Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/0cFmPlgtZFatvGsFJ_6fS1O8kQM.roa
File:                     0cFmPlgtZFatvGsFJ_6fS1O8kQM.roa (raw, json)
Hash identifier:          /B2VVRe5N6Un7aDXd5evcTUVemNrJ/4W8eXY2wnpu94=
Subject key identifier:   D1:C1:66:3E:58:2D:64:56:AD:BC:6B:05:27:FE:9F:4B:53:BC:91:03
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       019C7DB2F0D73CA340DE1B38D47B643DA3A5
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/0cFmPlgtZFatvGsFJ_6fS1O8kQM.roa
Signing time:             Sat 21 Feb 2026 00:56:44 +0000
ROA not before:           Sat 21 Feb 2026 00:56:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1054
IP address blocks:        91.216.169.0/24 maxlen: 24
                          91.216.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7d:b2:f0:d7:3c:a3:40:de:1b:38:d4:7b:64:3d:a3:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Feb 21 00:56:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d1c1663e582d6456adbc6b0527fe9f4b53bc9103
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:58:9e:1a:53:37:82:38:1e:67:72:95:20:63:
                    c4:24:2e:0a:ff:e3:cd:40:40:dc:80:07:5b:81:96:
                    58:62:a9:4b:ae:18:99:32:d8:6a:87:08:b6:34:37:
                    b0:e1:d2:19:e0:55:2d:f9:26:ca:c7:41:6d:65:0d:
                    26:6f:51:71:35:5e:61:d4:99:f6:ee:40:4c:f7:47:
                    9d:47:b2:fb:50:93:fb:c0:54:90:52:d6:fd:03:c3:
                    d4:f9:9d:a6:aa:49:b2:58:73:9b:98:89:c9:78:30:
                    61:d0:4d:4e:79:6e:8a:7e:19:61:2d:11:c9:51:2c:
                    25:84:41:e5:13:94:d8:f3:c6:18:a4:e3:1a:b6:ca:
                    60:66:b0:c8:b1:f4:a0:3e:ea:e8:f3:69:6b:49:2a:
                    91:11:9a:c9:b3:c1:36:54:ca:a8:c3:11:39:b9:75:
                    74:e5:8e:aa:d9:3f:a6:06:54:16:e1:90:0b:1e:ac:
                    c1:bb:85:bf:f9:b1:b4:b9:66:91:41:59:40:bc:ab:
                    b6:3d:a9:35:d6:2b:b2:48:5f:0c:78:f2:5c:92:32:
                    31:05:b0:a4:8e:ee:47:ab:52:41:8b:b4:76:6b:d1:
                    85:4b:92:e4:bc:12:30:c0:50:09:1e:0d:6e:31:ca:
                    58:94:e9:1d:23:d7:a2:b2:d3:5c:d4:09:57:53:0d:
                    3c:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:C1:66:3E:58:2D:64:56:AD:BC:6B:05:27:FE:9F:4B:53:BC:91:03
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/0cFmPlgtZFatvGsFJ_6fS1O8kQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.169.0/24
                  91.216.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:f5:08:5e:67:c1:b4:9d:55:95:62:36:75:ec:bb:f8:43:4f:
         6f:23:5b:2b:29:a9:b4:2f:f0:b3:70:97:e8:69:c1:db:47:1d:
         7c:89:ac:7a:9d:20:cb:96:15:07:df:5c:6a:b3:4a:0a:44:f6:
         c0:1b:68:80:8e:7e:08:a2:a6:17:f6:e9:13:ed:a6:a1:be:6c:
         4d:bf:48:ef:0d:a5:08:b1:80:ae:4f:a7:f3:70:15:24:85:62:
         2c:6b:1c:61:c5:62:56:9f:a1:78:f9:00:1d:67:c5:66:c1:2e:
         4e:f0:d0:78:c9:c7:06:9b:a4:fb:19:37:38:27:3e:ef:ca:18:
         30:31:72:b9:f0:83:19:64:95:6d:ef:ba:06:8d:23:e0:82:83:
         3f:f6:d7:b8:6b:f8:1c:71:fc:02:e2:4d:57:05:78:3f:95:ac:
         97:0d:ad:a9:b1:59:c7:e1:ed:59:d1:02:7f:93:65:20:ac:e8:
         f7:43:00:49:10:5a:7c:19:1d:01:9a:1f:06:bd:8b:77:06:0d:
         20:fb:14:00:85:bc:da:10:b4:a6:cd:4f:cd:b9:9c:a1:07:f7:
         d5:c0:ab:c2:7d:ff:c8:95:ac:af:b7:24:2f:c5:be:d8:c3:bc:
         b7:e9:63:53:74:3b:99:73:b0:3f:1f:ba:8c:42:0b:72:b0:e4:
         07:d3:5c:91
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZx9svDXPKNA3hs41HtkPaOlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjYwMjIxMDA1NjQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWMxNjYzZTU4MmQ2NDU2YWRiYzZiMDUyN2ZlOWY0YjUzYmM5MTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01ieGlM3gjgeZ3KVIGPEJC4K/+PN
QEDcgAdbgZZYYqlLrhiZMthqhwi2NDew4dIZ4FUt+SbKx0FtZQ0mb1FxNV5h1Jn2
7kBM90edR7L7UJP7wFSQUtb9A8PU+Z2mqkmyWHObmInJeDBh0E1OeW6KfhlhLRHJ
USwlhEHlE5TY88YYpOMatspgZrDIsfSgPuro82lrSSqREZrJs8E2VMqowxE5uXV0
5Y6q2T+mBlQW4ZALHqzBu4W/+bG0uWaRQVlAvKu2Pak11iuySF8MePJckjIxBbCk
ju5Hq1JBi7R2a9GFS5LkvBIwwFAJHg1uMcpYlOkdI9eistNc1AlXUw08dQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNHBZj5YLWRWrbxrBSf+n0tTvJEDMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvMGNGbVBsZ3RaRmF0dkdzRkpfNmZTMU84a1FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9ipAwQA
W9i+MA0GCSqGSIb3DQEBCwUAA4IBAQBk9QheZ8G0nVWVYjZ17Lv4Q09vI1srKam0
L/CzcJfoacHbRx18iax6nSDLlhUH31xqs0oKRPbAG2iAjn4IoqYX9ukT7aahvmxN
v0jvDaUIsYCuT6fzcBUkhWIsaxxhxWJWn6F4+QAdZ8VmwS5O8NB4yccGm6T7GTc4
Jz7vyhgwMXK58IMZZJVt77oGjSPggoM/9te4a/gccfwC4k1XBXg/layXDa2psVnH
4e1Z0QJ/k2UgrOj3QwBJEFp8GR0Bmh8GvYt3Bg0g+xQAhbzaELSmzU/NuZyhB/fV
wKvCff/IlayvtyQvxb7Yw7y36WNTdDuZc7A/H7qMQgtysOQH01yR
-----END CERTIFICATE-----