Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/O6hogv2eWEHrA4cBvkGnFzsQxV4.roa
File:                     O6hogv2eWEHrA4cBvkGnFzsQxV4.roa (raw, json)
Hash identifier:          Iv6Zy+WLaWNUmoOY1PNV0q52gexN960dGmJ497j+Ws0=
Subject key identifier:   3B:A8:68:82:FD:9E:58:41:EB:03:87:01:BE:41:A7:17:3B:10:C5:5E
Certificate issuer:       /CN=6f0b15193816fd15dcfd047db4eeca672912bb60
Certificate serial:       019C8A2EC764F1880E435245D9F6AED1DD6C
Authority key identifier: 6F:0B:15:19:38:16:FD:15:DC:FD:04:7D:B4:EE:CA:67:29:12:BB:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/O6hogv2eWEHrA4cBvkGnFzsQxV4.roa
Signing time:             Mon 23 Feb 2026 11:07:27 +0000
ROA not before:           Mon 23 Feb 2026 11:07:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57465
IP address blocks:        134.90.216.0/22 maxlen: 22
                          134.90.220.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 14:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8a:2e:c7:64:f1:88:0e:43:52:45:d9:f6:ae:d1:dd:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f0b15193816fd15dcfd047db4eeca672912bb60
        Validity
            Not Before: Feb 23 11:07:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3ba86882fd9e5841eb038701be41a7173b10c55e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:bc:d3:b8:fa:d6:51:8f:87:20:9c:3a:98:8f:
                    c6:91:01:1f:68:07:e8:37:e4:42:be:05:d1:6b:c1:
                    d0:1b:5b:11:28:06:de:21:b0:76:14:4f:6e:77:9e:
                    61:af:25:6b:2a:3b:79:43:c6:f0:a7:5e:9e:90:68:
                    38:fc:ee:27:20:fe:e5:d5:a4:ec:60:31:0b:7a:34:
                    65:1a:c4:b5:af:e0:1e:77:0b:18:dc:44:62:54:24:
                    da:25:31:68:f1:39:a2:6c:90:15:f5:c5:15:5d:83:
                    f8:8c:24:00:a2:59:8d:d4:4d:ca:a1:70:29:b1:74:
                    f2:1b:e8:08:57:bd:4c:eb:df:70:f9:8b:4e:6e:b1:
                    89:9e:af:bd:53:43:c7:08:28:25:90:7e:f3:5d:51:
                    ea:d7:5c:0f:92:e5:bc:18:d4:98:ab:a3:95:1e:a7:
                    78:63:7c:32:fd:ea:3e:67:e5:d5:cc:f8:81:00:5b:
                    03:fd:c7:06:95:22:7d:e8:57:4c:63:9d:23:f5:a7:
                    df:c0:4b:5a:c4:22:34:db:c8:4c:d8:9b:0b:a6:e0:
                    e2:98:f9:0d:ec:b8:ce:59:f8:4d:8b:10:c7:96:e3:
                    16:1c:d3:a6:05:b6:59:99:36:b5:d8:13:c9:e0:77:
                    ad:90:e4:2d:94:31:c9:5a:0d:99:45:5a:58:be:59:
                    ea:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:A8:68:82:FD:9E:58:41:EB:03:87:01:BE:41:A7:17:3B:10:C5:5E
            X509v3 Authority Key Identifier:
                keyid:6F:0B:15:19:38:16:FD:15:DC:FD:04:7D:B4:EE:CA:67:29:12:BB:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/O6hogv2eWEHrA4cBvkGnFzsQxV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.90.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b0:d7:1e:89:6a:c4:9e:29:4b:e5:8a:a1:8d:71:ce:8f:81:c7:
         10:17:9b:90:b4:4b:e5:e3:97:c3:6a:17:26:91:04:18:cd:0c:
         c7:0d:1e:38:a0:80:73:af:05:1e:12:80:05:81:91:7e:79:16:
         59:02:ee:6a:61:45:64:0a:92:65:d2:9a:6b:57:e9:db:d6:e7:
         ae:51:22:35:20:94:dd:37:bd:9a:e5:b3:70:0b:2d:fd:df:55:
         53:13:37:93:88:64:c0:6e:f7:93:5c:46:f5:44:ff:82:32:77:
         85:03:0d:fa:0d:cd:63:ce:58:fc:d8:5a:eb:68:00:5f:a6:95:
         3e:8d:ce:aa:9b:82:a0:d5:5d:4d:61:51:c7:34:63:55:5a:be:
         53:63:e5:4b:18:3c:de:05:f7:8e:22:28:6e:e3:58:d4:87:47:
         c1:0c:b3:2d:ba:1e:50:85:8f:c0:39:c6:a6:79:b9:5d:17:be:
         92:81:10:d7:44:2a:f1:4a:6a:9d:19:10:33:1e:65:1a:16:2e:
         d2:79:f8:e2:68:66:3e:2d:db:b5:83:4e:b7:fd:e7:57:bc:93:
         64:97:24:96:53:b1:f0:b3:3d:00:d2:eb:40:36:d8:3d:cd:58:
         6c:27:5d:8b:f6:74:08:62:4a:76:03:8e:0c:b2:1c:a0:b7:37:
         4d:3c:fb:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyKLsdk8YgOQ1JF2fau0d1sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMGIxNTE5MzgxNmZkMTVkY2ZkMDQ3ZGI0ZWVjYTY3Mjkx
MmJiNjAwHhcNMjYwMjIzMTEwNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmE4Njg4MmZkOWU1ODQxZWIwMzg3MDFiZTQxYTcxNzNiMTBjNTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4rzTuPrWUY+HIJw6mI/GkQEfaAfo
N+RCvgXRa8HQG1sRKAbeIbB2FE9ud55hryVrKjt5Q8bwp16ekGg4/O4nIP7l1aTs
YDELejRlGsS1r+AedwsY3ERiVCTaJTFo8TmibJAV9cUVXYP4jCQAolmN1E3KoXAp
sXTyG+gIV71M699w+YtObrGJnq+9U0PHCCglkH7zXVHq11wPkuW8GNSYq6OVHqd4
Y3wy/eo+Z+XVzPiBAFsD/ccGlSJ96FdMY50j9affwEtaxCI028hM2JsLpuDimPkN
7LjOWfhNixDHluMWHNOmBbZZmTa12BPJ4HetkOQtlDHJWg2ZRVpYvlnqZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDuoaIL9nlhB6wOHAb5Bpxc7EMVeMB8GA1UdIwQY
MBaAFG8LFRk4Fv0V3P0EfbTuymcpErtgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYndzVkdUZ1dfUlhjX1FSOXRPN0taeWtTdTJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS85NTg4NDEtZjZiMC00MjQ5LTgwNDYt
OWNmODQzZjA1NjcwLzEvTzZob2d2MmVXRUhyQTRjQnZrR25GenNReFY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS85NTg4NDEtZjZiMC00MjQ5LTgwNDYtOWNmODQzZjA1Njcw
LzEvYndzVkdUZ1dfUlhjX1FSOXRPN0taeWtTdTJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDhlrYMA0G
CSqGSIb3DQEBCwUAA4IBAQCw1x6JasSeKUvliqGNcc6PgccQF5uQtEvl45fDahcm
kQQYzQzHDR44oIBzrwUeEoAFgZF+eRZZAu5qYUVkCpJl0pprV+nb1ueuUSI1IJTd
N72a5bNwCy3931VTEzeTiGTAbveTXEb1RP+CMneFAw36Dc1jzlj82FrraABfppU+
jc6qm4Kg1V1NYVHHNGNVWr5TY+VLGDzeBfeOIihu41jUh0fBDLMtuh5QhY/AOcam
ebldF76SgRDXRCrxSmqdGRAzHmUaFi7SefjiaGY+Ldu1g063/edXvJNklySWU7Hw
sz0A0utANtg9zVhsJ12L9nQIYkp2A44MshygtzdNPPs1
-----END CERTIFICATE-----