Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/swR_Z9z-P1-UQXa_nwSffTHt6UI.roa
File:                     swR_Z9z-P1-UQXa_nwSffTHt6UI.roa (raw, json)
Hash identifier:          yCwHNZiacsXrTInmUOK1+VM+sFy5izBjisUtpKkkLEQ=
Subject key identifier:   B3:04:7F:67:DC:FE:3F:5F:94:41:76:BF:9F:04:9F:7D:31:ED:E9:42
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019C71B685D5D16249F5F13A15BEE9C4F9CF
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/swR_Z9z-P1-UQXa_nwSffTHt6UI.roa
Signing time:             Wed 18 Feb 2026 17:05:13 +0000
ROA not before:           Wed 18 Feb 2026 17:05:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200938
IP address blocks:        62.76.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:71:b6:85:d5:d1:62:49:f5:f1:3a:15:be:e9:c4:f9:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Feb 18 17:05:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b3047f67dcfe3f5f944176bf9f049f7d31ede942
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:6d:d8:27:5b:50:0d:9b:59:70:ac:19:e9:d9:
                    65:d0:84:88:cf:7a:f7:5a:32:9f:df:47:38:31:cf:
                    5e:76:41:a7:c2:c9:04:01:15:86:5d:d9:50:e3:2f:
                    1d:f1:a0:0e:32:9d:51:25:16:d2:65:9f:c1:c7:69:
                    ec:d9:18:f4:d7:03:be:27:57:24:10:e4:74:8a:4b:
                    23:dc:30:9e:bf:df:7c:fb:d1:bf:44:da:1f:2b:eb:
                    5f:8a:09:4c:d6:23:e4:61:61:1e:52:e8:9e:5b:be:
                    c0:a5:76:e8:ee:e3:d0:18:a3:9d:9b:c3:da:91:3f:
                    58:64:ff:cf:89:a4:46:e6:ab:be:84:eb:dc:b2:6b:
                    ef:05:ad:04:38:e4:59:ff:5d:e2:1d:1f:2d:75:46:
                    65:84:f8:21:4e:19:71:9c:9e:d8:67:73:a3:df:74:
                    cc:bf:3b:29:10:88:06:de:91:7f:b8:f4:ec:35:91:
                    61:b2:db:3d:5e:2a:43:49:85:cc:39:22:81:46:07:
                    fc:12:41:67:32:38:af:61:f7:17:b0:6d:7f:f9:c7:
                    4c:78:a2:e7:18:8d:b5:71:4b:dc:8d:df:67:cd:75:
                    f6:3c:56:10:bc:e4:72:1d:b9:f7:42:5c:74:63:5d:
                    e4:b8:46:0a:db:a7:cf:19:31:b2:1c:5e:e7:ea:8e:
                    f7:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:04:7F:67:DC:FE:3F:5F:94:41:76:BF:9F:04:9F:7D:31:ED:E9:42
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/swR_Z9z-P1-UQXa_nwSffTHt6UI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:7c:8f:e9:09:2c:b3:d8:8f:be:0b:54:d7:74:b9:3f:7e:da:
         c7:cf:c1:b2:d6:66:ff:e0:9c:47:96:1f:7f:b5:67:d1:7a:03:
         ec:d8:42:78:a0:22:d3:45:71:85:78:13:92:b0:42:ef:93:64:
         42:4d:a3:3e:aa:ae:87:77:66:d3:f9:ac:ff:f4:86:94:0b:09:
         8c:09:5d:08:e2:e0:f7:eb:2c:ce:ed:be:02:5b:a7:e6:cf:cc:
         a0:34:29:3d:db:82:87:64:1a:14:44:9f:f1:cc:5d:5b:40:14:
         46:ef:f8:f5:18:a6:13:37:66:36:8b:c4:0a:41:67:58:35:f3:
         1d:bf:55:cf:2a:5a:18:9b:0c:80:26:e9:78:e6:ba:be:28:5e:
         2a:87:7c:8d:0f:84:9f:2e:92:9d:dd:b0:d6:71:f3:2c:bf:3d:
         1a:7a:30:e5:03:ec:ac:61:f2:b3:56:36:d8:f1:91:b2:16:a0:
         ce:b1:1a:2f:fb:98:4b:b5:04:31:f5:e9:fb:7a:ca:3e:4d:8c:
         a8:05:d4:36:4e:79:ac:c5:7f:ee:04:5a:e5:9a:8c:87:cc:c0:
         1f:5e:5f:9a:08:d5:40:b0:cc:78:64:fc:6d:33:82:18:95:9a:
         7a:1d:ac:9d:e0:fe:7a:2b:e6:59:a1:4d:17:db:fa:74:59:ae:
         40:fe:ec:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxxtoXV0WJJ9fE6Fb7pxPnPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjYwMjE4MTcwNTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzA0N2Y2N2RjZmUzZjVmOTQ0MTc2YmY5ZjA0OWY3ZDMxZWRlOTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy23YJ1tQDZtZcKwZ6dll0ISIz3r3
WjKf30c4Mc9edkGnwskEARWGXdlQ4y8d8aAOMp1RJRbSZZ/Bx2ns2Rj01wO+J1ck
EOR0iksj3DCev998+9G/RNofK+tfiglM1iPkYWEeUuieW77ApXbo7uPQGKOdm8Pa
kT9YZP/PiaRG5qu+hOvcsmvvBa0EOORZ/13iHR8tdUZlhPghThlxnJ7YZ3Oj33TM
vzspEIgG3pF/uPTsNZFhsts9XipDSYXMOSKBRgf8EkFnMjivYfcXsG1/+cdMeKLn
GI21cUvcjd9nzXX2PFYQvORyHbn3Qlx0Y13kuEYK26fPGTGyHF7n6o73dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLMEf2fc/j9flEF2v58En30x7elCMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvc3dSX1o5ei1QMS1VUVhhX253U2ZmVEh0NlVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkwHMA0G
CSqGSIb3DQEBCwUAA4IBAQBUfI/pCSyz2I++C1TXdLk/ftrHz8Gy1mb/4JxHlh9/
tWfRegPs2EJ4oCLTRXGFeBOSsELvk2RCTaM+qq6Hd2bT+az/9IaUCwmMCV0I4uD3
6yzO7b4CW6fmz8ygNCk924KHZBoURJ/xzF1bQBRG7/j1GKYTN2Y2i8QKQWdYNfMd
v1XPKloYmwyAJul45rq+KF4qh3yND4SfLpKd3bDWcfMsvz0aejDlA+ysYfKzVjbY
8ZGyFqDOsRov+5hLtQQx9en7eso+TYyoBdQ2TnmsxX/uBFrlmoyHzMAfXl+aCNVA
sMx4ZPxtM4IYlZp6Hayd4P56K+ZZoU0X2/p0Wa5A/uyN
-----END CERTIFICATE-----