Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/rFwNvYqPXmgB7-bwFfISbe47aTY.roa
File:                     rFwNvYqPXmgB7-bwFfISbe47aTY.roa (raw, json)
Hash identifier:          4Rme3qvOVuiloHwX4pWM6DeNHzOSZHFTKy7gvlS5p7c=
Subject key identifier:   AC:5C:0D:BD:8A:8F:5E:68:01:EF:E6:F0:15:F2:12:6D:EE:3B:69:36
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       019C768A7BEFA05B8EA7ED2E123EC8883157
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/rFwNvYqPXmgB7-bwFfISbe47aTY.roa
Signing time:             Thu 19 Feb 2026 15:35:13 +0000
ROA not before:           Thu 19 Feb 2026 15:35:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        89.187.13.0/24 maxlen: 24
                          89.187.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:76:8a:7b:ef:a0:5b:8e:a7:ed:2e:12:3e:c8:88:31:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Feb 19 15:35:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ac5c0dbd8a8f5e6801efe6f015f2126dee3b6936
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:2d:98:c4:4a:09:ba:35:4f:23:64:10:ab:56:
                    10:df:51:c0:27:54:c1:61:c6:fd:f7:f3:1c:0b:2a:
                    82:1d:61:a4:63:86:16:cd:18:67:7b:ad:6a:79:aa:
                    76:8f:15:ee:23:5f:02:14:95:2d:f5:ea:bc:67:03:
                    69:b6:23:00:0d:9c:d3:26:4a:6a:1f:e3:df:70:96:
                    28:4d:0d:92:bd:2a:b6:06:ef:91:95:05:70:b0:ee:
                    2a:2e:5a:bb:c8:d5:70:08:e5:4d:6d:af:6f:77:b2:
                    9b:10:59:cc:72:94:81:e7:2b:a4:6d:e5:16:7c:87:
                    f8:9d:f9:98:61:a6:ee:e1:86:34:d6:09:11:84:89:
                    e8:ab:d3:ea:7f:b3:00:b8:e5:12:44:13:05:78:8f:
                    08:82:76:54:76:48:fe:6a:f7:56:bb:84:cb:31:40:
                    68:85:5e:38:c7:c7:7e:f6:bb:ef:c6:fc:4c:31:9b:
                    f3:20:40:12:f4:c3:82:5d:30:3e:04:03:4e:8b:6e:
                    23:ee:38:7b:38:63:c5:a4:ed:da:99:b4:60:6c:7e:
                    7b:f4:cd:b0:4e:73:df:9d:e4:bc:de:1b:41:fd:97:
                    03:91:00:25:ec:13:79:04:65:16:98:63:e5:93:9d:
                    e8:a6:e6:83:d0:22:d7:2b:4b:a4:10:38:ba:ed:f0:
                    88:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:5C:0D:BD:8A:8F:5E:68:01:EF:E6:F0:15:F2:12:6D:EE:3B:69:36
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/rFwNvYqPXmgB7-bwFfISbe47aTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.13.0/24
                  89.187.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:12:e7:12:b2:94:ba:01:b4:c5:58:3f:b1:9b:d2:22:ac:82:
         e4:ae:d5:b0:23:66:f3:ab:a7:99:4f:4b:24:54:73:a5:67:ea:
         0c:b4:d4:b1:50:18:af:41:57:82:26:ae:fc:b6:e9:26:4d:92:
         80:53:04:ed:18:86:08:97:e4:99:df:b2:13:a7:52:cb:e2:c4:
         b7:89:47:65:41:de:8c:36:72:f0:59:dd:8d:4a:9d:d0:76:cd:
         66:94:b4:23:09:82:85:bb:3b:c0:02:15:a2:83:5d:6b:8e:a9:
         c7:be:a5:c1:9c:86:87:71:08:c1:09:0f:a3:d3:63:de:0b:c1:
         a8:3c:9c:bf:c6:7f:19:eb:97:50:8c:20:e2:51:03:ba:75:6b:
         ac:7a:e0:ad:f2:c4:ae:c0:16:c1:f3:6e:c5:f8:20:11:5c:a1:
         69:3c:25:42:d0:30:4b:c1:c1:92:ad:df:cd:1c:0a:98:b2:e6:
         f1:23:be:74:a0:e3:85:dd:5c:77:f2:2b:b0:de:0d:6e:61:49:
         2f:0a:24:2f:97:70:1c:92:b4:65:c6:ed:67:a3:be:03:86:bc:
         0f:bb:7c:3b:f7:4a:48:82:52:07:cc:77:dd:b4:e7:03:fa:c8:
         9d:3a:9a:c7:39:66:e8:53:ee:fe:e5:68:60:30:43:9a:fa:93:
         62:89:17:43
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZx2invvoFuOp+0uEj7IiDFXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjYwMjE5MTUzNTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzVjMGRiZDhhOGY1ZTY4MDFlZmU2ZjAxNWYyMTI2ZGVlM2I2OTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1i2YxEoJujVPI2QQq1YQ31HAJ1TB
Ycb99/McCyqCHWGkY4YWzRhne61qeap2jxXuI18CFJUt9eq8ZwNptiMADZzTJkpq
H+PfcJYoTQ2SvSq2Bu+RlQVwsO4qLlq7yNVwCOVNba9vd7KbEFnMcpSB5yukbeUW
fIf4nfmYYabu4YY01gkRhInoq9Pqf7MAuOUSRBMFeI8IgnZUdkj+avdWu4TLMUBo
hV44x8d+9rvvxvxMMZvzIEAS9MOCXTA+BANOi24j7jh7OGPFpO3ambRgbH579M2w
TnPfneS83htB/ZcDkQAl7BN5BGUWmGPlk53opuaD0CLXK0ukEDi67fCI3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKxcDb2Kj15oAe/m8BXyEm3uO2k2MB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvckZ3TnZZcVBYbWdCNy1id0ZmSVNiZTQ3YVRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWbsNAwQA
WbseMA0GCSqGSIb3DQEBCwUAA4IBAQBuEucSspS6AbTFWD+xm9IirILkrtWwI2bz
q6eZT0skVHOlZ+oMtNSxUBivQVeCJq78tukmTZKAUwTtGIYIl+SZ37ITp1LL4sS3
iUdlQd6MNnLwWd2NSp3Qds1mlLQjCYKFuzvAAhWig11rjqnHvqXBnIaHcQjBCQ+j
02PeC8GoPJy/xn8Z65dQjCDiUQO6dWuseuCt8sSuwBbB827F+CARXKFpPCVC0DBL
wcGSrd/NHAqYsubxI750oOOF3Vx38iuw3g1uYUkvCiQvl3AckrRlxu1no74DhrwP
u3w790pIglIHzHfdtOcD+sidOprHOWboU+7+5WhgMEOa+pNiiRdD
-----END CERTIFICATE-----