Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/d00e3d-54c7-436f-a8ce-338aa0cf98e2/1/hrCfuMVXLBCd5tVXj7Gmqzx0zMA.roa
File:                     hrCfuMVXLBCd5tVXj7Gmqzx0zMA.roa (raw, json)
Hash identifier:          lBA8s9K0T2c9sC0fKCrfeOpYhHxaUfWtbc2uSEp45FI=
Subject key identifier:   86:B0:9F:B8:C5:57:2C:10:9D:E6:D5:57:8F:B1:A6:AB:3C:74:CC:C0
Certificate issuer:       /CN=3f06c9df3fa8f93d9ef0ed04b1ca0435db8bc650
Certificate serial:       019C6B12628D3E6FA85111A5ED9574536F2E
Authority key identifier: 3F:06:C9:DF:3F:A8:F9:3D:9E:F0:ED:04:B1:CA:04:35:DB:8B:C6:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PwbJ3z-o-T2e8O0EscoENduLxlA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/d00e3d-54c7-436f-a8ce-338aa0cf98e2/1/hrCfuMVXLBCd5tVXj7Gmqzx0zMA.roa
Signing time:             Tue 17 Feb 2026 10:08:12 +0000
ROA not before:           Tue 17 Feb 2026 10:08:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35228
IP address blocks:        185.132.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/d00e3d-54c7-436f-a8ce-338aa0cf98e2/1/PwbJ3z-o-T2e8O0EscoENduLxlA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/d00e3d-54c7-436f-a8ce-338aa0cf98e2/1/PwbJ3z-o-T2e8O0EscoENduLxlA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PwbJ3z-o-T2e8O0EscoENduLxlA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 06:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6b:12:62:8d:3e:6f:a8:51:11:a5:ed:95:74:53:6f:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f06c9df3fa8f93d9ef0ed04b1ca0435db8bc650
        Validity
            Not Before: Feb 17 10:08:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=86b09fb8c5572c109de6d5578fb1a6ab3c74ccc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:01:f3:4d:83:a1:75:2b:6a:2f:83:ef:3f:0f:
                    98:1d:15:8f:fa:04:88:98:5a:e2:33:6a:b3:22:d7:
                    0b:fc:9f:91:40:d6:e5:49:c0:d9:d8:cb:3f:c1:5d:
                    42:e8:83:b6:c2:4c:88:fc:bf:0c:c7:d1:fc:de:85:
                    ed:ea:59:dd:68:84:45:46:37:e3:ca:68:d4:8b:21:
                    9f:36:4a:02:b0:be:a7:0b:ae:ca:cf:3c:6c:8a:7a:
                    bd:db:cf:58:77:d3:d9:7f:3a:d1:48:cc:f2:54:be:
                    ee:44:5a:0d:7d:b1:55:ba:56:a6:9e:33:22:93:85:
                    a2:3d:ba:0f:de:96:c0:32:d7:3f:f5:78:30:5b:42:
                    64:49:11:fa:51:a2:c8:ab:b0:c5:8f:de:97:0a:2b:
                    84:b6:b0:ce:97:a6:96:9c:f5:0d:fe:f8:9e:b2:33:
                    74:69:06:03:43:11:d0:a1:1c:0e:f5:ec:d7:e6:d4:
                    41:89:79:70:96:0a:7c:17:ed:f1:57:00:c1:c5:85:
                    52:4c:d4:08:b3:78:84:3d:37:33:3e:b0:eb:ee:26:
                    21:42:4f:e3:d5:19:3c:5f:0b:ef:ea:ce:4c:79:b4:
                    98:d7:58:12:42:33:77:95:01:54:5c:ed:78:ae:7a:
                    57:7c:27:f8:9f:49:23:c2:6c:d1:36:09:32:e8:cd:
                    c4:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:B0:9F:B8:C5:57:2C:10:9D:E6:D5:57:8F:B1:A6:AB:3C:74:CC:C0
            X509v3 Authority Key Identifier:
                keyid:3F:06:C9:DF:3F:A8:F9:3D:9E:F0:ED:04:B1:CA:04:35:DB:8B:C6:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PwbJ3z-o-T2e8O0EscoENduLxlA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/d00e3d-54c7-436f-a8ce-338aa0cf98e2/1/hrCfuMVXLBCd5tVXj7Gmqzx0zMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/d00e3d-54c7-436f-a8ce-338aa0cf98e2/1/PwbJ3z-o-T2e8O0EscoENduLxlA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.132.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:46:0f:ad:a4:dc:25:c0:7f:63:f9:ce:50:01:e3:df:3b:df:
         61:44:97:cd:13:54:44:bc:6c:3e:7f:5b:54:82:e7:5c:64:41:
         a0:75:46:ac:92:82:13:00:b4:c2:13:23:34:1e:bd:c0:3c:60:
         6a:c9:e9:9e:8c:3f:1f:59:79:a7:5d:db:76:6f:b7:e4:7e:4e:
         6f:a6:ee:a3:74:c6:82:60:68:a2:cc:97:b2:02:b1:0d:dd:2c:
         7f:27:b8:da:35:c8:21:7a:da:b7:2d:15:15:95:97:d9:5b:2c:
         17:6d:d4:7d:7b:fb:9e:a7:bd:99:4c:63:d2:27:51:77:73:52:
         b3:4d:9f:31:37:c7:54:67:7c:95:6f:6f:45:d2:4b:ab:ae:74:
         31:be:bb:b7:0c:c5:a8:ef:6c:4c:36:9a:be:b3:de:8d:77:46:
         dc:7b:ab:f4:a9:82:0a:06:eb:44:1a:ee:37:e2:52:14:68:6f:
         34:bb:c9:8f:7b:57:52:7a:56:b2:c7:82:b1:b4:68:82:b9:77:
         6b:57:3b:3c:bf:0f:63:d0:a2:e6:ee:8b:93:06:7b:db:ec:85:
         65:d7:74:7f:1f:d5:bb:4e:68:7f:a8:66:7f:8d:f9:59:4b:88:
         59:dd:c5:2d:47:9f:91:a5:ce:ad:ac:1a:64:e7:21:48:19:8a:
         37:66:95:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxrEmKNPm+oURGl7ZV0U28uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmMDZjOWRmM2ZhOGY5M2Q5ZWYwZWQwNGIxY2EwNDM1ZGI4
YmM2NTAwHhcNMjYwMjE3MTAwODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmIwOWZiOGM1NTcyYzEwOWRlNmQ1NTc4ZmIxYTZhYjNjNzRjY2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQHzTYOhdStqL4PvPw+YHRWP+gSI
mFriM2qzItcL/J+RQNblScDZ2Ms/wV1C6IO2wkyI/L8Mx9H83oXt6lndaIRFRjfj
ymjUiyGfNkoCsL6nC67Kzzxsinq9289Yd9PZfzrRSMzyVL7uRFoNfbFVulamnjMi
k4WiPboP3pbAMtc/9XgwW0JkSRH6UaLIq7DFj96XCiuEtrDOl6aWnPUN/viesjN0
aQYDQxHQoRwO9ezX5tRBiXlwlgp8F+3xVwDBxYVSTNQIs3iEPTczPrDr7iYhQk/j
1Rk8Xwvv6s5MebSY11gSQjN3lQFUXO14rnpXfCf4n0kjwmzRNgky6M3EXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIawn7jFVywQnebVV4+xpqs8dMzAMB8GA1UdIwQY
MBaAFD8Gyd8/qPk9nvDtBLHKBDXbi8ZQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHdiSjN6LW8tVDJlOE8wRXNjb0VOZHVMeGxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9kMDBlM2QtNTRjNy00MzZmLWE4Y2Ut
MzM4YWEwY2Y5OGUyLzEvaHJDZnVNVlhMQkNkNXRWWGo3R21xengwek1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9kMDBlM2QtNTRjNy00MzZmLWE4Y2UtMzM4YWEwY2Y5OGUy
LzEvUHdiSjN6LW8tVDJlOE8wRXNjb0VOZHVMeGxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYRUMA0G
CSqGSIb3DQEBCwUAA4IBAQBPRg+tpNwlwH9j+c5QAePfO99hRJfNE1REvGw+f1tU
gudcZEGgdUaskoITALTCEyM0Hr3APGBqyemejD8fWXmnXdt2b7fkfk5vpu6jdMaC
YGiizJeyArEN3Sx/J7jaNcghetq3LRUVlZfZWywXbdR9e/uep72ZTGPSJ1F3c1Kz
TZ8xN8dUZ3yVb29F0kurrnQxvru3DMWo72xMNpq+s96Nd0bce6v0qYIKButEGu43
4lIUaG80u8mPe1dSelayx4KxtGiCuXdrVzs8vw9j0KLm7ouTBnvb7IVl13R/H9W7
Tmh/qGZ/jflZS4hZ3cUtR5+Rpc6trBpk5yFIGYo3ZpX7
-----END CERTIFICATE-----