Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/Sr8taJwNmM6IUIh68pFCremKsP0.roa
File:                     Sr8taJwNmM6IUIh68pFCremKsP0.roa (raw, json)
Hash identifier:          8hNtlSLs+hgRIJnDDfJh2MIcy6zUGifsMLAL3xiKJ1I=
Subject key identifier:   4A:BF:2D:68:9C:0D:98:CE:88:50:88:7A:F2:91:42:AD:E9:8A:B0:FD
Certificate issuer:       /CN=f62eeb879085c94194297dd9e4cd249cd2516515
Certificate serial:       019C6AF91548061E2FF37031D175E0E7D636
Authority key identifier: F6:2E:EB:87:90:85:C9:41:94:29:7D:D9:E4:CD:24:9C:D2:51:65:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/Sr8taJwNmM6IUIh68pFCremKsP0.roa
Signing time:             Tue 17 Feb 2026 09:40:34 +0000
ROA not before:           Tue 17 Feb 2026 09:40:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8412
IP address blocks:        159.195.116.0/24 maxlen: 24
                          159.195.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6a:f9:15:48:06:1e:2f:f3:70:31:d1:75:e0:e7:d6:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f62eeb879085c94194297dd9e4cd249cd2516515
        Validity
            Not Before: Feb 17 09:40:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4abf2d689c0d98ce8850887af29142ade98ab0fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ca:94:e6:39:9c:a4:f6:dd:ef:78:11:9e:46:
                    f8:42:69:4c:f6:c1:07:c4:05:db:31:76:e0:b0:4d:
                    cd:91:35:e5:ab:0e:d4:17:89:ec:74:9b:75:a7:b8:
                    25:45:87:0e:53:36:ec:8d:f7:fc:f4:af:c9:22:8c:
                    2f:f3:51:7e:cf:66:1b:cf:5c:ad:79:5f:f5:da:ea:
                    71:d8:a6:35:56:fd:31:8b:5e:ef:b1:97:11:fc:25:
                    97:a9:a5:f4:b5:51:16:b3:4d:c9:e5:e7:e9:e7:dd:
                    fd:52:cf:96:ed:d7:90:24:2c:75:45:77:62:d7:bb:
                    85:e6:75:3b:c9:d4:c0:68:93:cb:3c:87:aa:c4:4a:
                    93:8c:13:6e:af:01:ba:14:00:85:98:80:d2:f8:3c:
                    a8:2b:f8:38:be:8d:f0:74:bd:8f:67:46:c5:53:7b:
                    2d:a8:b3:0e:95:82:eb:66:dc:7b:fe:7e:8c:7c:26:
                    19:bd:06:d3:62:66:82:c7:40:c7:09:70:79:44:cf:
                    06:db:5b:d5:33:c0:cf:b1:34:47:dc:58:da:ac:b8:
                    3a:20:de:1c:2d:85:52:8e:23:db:02:05:5a:21:4f:
                    8d:23:f1:55:f9:3b:16:37:74:57:eb:eb:6c:7a:4e:
                    46:2d:a6:d5:80:ff:a6:cf:58:58:5e:2f:ca:5f:0b:
                    7f:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:BF:2D:68:9C:0D:98:CE:88:50:88:7A:F2:91:42:AD:E9:8A:B0:FD
            X509v3 Authority Key Identifier:
                keyid:F6:2E:EB:87:90:85:C9:41:94:29:7D:D9:E4:CD:24:9C:D2:51:65:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/Sr8taJwNmM6IUIh68pFCremKsP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.195.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6c:4d:4b:d7:4b:d8:cd:63:30:b1:15:1b:6e:db:c7:41:76:69:
         8f:ce:9d:8d:a1:42:b5:90:d3:c8:99:a3:43:16:6d:32:3e:e8:
         3f:80:80:03:61:7b:d1:03:12:90:6b:8c:4e:a4:9e:d4:54:52:
         3b:aa:20:c2:f7:97:99:39:3f:cb:66:93:2b:39:f5:b5:40:6d:
         fb:f2:74:96:36:0c:99:a7:ac:46:2a:65:0b:3c:6a:7f:6a:04:
         dd:93:b8:6c:ef:98:ae:d4:8b:e8:5e:25:25:b3:1e:0c:73:73:
         a9:d0:cd:06:91:6b:c9:ba:61:39:69:80:a8:90:da:da:4e:0e:
         7c:4a:0d:69:c0:3c:2b:d1:5f:61:f1:6a:77:5c:80:07:27:b9:
         eb:4c:d6:88:1e:83:87:c3:3d:77:2f:67:10:8b:c6:3e:8c:88:
         69:1d:fc:d3:bd:22:3b:81:8c:f2:1b:78:af:61:67:f2:a2:a9:
         b8:2e:a8:98:c7:d4:fd:f3:d8:16:68:aa:ce:4f:5f:b2:e4:ed:
         0f:e2:2e:d3:c4:d7:ad:d5:96:06:9d:a0:ee:8d:f7:4e:38:e6:
         97:74:16:e8:23:89:a4:0f:4b:4e:b4:d9:40:a3:0f:c0:a2:4d:
         3c:01:3f:84:ba:61:42:b0:c3:61:15:68:a1:b0:13:9f:10:8f:
         10:ab:2c:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxq+RVIBh4v83Ax0XXg59Y2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MmVlYjg3OTA4NWM5NDE5NDI5N2RkOWU0Y2QyNDljZDI1
MTY1MTUwHhcNMjYwMjE3MDk0MDM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWJmMmQ2ODljMGQ5OGNlODg1MDg4N2FmMjkxNDJhZGU5OGFiMGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMqU5jmcpPbd73gRnkb4QmlM9sEH
xAXbMXbgsE3NkTXlqw7UF4nsdJt1p7glRYcOUzbsjff89K/JIowv81F+z2Ybz1yt
eV/12upx2KY1Vv0xi17vsZcR/CWXqaX0tVEWs03J5efp5939Us+W7deQJCx1RXdi
17uF5nU7ydTAaJPLPIeqxEqTjBNurwG6FACFmIDS+DyoK/g4vo3wdL2PZ0bFU3st
qLMOlYLrZtx7/n6MfCYZvQbTYmaCx0DHCXB5RM8G21vVM8DPsTRH3FjarLg6IN4c
LYVSjiPbAgVaIU+NI/FV+TsWN3RX6+tsek5GLabVgP+mz1hYXi/KXwt/TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEq/LWicDZjOiFCIevKRQq3pirD9MB8GA1UdIwQY
MBaAFPYu64eQhclBlCl92eTNJJzSUWUVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWk3cmg1Q0Z5VUdVS1gzWjVNMGtuTkpSWlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS85MWRhOGItMDUwMi00OGRmLTg1MzIt
NWZiZjlhMjliNmUxLzEvU3I4dGFKd05tTTZJVUloNjhwRkNyZW1Lc1AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS85MWRhOGItMDUwMi00OGRmLTg1MzItNWZiZjlhMjliNmUx
LzEvOWk3cmg1Q0Z5VUdVS1gzWjVNMGtuTkpSWlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBn8N0MA0G
CSqGSIb3DQEBCwUAA4IBAQBsTUvXS9jNYzCxFRtu28dBdmmPzp2NoUK1kNPImaND
Fm0yPug/gIADYXvRAxKQa4xOpJ7UVFI7qiDC95eZOT/LZpMrOfW1QG378nSWNgyZ
p6xGKmULPGp/agTdk7hs75iu1IvoXiUlsx4Mc3Op0M0GkWvJumE5aYCokNraTg58
Sg1pwDwr0V9h8Wp3XIAHJ7nrTNaIHoOHwz13L2cQi8Y+jIhpHfzTvSI7gYzyG3iv
YWfyoqm4LqiYx9T989gWaKrOT1+y5O0P4i7TxNet1ZYGnaDujfdOOOaXdBboI4mk
D0tOtNlAow/Aok08AT+EumFCsMNhFWihsBOfEI8Qqyzh
-----END CERTIFICATE-----