Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/o9FmlafZWwctHqF-kO7MMcKUwY4.roa
File:                     o9FmlafZWwctHqF-kO7MMcKUwY4.roa (raw, json)
Hash identifier:          +ltDg6DQJ7tLtwDHjEkx+wbj2MGOhGNITDZvV2VkwIc=
Subject key identifier:   A3:D1:66:95:A7:D9:5B:07:2D:1E:A1:7E:90:EE:CC:31:C2:94:C1:8E
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       019C4C582E4B0AEC910A8AEB9DC480CB1CCD
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/o9FmlafZWwctHqF-kO7MMcKUwY4.roa
Signing time:             Wed 11 Feb 2026 10:56:13 +0000
ROA not before:           Wed 11 Feb 2026 10:56:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29802
IP address blocks:        91.234.202.0/24 maxlen: 24
                          176.105.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4c:58:2e:4b:0a:ec:91:0a:8a:eb:9d:c4:80:cb:1c:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Feb 11 10:56:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a3d16695a7d95b072d1ea17e90eecc31c294c18e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:b3:46:7e:7c:7b:1b:75:73:93:f7:66:4e:06:
                    13:24:5e:f3:87:7e:aa:0f:93:e6:b2:f5:cb:0b:87:
                    d1:36:a4:a0:90:fd:4d:c5:a0:d0:7f:15:6b:27:59:
                    2f:8f:d6:02:26:85:55:57:1e:d5:1d:2f:bc:f1:57:
                    bf:3d:00:06:1b:d9:2c:40:e6:5f:f5:2e:e1:94:b1:
                    63:a6:75:2d:22:85:89:4a:d0:9a:c6:47:58:bb:f6:
                    cd:fe:d1:cc:cd:12:1f:ae:f9:d4:fc:20:cf:93:32:
                    98:78:45:49:ae:ca:ac:54:6e:0c:e8:92:19:e5:b7:
                    c3:4b:f5:1b:ff:f9:73:bc:fe:7f:e7:da:10:8f:eb:
                    73:4e:ce:1d:70:87:c3:37:57:3d:01:19:d5:2d:dd:
                    46:0c:44:65:ef:17:c1:a8:02:44:af:ae:a0:af:9b:
                    bb:9d:cc:52:75:9c:ed:e2:b9:f7:f8:58:c4:5b:24:
                    ec:63:f3:ec:47:53:64:a9:ca:96:99:7d:52:d1:a5:
                    cf:13:93:1b:1e:35:bf:21:bb:e0:6a:06:14:d7:21:
                    db:15:cc:a8:44:3a:41:49:82:26:88:d4:16:d9:59:
                    1a:d0:3e:32:ba:c4:54:10:9d:c7:75:43:ac:4e:9e:
                    e0:c9:7a:4d:fe:46:d4:df:10:16:11:4d:c1:3c:60:
                    80:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:D1:66:95:A7:D9:5B:07:2D:1E:A1:7E:90:EE:CC:31:C2:94:C1:8E
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/o9FmlafZWwctHqF-kO7MMcKUwY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.202.0/24
                  176.105.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:a1:68:13:00:f2:d7:68:03:bf:5a:72:7a:33:3f:7e:29:b2:
         0c:6f:e3:fc:e1:9f:6a:8a:a3:7a:75:5c:4f:f1:83:74:df:97:
         33:84:f7:d3:69:a7:0b:13:7c:29:26:1b:63:97:64:6b:0b:c9:
         2d:79:e1:6f:6d:cc:57:82:5a:dc:3d:2c:db:dc:f9:1e:90:18:
         33:c6:e7:e9:69:5f:f2:a9:2f:13:73:0b:8f:87:27:77:f8:95:
         ef:4d:d5:b7:9d:00:5f:b0:71:bb:3e:c0:54:b0:2a:cf:bb:72:
         69:1d:87:b7:ca:35:92:c4:1b:19:9b:b3:ab:72:09:fc:14:c9:
         55:d7:18:0a:13:c9:05:b9:01:9c:58:86:00:32:d1:3a:e4:f5:
         6b:54:1c:ad:a7:78:bd:2f:0b:3b:49:c3:c9:c4:a4:5a:72:22:
         d0:56:ae:3e:16:cb:73:33:e3:8c:6a:06:57:c6:b2:11:49:55:
         84:3a:a9:c1:93:4a:e3:04:86:d3:ad:83:c0:f3:db:14:76:24:
         d4:ec:50:9b:fe:d2:a1:c2:92:7c:3a:74:82:32:45:a8:43:14:
         fb:64:ab:ab:b2:de:4e:35:95:3a:0c:29:4a:70:43:9a:03:e3:
         0d:a9:4a:c7:d0:d3:f5:5b:89:9b:a3:65:3b:25:b5:fb:bb:f2:
         05:4f:d4:6d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxMWC5LCuyRCorrncSAyxzNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjYwMjExMTA1NjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2QxNjY5NWE3ZDk1YjA3MmQxZWExN2U5MGVlY2MzMWMyOTRjMThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbNGfnx7G3Vzk/dmTgYTJF7zh36q
D5PmsvXLC4fRNqSgkP1NxaDQfxVrJ1kvj9YCJoVVVx7VHS+88Ve/PQAGG9ksQOZf
9S7hlLFjpnUtIoWJStCaxkdYu/bN/tHMzRIfrvnU/CDPkzKYeEVJrsqsVG4M6JIZ
5bfDS/Ub//lzvP5/59oQj+tzTs4dcIfDN1c9ARnVLd1GDERl7xfBqAJEr66gr5u7
ncxSdZzt4rn3+FjEWyTsY/PsR1NkqcqWmX1S0aXPE5MbHjW/IbvgagYU1yHbFcyo
RDpBSYImiNQW2Vka0D4yusRUEJ3HdUOsTp7gyXpN/kbU3xAWEU3BPGCAFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKPRZpWn2VsHLR6hfpDuzDHClMGOMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvbzlGbWxhZlpXd2N0SHFGLWtPN01NY0tVd1k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+rKAwQA
sGn0MA0GCSqGSIb3DQEBCwUAA4IBAQAboWgTAPLXaAO/WnJ6Mz9+KbIMb+P84Z9q
iqN6dVxP8YN035czhPfTaacLE3wpJhtjl2RrC8kteeFvbcxXglrcPSzb3PkekBgz
xufpaV/yqS8TcwuPhyd3+JXvTdW3nQBfsHG7PsBUsCrPu3JpHYe3yjWSxBsZm7Or
cgn8FMlV1xgKE8kFuQGcWIYAMtE65PVrVBytp3i9Lws7ScPJxKRaciLQVq4+Fstz
M+OMagZXxrIRSVWEOqnBk0rjBIbTrYPA89sUdiTU7FCb/tKhwpJ8OnSCMkWoQxT7
ZKurst5ONZU6DClKcEOaA+MNqUrH0NP1W4mbo2U7JbX7u/IFT9Rt
-----END CERTIFICATE-----