Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/htaF_O2Cncycw3IuI4_pU-wURZs.roa
File:                     htaF_O2Cncycw3IuI4_pU-wURZs.roa (raw, json)
Hash identifier:          Tt/xzHT+awTmLgYB3qwtIQ9BAEDsqZjR7ZueuZciGN0=
Subject key identifier:   86:D6:85:FC:ED:82:9D:CC:9C:C3:72:2E:23:8F:E9:53:EC:14:45:9B
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019C3177FD60C894358A2A3FED847C877B54
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/htaF_O2Cncycw3IuI4_pU-wURZs.roa
Signing time:             Fri 06 Feb 2026 05:41:13 +0000
ROA not before:           Fri 06 Feb 2026 05:41:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39599
IP address blocks:        88.220.116.0/24 maxlen: 24
                          195.136.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:31:77:fd:60:c8:94:35:8a:2a:3f:ed:84:7c:87:7b:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Feb  6 05:41:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=86d685fced829dcc9cc3722e238fe953ec14459b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:fe:2c:8f:ba:aa:51:91:e8:2e:8b:a7:d3:a5:
                    b2:05:17:b6:d4:bf:75:17:40:35:ef:d6:c1:bc:e2:
                    18:dc:df:bc:c9:47:6f:22:35:2f:1c:5c:f6:73:5e:
                    46:f8:2d:2f:15:7b:9e:b9:a2:d9:83:a7:3b:90:5a:
                    9c:a9:93:95:7f:0d:14:ed:ba:46:2b:c4:56:ef:de:
                    ca:f4:0b:c0:b6:e3:12:8b:57:2c:ac:13:33:db:c8:
                    da:c3:bb:84:d4:7e:60:35:82:0e:18:34:02:9a:20:
                    38:3c:3c:15:c5:17:a1:77:8f:78:bf:54:ee:e4:aa:
                    4d:41:11:2b:1f:87:fc:2a:17:72:39:4e:90:9a:e1:
                    bf:81:9f:f8:f1:19:1f:9d:c0:50:84:6d:1a:21:01:
                    be:ef:f4:5c:e5:43:3d:21:3e:e5:2a:a8:a0:49:a5:
                    e9:64:c8:0d:d1:3f:a7:34:d3:a7:93:b0:af:c9:70:
                    66:36:84:1a:21:28:c9:21:79:5f:3d:5f:47:d4:37:
                    66:a8:06:2b:de:12:90:b1:81:3c:d6:60:9a:85:16:
                    a9:10:03:04:ce:b0:23:93:15:e8:ed:c0:a8:b5:d1:
                    47:cd:cc:44:38:ea:ef:42:b0:e3:d1:0c:1e:a0:1c:
                    4d:26:70:0c:23:da:25:08:a7:c8:e7:cd:70:c7:fe:
                    1a:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:D6:85:FC:ED:82:9D:CC:9C:C3:72:2E:23:8F:E9:53:EC:14:45:9B
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/htaF_O2Cncycw3IuI4_pU-wURZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.220.116.0/24
                  195.136.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:b7:fc:a9:b4:42:d4:6e:3a:e8:89:c4:12:08:8d:54:65:c5:
         39:a6:fd:ff:5a:8a:6a:f5:3a:2f:93:aa:6a:f5:c5:85:a5:6c:
         47:2b:f8:91:ab:5e:a0:33:c1:43:19:e9:8b:95:6f:4d:fb:1c:
         33:ed:01:01:a8:72:a0:83:f7:fe:d7:1b:9d:29:14:55:8f:ed:
         8a:65:bc:e8:ef:c0:7e:23:c0:d7:6f:2b:ff:ac:69:d8:72:d1:
         37:e7:75:96:a2:76:56:f2:e1:30:a5:af:82:f8:c1:3a:af:be:
         62:bb:3f:20:27:27:60:58:d8:a1:fe:13:c0:68:0e:b5:6d:e1:
         39:f4:89:01:76:5c:26:f2:51:9c:6e:f8:55:bc:9a:dc:af:a6:
         24:b1:28:74:26:fe:cb:6a:eb:33:de:cb:7b:8d:85:77:ff:f3:
         00:55:22:4e:c3:c3:0a:cb:b2:de:fb:c8:89:7e:da:74:c7:c4:
         b3:d6:fa:e2:d2:00:4d:68:31:29:a4:f1:b0:44:b4:42:57:83:
         de:06:cd:a6:69:69:1a:4a:11:36:60:eb:17:f7:08:5e:e4:d1:
         6e:13:00:f2:3e:a2:68:08:49:0d:d7:23:ad:c7:6a:e3:2d:76:
         49:b6:94:ca:51:02:df:1b:5e:31:6e:43:d7:ef:77:29:05:84:
         67:3c:17:5c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZwxd/1gyJQ1iio/7YR8h3tUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjYwMjA2MDU0MTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmQ2ODVmY2VkODI5ZGNjOWNjMzcyMmUyMzhmZTk1M2VjMTQ0NTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApv4sj7qqUZHoLoun06WyBRe21L91
F0A179bBvOIY3N+8yUdvIjUvHFz2c15G+C0vFXueuaLZg6c7kFqcqZOVfw0U7bpG
K8RW797K9AvAtuMSi1csrBMz28jaw7uE1H5gNYIOGDQCmiA4PDwVxRehd494v1Tu
5KpNQRErH4f8KhdyOU6QmuG/gZ/48RkfncBQhG0aIQG+7/Rc5UM9IT7lKqigSaXp
ZMgN0T+nNNOnk7CvyXBmNoQaISjJIXlfPV9H1DdmqAYr3hKQsYE81mCahRapEAME
zrAjkxXo7cCotdFHzcxEOOrvQrDj0QweoBxNJnAMI9olCKfI581wx/4aMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIbWhfztgp3MnMNyLiOP6VPsFEWbMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvaHRhRl9PMkNuY3ljdzNJdUk0X3BVLXdVUlpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWNx0AwQA
w4gXMA0GCSqGSIb3DQEBCwUAA4IBAQB/t/yptELUbjroicQSCI1UZcU5pv3/Wopq
9Tovk6pq9cWFpWxHK/iRq16gM8FDGemLlW9N+xwz7QEBqHKgg/f+1xudKRRVj+2K
Zbzo78B+I8DXbyv/rGnYctE353WWonZW8uEwpa+C+ME6r75iuz8gJydgWNih/hPA
aA61beE59IkBdlwm8lGcbvhVvJrcr6YksSh0Jv7Lausz3st7jYV3//MAVSJOw8MK
y7Le+8iJftp0x8Sz1vri0gBNaDEppPGwRLRCV4PeBs2maWkaShE2YOsX9whe5NFu
EwDyPqJoCEkN1yOtx2rjLXZJtpTKUQLfG14xbkPX73cpBYRnPBdc
-----END CERTIFICATE-----