Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/68bff6-7b2c-4ecf-8006-ed14af6db888/1/HW91ceRJgWG3iZvp7l-CZ4g114o.roa
File:                     HW91ceRJgWG3iZvp7l-CZ4g114o.roa (raw, json)
Hash identifier:          DJW7zDRRrxF8a0KLlMx4QW/WpXaZuql+x/3IqGrDfJE=
Subject key identifier:   1D:6F:75:71:E4:49:81:61:B7:89:9B:E9:EE:5F:82:67:88:35:D7:8A
Certificate issuer:       /CN=e686965509a649c508ab8ab72f7257bef35f7930
Certificate serial:       019C7555F46B318D3EBC2B0A78D9DCAB816E
Authority key identifier: E6:86:96:55:09:A6:49:C5:08:AB:8A:B7:2F:72:57:BE:F3:5F:79:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5oaWVQmmScUIq4q3L3JXvvNfeTA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/68bff6-7b2c-4ecf-8006-ed14af6db888/1/HW91ceRJgWG3iZvp7l-CZ4g114o.roa
Signing time:             Thu 19 Feb 2026 09:58:13 +0000
ROA not before:           Thu 19 Feb 2026 09:58:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16190
IP address blocks:        91.195.255.0/24 maxlen: 24
                          91.198.108.0/23 maxlen: 23
                          91.198.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/68bff6-7b2c-4ecf-8006-ed14af6db888/1/5oaWVQmmScUIq4q3L3JXvvNfeTA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/68bff6-7b2c-4ecf-8006-ed14af6db888/1/5oaWVQmmScUIq4q3L3JXvvNfeTA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5oaWVQmmScUIq4q3L3JXvvNfeTA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:75:55:f4:6b:31:8d:3e:bc:2b:0a:78:d9:dc:ab:81:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e686965509a649c508ab8ab72f7257bef35f7930
        Validity
            Not Before: Feb 19 09:58:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1d6f7571e4498161b7899be9ee5f82678835d78a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:1d:ad:b5:e1:46:03:d8:4a:5b:fd:25:4f:e6:
                    f4:0d:74:d7:31:3f:71:b4:71:8f:6a:cf:3d:c8:0c:
                    d3:cb:bc:fa:7a:04:2c:60:66:94:4b:28:68:4e:16:
                    a5:72:65:50:52:21:0d:13:8b:6c:a3:92:d3:b5:c1:
                    9a:3c:02:80:83:15:8b:bf:07:b4:de:0b:92:ca:ea:
                    13:33:fa:09:08:d8:4f:21:fa:8b:07:ee:80:46:68:
                    d9:d0:11:20:8d:b5:75:2d:92:0c:92:05:6f:a5:84:
                    71:db:8d:6c:ea:28:d0:14:af:27:5a:be:e8:de:8f:
                    cf:29:ab:d5:39:07:00:ca:68:c4:26:02:c5:0d:9c:
                    61:f7:9c:f7:f2:36:09:cb:e1:c3:5b:9f:cb:5d:74:
                    cf:aa:f5:f4:02:02:6d:fe:58:df:b4:11:7d:74:ad:
                    72:68:98:dc:c8:b3:d8:c3:a6:3a:76:a8:73:26:e7:
                    89:69:f1:ad:2d:78:02:22:a7:81:fd:6c:b0:12:19:
                    5c:35:5f:bd:5e:fe:88:47:f2:f8:70:20:17:44:d7:
                    f8:43:b2:0f:6b:4a:64:0c:e9:eb:ef:36:2e:0e:f4:
                    d5:2a:78:df:d7:6b:d1:b3:c8:70:62:15:ff:c3:d1:
                    af:c9:f8:79:f3:64:07:ed:b9:03:a0:d5:5c:01:96:
                    f3:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:6F:75:71:E4:49:81:61:B7:89:9B:E9:EE:5F:82:67:88:35:D7:8A
            X509v3 Authority Key Identifier:
                keyid:E6:86:96:55:09:A6:49:C5:08:AB:8A:B7:2F:72:57:BE:F3:5F:79:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5oaWVQmmScUIq4q3L3JXvvNfeTA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/68bff6-7b2c-4ecf-8006-ed14af6db888/1/HW91ceRJgWG3iZvp7l-CZ4g114o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/68bff6-7b2c-4ecf-8006-ed14af6db888/1/5oaWVQmmScUIq4q3L3JXvvNfeTA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.255.0/24
                  91.198.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3e:e3:24:e4:c1:6f:8f:e0:33:f4:4f:52:e5:7c:f9:aa:77:46:
         5f:c8:63:b0:2d:c9:d7:d3:af:12:d5:db:cf:bc:44:98:a6:f5:
         5c:9f:29:b1:07:74:ad:36:36:ea:36:09:96:6d:2e:62:6b:f8:
         de:b5:98:9f:7f:33:1b:ea:0c:d3:05:cc:83:76:30:9a:60:56:
         e0:3f:01:6c:3e:ce:e1:21:cd:29:c2:7d:20:da:42:f9:b5:91:
         19:5a:fe:a2:f7:3a:9d:2d:f9:ba:08:45:a7:3f:09:5c:d6:59:
         d4:39:45:b5:46:c4:14:63:09:a5:fc:07:37:34:4d:b0:c0:08:
         e7:c7:2f:4e:56:ae:ca:f3:02:1e:b3:51:ad:a9:fa:d2:5d:0a:
         bf:4a:8b:36:b9:a8:37:63:cc:54:74:96:86:b7:81:92:c4:71:
         07:5b:a3:95:f3:27:a9:03:c6:27:aa:78:1a:1a:41:2e:1f:9d:
         f2:a7:50:02:ce:64:05:e7:77:1d:f9:53:21:1c:7f:ec:f4:ad:
         6d:50:cf:fa:2f:7c:6c:d2:74:c8:cf:01:50:08:62:49:c1:fd:
         1b:c3:80:11:8a:10:74:d9:51:00:c5:39:d5:91:52:32:af:b1:
         c4:db:57:6f:4b:34:33:bf:07:aa:69:70:12:58:35:76:83:d5:
         70:bd:6f:9c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZx1VfRrMY0+vCsKeNncq4FuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2ODY5NjU1MDlhNjQ5YzUwOGFiOGFiNzJmNzI1N2JlZjM1
Zjc5MzAwHhcNMjYwMjE5MDk1ODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDZmNzU3MWU0NDk4MTYxYjc4OTliZTllZTVmODI2Nzg4MzVkNzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlh2tteFGA9hKW/0lT+b0DXTXMT9x
tHGPas89yAzTy7z6egQsYGaUSyhoThalcmVQUiENE4tso5LTtcGaPAKAgxWLvwe0
3guSyuoTM/oJCNhPIfqLB+6ARmjZ0BEgjbV1LZIMkgVvpYRx241s6ijQFK8nWr7o
3o/PKavVOQcAymjEJgLFDZxh95z38jYJy+HDW5/LXXTPqvX0AgJt/ljftBF9dK1y
aJjcyLPYw6Y6dqhzJueJafGtLXgCIqeB/WywEhlcNV+9Xv6IR/L4cCAXRNf4Q7IP
a0pkDOnr7zYuDvTVKnjf12vRs8hwYhX/w9Gvyfh582QH7bkDoNVcAZbzewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB1vdXHkSYFht4mb6e5fgmeINdeKMB8GA1UdIwQY
MBaAFOaGllUJpknFCKuKty9yV77zX3kwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNW9hV1ZRbW1TY1VJcTRxM0wzSlh2dk5mZVRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS82OGJmZjYtN2IyYy00ZWNmLTgwMDYt
ZWQxNGFmNmRiODg4LzEvSFc5MWNlUkpnV0czaVp2cDdsLUNaNGcxMTRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS82OGJmZjYtN2IyYy00ZWNmLTgwMDYtZWQxNGFmNmRiODg4
LzEvNW9hV1ZRbW1TY1VJcTRxM0wzSlh2dk5mZVRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8P/AwQB
W8ZsMA0GCSqGSIb3DQEBCwUAA4IBAQA+4yTkwW+P4DP0T1LlfPmqd0ZfyGOwLcnX
068S1dvPvESYpvVcnymxB3StNjbqNgmWbS5ia/jetZiffzMb6gzTBcyDdjCaYFbg
PwFsPs7hIc0pwn0g2kL5tZEZWv6i9zqdLfm6CEWnPwlc1lnUOUW1RsQUYwml/Ac3
NE2wwAjnxy9OVq7K8wIes1GtqfrSXQq/Sos2uag3Y8xUdJaGt4GSxHEHW6OV8yep
A8YnqngaGkEuH53yp1ACzmQF53cd+VMhHH/s9K1tUM/6L3xs0nTIzwFQCGJJwf0b
w4ARihB02VEAxTnVkVIyr7HE21dvSzQzvweqaXASWDV2g9VwvW+c
-----END CERTIFICATE-----