Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/TBBU2-U-VbxAtQzgjojLnS_YX2Q.roa
File:                     TBBU2-U-VbxAtQzgjojLnS_YX2Q.roa (raw, json)
Hash identifier:          s+YFJ4okksiNIn7BiNtnjm6IDlhQFmfpY2yKHVcAIU8=
Subject key identifier:   4C:10:54:DB:E5:3E:55:BC:40:B5:0C:E0:8E:88:CB:9D:2F:D8:5F:64
Certificate issuer:       /CN=172537601a31697404922d957e74450f5a9cbe73
Certificate serial:       019C75AEC2092737925EEB57C2F6026950BA
Authority key identifier: 17:25:37:60:1A:31:69:74:04:92:2D:95:7E:74:45:0F:5A:9C:BE:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/TBBU2-U-VbxAtQzgjojLnS_YX2Q.roa
Signing time:             Thu 19 Feb 2026 11:35:13 +0000
ROA not before:           Thu 19 Feb 2026 11:35:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        81.17.168.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 14:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:75:ae:c2:09:27:37:92:5e:eb:57:c2:f6:02:69:50:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=172537601a31697404922d957e74450f5a9cbe73
        Validity
            Not Before: Feb 19 11:35:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4c1054dbe53e55bc40b50ce08e88cb9d2fd85f64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:09:aa:d1:fa:f2:89:62:f0:f6:e2:e0:fa:2b:
                    c5:62:b2:e6:07:cb:da:3f:93:c5:de:c5:d3:c7:f6:
                    dc:2c:1c:6f:ac:25:de:16:b4:fd:6d:88:58:a5:73:
                    50:54:64:77:0a:13:47:c0:02:f9:84:8b:73:e9:3b:
                    1c:0b:55:f2:81:cf:6d:67:2d:5b:8c:cf:a0:db:b1:
                    ac:89:4a:fe:2e:c5:7f:b7:fd:5f:bf:c7:d5:c8:9f:
                    b6:10:a9:49:48:6a:ea:39:5b:69:c6:2b:28:38:fd:
                    7e:bd:1d:a5:13:35:33:a8:b5:86:d4:ca:e6:3e:cc:
                    78:53:7e:90:bf:31:08:71:02:ba:2f:1f:f8:0e:35:
                    df:c7:0b:79:2f:33:3e:02:bd:09:5a:29:d7:cb:e9:
                    b1:97:e6:f5:4c:b8:06:2a:a4:83:4c:a1:05:c9:f4:
                    a6:a1:7f:22:17:64:d6:9f:68:8f:9d:b7:73:47:9b:
                    68:9a:06:25:2d:e6:7f:f6:58:c7:6a:be:0a:8f:5d:
                    5b:3d:09:9d:a4:2e:7d:85:38:b2:39:f3:1d:6f:4e:
                    05:77:2b:8c:f2:4b:83:f0:e3:28:c1:96:fa:49:ad:
                    44:8e:cc:dd:c2:30:94:41:8b:c4:11:79:e6:76:a7:
                    95:9a:a6:6b:04:c0:0d:dc:ce:e9:7a:30:d0:08:80:
                    c8:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:10:54:DB:E5:3E:55:BC:40:B5:0C:E0:8E:88:CB:9D:2F:D8:5F:64
            X509v3 Authority Key Identifier:
                keyid:17:25:37:60:1A:31:69:74:04:92:2D:95:7E:74:45:0F:5A:9C:BE:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/TBBU2-U-VbxAtQzgjojLnS_YX2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.17.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         67:71:9f:84:e0:db:60:e3:5f:10:58:92:ac:44:08:0e:38:9b:
         00:0f:6f:86:77:8c:6f:8e:d9:d1:a7:40:12:8b:74:02:35:62:
         a4:ce:d7:d4:f5:af:8f:ac:1f:fb:0f:bd:0f:ca:a3:51:6d:fe:
         e5:10:62:8d:a3:09:25:75:37:50:e7:a0:09:80:bd:e4:f9:26:
         c8:24:9e:7b:47:e2:87:b7:1f:9e:14:71:0a:b0:02:62:8f:b5:
         72:d2:d1:23:2a:dd:d1:e1:ca:cd:93:84:ac:d3:b3:12:83:24:
         d1:53:9d:67:f7:e3:7d:fc:f8:4b:5b:e1:df:93:49:ce:14:19:
         a1:58:f5:d0:ab:10:09:d0:b1:32:1e:e2:de:82:39:a5:57:2b:
         e0:b0:c2:80:9f:94:fe:a7:6a:83:1a:00:0d:64:8d:2a:b0:42:
         5f:59:f2:e0:06:8f:40:a7:81:7b:5b:54:f6:f2:56:21:e9:bb:
         60:67:73:b6:21:aa:58:ef:6f:c8:ab:1f:0e:72:5b:8b:96:c4:
         69:6c:d1:c7:8f:2f:5d:36:43:ec:d8:8a:1d:53:c8:51:1a:d1:
         9e:da:d2:47:65:7a:d0:62:f2:94:35:1b:a4:91:c4:fd:fd:38:
         2f:80:04:6d:e4:90:d7:69:ca:18:a2:3e:f6:72:cc:2e:ea:b6:
         f6:dd:c5:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx1rsIJJzeSXutXwvYCaVC6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MjUzNzYwMWEzMTY5NzQwNDkyMmQ5NTdlNzQ0NTBmNWE5
Y2JlNzMwHhcNMjYwMjE5MTEzNTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzEwNTRkYmU1M2U1NWJjNDBiNTBjZTA4ZTg4Y2I5ZDJmZDg1ZjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9Qmq0fryiWLw9uLg+ivFYrLmB8va
P5PF3sXTx/bcLBxvrCXeFrT9bYhYpXNQVGR3ChNHwAL5hItz6TscC1Xygc9tZy1b
jM+g27GsiUr+LsV/t/1fv8fVyJ+2EKlJSGrqOVtpxisoOP1+vR2lEzUzqLWG1Mrm
Psx4U36QvzEIcQK6Lx/4DjXfxwt5LzM+Ar0JWinXy+mxl+b1TLgGKqSDTKEFyfSm
oX8iF2TWn2iPnbdzR5tomgYlLeZ/9ljHar4Kj11bPQmdpC59hTiyOfMdb04FdyuM
8kuD8OMowZb6Sa1EjszdwjCUQYvEEXnmdqeVmqZrBMAN3M7pejDQCIDIvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEwQVNvlPlW8QLUM4I6Iy50v2F9kMB8GA1UdIwQY
MBaAFBclN2AaMWl0BJItlX50RQ9anL5zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnlVM1lCb3hhWFFFa2kyVmZuUkZEMXFjdm5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8yMTljYWUtMjY0ZC00NmE3LTllNjQt
ZTYwNGI2MWJlMGVhLzEvVEJCVTItVS1WYnhBdFF6Z2pvakxuU19ZWDJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8yMTljYWUtMjY0ZC00NmE3LTllNjQtZTYwNGI2MWJlMGVh
LzEvRnlVM1lCb3hhWFFFa2kyVmZuUkZEMXFjdm5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDURGoMA0G
CSqGSIb3DQEBCwUAA4IBAQBncZ+E4Ntg418QWJKsRAgOOJsAD2+Gd4xvjtnRp0AS
i3QCNWKkztfU9a+PrB/7D70PyqNRbf7lEGKNowkldTdQ56AJgL3k+SbIJJ57R+KH
tx+eFHEKsAJij7Vy0tEjKt3R4crNk4Ss07MSgyTRU51n9+N9/PhLW+Hfk0nOFBmh
WPXQqxAJ0LEyHuLegjmlVyvgsMKAn5T+p2qDGgANZI0qsEJfWfLgBo9Ap4F7W1T2
8lYh6btgZ3O2IapY72/Iqx8OcluLlsRpbNHHjy9dNkPs2IodU8hRGtGe2tJHZXrQ
YvKUNRukkcT9/TgvgARt5JDXacoYoj72cswu6rb23cUg
-----END CERTIFICATE-----