Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/750d92-2de0-4f3a-bdd4-bf95c912e7a5/1/VRtorJZHOLzlaL68HjLyyfhrnjM.roa
File:                     VRtorJZHOLzlaL68HjLyyfhrnjM.roa (raw, json)
Hash identifier:          0WG5QGGc5ZdP1oBMABkKf9EHRt8+XEO8wLQn99x+rtA=
Subject key identifier:   55:1B:68:AC:96:47:38:BC:E5:68:BE:BC:1E:32:F2:C9:F8:6B:9E:33
Certificate issuer:       /CN=9fab26753b895e7f3fd9b86095ce04ee3e132cc9
Certificate serial:       019C8B7946C4AA5153F497DC55E8F651AC2D
Authority key identifier: 9F:AB:26:75:3B:89:5E:7F:3F:D9:B8:60:95:CE:04:EE:3E:13:2C:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n6smdTuJXn8_2bhglc4E7j4TLMk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/750d92-2de0-4f3a-bdd4-bf95c912e7a5/1/VRtorJZHOLzlaL68HjLyyfhrnjM.roa
Signing time:             Mon 23 Feb 2026 17:08:26 +0000
ROA not before:           Mon 23 Feb 2026 17:08:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200753
IP address blocks:        95.215.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/750d92-2de0-4f3a-bdd4-bf95c912e7a5/1/n6smdTuJXn8_2bhglc4E7j4TLMk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/750d92-2de0-4f3a-bdd4-bf95c912e7a5/1/n6smdTuJXn8_2bhglc4E7j4TLMk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n6smdTuJXn8_2bhglc4E7j4TLMk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8b:79:46:c4:aa:51:53:f4:97:dc:55:e8:f6:51:ac:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9fab26753b895e7f3fd9b86095ce04ee3e132cc9
        Validity
            Not Before: Feb 23 17:08:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=551b68ac964738bce568bebc1e32f2c9f86b9e33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:ba:c5:f4:ef:5f:ad:37:01:65:8e:b7:21:c9:
                    3f:28:e6:7a:af:93:75:2a:aa:ef:48:64:92:b3:27:
                    75:c0:72:a9:b4:7c:aa:24:12:e4:3f:8b:96:31:50:
                    3d:b5:00:53:86:18:72:30:0a:c1:f1:5f:6c:c4:41:
                    4c:28:04:4d:b3:80:fe:60:16:6f:5a:1d:77:b9:af:
                    91:fa:cb:d5:98:c8:a9:a9:7b:16:44:19:df:fb:ac:
                    ca:e5:90:73:1d:f7:f8:51:a5:78:c2:29:81:9a:41:
                    29:a3:bc:95:48:0b:3c:ae:91:db:a1:17:a8:21:23:
                    db:f2:98:9c:1e:ca:42:63:b6:09:35:4a:28:92:36:
                    d3:9f:08:51:12:cd:3c:7b:38:dc:cb:0f:bd:11:5f:
                    eb:77:c6:76:cf:3a:f4:ac:17:4d:c3:df:1f:81:28:
                    91:b8:28:5e:df:ab:92:3a:0d:88:13:c8:eb:75:4e:
                    1f:e4:d3:a0:f2:f1:80:30:57:d0:a4:b5:62:6f:e8:
                    df:67:8d:8b:83:16:9c:9b:cc:98:f1:4b:5d:09:b9:
                    66:2a:5b:dc:b2:77:57:ac:ee:61:bb:be:45:63:7e:
                    83:d1:5b:fb:a9:ff:be:20:b1:56:4d:11:99:19:3b:
                    a6:62:6c:cc:70:37:ac:0b:4d:50:40:bf:46:14:9f:
                    50:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:1B:68:AC:96:47:38:BC:E5:68:BE:BC:1E:32:F2:C9:F8:6B:9E:33
            X509v3 Authority Key Identifier:
                keyid:9F:AB:26:75:3B:89:5E:7F:3F:D9:B8:60:95:CE:04:EE:3E:13:2C:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n6smdTuJXn8_2bhglc4E7j4TLMk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/750d92-2de0-4f3a-bdd4-bf95c912e7a5/1/VRtorJZHOLzlaL68HjLyyfhrnjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/750d92-2de0-4f3a-bdd4-bf95c912e7a5/1/n6smdTuJXn8_2bhglc4E7j4TLMk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.215.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:a6:6e:98:a4:44:d4:30:eb:69:e1:97:29:46:51:04:e6:23:
         b5:9a:c3:5c:00:cf:17:54:19:54:76:9b:77:b2:26:ff:13:1d:
         89:c8:bd:df:c7:1a:1b:8e:27:95:94:88:5b:3b:d1:c4:48:31:
         2f:c8:f2:d8:b3:be:33:1a:13:7f:8f:90:1d:8c:3e:35:7f:13:
         e4:a7:9d:b5:ed:df:5a:bc:45:fc:a0:21:01:07:f4:e6:d6:57:
         03:0c:d3:b2:39:dc:a3:c7:81:ac:87:5d:71:f6:4d:ea:3d:e5:
         a7:a0:c2:e8:86:39:34:f4:f4:8b:27:4d:d1:2d:54:31:10:69:
         88:3d:84:61:97:28:aa:81:85:6f:cf:91:18:66:22:3e:90:72:
         8f:e0:2d:42:d9:8c:a1:6e:ab:cb:8f:6a:2b:d5:8b:51:3f:90:
         7b:11:67:f5:ef:a6:d8:e5:65:36:25:65:5b:c8:59:e9:b5:3d:
         36:92:57:9f:40:19:0c:c9:33:05:19:a3:c5:0b:c5:18:79:d9:
         f4:85:ac:4d:8a:2d:01:b0:48:a1:aa:b9:0b:c2:32:01:bb:ba:
         4c:db:43:a7:52:fa:7c:79:d2:a4:a6:25:f3:ae:d2:53:af:14:
         27:63:7b:ad:aa:8f:ed:22:2c:f9:f5:c8:b4:2c:3f:d2:f4:2c:
         83:65:10:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyLeUbEqlFT9JfcVej2UawtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYWIyNjc1M2I4OTVlN2YzZmQ5Yjg2MDk1Y2UwNGVlM2Ux
MzJjYzkwHhcNMjYwMjIzMTcwODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTFiNjhhYzk2NDczOGJjZTU2OGJlYmMxZTMyZjJjOWY4NmI5ZTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibrF9O9frTcBZY63Ick/KOZ6r5N1
KqrvSGSSsyd1wHKptHyqJBLkP4uWMVA9tQBThhhyMArB8V9sxEFMKARNs4D+YBZv
Wh13ua+R+svVmMipqXsWRBnf+6zK5ZBzHff4UaV4wimBmkEpo7yVSAs8rpHboReo
ISPb8picHspCY7YJNUookjbTnwhREs08ezjcyw+9EV/rd8Z2zzr0rBdNw98fgSiR
uChe36uSOg2IE8jrdU4f5NOg8vGAMFfQpLVib+jfZ42Lgxacm8yY8UtdCblmKlvc
sndXrO5hu75FY36D0Vv7qf++ILFWTRGZGTumYmzMcDesC01QQL9GFJ9QOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFUbaKyWRzi85Wi+vB4y8sn4a54zMB8GA1UdIwQY
MBaAFJ+rJnU7iV5/P9m4YJXOBO4+EyzJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjZzbWRUdUpYbjhfMmJoZ2xjNEU3ajRUTE1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi83NTBkOTItMmRlMC00ZjNhLWJkZDQt
YmY5NWM5MTJlN2E1LzEvVlJ0b3JKWkhPTHpsYUw2OEhqTHl5ZmhybmpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi83NTBkOTItMmRlMC00ZjNhLWJkZDQtYmY5NWM5MTJlN2E1
LzEvbjZzbWRUdUpYbjhfMmJoZ2xjNEU3ajRUTE1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX9frMA0G
CSqGSIb3DQEBCwUAA4IBAQAdpm6YpETUMOtp4ZcpRlEE5iO1msNcAM8XVBlUdpt3
sib/Ex2JyL3fxxobjieVlIhbO9HESDEvyPLYs74zGhN/j5AdjD41fxPkp5217d9a
vEX8oCEBB/Tm1lcDDNOyOdyjx4Gsh11x9k3qPeWnoMLohjk09PSLJ03RLVQxEGmI
PYRhlyiqgYVvz5EYZiI+kHKP4C1C2YyhbqvLj2or1YtRP5B7EWf176bY5WU2JWVb
yFnptT02klefQBkMyTMFGaPFC8UYedn0haxNii0BsEihqrkLwjIBu7pM20OnUvp8
edKkpiXzrtJTrxQnY3utqo/tIiz59ci0LD/S9CyDZRDH
-----END CERTIFICATE-----