Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/f2152d-6cf7-4cea-8d66-e4bad34bbeff/1/c0rxrQoEWqWrd8tyLYNrU8iupbU.roa
File:                     c0rxrQoEWqWrd8tyLYNrU8iupbU.roa (raw, json)
Hash identifier:          OO2iQo06n11TlqHfIIjfSy8I3N4op5PTjoqiameHkZA=
Subject key identifier:   73:4A:F1:AD:0A:04:5A:A5:AB:77:CB:72:2D:83:6B:53:C8:AE:A5:B5
Certificate issuer:       /CN=7946647d9d5759a01f8d18668a377c063ff59136
Certificate serial:       019C481308B8223244E2AD164F1F12E8177D
Authority key identifier: 79:46:64:7D:9D:57:59:A0:1F:8D:18:66:8A:37:7C:06:3F:F5:91:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eUZkfZ1XWaAfjRhmijd8Bj_1kTY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/f2152d-6cf7-4cea-8d66-e4bad34bbeff/1/c0rxrQoEWqWrd8tyLYNrU8iupbU.roa
Signing time:             Tue 10 Feb 2026 15:02:12 +0000
ROA not before:           Tue 10 Feb 2026 15:02:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12338
IP address blocks:        185.163.164.0/23 maxlen: 23
                          185.163.164.0/24 maxlen: 24
                          185.163.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/f2152d-6cf7-4cea-8d66-e4bad34bbeff/1/eUZkfZ1XWaAfjRhmijd8Bj_1kTY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/f2152d-6cf7-4cea-8d66-e4bad34bbeff/1/eUZkfZ1XWaAfjRhmijd8Bj_1kTY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eUZkfZ1XWaAfjRhmijd8Bj_1kTY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 14:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:48:13:08:b8:22:32:44:e2:ad:16:4f:1f:12:e8:17:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7946647d9d5759a01f8d18668a377c063ff59136
        Validity
            Not Before: Feb 10 15:02:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=734af1ad0a045aa5ab77cb722d836b53c8aea5b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:37:70:90:02:84:73:08:79:16:08:8e:cc:2b:
                    fc:e6:52:c6:cd:e3:fb:7d:ec:d3:83:da:eb:3d:9d:
                    32:b0:bc:f0:04:55:8c:02:42:d2:9c:be:64:26:a0:
                    6a:6b:56:88:e9:eb:b8:75:b3:86:23:65:1a:6c:b6:
                    0a:b3:23:d5:82:f7:44:f0:fd:e2:24:ad:9f:04:bf:
                    ec:ab:3e:9d:d3:8d:f2:34:48:30:09:d4:69:7e:63:
                    a8:74:0a:af:21:2a:5e:d0:f4:3e:ce:4b:46:b2:16:
                    d5:a1:61:ac:fc:0f:66:00:9a:99:47:4f:e7:60:16:
                    76:23:5f:0a:4b:b3:b3:96:fb:eb:2f:b7:e1:72:f4:
                    68:cb:03:0d:1d:9a:9d:12:40:70:14:2b:5b:00:14:
                    6b:00:07:74:13:77:5d:1d:68:0f:b5:80:84:2a:5b:
                    f2:76:f1:d4:84:23:2f:96:8e:7e:b7:90:29:41:d3:
                    1c:60:a5:13:5d:4a:82:2f:8e:d0:f6:0c:db:bf:e5:
                    e2:ec:30:5f:55:86:35:d1:08:48:84:c6:62:32:2a:
                    f3:dc:dd:5d:4e:33:e0:b1:18:af:5c:fc:c6:35:3e:
                    0b:6a:27:85:68:cd:29:9f:98:26:34:75:82:73:da:
                    5c:ef:05:d0:04:46:7e:9d:63:42:00:f2:73:dd:17:
                    f2:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:4A:F1:AD:0A:04:5A:A5:AB:77:CB:72:2D:83:6B:53:C8:AE:A5:B5
            X509v3 Authority Key Identifier:
                keyid:79:46:64:7D:9D:57:59:A0:1F:8D:18:66:8A:37:7C:06:3F:F5:91:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eUZkfZ1XWaAfjRhmijd8Bj_1kTY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/f2152d-6cf7-4cea-8d66-e4bad34bbeff/1/c0rxrQoEWqWrd8tyLYNrU8iupbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/f2152d-6cf7-4cea-8d66-e4bad34bbeff/1/eUZkfZ1XWaAfjRhmijd8Bj_1kTY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.163.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:7c:8e:10:5b:12:d7:f5:4e:e8:4b:04:d1:fc:03:85:4e:06:
         cb:19:d1:8f:23:d1:9f:33:e5:12:3d:da:4b:f9:aa:88:87:62:
         9f:d2:15:6c:8c:bd:70:80:c5:a3:28:b0:c0:0f:3e:81:09:7c:
         1f:ee:25:09:b2:bc:30:bc:dc:81:bb:df:2d:33:ec:02:77:cb:
         e3:38:fb:00:fc:08:1c:7f:c7:ea:4d:22:6f:d5:f7:58:9f:a6:
         f5:b4:5c:76:a4:db:11:51:99:20:64:39:23:1e:fd:8b:b5:33:
         61:7b:c7:99:42:a9:b9:09:30:f9:ed:d6:14:ed:e1:47:64:e4:
         96:3c:aa:92:fb:92:26:2f:86:8f:be:b4:0a:6d:b7:a1:68:e1:
         d6:77:89:09:ad:97:b5:99:80:59:ac:5c:6b:e4:04:ea:67:8d:
         bb:aa:78:4d:00:0d:77:fc:e8:75:aa:02:20:86:78:8b:f5:ef:
         c2:f4:30:0c:48:be:2f:38:07:13:e5:68:03:05:18:9c:75:c1:
         41:a6:ca:55:4b:91:dd:e9:e7:03:4d:00:d9:b6:15:fd:60:6c:
         aa:c0:8f:d0:3d:39:7d:87:41:f7:b0:09:a6:05:6f:98:80:c5:
         47:aa:af:1b:5f:24:2d:95:29:3e:ad:5c:b3:b7:cc:66:89:60:
         58:55:2d:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxIEwi4IjJE4q0WTx8S6Bd9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5NDY2NDdkOWQ1NzU5YTAxZjhkMTg2NjhhMzc3YzA2M2Zm
NTkxMzYwHhcNMjYwMjEwMTUwMjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzRhZjFhZDBhMDQ1YWE1YWI3N2NiNzIyZDgzNmI1M2M4YWVhNWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjdwkAKEcwh5FgiOzCv85lLGzeP7
fezTg9rrPZ0ysLzwBFWMAkLSnL5kJqBqa1aI6eu4dbOGI2UabLYKsyPVgvdE8P3i
JK2fBL/sqz6d043yNEgwCdRpfmOodAqvISpe0PQ+zktGshbVoWGs/A9mAJqZR0/n
YBZ2I18KS7OzlvvrL7fhcvRoywMNHZqdEkBwFCtbABRrAAd0E3ddHWgPtYCEKlvy
dvHUhCMvlo5+t5ApQdMcYKUTXUqCL47Q9gzbv+Xi7DBfVYY10QhIhMZiMirz3N1d
TjPgsRivXPzGNT4LaieFaM0pn5gmNHWCc9pc7wXQBEZ+nWNCAPJz3Rfy8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHNK8a0KBFqlq3fLci2Da1PIrqW1MB8GA1UdIwQY
MBaAFHlGZH2dV1mgH40YZoo3fAY/9ZE2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVVaa2ZaMVhXYUFmalJobWlqZDhCal8xa1RZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi9mMjE1MmQtNmNmNy00Y2VhLThkNjYt
ZTRiYWQzNGJiZWZmLzEvYzByeHJRb0VXcVdyZDh0eUxZTnJVOGl1cGJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi9mMjE1MmQtNmNmNy00Y2VhLThkNjYtZTRiYWQzNGJiZWZm
LzEvZVVaa2ZaMVhXYUFmalJobWlqZDhCal8xa1RZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuaOkMA0G
CSqGSIb3DQEBCwUAA4IBAQBifI4QWxLX9U7oSwTR/AOFTgbLGdGPI9GfM+USPdpL
+aqIh2Kf0hVsjL1wgMWjKLDADz6BCXwf7iUJsrwwvNyBu98tM+wCd8vjOPsA/Agc
f8fqTSJv1fdYn6b1tFx2pNsRUZkgZDkjHv2LtTNhe8eZQqm5CTD57dYU7eFHZOSW
PKqS+5ImL4aPvrQKbbehaOHWd4kJrZe1mYBZrFxr5ATqZ427qnhNAA13/Oh1qgIg
hniL9e/C9DAMSL4vOAcT5WgDBRicdcFBpspVS5Hd6ecDTQDZthX9YGyqwI/QPTl9
h0H3sAmmBW+YgMVHqq8bXyQtlSk+rVyzt8xmiWBYVS0y
-----END CERTIFICATE-----