Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/toOJ_QZo1Irh4UeKZyiA-0bYEsU.roa
File:                     toOJ_QZo1Irh4UeKZyiA-0bYEsU.roa (raw, json)
Hash identifier:          K+QNWOEP6n/iMJ9rvOTBgRWOcyivzaC1LMauDLzodlk=
Subject key identifier:   B6:83:89:FD:06:68:D4:8A:E1:E1:47:8A:67:28:80:FB:46:D8:12:C5
Certificate issuer:       /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial:       019C7151D032165DB4BD24152034F36A3BBF
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/toOJ_QZo1Irh4UeKZyiA-0bYEsU.roa
Signing time:             Wed 18 Feb 2026 15:15:12 +0000
ROA not before:           Wed 18 Feb 2026 15:15:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25198
IP address blocks:        89.117.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:71:51:d0:32:16:5d:b4:bd:24:15:20:34:f3:6a:3b:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
        Validity
            Not Before: Feb 18 15:15:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b68389fd0668d48ae1e1478a672880fb46d812c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:21:d7:02:ef:99:60:d1:a4:da:72:18:16:67:
                    43:fc:03:67:86:ef:e8:94:82:a7:53:6b:c2:2a:fe:
                    fd:d7:a5:66:72:21:6c:38:34:0f:e4:2e:26:21:70:
                    25:bc:f4:4f:13:99:d5:b1:a8:dc:40:58:8c:65:92:
                    aa:5b:80:50:3c:26:6c:4f:8f:66:02:df:89:f4:16:
                    5a:8d:c8:61:7a:51:55:7e:c8:a8:9a:f4:b2:79:e0:
                    73:b0:45:22:67:b5:82:78:23:d5:f4:84:ea:9e:93:
                    56:a2:36:cb:cd:98:f2:7b:64:d2:a2:85:63:85:4e:
                    f5:94:17:e1:ef:4f:08:83:ef:8d:ea:e9:38:3a:0f:
                    16:b0:3c:15:af:af:fa:44:c8:6d:e7:3a:03:27:3f:
                    8e:eb:96:f6:dc:93:9d:45:46:0a:a1:af:31:b8:da:
                    26:53:41:ea:05:bb:13:85:72:66:db:ad:47:5e:44:
                    5f:50:7f:63:07:2e:7f:2f:40:fa:6c:29:ba:c6:3b:
                    45:32:0e:ef:47:10:dc:10:d3:37:de:bc:92:2a:b7:
                    14:6b:c8:ff:9d:a9:17:75:64:28:15:f4:b9:b5:de:
                    d7:a9:ad:4e:f4:9e:27:61:20:61:63:1e:79:f2:12:
                    ab:bb:d5:1b:93:66:90:64:46:ad:ef:8b:4c:e5:71:
                    48:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:83:89:FD:06:68:D4:8A:E1:E1:47:8A:67:28:80:FB:46:D8:12:C5
            X509v3 Authority Key Identifier:
                keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/toOJ_QZo1Irh4UeKZyiA-0bYEsU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.117.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:1b:24:ab:10:db:7c:c0:45:e4:ed:3a:91:4e:29:85:3a:59:
         ed:d7:64:92:f6:ae:3a:d2:ee:77:8b:f3:e3:5a:90:53:2b:16:
         b1:c4:d5:cc:53:83:49:68:80:92:68:bd:ae:67:d3:fd:63:6a:
         0c:76:7b:b1:d9:67:e0:0d:99:3c:d8:b4:4b:14:07:40:ea:15:
         96:3e:7f:cb:bb:67:55:9f:7d:21:6f:cc:c7:00:8d:65:2f:00:
         6a:43:ed:58:0c:dd:4d:ad:85:be:b3:34:ff:40:50:5d:fc:f8:
         92:ef:79:2c:7a:b2:90:73:78:34:f9:8a:e2:8e:b9:71:98:b1:
         f8:8e:f3:cc:7b:01:99:3e:0d:37:3c:d0:af:41:6a:3c:d3:f5:
         d3:85:10:29:ad:fa:cd:7b:9a:a2:98:65:03:53:d2:b9:ab:2e:
         5a:a5:df:bc:b2:f3:80:e2:5a:87:2f:e0:dd:a3:b3:7b:d8:bf:
         dd:07:1b:bb:95:32:8e:58:bc:83:45:ef:93:e7:49:06:46:f0:
         44:ba:22:a9:11:f5:0b:8e:9c:36:2c:e1:c8:af:86:f0:38:61:
         e7:13:59:6e:40:13:24:ef:1f:31:a5:c5:6c:82:d4:69:62:7e:
         27:7f:4f:62:4b:08:24:0e:26:d6:5b:98:56:b2:54:8d:da:30:
         77:df:99:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxxUdAyFl20vSQVIDTzaju/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjYwMjE4MTUxNTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjgzODlmZDA2NjhkNDhhZTFlMTQ3OGE2NzI4ODBmYjQ2ZDgxMmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqCHXAu+ZYNGk2nIYFmdD/ANnhu/o
lIKnU2vCKv7916VmciFsODQP5C4mIXAlvPRPE5nVsajcQFiMZZKqW4BQPCZsT49m
At+J9BZajchhelFVfsiomvSyeeBzsEUiZ7WCeCPV9ITqnpNWojbLzZjye2TSooVj
hU71lBfh708Ig++N6uk4Og8WsDwVr6/6RMht5zoDJz+O65b23JOdRUYKoa8xuNom
U0HqBbsThXJm261HXkRfUH9jBy5/L0D6bCm6xjtFMg7vRxDcENM33rySKrcUa8j/
nakXdWQoFfS5td7Xqa1O9J4nYSBhYx558hKru9Ubk2aQZEat74tM5XFIPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLaDif0GaNSK4eFHimcogPtG2BLFMB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvdG9PSl9RWm8xSXJoNFVlS1p5aUEtMGJZRXNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWXX8MA0G
CSqGSIb3DQEBCwUAA4IBAQBAGySrENt8wEXk7TqRTimFOlnt12SS9q460u53i/Pj
WpBTKxaxxNXMU4NJaICSaL2uZ9P9Y2oMdnux2WfgDZk82LRLFAdA6hWWPn/Lu2dV
n30hb8zHAI1lLwBqQ+1YDN1NrYW+szT/QFBd/PiS73kserKQc3g0+YrijrlxmLH4
jvPMewGZPg03PNCvQWo80/XThRAprfrNe5qimGUDU9K5qy5apd+8svOA4lqHL+Dd
o7N72L/dBxu7lTKOWLyDRe+T50kGRvBEuiKpEfULjpw2LOHIr4bwOGHnE1luQBMk
7x8xpcVsgtRpYn4nf09iSwgkDibWW5hWslSN2jB335lR
-----END CERTIFICATE-----