Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/a14754-a7fb-43cb-a3ae-06d360dc70f3/1/dTkGUafttT6-8GpfaFN-_DQscaU.roa
File:                     dTkGUafttT6-8GpfaFN-_DQscaU.roa (raw, json)
Hash identifier:          go6kdC6kI78p8haD5O5Bqq/07FTC8kyj7opP+hvQavw=
Subject key identifier:   75:39:06:51:A7:ED:B5:3E:BE:F0:6A:5F:68:53:7E:FC:34:2C:71:A5
Certificate issuer:       /CN=861824e9b334b4d50e83c49df9ba19ce25be8193
Certificate serial:       019C777C2DEEDCDD7BE9BD7392B5C97A5544
Authority key identifier: 86:18:24:E9:B3:34:B4:D5:0E:83:C4:9D:F9:BA:19:CE:25:BE:81:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hhgk6bM0tNUOg8Sd-boZziW-gZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/a14754-a7fb-43cb-a3ae-06d360dc70f3/1/dTkGUafttT6-8GpfaFN-_DQscaU.roa
Signing time:             Thu 19 Feb 2026 19:59:12 +0000
ROA not before:           Thu 19 Feb 2026 19:59:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206076
IP address blocks:        185.5.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/a14754-a7fb-43cb-a3ae-06d360dc70f3/1/hhgk6bM0tNUOg8Sd-boZziW-gZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/a14754-a7fb-43cb-a3ae-06d360dc70f3/1/hhgk6bM0tNUOg8Sd-boZziW-gZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hhgk6bM0tNUOg8Sd-boZziW-gZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 21:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:77:7c:2d:ee:dc:dd:7b:e9:bd:73:92:b5:c9:7a:55:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=861824e9b334b4d50e83c49df9ba19ce25be8193
        Validity
            Not Before: Feb 19 19:59:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=75390651a7edb53ebef06a5f68537efc342c71a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:0d:d7:77:25:a3:6d:1c:18:41:57:8d:c2:a3:
                    fb:ed:17:2c:c3:f8:3c:6a:84:de:e2:63:8d:7d:64:
                    bd:8c:37:60:fd:4a:de:ca:91:f9:9f:71:31:74:38:
                    03:ac:87:8a:77:d7:7f:07:be:08:00:98:a2:19:f3:
                    21:69:b6:4c:cd:1b:ff:30:93:70:d6:d6:bd:b1:a1:
                    5d:fc:23:e5:18:65:24:3b:38:3e:f6:9f:0d:cd:0b:
                    00:5c:1d:dc:a2:71:f0:a9:36:e2:78:70:b6:3c:8e:
                    80:de:d5:f4:36:1d:dd:41:ce:a7:bb:0b:9a:02:d4:
                    2c:74:9a:67:ed:b2:98:25:e6:e0:1b:ff:c4:06:85:
                    98:70:04:9a:8c:43:c1:d4:69:9a:1c:48:9b:bb:77:
                    be:a8:ef:a5:3f:66:d7:91:ac:f1:ba:05:87:0a:37:
                    0c:3d:47:1b:51:7c:1d:f8:54:6e:a8:4c:07:e9:13:
                    46:c8:66:2d:13:9d:df:70:17:e4:e7:84:0d:12:e5:
                    28:8c:72:2a:63:53:2c:5b:41:ab:f5:7f:f1:97:90:
                    93:7e:73:d9:e5:31:dc:64:c3:a2:66:f1:53:f6:8c:
                    ab:7a:4f:65:d3:a3:86:59:e4:aa:94:34:d2:d6:5c:
                    99:8c:f0:d8:5e:cc:a6:a5:32:68:3a:49:b6:32:5b:
                    e8:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:39:06:51:A7:ED:B5:3E:BE:F0:6A:5F:68:53:7E:FC:34:2C:71:A5
            X509v3 Authority Key Identifier:
                keyid:86:18:24:E9:B3:34:B4:D5:0E:83:C4:9D:F9:BA:19:CE:25:BE:81:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hhgk6bM0tNUOg8Sd-boZziW-gZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/a14754-a7fb-43cb-a3ae-06d360dc70f3/1/dTkGUafttT6-8GpfaFN-_DQscaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/a14754-a7fb-43cb-a3ae-06d360dc70f3/1/hhgk6bM0tNUOg8Sd-boZziW-gZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.5.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         db:ae:94:29:bd:6a:a5:36:ce:68:a8:ba:20:6a:aa:fb:56:a4:
         9f:35:ed:ac:7d:cf:31:7d:2c:67:79:22:c2:27:e4:e6:44:86:
         80:8c:76:2e:e8:03:2e:8a:d8:28:a6:a1:ce:64:dd:73:fb:7f:
         56:6d:2a:b7:ea:e5:d8:47:16:45:6f:21:3d:93:02:77:da:c1:
         02:43:e8:2d:3e:b7:9b:f9:f4:25:3f:29:05:d3:4c:91:0d:07:
         3b:db:76:47:df:14:98:c4:d5:6f:f9:3c:e7:92:ba:3e:21:23:
         af:07:59:78:69:cb:00:a0:4a:a3:c2:f9:16:38:d8:e2:e0:66:
         f8:1c:6d:1a:2e:c3:e8:b1:78:35:17:23:b6:05:af:89:d9:40:
         5d:53:94:db:ba:ac:82:77:96:d4:a3:c0:65:54:77:30:43:69:
         20:06:6c:23:2b:3d:df:d4:7e:d8:6b:dc:4d:0b:e6:7d:b4:ef:
         36:ba:ba:8b:07:7c:d5:24:e8:8a:1c:9a:1c:88:5a:84:29:c1:
         09:92:a7:7a:96:75:dc:c8:da:50:50:77:af:28:5b:a2:10:70:
         3e:10:36:df:eb:91:60:ba:5e:2e:7c:cb:cc:ab:b0:2c:98:ec:
         fe:b5:e9:80:10:54:eb:dc:83:c9:e2:e3:8c:da:f7:75:44:4e:
         17:70:6a:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx3fC3u3N176b1zkrXJelVEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2MTgyNGU5YjMzNGI0ZDUwZTgzYzQ5ZGY5YmExOWNlMjVi
ZTgxOTMwHhcNMjYwMjE5MTk1OTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTM5MDY1MWE3ZWRiNTNlYmVmMDZhNWY2ODUzN2VmYzM0MmM3MWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApA3XdyWjbRwYQVeNwqP77Rcsw/g8
aoTe4mONfWS9jDdg/UreypH5n3ExdDgDrIeKd9d/B74IAJiiGfMhabZMzRv/MJNw
1ta9saFd/CPlGGUkOzg+9p8NzQsAXB3conHwqTbieHC2PI6A3tX0Nh3dQc6nuwua
AtQsdJpn7bKYJebgG//EBoWYcASajEPB1GmaHEibu3e+qO+lP2bXkazxugWHCjcM
PUcbUXwd+FRuqEwH6RNGyGYtE53fcBfk54QNEuUojHIqY1MsW0Gr9X/xl5CTfnPZ
5THcZMOiZvFT9oyrek9l06OGWeSqlDTS1lyZjPDYXsympTJoOkm2MlvohwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHU5BlGn7bU+vvBqX2hTfvw0LHGlMB8GA1UdIwQY
MBaAFIYYJOmzNLTVDoPEnfm6Gc4lvoGTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGhnazZiTTB0TlVPZzhTZC1ib1p6aVctZ1pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC9hMTQ3NTQtYTdmYi00M2NiLWEzYWUt
MDZkMzYwZGM3MGYzLzEvZFRrR1VhZnR0VDYtOEdwZmFGTi1fRFFzY2FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC9hMTQ3NTQtYTdmYi00M2NiLWEzYWUtMDZkMzYwZGM3MGYz
LzEvaGhnazZiTTB0TlVPZzhTZC1ib1p6aVctZ1pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQXWMA0G
CSqGSIb3DQEBCwUAA4IBAQDbrpQpvWqlNs5oqLogaqr7VqSfNe2sfc8xfSxneSLC
J+TmRIaAjHYu6AMuitgopqHOZN1z+39WbSq36uXYRxZFbyE9kwJ32sECQ+gtPreb
+fQlPykF00yRDQc723ZH3xSYxNVv+Tznkro+ISOvB1l4acsAoEqjwvkWONji4Gb4
HG0aLsPosXg1FyO2Ba+J2UBdU5TbuqyCd5bUo8BlVHcwQ2kgBmwjKz3f1H7Ya9xN
C+Z9tO82urqLB3zVJOiKHJociFqEKcEJkqd6lnXcyNpQUHevKFuiEHA+EDbf65Fg
ul4ufMvMq7AsmOz+temAEFTr3IPJ4uOM2vd1RE4XcGq5
-----END CERTIFICATE-----