:01:39:a5:
         0f:2e:55:68:85:9b:4e:0c:e0:6b:32:13:4f:21:05:84:01:69:
         27:53:64:64:b1:98:f9:a1:c7:af:7c:b8:e1:78:7b:a5:8e:a2:
         84:90:c2:aa:78:9a:e9:9c:15:85:10:af:08:7a:46:a7:85:17:
         8a:8d:93:da:ba:a9:a5:d4:8f:8b:d8:6f:4d:5f:56:f3:1d:90:
         fb:97:34:40:11:1b:bf:f5:7b:40:58:ad:e8:a5:f9:02:0c:10:
         93:ff:50:61:35:4b:55:71:47:ff:ce:c8:d5:13:79:6b:58:f2:
         21:bb:b7:e7:dc:26:9e:a9:68:8a:c3:74:f4:36:83:59:94:9a:
         7b:73:7b:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxMyhqT9c6A0kxTJJwPfA0ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwMjExMTMwMDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2Y5MDI3YTlkMWUxN2U4ODZlNDcxMmNlNTQyNDZlYjY0MTk2MjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3fFMW4M7X+32E42CjDAFxc/Rlit
vz3IXjYUKShKmHmYTtsNZFuNUaMgd68s+Nr9WIBt9ab3JazbMHFX1Xt70Y6kA+t7
SfPExK2asATUeEyZsyxJStSL/TuKUP4DZtv+il2iwtb5T7gEz7Cwsyzt43ccd7Lj
x3rS4JMe/rhLdth+5lLDc9KSGlqcFpYYY0OoWtx7yYpOF53jcXrHfOQcOY/AH3vW
71HjQqiNxw4mje7mYYQDVdIFsS6ELuGcJ0g3fdkbrGo0MvyzmsWP8QE7pyXiusix
Arx9kQ7Y5yRJQxJIQy17wg6eXHwrIwFA5AkocOUo1P2EVoc9EBvEPD8EjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEf5AnqdHhfohuRxLOVCRutkGWJYMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvUl9rQ2VwMGVGLWlHNUhFczVVSkc2MlFaWWxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWX03MA0G
CSqGSIb3DQEBCwUAA4IBAQBLErWHlE7XArA9Q/qbXH3hbYffL1fUmkac0Z023zsc
uRuyW6flCTrqcgGZeCJpAVfMd40woOogc7RqfqinWJkyqS+oNjDd0IRoyheG8bZo
ApwoJIVg3zxktSGDC29Buhh1muxx4Pq4j/E/UO7z9BMWzOlhW2gBiniTOJkBOaUP
LlVohZtODOBrMhNPIQWEAWknU2RksZj5ocevfLjheHuljqKEkMKqeJrpnBWFEK8I
ekanhReKjZPauqml1I+L2G9NX1bzHZD7lzRAERu/9XtAWK3opfkCDBCT/1BhNUtV
cUf/zsjVE3lrWPIhu7fn3CaeqWiKw3T0NoNZlJp7c3tu
-----END CERTIFICATE-----