Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/HiDQGh9tfAy0mjzc4vU4LdPZdPM.roa
File:                     HiDQGh9tfAy0mjzc4vU4LdPZdPM.roa (raw, json)
Hash identifier:          ngSN4dUXkl6JSbwgGXyjyGj91rHeKto10UZRgle4Wvc=
Subject key identifier:   1E:20:D0:1A:1F:6D:7C:0C:B4:9A:3C:DC:E2:F5:38:2D:D3:D9:74:F3
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       019C7066867EAC6501D7A26D36E25C1167A1
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/HiDQGh9tfAy0mjzc4vU4LdPZdPM.roa
Signing time:             Wed 18 Feb 2026 10:58:13 +0000
ROA not before:           Wed 18 Feb 2026 10:58:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210392
IP address blocks:        178.239.152.0/24 maxlen: 24
                          185.212.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 10:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:70:66:86:7e:ac:65:01:d7:a2:6d:36:e2:5c:11:67:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Feb 18 10:58:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1e20d01a1f6d7c0cb49a3cdce2f5382dd3d974f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b9:c3:93:f1:25:a3:51:2e:ae:72:af:c7:9c:
                    c7:b7:0a:55:b0:af:ed:13:9b:66:42:ce:20:b7:61:
                    52:6d:3e:73:0e:5f:6c:ff:cb:27:ef:09:42:92:ad:
                    bd:29:bf:1b:7d:5f:95:ea:bc:d8:0d:45:50:58:1f:
                    38:a8:a5:72:79:16:1d:5e:b8:be:22:04:4b:3f:c1:
                    1c:f8:27:a1:dd:a6:17:5b:7e:dd:f5:ba:3f:de:35:
                    bc:ab:53:3e:76:34:f0:6d:1b:5b:74:fc:bb:a7:52:
                    40:4d:49:be:ce:72:df:4f:cb:c2:0e:6b:fa:17:48:
                    35:5a:9e:e6:6f:43:05:c1:22:ad:5c:46:c9:60:42:
                    38:d5:36:39:ce:4f:41:7b:d1:30:ca:b9:b8:35:0e:
                    e6:b1:c9:ba:67:e6:f5:1d:57:44:f1:f6:3d:8d:da:
                    7a:5c:8a:3a:05:1f:7b:94:3f:03:70:16:8e:8d:78:
                    75:a2:53:7c:51:ab:f7:58:bd:b4:a0:7e:8e:c4:e2:
                    7b:e8:36:92:60:dc:23:b8:09:ed:91:63:b0:ad:ff:
                    77:3d:cc:87:e2:83:f0:ff:08:4b:03:d0:6d:67:7e:
                    33:50:1d:0b:27:84:e8:41:a7:89:1c:d6:aa:3b:6a:
                    03:00:6f:93:45:fd:3d:dd:c3:a8:54:6b:66:16:01:
                    a8:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:20:D0:1A:1F:6D:7C:0C:B4:9A:3C:DC:E2:F5:38:2D:D3:D9:74:F3
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/HiDQGh9tfAy0mjzc4vU4LdPZdPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.152.0/24
                  185.212.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:80:8b:55:0c:9c:42:c0:ce:ab:27:d9:a2:73:c7:2d:be:b2:
         58:3a:65:c8:5b:9f:1e:f4:79:9f:4c:7b:3c:ca:2a:d5:29:f9:
         c3:7a:6f:bd:71:4d:29:c6:94:37:73:df:4b:91:a0:53:5f:d3:
         59:ac:42:ff:84:0e:7c:0d:eb:2d:47:22:da:c2:0f:d9:62:e3:
         7e:b6:00:34:2f:84:08:dc:4a:23:c7:e1:bc:08:2b:e7:2e:a6:
         17:c9:a8:df:3d:9f:cd:22:c9:17:61:6f:1c:f8:a6:5e:a4:72:
         d4:7e:0e:0a:46:2a:89:da:d2:42:8c:ab:26:78:ea:4c:34:05:
         38:bb:e4:f4:e7:f1:98:d8:28:d1:76:02:ec:b8:a1:6a:45:30:
         c0:fb:9c:76:93:d4:47:5c:5b:df:18:ef:a2:7a:10:8e:a0:b0:
         5f:56:2e:e8:02:a5:a0:c1:5b:42:30:44:94:5b:0b:3a:07:ac:
         e3:85:e7:af:78:08:b0:44:fe:a8:f1:8b:c4:05:6e:5e:78:f4:
         ae:2b:c2:39:9b:0e:96:62:e2:07:a0:5c:39:11:5b:f6:03:f4:
         ae:4a:48:c7:52:1a:37:a1:c9:95:16:db:36:d0:99:05:8a:8f:
         bf:ac:97:d8:8e:a4:16:d7:01:62:00:a3:8d:89:92:bf:03:9b:
         1c:03:2c:85
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxwZoZ+rGUB16JtNuJcEWehMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjYwMjE4MTA1ODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTIwZDAxYTFmNmQ3YzBjYjQ5YTNjZGNlMmY1MzgyZGQzZDk3NGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLnDk/Elo1EurnKvx5zHtwpVsK/t
E5tmQs4gt2FSbT5zDl9s/8sn7wlCkq29Kb8bfV+V6rzYDUVQWB84qKVyeRYdXri+
IgRLP8Ec+Ceh3aYXW37d9bo/3jW8q1M+djTwbRtbdPy7p1JATUm+znLfT8vCDmv6
F0g1Wp7mb0MFwSKtXEbJYEI41TY5zk9Be9Ewyrm4NQ7mscm6Z+b1HVdE8fY9jdp6
XIo6BR97lD8DcBaOjXh1olN8Uav3WL20oH6OxOJ76DaSYNwjuAntkWOwrf93PcyH
4oPw/whLA9BtZ34zUB0LJ4ToQaeJHNaqO2oDAG+TRf093cOoVGtmFgGo1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB4g0BofbXwMtJo83OL1OC3T2XTzMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvSGlEUUdoOXRmQXkwbWp6YzR2VTRMZFBaZFBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsu+YAwQA
udQwMA0GCSqGSIb3DQEBCwUAA4IBAQAtgItVDJxCwM6rJ9mic8ctvrJYOmXIW58e
9HmfTHs8yirVKfnDem+9cU0pxpQ3c99LkaBTX9NZrEL/hA58DestRyLawg/ZYuN+
tgA0L4QI3Eojx+G8CCvnLqYXyajfPZ/NIskXYW8c+KZepHLUfg4KRiqJ2tJCjKsm
eOpMNAU4u+T05/GY2CjRdgLsuKFqRTDA+5x2k9RHXFvfGO+iehCOoLBfVi7oAqWg
wVtCMESUWws6B6zjheeveAiwRP6o8YvEBW5eePSuK8I5mw6WYuIHoFw5EVv2A/Su
SkjHUho3ocmVFts20JkFio+/rJfYjqQW1wFiAKONiZK/A5scAyyF
-----END CERTIFICATE-----