Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/1-r8t-T2-SPsrj7qFy35liNnOSlw.roa
File:                     1-r8t-T2-SPsrj7qFy35liNnOSlw.roa (raw, json)
Hash identifier:          0hjNj+4DQbmTlRyrxL7LoDa+lKVfAP18vxa28glbkd0=
Subject key identifier:   FA:BF:2D:F9:3D:BE:48:FB:2B:8F:BA:85:CB:7E:65:88:D9:CE:4A:5C
Certificate issuer:       /CN=25bbed0bff7ffeab67f302b411a00701854a6c30
Certificate serial:       019C41D0DC786B8E1485064CA029FE76B66D
Authority key identifier: 25:BB:ED:0B:FF:7F:FE:AB:67:F3:02:B4:11:A0:07:01:85:4A:6C:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/1-r8t-T2-SPsrj7qFy35liNnOSlw.roa
Signing time:             Mon 09 Feb 2026 09:52:12 +0000
ROA not before:           Mon 09 Feb 2026 09:52:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214025
IP address blocks:        194.104.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:41:d0:dc:78:6b:8e:14:85:06:4c:a0:29:fe:76:b6:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25bbed0bff7ffeab67f302b411a00701854a6c30
        Validity
            Not Before: Feb  9 09:52:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fabf2df93dbe48fb2b8fba85cb7e6588d9ce4a5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b4:e8:f3:4a:11:0f:3c:31:73:1a:c9:3f:e0:
                    6a:af:e8:f5:87:0d:64:1a:80:7e:25:68:e4:fb:fa:
                    fb:74:19:15:5f:4e:1b:70:84:55:ac:cb:40:6e:ec:
                    93:53:61:45:40:38:6d:5e:c8:de:ca:3d:1a:74:9f:
                    ac:7a:63:da:98:f2:58:f9:c5:2d:fb:c6:c5:0e:0f:
                    53:08:d1:bd:88:2d:d3:ba:5c:8a:88:eb:93:8c:24:
                    ac:ac:41:71:17:e7:01:f8:a5:3d:c5:f9:4c:6a:f9:
                    a4:46:ca:74:09:5e:ae:45:c5:b0:69:56:c9:5d:2c:
                    9a:a3:1e:1f:03:f2:33:e5:18:9d:3e:84:ac:c4:2f:
                    44:30:3f:e4:70:79:70:17:d8:cb:55:5c:84:06:0f:
                    29:cf:b0:31:9a:d7:f7:a5:e5:d6:99:99:16:43:e3:
                    d7:42:d2:d5:39:82:f8:cf:3e:88:bb:f7:60:1f:5b:
                    eb:3b:eb:e4:5f:0f:e2:ed:1c:21:ab:8f:d0:e6:15:
                    7d:a7:94:5a:c3:d1:70:82:c7:bf:2e:7a:f9:c2:5e:
                    ff:9d:c2:40:09:1c:a8:55:8f:08:70:6b:35:4e:45:
                    16:29:42:7e:1f:9a:54:85:37:4c:fc:e6:80:26:c6:
                    84:43:1e:ec:1c:bd:75:34:89:5c:0d:23:2c:39:e4:
                    52:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:BF:2D:F9:3D:BE:48:FB:2B:8F:BA:85:CB:7E:65:88:D9:CE:4A:5C
            X509v3 Authority Key Identifier:
                keyid:25:BB:ED:0B:FF:7F:FE:AB:67:F3:02:B4:11:A0:07:01:85:4A:6C:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/1-r8t-T2-SPsrj7qFy35liNnOSlw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:c5:b4:38:d1:c2:6e:82:a9:69:54:6b:58:17:b9:84:c6:e8:
         79:86:55:78:d4:3c:9c:70:99:25:85:3d:33:4f:d8:7d:c9:ec:
         8d:5a:b7:f8:8e:7a:bb:71:1e:62:f9:e3:03:7a:3d:5d:9e:bd:
         74:a4:36:21:9e:b0:70:df:37:59:ef:95:a3:80:d6:94:5c:14:
         f9:06:3b:bb:12:1e:6e:44:33:e7:c5:03:5a:55:e0:29:5b:5a:
         38:2b:03:b3:a1:f2:6e:7d:9b:79:8f:27:5e:73:df:23:04:6f:
         4a:b0:42:ee:ee:24:64:7f:ca:45:ca:09:92:da:6f:6a:09:83:
         b3:b9:0d:9e:fe:0a:4c:c2:34:5f:bf:02:8b:74:34:b6:14:9e:
         f9:eb:1d:66:a6:7f:b5:e9:f1:4e:4e:b5:6b:17:29:71:41:16:
         bd:b9:38:f0:85:7b:69:a9:69:58:a8:dd:75:08:b1:6b:38:e6:
         4f:2e:23:75:df:f8:21:f9:76:4c:53:6d:7c:74:d5:7c:d2:3f:
         5e:ce:75:63:41:be:00:36:89:25:2b:5d:37:16:c4:4e:72:99:
         76:b4:9e:b6:89:09:c1:43:d4:c1:73:53:c7:9c:11:68:b2:b3:
         e8:f9:a1:f8:7d:7b:51:66:ee:fa:ea:d6:52:22:24:0d:a2:81:
         e7:4d:9b:8c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZxB0Nx4a44UhQZMoCn+drZtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YmJlZDBiZmY3ZmZlYWI2N2YzMDJiNDExYTAwNzAxODU0
YTZjMzAwHhcNMjYwMjA5MDk1MjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWJmMmRmOTNkYmU0OGZiMmI4ZmJhODVjYjdlNjU4OGQ5Y2U0YTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7To80oRDzwxcxrJP+Bqr+j1hw1k
GoB+JWjk+/r7dBkVX04bcIRVrMtAbuyTU2FFQDhtXsjeyj0adJ+semPamPJY+cUt
+8bFDg9TCNG9iC3TulyKiOuTjCSsrEFxF+cB+KU9xflMavmkRsp0CV6uRcWwaVbJ
XSyaox4fA/Iz5RidPoSsxC9EMD/kcHlwF9jLVVyEBg8pz7Axmtf3peXWmZkWQ+PX
QtLVOYL4zz6Iu/dgH1vrO+vkXw/i7Rwhq4/Q5hV9p5Raw9Fwgse/Lnr5wl7/ncJA
CRyoVY8IcGs1TkUWKUJ+H5pUhTdM/OaAJsaEQx7sHL11NIlcDSMsOeRSIQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPq/Lfk9vkj7K4+6hct+ZYjZzkpcMB8GA1UdIwQY
MBaAFCW77Qv/f/6rZ/MCtBGgBwGFSmwwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmJ2dENfOV9fcXRuOHdLMEVhQUhBWVZLYkRBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8zYjlhZmYtZjAwZC00MTg3LWFmOTQt
NTcxN2I0NTQ0MjM3LzEvMS1yOHQtVDItU1Bzcmo3cUZ5MzVsaU5uT1Nsdy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTcvM2I5YWZmLWYwMGQtNDE4Ny1hZjk0LTU3MTdiNDU0NDIz
Ny8xL0pidnRDXzlfX3F0bjh3SzBFYUFIQVlWS2JEQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMJoijAN
BgkqhkiG9w0BAQsFAAOCAQEABMW0ONHCboKpaVRrWBe5hMboeYZVeNQ8nHCZJYU9
M0/YfcnsjVq3+I56u3EeYvnjA3o9XZ69dKQ2IZ6wcN83We+Vo4DWlFwU+QY7uxIe
bkQz58UDWlXgKVtaOCsDs6Hybn2beY8nXnPfIwRvSrBC7u4kZH/KRcoJktpvagmD
s7kNnv4KTMI0X78Ci3Q0thSe+esdZqZ/tenxTk61axcpcUEWvbk48IV7aalpWKjd
dQixazjmTy4jdd/4Ifl2TFNtfHTVfNI/Xs51Y0G+ADaJJStdNxbETnKZdrSetokJ
wUPUwXNTx5wRaLKz6Pmh+H17UWbu+urWUiIkDaKB502bjA==
-----END CERTIFICATE-----