Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/hJw5hX_5QoLQ3dzQ6ktGYMw_5Vc.roa
File:                     hJw5hX_5QoLQ3dzQ6ktGYMw_5Vc.roa (raw, json)
Hash identifier:          oB1pQCfTnu14lAx88sCuZ4ejA6aKksCGQ2z/QinMZ6E=
Subject key identifier:   84:9C:39:85:7F:F9:42:82:D0:DD:DC:D0:EA:4B:46:60:CC:3F:E5:57
Certificate issuer:       /CN=25bbed0bff7ffeab67f302b411a00701854a6c30
Certificate serial:       019C5110ABC723389F9119AF371656912C98
Authority key identifier: 25:BB:ED:0B:FF:7F:FE:AB:67:F3:02:B4:11:A0:07:01:85:4A:6C:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/hJw5hX_5QoLQ3dzQ6ktGYMw_5Vc.roa
Signing time:             Thu 12 Feb 2026 08:56:12 +0000
ROA not before:           Thu 12 Feb 2026 08:56:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25198
IP address blocks:        194.104.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 08:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:51:10:ab:c7:23:38:9f:91:19:af:37:16:56:91:2c:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25bbed0bff7ffeab67f302b411a00701854a6c30
        Validity
            Not Before: Feb 12 08:56:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=849c39857ff94282d0dddcd0ea4b4660cc3fe557
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b4:d3:3c:f7:a6:41:d6:a7:39:5c:ce:38:cc:
                    bc:a9:6f:64:bd:90:8c:93:37:77:22:08:f3:39:e1:
                    d1:55:95:e6:90:05:ad:82:ab:3f:f4:68:0d:57:14:
                    1c:51:ae:72:7d:73:9f:1e:8d:4b:b0:f5:6e:ee:fd:
                    44:87:b2:bc:64:eb:1d:f6:0f:7c:03:43:e3:dd:1a:
                    fa:27:14:48:3a:39:9c:fa:88:4d:11:94:f3:a0:cd:
                    32:b3:05:b2:58:f3:55:d9:7a:af:ca:23:81:95:fa:
                    5d:8b:cc:15:e8:52:0f:7e:88:5b:91:fe:53:3c:1f:
                    94:f2:0c:0a:81:46:c9:af:1d:38:e0:f3:05:65:b7:
                    fe:fd:57:59:30:b7:28:80:49:aa:22:f0:5a:4b:cb:
                    5f:9f:e7:05:92:20:62:c8:6a:c1:e8:ba:6e:a6:ca:
                    95:b6:8a:f9:3b:45:12:41:68:d8:03:0a:36:ad:16:
                    5a:19:23:de:e3:59:81:54:72:ce:ee:7d:be:57:d6:
                    61:3d:db:1d:c6:4a:47:9e:4c:bb:ac:a6:18:59:a2:
                    ec:2e:ff:56:11:61:c3:7d:b9:d6:2b:fa:b2:2e:2d:
                    69:41:59:9e:eb:67:a9:06:39:36:bd:2d:03:86:2a:
                    92:c1:ae:10:19:80:64:43:21:ad:8c:d5:31:88:50:
                    45:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:9C:39:85:7F:F9:42:82:D0:DD:DC:D0:EA:4B:46:60:CC:3F:E5:57
            X509v3 Authority Key Identifier:
                keyid:25:BB:ED:0B:FF:7F:FE:AB:67:F3:02:B4:11:A0:07:01:85:4A:6C:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/hJw5hX_5QoLQ3dzQ6ktGYMw_5Vc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:ad:15:5e:90:7d:c3:31:fe:3c:10:15:bb:73:eb:79:2a:a2:
         73:35:b7:e7:d8:42:92:d2:99:6c:70:40:0b:91:97:b7:d1:bd:
         40:75:fd:fa:d0:73:23:7b:30:14:fe:d1:aa:9d:12:67:53:e2:
         00:3c:ef:69:10:86:60:de:23:de:71:d5:15:ef:71:8e:50:2a:
         66:12:55:72:52:bd:a6:62:76:2e:97:c4:91:35:39:fc:03:cb:
         53:7b:29:ae:70:f7:34:11:ae:16:cd:d0:59:d2:c1:24:83:80:
         3f:e8:13:35:ab:44:81:f0:43:71:a2:43:5c:87:dd:04:47:73:
         63:19:dc:81:1d:5d:bd:88:29:f5:2e:52:81:d6:04:e9:8c:a2:
         df:71:d1:e0:dc:eb:db:9d:81:59:00:b5:23:61:4b:fc:f8:37:
         36:58:94:38:a8:cb:f7:6d:e8:a5:0a:c6:e7:d7:ce:a6:8e:d9:
         87:d1:52:67:c4:ac:84:9f:83:56:79:c5:bf:d9:aa:f3:a9:d9:
         1b:b8:26:23:06:89:81:15:e2:08:57:1b:1a:08:9a:36:94:d9:
         f2:ab:70:00:fa:bd:bc:a2:f6:ac:88:c7:08:46:7a:00:98:e7:
         81:c3:6b:5f:56:93:3f:75:28:d0:c5:c2:cc:ef:d2:6c:a1:67:
         d5:16:3b:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxREKvHIzifkRmvNxZWkSyYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YmJlZDBiZmY3ZmZlYWI2N2YzMDJiNDExYTAwNzAxODU0
YTZjMzAwHhcNMjYwMjEyMDg1NjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDljMzk4NTdmZjk0MjgyZDBkZGRjZDBlYTRiNDY2MGNjM2ZlNTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbTTPPemQdanOVzOOMy8qW9kvZCM
kzd3IgjzOeHRVZXmkAWtgqs/9GgNVxQcUa5yfXOfHo1LsPVu7v1Eh7K8ZOsd9g98
A0Pj3Rr6JxRIOjmc+ohNEZTzoM0yswWyWPNV2XqvyiOBlfpdi8wV6FIPfohbkf5T
PB+U8gwKgUbJrx044PMFZbf+/VdZMLcogEmqIvBaS8tfn+cFkiBiyGrB6LpupsqV
tor5O0USQWjYAwo2rRZaGSPe41mBVHLO7n2+V9ZhPdsdxkpHnky7rKYYWaLsLv9W
EWHDfbnWK/qyLi1pQVme62epBjk2vS0DhiqSwa4QGYBkQyGtjNUxiFBFIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIScOYV/+UKC0N3c0OpLRmDMP+VXMB8GA1UdIwQY
MBaAFCW77Qv/f/6rZ/MCtBGgBwGFSmwwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmJ2dENfOV9fcXRuOHdLMEVhQUhBWVZLYkRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8zYjlhZmYtZjAwZC00MTg3LWFmOTQt
NTcxN2I0NTQ0MjM3LzEvaEp3NWhYXzVRb0xRM2R6UTZrdEdZTXdfNVZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8zYjlhZmYtZjAwZC00MTg3LWFmOTQtNTcxN2I0NTQ0MjM3
LzEvSmJ2dENfOV9fcXRuOHdLMEVhQUhBWVZLYkRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmiKMA0G
CSqGSIb3DQEBCwUAA4IBAQAMrRVekH3DMf48EBW7c+t5KqJzNbfn2EKS0plscEAL
kZe30b1Adf360HMjezAU/tGqnRJnU+IAPO9pEIZg3iPecdUV73GOUCpmElVyUr2m
YnYul8SRNTn8A8tTeymucPc0Ea4WzdBZ0sEkg4A/6BM1q0SB8ENxokNch90ER3Nj
GdyBHV29iCn1LlKB1gTpjKLfcdHg3OvbnYFZALUjYUv8+Dc2WJQ4qMv3beilCsbn
186mjtmH0VJnxKyEn4NWecW/2arzqdkbuCYjBomBFeIIVxsaCJo2lNnyq3AA+r28
ovasiMcIRnoAmOeBw2tfVpM/dSjQxcLM79JsoWfVFjvD
-----END CERTIFICATE-----