Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/spbV5VQdq3w-z7txK9f3uwbu11Q.roa
File:                     spbV5VQdq3w-z7txK9f3uwbu11Q.roa (raw, json)
Hash identifier:          52hBD/33ihaI0NTH6fB/EeRRuQ3H3n3OWO200/mNeBE=
Subject key identifier:   B2:96:D5:E5:54:1D:AB:7C:3E:CF:BB:71:2B:D7:F7:BB:06:EE:D7:54
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       019C768A7BA172293537A7DD7685A50F025F
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/spbV5VQdq3w-z7txK9f3uwbu11Q.roa
Signing time:             Thu 19 Feb 2026 15:35:12 +0000
ROA not before:           Thu 19 Feb 2026 15:35:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        89.187.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:76:8a:7b:a1:72:29:35:37:a7:dd:76:85:a5:0f:02:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Feb 19 15:35:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b296d5e5541dab7c3ecfbb712bd7f7bb06eed754
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:51:25:11:60:d9:ca:3f:15:32:27:f2:06:4d:
                    12:2f:b9:58:24:6d:c6:77:8a:cb:5d:e7:6b:27:27:
                    6b:1f:8a:1b:e2:9f:5e:48:3c:88:05:8b:2b:7e:89:
                    3a:f9:78:2c:fb:61:73:5a:4c:15:88:8c:ee:09:f0:
                    91:a8:c9:d0:0f:fb:42:72:60:ad:b3:10:7c:ee:21:
                    b8:36:ba:03:c7:ff:77:06:d9:f7:5c:4e:75:15:46:
                    b2:53:5a:a9:3c:6d:fa:fd:65:13:17:2d:fe:78:51:
                    3c:2d:fe:19:15:3d:63:c3:a3:90:f5:eb:a4:e2:45:
                    66:46:ad:64:8f:b5:37:f0:a6:f2:42:12:91:d8:14:
                    c9:37:7e:07:21:e6:8d:19:b8:e2:b8:8a:1a:11:fd:
                    21:71:f8:67:94:b0:82:4b:36:03:07:a7:f5:f1:17:
                    d1:7d:c2:31:34:0a:fa:9a:c1:76:ec:b0:db:a9:e8:
                    a2:e2:43:8b:1b:0b:55:28:8d:af:99:3e:4f:52:5c:
                    ff:3d:85:ca:6a:5a:5f:10:43:7b:1c:f2:70:62:5b:
                    b3:0b:33:11:25:80:28:53:ab:50:bc:ec:14:36:bc:
                    d1:e5:40:d0:fa:62:a8:18:f2:64:1f:e1:d4:b5:1a:
                    66:15:99:1a:c0:63:d7:5e:2e:cb:1c:4c:d3:ef:2f:
                    6c:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:96:D5:E5:54:1D:AB:7C:3E:CF:BB:71:2B:D7:F7:BB:06:EE:D7:54
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/spbV5VQdq3w-z7txK9f3uwbu11Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:b1:2d:cd:5e:01:72:5b:fb:b3:e0:75:6b:bf:34:15:3f:a7:
         7e:67:44:6a:cf:e4:7d:70:ce:3b:52:79:06:e8:c7:b1:2d:dd:
         a8:d5:82:4d:8c:68:47:f8:bb:11:38:f9:cf:16:61:13:8a:5d:
         8a:ba:4a:1a:75:4d:54:0c:0b:db:5e:b9:be:b8:c9:dc:05:27:
         cb:5d:22:92:3b:44:53:0c:b2:4f:2e:ed:01:5b:b6:39:6f:11:
         a6:19:ec:6e:c5:49:9f:db:92:1d:3e:f7:49:d8:f9:62:ae:42:
         5e:bc:7a:bb:b2:47:e3:6a:e8:f3:4f:fc:1a:05:54:3d:16:a1:
         32:8d:e9:16:0c:3f:f4:23:eb:b4:09:df:c6:17:8e:39:d7:17:
         2c:94:1d:68:04:58:01:21:5c:d5:58:30:24:e0:7b:b6:a5:34:
         19:c9:df:9d:0b:e7:45:be:32:27:c6:f5:39:03:4f:55:84:ea:
         0d:49:81:4b:9c:cd:e1:2f:b2:cd:3f:99:cb:81:bd:63:13:a3:
         bd:a0:e1:99:09:d1:63:ed:70:93:8e:9c:8c:41:db:18:d2:06:
         84:ca:dd:c8:57:b0:7a:52:79:87:e2:c1:82:77:2a:21:24:36:
         aa:ca:55:ec:d4:0b:88:d1:fc:40:1c:c3:c5:ec:88:fa:fc:55:
         df:ca:b3:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx2inuhcik1N6fddoWlDwJfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjYwMjE5MTUzNTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjk2ZDVlNTU0MWRhYjdjM2VjZmJiNzEyYmQ3ZjdiYjA2ZWVkNzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVElEWDZyj8VMifyBk0SL7lYJG3G
d4rLXedrJydrH4ob4p9eSDyIBYsrfok6+Xgs+2FzWkwViIzuCfCRqMnQD/tCcmCt
sxB87iG4NroDx/93Btn3XE51FUayU1qpPG36/WUTFy3+eFE8Lf4ZFT1jw6OQ9euk
4kVmRq1kj7U38KbyQhKR2BTJN34HIeaNGbjiuIoaEf0hcfhnlLCCSzYDB6f18RfR
fcIxNAr6msF27LDbqeii4kOLGwtVKI2vmT5PUlz/PYXKalpfEEN7HPJwYluzCzMR
JYAoU6tQvOwUNrzR5UDQ+mKoGPJkH+HUtRpmFZkawGPXXi7LHEzT7y9sVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLKW1eVUHat8Ps+7cSvX97sG7tdUMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvc3BiVjVWUWRxM3ctejd0eEs5ZjN1d2J1MTFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbsQMA0G
CSqGSIb3DQEBCwUAA4IBAQAIsS3NXgFyW/uz4HVrvzQVP6d+Z0Rqz+R9cM47UnkG
6MexLd2o1YJNjGhH+LsROPnPFmETil2KukoadU1UDAvbXrm+uMncBSfLXSKSO0RT
DLJPLu0BW7Y5bxGmGexuxUmf25IdPvdJ2PlirkJevHq7skfjaujzT/waBVQ9FqEy
jekWDD/0I+u0Cd/GF4451xcslB1oBFgBIVzVWDAk4Hu2pTQZyd+dC+dFvjInxvU5
A09VhOoNSYFLnM3hL7LNP5nLgb1jE6O9oOGZCdFj7XCTjpyMQdsY0gaEyt3IV7B6
UnmH4sGCdyohJDaqylXs1AuI0fxAHMPF7Ij6/FXfyrOx
-----END CERTIFICATE-----