Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/9fedd0-4ed7-4419-8e73-b5ca0adf2f08/1/KHEZbMvYE8xTVowmo6UQmw6DqDg.roa
File:                     KHEZbMvYE8xTVowmo6UQmw6DqDg.roa (raw, json)
Hash identifier:          cvAQSN4DUv0yDrAvqweWU+LLGRpqR/gzJ2hNAerTPDI=
Subject key identifier:   28:71:19:6C:CB:D8:13:CC:53:56:8C:26:A3:A5:10:9B:0E:83:A8:38
Certificate issuer:       /CN=fff442affba1cfaef3102c981d7569502ce6515c
Certificate serial:       019C470B5C750FB7BFFE614CC0D6C2421698
Authority key identifier: FF:F4:42:AF:FB:A1:CF:AE:F3:10:2C:98:1D:75:69:50:2C:E6:51:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/__RCr_uhz67zECyYHXVpUCzmUVw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/9fedd0-4ed7-4419-8e73-b5ca0adf2f08/1/KHEZbMvYE8xTVowmo6UQmw6DqDg.roa
Signing time:             Tue 10 Feb 2026 10:14:12 +0000
ROA not before:           Tue 10 Feb 2026 10:14:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211348
IP address blocks:        185.237.173.0/24 maxlen: 24
                          185.237.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/9fedd0-4ed7-4419-8e73-b5ca0adf2f08/1/__RCr_uhz67zECyYHXVpUCzmUVw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/9fedd0-4ed7-4419-8e73-b5ca0adf2f08/1/__RCr_uhz67zECyYHXVpUCzmUVw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/__RCr_uhz67zECyYHXVpUCzmUVw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 07:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:47:0b:5c:75:0f:b7:bf:fe:61:4c:c0:d6:c2:42:16:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fff442affba1cfaef3102c981d7569502ce6515c
        Validity
            Not Before: Feb 10 10:14:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2871196ccbd813cc53568c26a3a5109b0e83a838
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:97:ba:12:ed:91:1d:e7:49:5f:b6:5f:a3:1d:
                    93:70:ed:5c:7b:4b:97:61:ff:ee:0d:ad:6f:b3:ed:
                    6c:45:89:f6:d9:61:cc:ed:00:17:16:87:f9:1a:76:
                    93:5d:76:42:6d:31:c8:c8:5d:ef:ee:ea:d6:6f:71:
                    ab:cc:04:89:b2:69:b0:42:52:c7:6a:75:da:65:ee:
                    68:b5:8e:60:f0:23:24:59:75:88:8e:a8:1e:86:e2:
                    ec:b3:94:d7:87:ac:56:c5:12:f2:a9:a9:5d:d4:ac:
                    c4:32:d8:91:75:b9:e5:ae:7e:3b:89:87:49:4d:4d:
                    3a:f5:e2:53:1d:88:0a:22:de:dc:16:4f:28:41:ae:
                    92:b9:b4:6f:44:55:86:3c:f8:85:99:fd:09:69:3e:
                    9e:e5:47:49:b8:eb:b9:2a:31:d7:f3:ef:a4:73:be:
                    f2:8c:18:aa:30:c6:86:92:97:1e:39:4b:0e:e5:7d:
                    b8:c1:39:0a:b2:d2:38:20:58:79:1f:42:3b:ce:69:
                    a5:d9:93:c0:6d:ee:9f:5b:cb:01:95:3c:76:8c:58:
                    3b:2d:32:be:64:5b:0c:10:5d:b2:d9:e3:a7:26:ab:
                    1a:eb:10:c8:92:f3:7d:f6:43:94:5f:b0:5c:c5:5e:
                    db:c5:32:16:ca:9e:61:c4:fd:cf:2d:a4:bb:de:75:
                    c3:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:71:19:6C:CB:D8:13:CC:53:56:8C:26:A3:A5:10:9B:0E:83:A8:38
            X509v3 Authority Key Identifier:
                keyid:FF:F4:42:AF:FB:A1:CF:AE:F3:10:2C:98:1D:75:69:50:2C:E6:51:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/__RCr_uhz67zECyYHXVpUCzmUVw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/9fedd0-4ed7-4419-8e73-b5ca0adf2f08/1/KHEZbMvYE8xTVowmo6UQmw6DqDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/9fedd0-4ed7-4419-8e73-b5ca0adf2f08/1/__RCr_uhz67zECyYHXVpUCzmUVw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.173.0-185.237.174.255

    Signature Algorithm: sha256WithRSAEncryption
         7e:6c:e3:7c:13:02:2d:4b:84:2c:8f:ec:ab:1b:1d:25:7e:05:
         e5:02:04:59:7a:02:57:2f:ac:ad:20:90:6c:17:42:c3:24:1e:
         0f:19:5c:f4:97:3f:a7:6f:4c:de:82:de:bb:ee:24:da:93:ee:
         1d:73:56:92:8c:d6:76:e4:77:57:c8:6f:00:5b:33:49:f1:e0:
         64:f9:38:b3:33:a3:30:5c:a3:11:8d:4b:42:e6:21:94:d3:4d:
         f4:17:eb:71:88:a5:53:4e:63:49:f9:f3:50:17:1a:fc:da:7c:
         8f:c4:6e:73:c7:71:c1:b2:03:58:af:b0:03:77:55:8b:25:a8:
         46:7c:65:58:60:e9:18:16:17:5f:34:3a:5b:51:5b:59:df:49:
         04:51:27:6f:e0:4e:e6:7a:51:90:58:f2:8e:d8:fd:8c:dd:ca:
         37:e0:20:a0:a0:20:60:c9:14:ee:f2:af:bd:cd:d9:79:bb:cd:
         b3:ba:2b:78:c1:0b:81:76:68:e6:57:70:d9:38:29:21:f0:23:
         43:1c:71:e0:d0:8b:cc:c1:8a:fa:8a:cd:d3:15:42:dd:4e:54:
         21:60:38:d2:d3:aa:f9:ba:12:b1:58:19:5f:03:60:c0:e6:f1:
         ea:fc:19:17:74:a3:9d:91:83:d7:18:93:11:89:65:09:3e:3f:
         4f:2e:ad:da
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZxHC1x1D7e//mFMwNbCQhaYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZjQ0MmFmZmJhMWNmYWVmMzEwMmM5ODFkNzU2OTUwMmNl
NjUxNWMwHhcNMjYwMjEwMTAxNDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODcxMTk2Y2NiZDgxM2NjNTM1NjhjMjZhM2E1MTA5YjBlODNhODM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5e6Eu2RHedJX7Zfox2TcO1ce0uX
Yf/uDa1vs+1sRYn22WHM7QAXFof5GnaTXXZCbTHIyF3v7urWb3GrzASJsmmwQlLH
anXaZe5otY5g8CMkWXWIjqgehuLss5TXh6xWxRLyqald1KzEMtiRdbnlrn47iYdJ
TU069eJTHYgKIt7cFk8oQa6SubRvRFWGPPiFmf0JaT6e5UdJuOu5KjHX8++kc77y
jBiqMMaGkpceOUsO5X24wTkKstI4IFh5H0I7zmml2ZPAbe6fW8sBlTx2jFg7LTK+
ZFsMEF2y2eOnJqsa6xDIkvN99kOUX7BcxV7bxTIWyp5hxP3PLaS73nXDEwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFChxGWzL2BPMU1aMJqOlEJsOg6g4MB8GA1UdIwQY
MBaAFP/0Qq/7oc+u8xAsmB11aVAs5lFcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX19SQ3JfdWh6Njd6RUN5WUhYVnBVQ3ptVVZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC85ZmVkZDAtNGVkNy00NDE5LThlNzMt
YjVjYTBhZGYyZjA4LzEvS0hFWmJNdllFOHhUVm93bW82VVFtdzZEcURnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC85ZmVkZDAtNGVkNy00NDE5LThlNzMtYjVjYTBhZGYyZjA4
LzEvX19SQ3JfdWh6Njd6RUN5WUhYVnBVQ3ptVVZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC57a0D
BAC57a4wDQYJKoZIhvcNAQELBQADggEBAH5s43wTAi1LhCyP7KsbHSV+BeUCBFl6
AlcvrK0gkGwXQsMkHg8ZXPSXP6dvTN6C3rvuJNqT7h1zVpKM1nbkd1fIbwBbM0nx
4GT5OLMzozBcoxGNS0LmIZTTTfQX63GIpVNOY0n581AXGvzafI/EbnPHccGyA1iv
sAN3VYslqEZ8ZVhg6RgWF180OltRW1nfSQRRJ2/gTuZ6UZBY8o7Y/YzdyjfgIKCg
IGDJFO7yr73N2Xm7zbO6K3jBC4F2aOZXcNk4KSHwI0McceDQi8zBivqKzdMVQt1O
VCFgONLTqvm6ErFYGV8DYMDm8er8GRd0o52Rg9cYkxGJZQk+P08urdo=
-----END CERTIFICATE-----