Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/f2152d-6cf7-4cea-8d66-e4bad34bbeff/1/VP7p7QWMGVsrXJpO4NYHANZrxFg.roa
File:                     VP7p7QWMGVsrXJpO4NYHANZrxFg.roa (raw, json)
Hash identifier:          G8VyFd0PCuQnnq9N5MqzV/bE1ybVAE0qxw/z0bEFIbE=
Subject key identifier:   54:FE:E9:ED:05:8C:19:5B:2B:5C:9A:4E:E0:D6:07:00:D6:6B:C4:58
Certificate issuer:       /CN=7946647d9d5759a01f8d18668a377c063ff59136
Certificate serial:       019C8A53651904AE1201F94CEF907AB6B7E2
Authority key identifier: 79:46:64:7D:9D:57:59:A0:1F:8D:18:66:8A:37:7C:06:3F:F5:91:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eUZkfZ1XWaAfjRhmijd8Bj_1kTY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/f2152d-6cf7-4cea-8d66-e4bad34bbeff/1/VP7p7QWMGVsrXJpO4NYHANZrxFg.roa
Signing time:             Mon 23 Feb 2026 11:47:26 +0000
ROA not before:           Mon 23 Feb 2026 11:47:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202765
IP address blocks:        185.163.164.0/23 maxlen: 23
                          185.163.164.0/24 maxlen: 24
                          185.163.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/f2152d-6cf7-4cea-8d66-e4bad34bbeff/1/eUZkfZ1XWaAfjRhmijd8Bj_1kTY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/f2152d-6cf7-4cea-8d66-e4bad34bbeff/1/eUZkfZ1XWaAfjRhmijd8Bj_1kTY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eUZkfZ1XWaAfjRhmijd8Bj_1kTY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 14:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8a:53:65:19:04:ae:12:01:f9:4c:ef:90:7a:b6:b7:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7946647d9d5759a01f8d18668a377c063ff59136
        Validity
            Not Before: Feb 23 11:47:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=54fee9ed058c195b2b5c9a4ee0d60700d66bc458
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:6f:d7:b1:06:2b:e9:4e:db:eb:56:07:c2:b2:
                    98:81:5c:0a:9a:60:27:68:68:8e:2b:11:2c:f3:59:
                    c6:39:49:7a:7c:76:a5:ac:0e:0c:80:0a:d9:a0:35:
                    cb:3f:e5:66:eb:e4:32:60:5f:c1:62:e6:a3:e0:c3:
                    8a:c9:2d:c3:cc:cb:c4:38:ff:6e:d1:96:2b:44:9a:
                    0c:98:7f:e8:12:72:1b:78:74:3a:b0:e9:00:ab:75:
                    a3:96:98:06:17:f3:ff:9d:ab:4b:c0:f8:73:04:eb:
                    b8:87:99:cb:eb:34:1e:33:a7:de:dd:fa:bd:c0:de:
                    db:23:88:b7:d0:57:97:f3:24:49:3d:53:2d:8c:04:
                    12:d5:66:fd:10:5a:16:0b:eb:84:d0:14:a4:b1:47:
                    88:71:b9:43:d5:d0:e8:5d:6f:e4:43:9e:e8:55:9f:
                    e7:29:0d:fa:7b:72:eb:6b:f7:52:96:40:38:53:25:
                    76:55:d0:65:57:8e:e3:ad:13:f4:58:5c:be:f0:fe:
                    7b:3e:af:92:75:df:a2:9e:a1:ca:8a:fd:f2:8c:9b:
                    67:87:17:0d:71:fb:c0:cb:c6:0f:85:2d:e3:71:f4:
                    c6:08:93:e6:d8:58:b7:1b:79:4a:a9:f7:77:30:a4:
                    8d:75:6c:e8:2b:aa:7e:b5:12:29:62:e6:a0:f2:0f:
                    9b:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:FE:E9:ED:05:8C:19:5B:2B:5C:9A:4E:E0:D6:07:00:D6:6B:C4:58
            X509v3 Authority Key Identifier:
                keyid:79:46:64:7D:9D:57:59:A0:1F:8D:18:66:8A:37:7C:06:3F:F5:91:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eUZkfZ1XWaAfjRhmijd8Bj_1kTY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/f2152d-6cf7-4cea-8d66-e4bad34bbeff/1/VP7p7QWMGVsrXJpO4NYHANZrxFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/f2152d-6cf7-4cea-8d66-e4bad34bbeff/1/eUZkfZ1XWaAfjRhmijd8Bj_1kTY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.163.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a0:78:15:9c:40:07:94:85:7b:f3:1b:63:39:e1:cf:cb:6e:52:
         63:79:53:5b:71:bf:7a:ee:ad:37:40:f3:14:94:3a:34:34:94:
         43:9a:22:f7:ef:9a:86:54:9f:71:23:48:6e:64:c9:26:89:45:
         20:16:ea:40:bd:72:a1:93:34:b1:98:f5:ed:ee:e4:29:b7:43:
         8a:7a:19:e8:2e:98:bb:6f:98:8a:8f:ad:02:e6:73:4b:37:91:
         f9:cc:a4:88:da:10:58:e5:04:66:2e:75:fc:2a:01:08:f0:23:
         51:ef:3d:18:39:f1:4f:72:04:16:47:9c:f7:27:fa:cc:4d:ef:
         c5:af:1b:61:7f:77:7c:cb:b1:a2:f5:37:aa:33:66:db:81:99:
         34:b8:2b:e1:ab:06:a7:b2:19:54:a2:bb:97:04:d5:65:57:9b:
         ad:83:6b:80:d1:08:25:d9:24:10:cb:bf:a1:eb:c3:39:72:45:
         ad:15:7a:a4:4c:d4:c2:8e:fd:91:d6:b3:9a:79:18:b9:7a:d9:
         85:fd:1b:46:13:fc:6e:3c:00:49:4a:32:51:41:d3:a8:5e:aa:
         c0:d6:e7:a2:43:9c:4a:b0:78:16:84:52:b6:86:24:78:ba:09:
         d9:5f:3b:7c:85:13:ab:63:1a:0f:3f:0c:c8:74:70:0e:8b:28:
         26:12:82:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyKU2UZBK4SAflM75B6trfiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5NDY2NDdkOWQ1NzU5YTAxZjhkMTg2NjhhMzc3YzA2M2Zm
NTkxMzYwHhcNMjYwMjIzMTE0NzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGZlZTllZDA1OGMxOTViMmI1YzlhNGVlMGQ2MDcwMGQ2NmJjNDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsG/XsQYr6U7b61YHwrKYgVwKmmAn
aGiOKxEs81nGOUl6fHalrA4MgArZoDXLP+Vm6+QyYF/BYuaj4MOKyS3DzMvEOP9u
0ZYrRJoMmH/oEnIbeHQ6sOkAq3WjlpgGF/P/natLwPhzBOu4h5nL6zQeM6fe3fq9
wN7bI4i30FeX8yRJPVMtjAQS1Wb9EFoWC+uE0BSksUeIcblD1dDoXW/kQ57oVZ/n
KQ36e3Lra/dSlkA4UyV2VdBlV47jrRP0WFy+8P57Pq+Sdd+inqHKiv3yjJtnhxcN
cfvAy8YPhS3jcfTGCJPm2Fi3G3lKqfd3MKSNdWzoK6p+tRIpYuag8g+brwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFT+6e0FjBlbK1yaTuDWBwDWa8RYMB8GA1UdIwQY
MBaAFHlGZH2dV1mgH40YZoo3fAY/9ZE2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVVaa2ZaMVhXYUFmalJobWlqZDhCal8xa1RZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi9mMjE1MmQtNmNmNy00Y2VhLThkNjYt
ZTRiYWQzNGJiZWZmLzEvVlA3cDdRV01HVnNyWEpwTzROWUhBTlpyeEZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi9mMjE1MmQtNmNmNy00Y2VhLThkNjYtZTRiYWQzNGJiZWZm
LzEvZVVaa2ZaMVhXYUFmalJobWlqZDhCal8xa1RZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuaOkMA0G
CSqGSIb3DQEBCwUAA4IBAQCgeBWcQAeUhXvzG2M54c/LblJjeVNbcb967q03QPMU
lDo0NJRDmiL375qGVJ9xI0huZMkmiUUgFupAvXKhkzSxmPXt7uQpt0OKehnoLpi7
b5iKj60C5nNLN5H5zKSI2hBY5QRmLnX8KgEI8CNR7z0YOfFPcgQWR5z3J/rMTe/F
rxthf3d8y7Gi9TeqM2bbgZk0uCvhqwanshlUoruXBNVlV5utg2uA0Qgl2SQQy7+h
68M5ckWtFXqkTNTCjv2R1rOaeRi5etmF/RtGE/xuPABJSjJRQdOoXqrA1ueiQ5xK
sHgWhFK2hiR4ugnZXzt8hROrYxoPPwzIdHAOiygmEoKh
-----END CERTIFICATE-----