Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/fbSoKsXWu3vMu37siMiY-wAiEWk.roa
File:                     fbSoKsXWu3vMu37siMiY-wAiEWk.roa (raw, json)
Hash identifier:          o2jpBV54JiENtAI5H5hS+86ge/vbtsQ6m03B1UpGa2w=
Subject key identifier:   7D:B4:A8:2A:C5:D6:BB:7B:CC:BB:7E:EC:88:C8:98:FB:00:22:11:69
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       019C760FD039F0603C4CC182A0C75099E294
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/fbSoKsXWu3vMu37siMiY-wAiEWk.roa
Signing time:             Thu 19 Feb 2026 13:21:13 +0000
ROA not before:           Thu 19 Feb 2026 13:21:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        77.246.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:76:0f:d0:39:f0:60:3c:4c:c1:82:a0:c7:50:99:e2:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Feb 19 13:21:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7db4a82ac5d6bb7bccbb7eec88c898fb00221169
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:36:b7:38:46:5e:b5:aa:14:ea:86:54:32:f8:
                    f1:10:7b:6f:89:3e:dd:69:6e:78:ab:ae:33:c6:2a:
                    86:4f:4e:b5:78:8e:c4:88:f5:90:f5:9f:75:1b:b4:
                    b8:91:e0:ec:c3:b8:ec:6d:d7:65:2e:f1:20:98:c2:
                    eb:b8:58:12:d1:35:88:05:eb:98:dc:f1:0d:e9:cf:
                    ad:af:09:93:56:74:d0:40:c7:03:e0:76:88:14:5a:
                    75:85:a2:df:6a:7b:43:d5:ad:99:5d:c9:cc:27:08:
                    c0:ec:52:76:f2:6e:07:0f:98:3e:14:ac:4b:b3:bb:
                    66:b8:f2:b3:b9:7d:e5:11:40:d7:95:8b:1e:5a:1a:
                    3f:69:4b:67:e7:39:b2:c7:8f:3c:09:2a:83:ba:80:
                    7e:d2:c5:40:68:d8:79:57:9a:68:2a:a1:22:ee:e2:
                    50:54:e8:e0:b0:86:c8:a2:13:77:e7:5c:c3:b9:95:
                    4e:45:80:c9:5b:2d:a6:fd:af:91:3d:4f:65:07:79:
                    73:5b:a3:92:40:14:70:07:a8:0d:ef:0c:81:f7:fc:
                    38:14:60:dc:58:65:45:fe:93:9e:b3:26:77:1f:30:
                    cd:d7:a3:59:07:02:34:c8:6b:3b:b8:5b:e1:c0:eb:
                    7c:eb:4f:a6:e6:e6:36:2c:f2:24:19:54:f0:04:d7:
                    94:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:B4:A8:2A:C5:D6:BB:7B:CC:BB:7E:EC:88:C8:98:FB:00:22:11:69
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/fbSoKsXWu3vMu37siMiY-wAiEWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:24:51:48:c7:ac:34:ae:07:b5:8d:6b:2c:f5:cb:68:eb:17:
         43:cd:aa:39:5c:d6:04:8b:ff:fd:8e:ab:64:b6:65:0d:ec:3e:
         06:ca:e1:f2:f7:02:3e:68:46:18:d6:ed:bf:f0:a7:2b:c0:55:
         69:47:25:ac:0e:bd:55:f0:f6:de:62:78:39:e4:a1:66:f9:4b:
         ab:be:32:0f:89:c0:7e:69:fb:ee:6c:c9:51:d7:6d:4e:07:cd:
         25:87:eb:90:f0:ee:59:41:6f:71:60:c7:5a:ea:05:4e:d5:f2:
         ce:ec:c6:52:fa:4c:5b:30:61:e5:c7:5c:91:8c:da:31:93:f4:
         90:67:b0:4e:9f:48:39:84:c6:a2:85:07:b4:48:d8:f7:7b:c5:
         f0:48:0f:50:7a:c0:ff:c0:63:2e:e9:40:91:09:e3:c7:8c:d2:
         6c:a8:15:0e:d2:0f:77:2d:74:c2:6e:b9:f2:8f:87:4e:d3:4c:
         24:47:4d:54:55:3d:21:61:61:36:37:40:a8:58:4c:de:62:cd:
         5e:1e:ac:ad:da:b1:ad:0e:8b:6c:ff:bd:9d:86:71:71:d6:c3:
         83:ec:4b:8f:dc:58:5f:ae:45:49:c2:de:2a:fc:24:30:02:49:
         ca:32:44:3d:e5:3f:75:09:bd:45:a5:9f:14:db:9e:ac:db:ac:
         b2:0f:c8:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx2D9A58GA8TMGCoMdQmeKUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjYwMjE5MTMyMTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGI0YTgyYWM1ZDZiYjdiY2NiYjdlZWM4OGM4OThmYjAwMjIxMTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDa3OEZetaoU6oZUMvjxEHtviT7d
aW54q64zxiqGT061eI7EiPWQ9Z91G7S4keDsw7jsbddlLvEgmMLruFgS0TWIBeuY
3PEN6c+trwmTVnTQQMcD4HaIFFp1haLfantD1a2ZXcnMJwjA7FJ28m4HD5g+FKxL
s7tmuPKzuX3lEUDXlYseWho/aUtn5zmyx488CSqDuoB+0sVAaNh5V5poKqEi7uJQ
VOjgsIbIohN351zDuZVORYDJWy2m/a+RPU9lB3lzW6OSQBRwB6gN7wyB9/w4FGDc
WGVF/pOesyZ3HzDN16NZBwI0yGs7uFvhwOt860+m5uY2LPIkGVTwBNeURQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH20qCrF1rt7zLt+7IjImPsAIhFpMB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvZmJTb0tzWFd1M3ZNdTM3c2lNaVktd0FpRVdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATfbcMA0G
CSqGSIb3DQEBCwUAA4IBAQAhJFFIx6w0rge1jWss9cto6xdDzao5XNYEi//9jqtk
tmUN7D4GyuHy9wI+aEYY1u2/8KcrwFVpRyWsDr1V8PbeYng55KFm+UurvjIPicB+
afvubMlR121OB80lh+uQ8O5ZQW9xYMda6gVO1fLO7MZS+kxbMGHlx1yRjNoxk/SQ
Z7BOn0g5hMaihQe0SNj3e8XwSA9QesD/wGMu6UCRCePHjNJsqBUO0g93LXTCbrny
j4dO00wkR01UVT0hYWE2N0CoWEzeYs1eHqyt2rGtDots/72dhnFx1sOD7EuP3Fhf
rkVJwt4q/CQwAknKMkQ95T91Cb1FpZ8U256s26yyD8hj
-----END CERTIFICATE-----