Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/QeNhVACyxFJKqaXbNo8Z8YwEt5A.roa
File:                     QeNhVACyxFJKqaXbNo8Z8YwEt5A.roa (raw, json)
Hash identifier:          OeElNp4lZCqMcK7IYTV733mCI1ZF/tCwuGalZKMxgII=
Subject key identifier:   41:E3:61:54:00:B2:C4:52:4A:A9:A5:DB:36:8F:19:F1:8C:04:B7:90
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019C8BB2F8B0E32793BF99CD568CFB8F11B2
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/QeNhVACyxFJKqaXbNo8Z8YwEt5A.roa
Signing time:             Mon 23 Feb 2026 18:11:27 +0000
ROA not before:           Mon 23 Feb 2026 18:11:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210705
IP address blocks:        94.183.151.0/24 maxlen: 24
                          94.183.165.0/24 maxlen: 24
                          94.183.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8b:b2:f8:b0:e3:27:93:bf:99:cd:56:8c:fb:8f:11:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Feb 23 18:11:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=41e3615400b2c4524aa9a5db368f19f18c04b790
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e4:91:03:07:b2:7a:22:3d:5c:87:d4:9d:2f:
                    b4:38:90:c6:83:c7:41:c0:58:2c:e7:10:96:38:84:
                    cf:e3:bb:24:88:c9:a2:6c:a9:a0:72:8a:c9:01:32:
                    35:0a:27:e6:5c:ef:0b:86:6f:89:45:9b:b9:37:b9:
                    81:63:96:f7:ec:43:b6:99:cc:df:2d:25:05:c3:b5:
                    bd:a5:95:73:03:ac:9f:ec:43:7b:b6:34:0f:7e:8f:
                    fb:b7:1b:8d:f6:33:8a:b0:69:47:f0:1f:f6:50:6a:
                    4b:e0:e5:5c:1e:78:13:4f:83:e3:ed:ab:a7:36:a5:
                    91:ac:20:13:44:17:1c:7e:79:44:83:3a:98:b1:87:
                    d6:6a:a4:0d:dd:6b:8a:12:cb:31:1b:56:fb:56:55:
                    f7:a9:90:26:19:8b:89:3d:cd:1d:7e:86:e8:f1:ea:
                    de:93:70:ee:fd:01:66:8f:c6:4c:e7:d7:d5:8e:63:
                    63:a4:fc:46:bb:f8:e9:86:c0:20:38:6e:8b:e5:f6:
                    87:ef:1b:63:8b:21:3c:45:d5:e9:08:13:30:86:8f:
                    0d:86:12:8c:71:ab:7a:82:ee:4b:cf:6a:7d:06:1c:
                    16:bc:a9:16:5c:30:0f:a3:f7:02:c5:f9:b6:01:4d:
                    79:53:c0:e0:28:60:dc:ff:81:c8:c6:da:81:39:0c:
                    72:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:E3:61:54:00:B2:C4:52:4A:A9:A5:DB:36:8F:19:F1:8C:04:B7:90
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/QeNhVACyxFJKqaXbNo8Z8YwEt5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.183.151.0/24
                  94.183.165.0/24
                  94.183.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:c4:fd:e1:00:a8:eb:2e:c6:ef:e8:7d:9c:57:d4:35:65:75:
         6d:5a:dc:9d:cd:96:d7:b2:d5:16:3c:cd:b8:1d:54:0b:a4:2f:
         e5:e2:b0:7d:71:fa:61:47:78:ad:cc:d9:1a:46:97:1f:94:4e:
         56:56:32:49:e4:0d:8f:c1:d6:e6:bd:41:89:9b:34:34:f4:54:
         c8:8b:b6:52:d9:0f:7b:e1:9a:22:c3:41:9a:5b:23:7e:e8:08:
         e0:62:a1:d7:57:91:1e:b9:ec:1d:fa:0e:71:7f:aa:1a:50:01:
         6c:e9:f7:9e:04:b5:25:05:2f:6f:1c:54:b2:71:df:1f:63:e8:
         75:95:42:26:d1:bd:b4:13:a3:55:47:c0:ef:bf:e8:37:77:66:
         75:d4:c9:af:cd:e6:35:50:ac:25:8d:ed:11:b5:2d:71:71:53:
         6f:ba:e8:60:cc:78:7a:45:9f:ae:6f:ae:6c:38:52:1f:0e:68:
         21:a8:16:00:33:f4:4c:92:2a:12:11:08:0d:41:4f:9a:58:07:
         ef:cf:cd:cb:38:9a:01:34:d0:40:40:5a:39:b9:7e:74:f5:e9:
         27:fd:2b:26:60:24:44:1e:69:22:14:54:ef:7a:28:ae:18:1d:
         6a:d6:66:63:6d:9f:d4:74:5d:56:51:9b:eb:5a:c0:17:a2:50:
         55:0b:ed:32
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZyLsviw4yeTv5nNVoz7jxGyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMjIzMTgxMTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWUzNjE1NDAwYjJjNDUyNGFhOWE1ZGIzNjhmMTlmMThjMDRiNzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOSRAweyeiI9XIfUnS+0OJDGg8dB
wFgs5xCWOITP47skiMmibKmgcorJATI1CifmXO8Lhm+JRZu5N7mBY5b37EO2mczf
LSUFw7W9pZVzA6yf7EN7tjQPfo/7txuN9jOKsGlH8B/2UGpL4OVcHngTT4Pj7aun
NqWRrCATRBccfnlEgzqYsYfWaqQN3WuKEssxG1b7VlX3qZAmGYuJPc0dfobo8ere
k3Du/QFmj8ZM59fVjmNjpPxGu/jphsAgOG6L5faH7xtjiyE8RdXpCBMwho8NhhKM
cat6gu5Lz2p9BhwWvKkWXDAPo/cCxfm2AU15U8DgKGDc/4HIxtqBOQxy0QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEHjYVQAssRSSqml2zaPGfGMBLeQMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUWVOaFZBQ3l4RkpLcWFYYk5vOFo4WXdFdDVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXreXAwQA
XrelAwQAXreuMA0GCSqGSIb3DQEBCwUAA4IBAQCBxP3hAKjrLsbv6H2cV9Q1ZXVt
WtydzZbXstUWPM24HVQLpC/l4rB9cfphR3itzNkaRpcflE5WVjJJ5A2PwdbmvUGJ
mzQ09FTIi7ZS2Q974Zoiw0GaWyN+6AjgYqHXV5Eeuewd+g5xf6oaUAFs6feeBLUl
BS9vHFSycd8fY+h1lUIm0b20E6NVR8Dvv+g3d2Z11MmvzeY1UKwlje0RtS1xcVNv
uuhgzHh6RZ+ub65sOFIfDmghqBYAM/RMkioSEQgNQU+aWAfvz83LOJoBNNBAQFo5
uX509ekn/SsmYCREHmkiFFTveiiuGB1q1mZjbZ/UdF1WUZvrWsAXolBVC+0y
-----END CERTIFICATE-----