Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/340eb5-7be0-4bc9-bf2d-b473ce7807ca/1/WXh1a3ltgTu30URiagI_KDwMbGo.roa
File:                     WXh1a3ltgTu30URiagI_KDwMbGo.roa (raw, json)
Hash identifier:          64yhIhef0pb8wUKGIz8rWX3roZaEhoeQs7iEDhSEElY=
Subject key identifier:   59:78:75:6B:79:6D:81:3B:B7:D1:44:62:6A:02:3F:28:3C:0C:6C:6A
Certificate issuer:       /CN=082b303cb49e73e2d2a404583d5f8377ceb02545
Certificate serial:       019C718493F5B5B3F9F5B9737E150E3D8A08
Authority key identifier: 08:2B:30:3C:B4:9E:73:E2:D2:A4:04:58:3D:5F:83:77:CE:B0:25:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CCswPLSec-LSpARYPV-Dd86wJUU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/340eb5-7be0-4bc9-bf2d-b473ce7807ca/1/WXh1a3ltgTu30URiagI_KDwMbGo.roa
Signing time:             Wed 18 Feb 2026 16:10:39 +0000
ROA not before:           Wed 18 Feb 2026 16:10:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20914
IP address blocks:        80.76.0.0/21 maxlen: 21
                          185.15.137.0/24 maxlen: 24
                          2a00:ce8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/340eb5-7be0-4bc9-bf2d-b473ce7807ca/1/CCswPLSec-LSpARYPV-Dd86wJUU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/340eb5-7be0-4bc9-bf2d-b473ce7807ca/1/CCswPLSec-LSpARYPV-Dd86wJUU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CCswPLSec-LSpARYPV-Dd86wJUU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 07:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:71:84:93:f5:b5:b3:f9:f5:b9:73:7e:15:0e:3d:8a:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=082b303cb49e73e2d2a404583d5f8377ceb02545
        Validity
            Not Before: Feb 18 16:10:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5978756b796d813bb7d144626a023f283c0c6c6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:33:2c:86:35:c9:1b:af:be:f9:bb:9d:23:64:
                    4f:7c:5f:ef:9b:db:93:b6:f1:50:ca:de:80:06:19:
                    53:c1:88:89:cd:b9:19:c2:4e:17:73:c6:1d:59:c4:
                    74:8a:c8:31:9a:37:ef:8a:06:ed:ca:17:b2:3a:f8:
                    c2:60:8d:47:3f:8e:1e:be:0d:d0:eb:c0:6e:84:5d:
                    1f:a7:48:b1:fe:02:de:a7:3f:1a:f0:0c:e9:55:d1:
                    65:c7:95:8b:ba:81:7f:5b:68:09:12:74:5f:f0:70:
                    93:ab:41:82:b7:ea:05:ef:f2:d2:ba:59:c7:9d:01:
                    fe:63:e0:b3:cf:b1:a8:dc:ac:ac:01:0f:7e:e1:ce:
                    f9:71:04:a7:f9:ea:b4:24:4c:58:30:80:c9:1b:56:
                    a8:09:74:64:17:a0:77:cb:ee:51:cd:86:b1:6e:da:
                    19:d8:10:73:41:70:9f:f0:c7:da:f3:33:e4:81:4e:
                    67:da:e5:67:bc:fb:04:ab:ca:f8:ed:92:36:ca:c5:
                    bd:e5:dc:d0:f9:69:26:3b:01:f9:30:16:e3:ca:f5:
                    f9:5b:4d:2f:38:88:8d:35:1f:a3:80:f6:4c:60:c0:
                    df:85:3b:a9:47:5c:f3:de:0f:d8:d4:b9:91:2c:69:
                    d7:39:ae:b0:63:d9:73:98:71:a0:a9:81:76:95:e4:
                    ca:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:78:75:6B:79:6D:81:3B:B7:D1:44:62:6A:02:3F:28:3C:0C:6C:6A
            X509v3 Authority Key Identifier:
                keyid:08:2B:30:3C:B4:9E:73:E2:D2:A4:04:58:3D:5F:83:77:CE:B0:25:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CCswPLSec-LSpARYPV-Dd86wJUU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/340eb5-7be0-4bc9-bf2d-b473ce7807ca/1/WXh1a3ltgTu30URiagI_KDwMbGo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/340eb5-7be0-4bc9-bf2d-b473ce7807ca/1/CCswPLSec-LSpARYPV-Dd86wJUU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.76.0.0/21
                  185.15.137.0/24
                IPv6:
                  2a00:ce8::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:6c:14:a8:c3:31:09:c9:0a:0b:53:c3:5d:40:cf:9a:83:4a:
         50:86:5a:60:b3:83:21:af:c2:6e:88:36:d6:da:9c:02:8f:c5:
         ac:79:18:48:72:5d:90:72:55:8a:2b:16:45:09:30:88:b6:9a:
         c7:48:19:56:59:c5:e6:d4:63:1a:23:89:b2:7b:56:4b:e7:8f:
         b6:96:48:96:24:35:93:43:38:fa:e4:63:e1:de:0a:2d:61:d6:
         50:80:ab:05:ac:b0:82:cc:f6:e3:69:0d:42:d7:64:3a:63:99:
         bd:de:8c:f0:05:91:ab:22:66:d4:ec:60:1c:45:2f:69:d5:9b:
         28:cb:11:b3:07:5a:eb:25:23:16:f1:99:12:1b:5d:d8:4a:99:
         6d:a5:dd:b4:71:70:b2:2f:e1:2b:15:b3:1c:05:f7:36:9a:bc:
         b4:e6:20:b4:0c:ab:47:f0:69:bf:a0:e4:de:74:5c:1e:80:1d:
         5b:7d:31:50:64:31:85:22:17:d0:64:c2:0a:22:ad:0e:36:d0:
         86:25:c1:8e:11:21:43:81:44:8f:44:09:2f:57:78:ad:b6:24:
         df:0e:13:24:3d:47:44:73:b9:bb:8a:08:4d:a6:c0:ef:b7:00:
         b4:75:45:93:11:92:7d:91:a2:4c:f3:a0:e9:e6:a0:bb:cd:cf:
         90:14:1c:63
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZxxhJP1tbP59blzfhUOPYoIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MmIzMDNjYjQ5ZTczZTJkMmE0MDQ1ODNkNWY4Mzc3Y2Vi
MDI1NDUwHhcNMjYwMjE4MTYxMDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTc4NzU2Yjc5NmQ4MTNiYjdkMTQ0NjI2YTAyM2YyODNjMGM2YzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDMshjXJG6+++budI2RPfF/vm9uT
tvFQyt6ABhlTwYiJzbkZwk4Xc8YdWcR0isgxmjfvigbtyheyOvjCYI1HP44evg3Q
68BuhF0fp0ix/gLepz8a8AzpVdFlx5WLuoF/W2gJEnRf8HCTq0GCt+oF7/LSulnH
nQH+Y+Czz7Go3KysAQ9+4c75cQSn+eq0JExYMIDJG1aoCXRkF6B3y+5RzYaxbtoZ
2BBzQXCf8Mfa8zPkgU5n2uVnvPsEq8r47ZI2ysW95dzQ+WkmOwH5MBbjyvX5W00v
OIiNNR+jgPZMYMDfhTupR1zz3g/Y1LmRLGnXOa6wY9lzmHGgqYF2leTKJQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFl4dWt5bYE7t9FEYmoCPyg8DGxqMB8GA1UdIwQY
MBaAFAgrMDy0nnPi0qQEWD1fg3fOsCVFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0Nzd1BMU2VjLUxTcEFSWVBWLURkODZ3SlVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC8zNDBlYjUtN2JlMC00YmM5LWJmMmQt
YjQ3M2NlNzgwN2NhLzEvV1hoMWEzbHRnVHUzMFVSaWFnSV9LRHdNYkdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC8zNDBlYjUtN2JlMC00YmM5LWJmMmQtYjQ3M2NlNzgwN2Nh
LzEvQ0Nzd1BMU2VjLUxTcEFSWVBWLURkODZ3SlVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDUEwAAwQA
uQ+JMA0EAgACMAcDBQAqAAzoMA0GCSqGSIb3DQEBCwUAA4IBAQB9bBSowzEJyQoL
U8NdQM+ag0pQhlpgs4Mhr8JuiDbW2pwCj8WseRhIcl2QclWKKxZFCTCItprHSBlW
WcXm1GMaI4mye1ZL54+2lkiWJDWTQzj65GPh3gotYdZQgKsFrLCCzPbjaQ1C12Q6
Y5m93ozwBZGrImbU7GAcRS9p1ZsoyxGzB1rrJSMW8ZkSG13YSpltpd20cXCyL+Er
FbMcBfc2mry05iC0DKtH8Gm/oOTedFwegB1bfTFQZDGFIhfQZMIKIq0ONtCGJcGO
ESFDgUSPRAkvV3ittiTfDhMkPUdEc7m7ighNpsDvtwC0dUWTEZJ9kaJM86Dp5qC7
zc+QFBxj
-----END CERTIFICATE-----