Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/8FOWFEWcx16C0mva1ErD1ehkFBU.roa
File:                     8FOWFEWcx16C0mva1ErD1ehkFBU.roa (raw, json)
Hash identifier:          rn3EeCGq/aMeCBtKEwzF9PyWQiRVYlCrTF4jKTOnpKM=
Subject key identifier:   F0:53:96:14:45:9C:C7:5E:82:D2:6B:DA:D4:4A:C3:D5:E8:64:14:15
Certificate issuer:       /CN=5975d519de239cf164cb94a6660c2530ceaef254
Certificate serial:       019C5D32238B97A966DD1196193560283A47
Authority key identifier: 59:75:D5:19:DE:23:9C:F1:64:CB:94:A6:66:0C:25:30:CE:AE:F2:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/8FOWFEWcx16C0mva1ErD1ehkFBU.roa
Signing time:             Sat 14 Feb 2026 17:28:12 +0000
ROA not before:           Sat 14 Feb 2026 17:28:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201002
IP address blocks:        85.11.182.0/24 maxlen: 24
                          85.11.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:5d:32:23:8b:97:a9:66:dd:11:96:19:35:60:28:3a:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5975d519de239cf164cb94a6660c2530ceaef254
        Validity
            Not Before: Feb 14 17:28:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f0539614459cc75e82d26bdad44ac3d5e8641415
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:3d:fc:7f:27:2b:76:ce:e0:98:6c:42:a4:8f:
                    8f:76:c0:f7:c7:ec:dd:0c:df:e5:c9:54:f7:2e:d3:
                    80:45:0b:b5:1f:f6:43:f9:40:70:a7:ee:4f:15:9e:
                    58:48:ee:5e:3a:a9:2e:d1:99:6c:7f:86:b9:7a:94:
                    3b:cc:eb:6a:35:56:b6:08:3d:cc:95:bc:a2:76:3c:
                    e0:8c:e6:ed:77:58:c2:23:0c:3b:c2:2f:8f:e7:16:
                    3e:49:ec:4f:f1:57:3d:36:12:a6:04:0f:7a:8b:30:
                    3f:67:f3:a0:f2:98:94:37:14:e6:0e:8d:0a:91:5e:
                    dd:0a:8f:5c:d7:e0:87:71:de:ba:9b:03:87:71:bf:
                    8f:23:aa:6f:01:e7:27:e7:b7:44:0b:ab:55:22:2c:
                    db:e0:a4:f1:ba:89:25:e0:4f:fa:89:5e:9a:01:4f:
                    96:c3:e2:11:18:8e:ed:d8:50:1f:ab:56:a0:e2:b7:
                    73:2d:8a:1d:79:9d:14:c5:bc:eb:0f:97:6a:7a:d4:
                    f2:ba:ce:e3:ea:e5:a9:82:42:fd:3e:81:16:07:42:
                    15:c9:3a:8e:c1:16:2c:5f:8d:88:69:5c:23:be:47:
                    7e:a0:e4:37:9f:32:f6:b7:4b:0c:fd:c2:ff:e1:ea:
                    cc:1f:d8:2e:71:e5:ee:2b:05:2a:86:2f:b4:9e:de:
                    55:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:53:96:14:45:9C:C7:5E:82:D2:6B:DA:D4:4A:C3:D5:E8:64:14:15
            X509v3 Authority Key Identifier:
                keyid:59:75:D5:19:DE:23:9C:F1:64:CB:94:A6:66:0C:25:30:CE:AE:F2:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/8FOWFEWcx16C0mva1ErD1ehkFBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.11.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3e:a4:7c:67:58:2d:61:8b:07:6f:ad:16:c1:0f:d0:4a:56:d0:
         40:7d:01:3d:33:e6:0f:f1:72:b1:fd:be:0c:91:68:07:f0:7e:
         36:25:52:da:16:46:e6:48:68:9f:8a:24:78:6b:b4:7f:c3:98:
         dc:ae:50:10:77:eb:ce:c5:68:a3:94:c6:be:70:61:32:89:7e:
         40:ce:ce:89:e6:e1:de:a3:b5:ad:43:31:5f:02:ea:05:78:c4:
         8e:a9:ba:32:13:61:c7:8b:99:d3:fb:c7:1a:05:b9:0b:74:9d:
         ef:94:10:7f:2e:f0:f4:79:57:09:0b:4e:69:17:f5:ee:8a:2e:
         5a:fc:39:99:f0:75:ff:4f:f9:85:5f:41:42:0e:b6:75:47:d6:
         39:94:64:60:7b:fe:e8:08:17:60:be:c9:b4:ff:04:76:48:63:
         e3:2e:9e:02:1c:1c:89:c9:e7:d3:b7:82:7a:7e:60:50:83:29:
         c6:9d:5d:1b:32:6c:b7:1a:d6:67:75:d7:ec:08:84:03:8e:bd:
         f3:30:82:cb:01:89:02:8d:34:6b:30:8c:10:0b:b4:e6:5c:4c:
         d0:46:58:e4:f3:fa:49:9c:72:9f:f4:70:53:3d:93:22:ec:d5:
         c4:7f:c6:0f:38:4b:ec:a8:e3:b7:b6:84:d9:a0:b6:fd:40:e5:
         9a:9e:06:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxdMiOLl6lm3RGWGTVgKDpHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NzVkNTE5ZGUyMzljZjE2NGNiOTRhNjY2MGMyNTMwY2Vh
ZWYyNTQwHhcNMjYwMjE0MTcyODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDUzOTYxNDQ1OWNjNzVlODJkMjZiZGFkNDRhYzNkNWU4NjQxNDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxj38fycrds7gmGxCpI+PdsD3x+zd
DN/lyVT3LtOARQu1H/ZD+UBwp+5PFZ5YSO5eOqku0Zlsf4a5epQ7zOtqNVa2CD3M
lbyidjzgjObtd1jCIww7wi+P5xY+SexP8Vc9NhKmBA96izA/Z/Og8piUNxTmDo0K
kV7dCo9c1+CHcd66mwOHcb+PI6pvAecn57dEC6tVIizb4KTxuokl4E/6iV6aAU+W
w+IRGI7t2FAfq1ag4rdzLYodeZ0UxbzrD5dqetTyus7j6uWpgkL9PoEWB0IVyTqO
wRYsX42IaVwjvkd+oOQ3nzL2t0sM/cL/4erMH9guceXuKwUqhi+0nt5VKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPBTlhRFnMdegtJr2tRKw9XoZBQVMB8GA1UdIwQY
MBaAFFl11RneI5zxZMuUpmYMJTDOrvJUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1hYVkdkNGpuUEZreTVTbVpnd2xNTTZ1OGxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS8wYzBjMzctYjQwMS00MDFiLWFhNjUt
MmNjNjc1NzI2OTc1LzEvOEZPV0ZFV2N4MTZDMG12YTFFckQxZWhrRkJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS8wYzBjMzctYjQwMS00MDFiLWFhNjUtMmNjNjc1NzI2OTc1
LzEvV1hYVkdkNGpuUEZreTVTbVpnd2xNTTZ1OGxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVQu2MA0G
CSqGSIb3DQEBCwUAA4IBAQA+pHxnWC1hiwdvrRbBD9BKVtBAfQE9M+YP8XKx/b4M
kWgH8H42JVLaFkbmSGifiiR4a7R/w5jcrlAQd+vOxWijlMa+cGEyiX5Azs6J5uHe
o7WtQzFfAuoFeMSOqboyE2HHi5nT+8caBbkLdJ3vlBB/LvD0eVcJC05pF/Xuii5a
/DmZ8HX/T/mFX0FCDrZ1R9Y5lGRge/7oCBdgvsm0/wR2SGPjLp4CHByJyefTt4J6
fmBQgynGnV0bMmy3GtZnddfsCIQDjr3zMILLAYkCjTRrMIwQC7TmXEzQRljk8/pJ
nHKf9HBTPZMi7NXEf8YPOEvsqOO3toTZoLb9QOWangZJ
-----END CERTIFICATE-----