Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/067630-306e-4c37-8bcc-4f021c73ef74/1/O5Y2NwPNUGHcqnEAv2khEfuYfww.roa
File:                     O5Y2NwPNUGHcqnEAv2khEfuYfww.roa (raw, json)
Hash identifier:          wxeDJgWK/O5UPofjmWqVX0YN/5RLHzZTTnSEdLWmG9o=
Subject key identifier:   3B:96:36:37:03:CD:50:61:DC:AA:71:00:BF:69:21:11:FB:98:7F:0C
Certificate issuer:       /CN=344fdad10ee55b3282a64246a41dc61a8922d25d
Certificate serial:       019C709277A5CA0E085329B19377E0878EE2
Authority key identifier: 34:4F:DA:D1:0E:E5:5B:32:82:A6:42:46:A4:1D:C6:1A:89:22:D2:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NE_a0Q7lWzKCpkJGpB3GGoki0l0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/067630-306e-4c37-8bcc-4f021c73ef74/1/O5Y2NwPNUGHcqnEAv2khEfuYfww.roa
Signing time:             Wed 18 Feb 2026 11:46:12 +0000
ROA not before:           Wed 18 Feb 2026 11:46:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215655
IP address blocks:        185.145.184.0/22 maxlen: 22
                          185.186.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/067630-306e-4c37-8bcc-4f021c73ef74/1/NE_a0Q7lWzKCpkJGpB3GGoki0l0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/067630-306e-4c37-8bcc-4f021c73ef74/1/NE_a0Q7lWzKCpkJGpB3GGoki0l0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NE_a0Q7lWzKCpkJGpB3GGoki0l0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 02:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:70:92:77:a5:ca:0e:08:53:29:b1:93:77:e0:87:8e:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=344fdad10ee55b3282a64246a41dc61a8922d25d
        Validity
            Not Before: Feb 18 11:46:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b96363703cd5061dcaa7100bf692111fb987f0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f4:9b:8f:f8:ed:4b:cb:ef:21:31:86:7b:9f:
                    92:ac:a2:a8:91:33:19:87:71:ab:38:c4:1e:92:55:
                    75:13:b3:ee:90:d4:c4:0b:f0:3d:7e:db:8d:3d:d7:
                    27:cd:a2:d0:37:9c:1c:5a:d6:59:62:20:8a:b5:20:
                    f7:ca:c7:e5:79:f6:fd:d8:0f:f8:48:01:e0:ab:46:
                    70:ee:7e:27:12:76:c8:f6:bd:a3:94:fc:16:4e:fe:
                    11:aa:24:f9:f5:e1:66:06:68:52:b0:bf:ad:2b:8c:
                    54:98:9b:58:5e:c2:4a:0c:0b:5d:99:2c:f0:e4:68:
                    a5:dc:1d:d5:85:66:3f:90:9d:a4:b5:d1:4f:52:e7:
                    57:b0:ba:2d:19:1b:50:fa:b3:61:da:40:c4:fd:e8:
                    e9:63:f7:cb:d4:72:4d:bb:93:5f:18:b1:21:3f:89:
                    b7:1d:c4:b3:0b:11:89:82:ae:2b:56:6b:7d:19:37:
                    73:71:8c:79:f9:dc:df:3e:97:7c:ce:1e:d4:82:9a:
                    ee:e6:ea:6c:45:0a:fe:a9:fb:6d:1c:5a:95:a0:71:
                    9d:04:23:ae:09:86:95:0c:41:bb:8b:fc:0e:22:6b:
                    b0:3a:40:88:2e:3a:d1:a1:4b:ab:2a:8d:98:fd:78:
                    7d:29:b0:8a:7a:e0:d9:32:bb:ba:4a:c8:2d:11:b6:
                    40:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:96:36:37:03:CD:50:61:DC:AA:71:00:BF:69:21:11:FB:98:7F:0C
            X509v3 Authority Key Identifier:
                keyid:34:4F:DA:D1:0E:E5:5B:32:82:A6:42:46:A4:1D:C6:1A:89:22:D2:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NE_a0Q7lWzKCpkJGpB3GGoki0l0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/067630-306e-4c37-8bcc-4f021c73ef74/1/O5Y2NwPNUGHcqnEAv2khEfuYfww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/067630-306e-4c37-8bcc-4f021c73ef74/1/NE_a0Q7lWzKCpkJGpB3GGoki0l0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.184.0/22
                  185.186.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:2c:ca:ac:3d:4c:e1:d3:65:59:77:e1:e3:90:98:9b:61:5f:
         c9:ff:ff:b4:b8:3d:a0:00:cf:b7:93:88:27:29:e9:20:41:6f:
         83:59:4e:dc:8c:5f:93:50:28:0e:ef:63:b9:e4:79:10:5e:bc:
         dd:e7:ba:5d:48:bd:7b:a0:13:40:db:83:59:3b:4a:9f:00:5e:
         27:32:bf:2d:cb:aa:e9:cb:ec:eb:b5:3a:53:0b:37:bb:c4:46:
         07:79:97:fc:6c:1b:c9:bd:11:11:69:e6:b5:99:94:5a:f9:59:
         30:c3:55:e9:09:c6:2a:40:6e:df:a0:60:74:a1:48:49:84:06:
         34:12:d4:76:42:76:d4:86:03:aa:0f:fc:b3:fe:2f:5e:f2:72:
         ce:5c:bd:16:9a:6f:a7:9c:e4:34:66:63:15:79:53:98:9d:9e:
         96:96:51:52:91:8f:96:08:38:b9:55:d1:06:03:13:30:63:5d:
         67:ad:3b:24:c2:3c:ff:43:f9:4a:ab:27:4b:76:60:1a:89:8c:
         c0:48:d7:0e:b5:ed:9b:75:d5:d8:e7:27:ca:27:9e:3f:62:e3:
         79:53:1a:4c:b1:b1:4e:1a:6d:51:35:e1:8a:fb:ed:86:35:48:
         ed:d5:e2:07:49:f2:16:4f:4c:43:9c:38:05:1b:68:00:07:ec:
         0b:c0:dc:84
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxwknelyg4IUymxk3fgh47iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NGZkYWQxMGVlNTViMzI4MmE2NDI0NmE0MWRjNjFhODky
MmQyNWQwHhcNMjYwMjE4MTE0NjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjk2MzYzNzAzY2Q1MDYxZGNhYTcxMDBiZjY5MjExMWZiOTg3ZjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/Sbj/jtS8vvITGGe5+SrKKokTMZ
h3GrOMQeklV1E7PukNTEC/A9ftuNPdcnzaLQN5wcWtZZYiCKtSD3ysflefb92A/4
SAHgq0Zw7n4nEnbI9r2jlPwWTv4RqiT59eFmBmhSsL+tK4xUmJtYXsJKDAtdmSzw
5Gil3B3VhWY/kJ2ktdFPUudXsLotGRtQ+rNh2kDE/ejpY/fL1HJNu5NfGLEhP4m3
HcSzCxGJgq4rVmt9GTdzcYx5+dzfPpd8zh7Ugpru5upsRQr+qfttHFqVoHGdBCOu
CYaVDEG7i/wOImuwOkCILjrRoUurKo2Y/Xh9KbCKeuDZMru6SsgtEbZAlQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDuWNjcDzVBh3KpxAL9pIRH7mH8MMB8GA1UdIwQY
MBaAFDRP2tEO5VsygqZCRqQdxhqJItJdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkVfYTBRN2xXektDcGtKR3BCM0dHb2tpMGwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8wNjc2MzAtMzA2ZS00YzM3LThiY2Mt
NGYwMjFjNzNlZjc0LzEvTzVZMk53UE5VR0hjcW5FQXYya2hFZnVZZnd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8wNjc2MzAtMzA2ZS00YzM3LThiY2MtNGYwMjFjNzNlZjc0
LzEvTkVfYTBRN2xXektDcGtKR3BCM0dHb2tpMGwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuZG4AwQA
uboyMA0GCSqGSIb3DQEBCwUAA4IBAQBbLMqsPUzh02VZd+HjkJibYV/J//+0uD2g
AM+3k4gnKekgQW+DWU7cjF+TUCgO72O55HkQXrzd57pdSL17oBNA24NZO0qfAF4n
Mr8ty6rpy+zrtTpTCze7xEYHeZf8bBvJvRERaea1mZRa+Vkww1XpCcYqQG7foGB0
oUhJhAY0EtR2QnbUhgOqD/yz/i9e8nLOXL0Wmm+nnOQ0ZmMVeVOYnZ6WllFSkY+W
CDi5VdEGAxMwY11nrTskwjz/Q/lKqydLdmAaiYzASNcOte2bddXY5yfKJ54/YuN5
UxpMsbFOGm1RNeGK++2GNUjt1eIHSfIWT0xDnDgFG2gAB+wLwNyE
-----END CERTIFICATE-----