Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/RAS9ltR65pNPgQaX10vXUs-3TfU.roa
File:                     RAS9ltR65pNPgQaX10vXUs-3TfU.roa (raw, json)
Hash identifier:          nO35mR7JsBJaRvSfD7dQFiyq9zohdhUSSonQuoy1yeg=
Subject key identifier:   44:04:BD:96:D4:7A:E6:93:4F:81:06:97:D7:4B:D7:52:CF:B7:4D:F5
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019C765E8A27AA08724009B88790EBFC5BA0
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/RAS9ltR65pNPgQaX10vXUs-3TfU.roa
Signing time:             Thu 19 Feb 2026 14:47:13 +0000
ROA not before:           Thu 19 Feb 2026 14:47:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     10753
IP address blocks:        109.204.104.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:76:5e:8a:27:aa:08:72:40:09:b8:87:90:eb:fc:5b:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Feb 19 14:47:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4404bd96d47ae6934f810697d74bd752cfb74df5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:d1:cc:42:a4:74:f6:21:8d:82:db:81:23:5d:
                    39:4c:b1:1d:d2:3f:02:e9:8d:6f:ce:57:0f:1a:a6:
                    7a:4a:47:ee:75:21:36:b2:4f:fd:05:89:5f:65:0e:
                    4a:b4:a3:e5:ed:ed:36:fc:2f:9c:26:28:3d:c8:10:
                    ce:46:b2:52:32:8f:0e:c0:6f:09:45:28:54:f2:39:
                    20:e3:a5:12:23:3c:6b:ed:84:df:eb:1b:ba:b7:3b:
                    c3:4b:c7:c0:86:2b:be:3e:7b:e6:1f:ba:e6:44:9f:
                    e9:9e:4b:5e:e1:2b:9f:a0:2e:a9:5c:c5:52:37:b8:
                    0b:de:6c:6e:3b:3f:95:f0:a5:7c:11:b7:70:ac:cf:
                    47:de:f0:1b:b8:06:e7:a5:a6:b5:63:f9:92:2e:e9:
                    4e:ba:d0:2a:8d:d4:3b:09:05:c8:cc:1f:89:b0:ba:
                    d0:e1:50:fb:c5:1c:30:06:a0:fa:cf:77:64:f9:e0:
                    15:8d:75:65:58:38:16:71:c8:80:b0:d8:7d:4d:79:
                    83:e7:f1:93:c3:d1:dc:26:dc:07:8c:83:24:6d:93:
                    02:d4:7b:5e:d5:c4:ed:cf:23:e6:a4:3b:25:12:1a:
                    74:8d:ba:c9:bc:bb:37:50:05:4e:7e:c1:c7:64:75:
                    a5:d4:73:0b:b8:01:b9:72:7b:5a:77:23:20:2c:dd:
                    63:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:04:BD:96:D4:7A:E6:93:4F:81:06:97:D7:4B:D7:52:CF:B7:4D:F5
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/RAS9ltR65pNPgQaX10vXUs-3TfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.204.104.0/21

    Signature Algorithm: sha256WithRSAEncryption
         23:b4:0d:0c:07:56:38:b5:d7:ff:fe:14:ba:8b:48:4d:00:33:
         e7:06:ff:50:a1:7e:8b:e2:0c:50:67:1f:ac:2e:fb:42:ac:d0:
         68:fa:01:f4:31:92:a1:05:c9:53:ad:6b:b9:96:20:5c:46:b3:
         38:1a:af:66:56:f2:8f:71:0f:b4:2f:ab:36:11:c3:7e:ec:2a:
         31:2c:4e:5f:cb:8d:ac:79:df:52:d5:40:5f:0c:03:d6:b6:33:
         50:d7:7d:ac:cd:87:87:f1:ea:d7:89:28:de:b8:06:78:4c:79:
         6b:da:fc:f7:f6:58:e2:6b:c5:87:a2:16:e8:e9:74:b6:4a:d9:
         dc:d2:c1:5c:3b:5c:2b:fa:e1:4e:b1:14:53:1b:cb:68:fb:9d:
         8e:df:68:25:be:0b:27:e1:52:9a:2c:5b:29:0e:76:7f:25:0a:
         53:92:0c:37:d9:2a:5c:ec:0d:12:21:3f:0d:d1:78:e9:ba:5b:
         f2:ab:3c:c3:30:40:0c:8c:af:00:e1:29:f6:8e:d8:cd:a4:30:
         da:3a:b6:14:e4:2a:58:4d:ec:14:27:11:a4:a7:30:9f:84:23:
         29:5c:93:b5:5e:a6:56:bd:c4:8c:86:66:92:c4:d9:00:7a:bf:
         dd:f0:bb:0d:7a:cf:41:c8:55:7e:79:65:b4:dd:50:44:ab:17:
         2d:7d:83:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx2XoonqghyQAm4h5Dr/FugMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMjE5MTQ0NzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDA0YmQ5NmQ0N2FlNjkzNGY4MTA2OTdkNzRiZDc1MmNmYjc0ZGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29HMQqR09iGNgtuBI105TLEd0j8C
6Y1vzlcPGqZ6SkfudSE2sk/9BYlfZQ5KtKPl7e02/C+cJig9yBDORrJSMo8OwG8J
RShU8jkg46USIzxr7YTf6xu6tzvDS8fAhiu+PnvmH7rmRJ/pnkte4SufoC6pXMVS
N7gL3mxuOz+V8KV8EbdwrM9H3vAbuAbnpaa1Y/mSLulOutAqjdQ7CQXIzB+JsLrQ
4VD7xRwwBqD6z3dk+eAVjXVlWDgWcciAsNh9TXmD5/GTw9HcJtwHjIMkbZMC1Hte
1cTtzyPmpDslEhp0jbrJvLs3UAVOfsHHZHWl1HMLuAG5cntadyMgLN1jIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEQEvZbUeuaTT4EGl9dL11LPt031MB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvUkFTOWx0UjY1cE5QZ1FhWDEwdlhVcy0zVGZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDbcxoMA0G
CSqGSIb3DQEBCwUAA4IBAQAjtA0MB1Y4tdf//hS6i0hNADPnBv9QoX6L4gxQZx+s
LvtCrNBo+gH0MZKhBclTrWu5liBcRrM4Gq9mVvKPcQ+0L6s2EcN+7CoxLE5fy42s
ed9S1UBfDAPWtjNQ132szYeH8erXiSjeuAZ4THlr2vz39ljia8WHohbo6XS2Stnc
0sFcO1wr+uFOsRRTG8to+52O32glvgsn4VKaLFspDnZ/JQpTkgw32Spc7A0SIT8N
0XjpulvyqzzDMEAMjK8A4Sn2jtjNpDDaOrYU5CpYTewUJxGkpzCfhCMpXJO1XqZW
vcSMhmaSxNkAer/d8LsNes9ByFV+eWW03VBEqxctfYOM
-----END CERTIFICATE-----