Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/P7cW4b4WtF7T6VGPm6nxZA4JkPM.roa
File:                     P7cW4b4WtF7T6VGPm6nxZA4JkPM.roa (raw, json)
Hash identifier:          Ioqu/ett3p+lmbKIH4UfOcXTorz4Q5M2iCTEOshXJbI=
Subject key identifier:   3F:B7:16:E1:BE:16:B4:5E:D3:E9:51:8F:9B:A9:F1:64:0E:09:90:F3
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019C5192AE8D31979D3F30B3C038DBB1047A
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/P7cW4b4WtF7T6VGPm6nxZA4JkPM.roa
Signing time:             Thu 12 Feb 2026 11:18:13 +0000
ROA not before:           Thu 12 Feb 2026 11:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207844
IP address blocks:        81.15.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 17:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:51:92:ae:8d:31:97:9d:3f:30:b3:c0:38:db:b1:04:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Feb 12 11:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3fb716e1be16b45ed3e9518f9ba9f1640e0990f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:71:21:18:f6:a8:7e:be:92:3a:4c:f8:1c:2e:
                    24:23:e1:f4:e5:c2:47:04:ab:23:bc:cf:22:27:78:
                    cb:a0:67:68:8c:5d:63:52:81:fe:cd:24:02:66:cd:
                    93:a2:bc:a4:36:2e:7e:84:ed:53:ff:e4:48:8e:01:
                    88:7f:2c:06:32:dc:7c:08:b0:73:ba:14:e5:56:d7:
                    b5:c0:c7:af:c9:e1:46:c8:9d:e0:1d:2d:c9:3b:09:
                    9e:5e:a6:27:d8:61:d3:fe:75:21:8b:9e:48:72:d6:
                    d0:26:82:72:e0:ac:5f:e9:ce:9e:b9:f7:f3:ef:ab:
                    c5:fb:5f:02:19:e8:61:57:e2:0b:49:e6:4f:5e:63:
                    67:fd:df:8d:ee:10:ce:1d:8a:fd:f2:7b:61:38:ff:
                    95:c9:bb:2a:f9:16:9f:c8:fd:5a:da:2c:4b:cb:66:
                    ee:64:8a:bf:d1:a6:2f:c5:40:cd:90:23:49:b3:61:
                    f9:c2:93:84:5a:5c:3a:1b:e5:ac:9a:35:49:02:2d:
                    99:e2:b6:25:0b:89:e3:64:54:64:39:88:41:38:d7:
                    c0:01:60:87:e5:bc:47:99:fe:89:0d:f5:80:4f:3f:
                    e6:09:69:14:72:2f:3d:62:3a:0b:25:79:c3:4b:d2:
                    8f:6d:80:13:c7:09:c8:35:6e:7e:78:20:48:bc:9a:
                    9e:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:B7:16:E1:BE:16:B4:5E:D3:E9:51:8F:9B:A9:F1:64:0E:09:90:F3
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/P7cW4b4WtF7T6VGPm6nxZA4JkPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.15.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:1c:32:c3:c7:2c:be:e9:29:e0:64:9b:21:47:61:81:19:90:
         4b:44:78:ca:69:6a:2a:76:5a:37:52:d6:e0:28:b4:69:9e:56:
         6b:0c:0a:f0:f2:99:35:a5:78:bc:41:7b:bc:8b:71:2e:22:0b:
         2f:87:d0:8b:67:25:60:71:fa:21:e1:78:b1:0d:d8:27:aa:ef:
         a1:eb:c6:3a:7b:4e:3a:ff:11:30:e9:b6:87:c5:f4:29:7b:69:
         e2:95:fa:8c:1a:4e:7a:58:a7:e5:7d:9e:42:ac:5a:b8:6b:14:
         f1:bf:76:5f:9d:4b:cf:c7:36:f9:09:35:d9:15:41:20:a2:55:
         f1:b9:3d:1a:3b:77:08:ec:8d:9d:54:58:e2:6d:d1:85:f5:5d:
         c3:5e:b2:d9:63:d0:93:30:a2:c5:e0:40:bf:e7:5d:b7:d3:64:
         b5:5b:a1:38:2c:31:19:b2:fb:df:29:22:d8:2b:a2:72:44:f4:
         0c:50:3f:4b:52:0c:f1:5c:fe:65:95:16:38:2a:49:5c:87:83:
         f0:de:64:de:91:b2:3f:6f:05:ad:a6:e3:a4:6c:b1:7e:31:53:
         9f:83:d6:36:65:a2:62:3a:b8:c5:3f:0b:4c:7e:65:4e:51:e5:
         5b:65:4f:b7:eb:bf:5c:f2:bf:0f:76:c8:d9:43:1f:bd:b7:1f:
         20:57:e8:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxRkq6NMZedPzCzwDjbsQR6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjYwMjEyMTExODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmI3MTZlMWJlMTZiNDVlZDNlOTUxOGY5YmE5ZjE2NDBlMDk5MGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3EhGPaofr6SOkz4HC4kI+H05cJH
BKsjvM8iJ3jLoGdojF1jUoH+zSQCZs2TorykNi5+hO1T/+RIjgGIfywGMtx8CLBz
uhTlVte1wMevyeFGyJ3gHS3JOwmeXqYn2GHT/nUhi55IctbQJoJy4Kxf6c6euffz
76vF+18CGehhV+ILSeZPXmNn/d+N7hDOHYr98nthOP+Vybsq+RafyP1a2ixLy2bu
ZIq/0aYvxUDNkCNJs2H5wpOEWlw6G+WsmjVJAi2Z4rYlC4njZFRkOYhBONfAAWCH
5bxHmf6JDfWATz/mCWkUci89YjoLJXnDS9KPbYATxwnINW5+eCBIvJqezQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+3FuG+FrRe0+lRj5up8WQOCZDzMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvUDdjVzRiNFd0RjdUNlZHUG02bnhaQTRKa1BNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUQ/LMA0G
CSqGSIb3DQEBCwUAA4IBAQBHHDLDxyy+6SngZJshR2GBGZBLRHjKaWoqdlo3Utbg
KLRpnlZrDArw8pk1pXi8QXu8i3EuIgsvh9CLZyVgcfoh4XixDdgnqu+h68Y6e046
/xEw6baHxfQpe2nilfqMGk56WKflfZ5CrFq4axTxv3ZfnUvPxzb5CTXZFUEgolXx
uT0aO3cI7I2dVFjibdGF9V3DXrLZY9CTMKLF4EC/512302S1W6E4LDEZsvvfKSLY
K6JyRPQMUD9LUgzxXP5llRY4Kklch4Pw3mTekbI/bwWtpuOkbLF+MVOfg9Y2ZaJi
OrjFPwtMfmVOUeVbZU+3679c8r8PdsjZQx+9tx8gV+iE
-----END CERTIFICATE-----