Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/9c7ce4-2cd4-4854-8840-b0fe9221efb7/1/9xmBM7L_OxbERlsRfyJd0cq_X64.roa
File:                     9xmBM7L_OxbERlsRfyJd0cq_X64.roa (raw, json)
Hash identifier:          eKCgpHNS7X6MicYQsrZGeTzZ5yIaoRnXGdc8m8M+l4U=
Subject key identifier:   F7:19:81:33:B2:FF:3B:16:C4:46:5B:11:7F:22:5D:D1:CA:BF:5F:AE
Certificate issuer:       /CN=c4990ec20111f42fb62f39a81c7392a921955bf2
Certificate serial:       019C7A68B0CECA26C0825242D29946EA71DE
Authority key identifier: C4:99:0E:C2:01:11:F4:2F:B6:2F:39:A8:1C:73:92:A9:21:95:5B:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xJkOwgER9C-2LzmoHHOSqSGVW_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/9c7ce4-2cd4-4854-8840-b0fe9221efb7/1/9xmBM7L_OxbERlsRfyJd0cq_X64.roa
Signing time:             Fri 20 Feb 2026 09:36:47 +0000
ROA not before:           Fri 20 Feb 2026 09:36:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199585
IP address blocks:        45.158.108.0/22 maxlen: 24
                          81.162.208.0/21 maxlen: 24
                          194.93.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/9c7ce4-2cd4-4854-8840-b0fe9221efb7/1/xJkOwgER9C-2LzmoHHOSqSGVW_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/9c7ce4-2cd4-4854-8840-b0fe9221efb7/1/xJkOwgER9C-2LzmoHHOSqSGVW_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xJkOwgER9C-2LzmoHHOSqSGVW_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7a:68:b0:ce:ca:26:c0:82:52:42:d2:99:46:ea:71:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4990ec20111f42fb62f39a81c7392a921955bf2
        Validity
            Not Before: Feb 20 09:36:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f7198133b2ff3b16c4465b117f225dd1cabf5fae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:24:1a:08:f5:e5:bc:62:ae:63:9e:7b:3c:f6:
                    9f:f5:6f:ed:a7:4b:33:96:53:e0:48:27:70:d3:cf:
                    2c:6f:a3:f9:de:23:7f:0d:0f:65:ea:75:0e:31:85:
                    9e:34:2c:e8:f9:01:f0:23:24:0f:2b:0e:3a:60:7e:
                    58:28:12:ea:25:91:fb:92:cf:51:41:0e:87:52:4b:
                    27:89:92:09:ba:ab:4b:ef:a5:99:78:52:6d:7d:3a:
                    a2:9e:68:a5:6d:89:eb:62:54:a5:f1:65:1b:ca:71:
                    83:1d:af:4c:4e:12:10:bc:59:5a:0d:e9:7c:3e:8c:
                    6e:c6:91:06:40:b6:95:90:97:b4:36:6a:f7:cb:1b:
                    b8:23:e2:21:e8:18:62:0b:d6:32:1d:94:ec:1c:43:
                    66:25:6b:b2:ef:e7:1a:b4:e3:24:37:ca:e4:8f:eb:
                    65:f9:93:9d:08:1c:98:b9:69:f1:c5:5c:71:e8:4b:
                    2b:6e:1b:7f:be:29:4b:a0:43:77:95:e0:bc:d6:e6:
                    67:ba:27:36:40:44:eb:2e:16:2d:8a:c8:9f:bd:18:
                    a9:8e:c8:85:0c:6c:21:ce:0f:43:9d:5b:74:e4:88:
                    61:56:00:44:02:35:c1:d7:4b:9e:4f:74:cb:df:6a:
                    e2:01:9d:3d:0a:c5:ad:5b:5e:45:2c:08:82:5a:6d:
                    e7:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:19:81:33:B2:FF:3B:16:C4:46:5B:11:7F:22:5D:D1:CA:BF:5F:AE
            X509v3 Authority Key Identifier:
                keyid:C4:99:0E:C2:01:11:F4:2F:B6:2F:39:A8:1C:73:92:A9:21:95:5B:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xJkOwgER9C-2LzmoHHOSqSGVW_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/9c7ce4-2cd4-4854-8840-b0fe9221efb7/1/9xmBM7L_OxbERlsRfyJd0cq_X64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/9c7ce4-2cd4-4854-8840-b0fe9221efb7/1/xJkOwgER9C-2LzmoHHOSqSGVW_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.108.0/22
                  81.162.208.0/21
                  194.93.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:f2:90:82:5b:a4:6d:6d:94:d2:eb:17:29:1b:79:fc:91:35:
         8b:18:b2:72:d3:f0:69:d8:b3:49:9b:21:d8:7e:d9:6a:88:5f:
         ac:4d:08:b8:3a:ae:8a:cc:a0:cb:de:c2:4e:18:58:f7:23:ca:
         06:e4:3b:fe:82:22:ef:1a:4a:ca:0c:d7:bf:a7:aa:74:bf:29:
         ba:9c:de:4a:cd:a2:f8:11:3a:f2:0a:67:ff:e3:6d:bd:18:d9:
         27:35:0f:66:34:49:c3:3e:da:ed:88:8a:9e:3a:0d:8c:a5:4d:
         a2:85:d4:b0:a7:bb:55:52:6a:ad:6f:17:c7:83:cf:f5:93:be:
         1e:59:18:1f:9b:13:b4:7c:ec:9c:e8:0b:67:f4:84:5d:44:02:
         96:52:e7:02:ad:50:ef:67:00:3a:41:26:6e:41:31:42:9b:10:
         15:87:ff:9c:ec:1f:27:ba:91:e2:6e:45:b5:b9:1c:69:fe:71:
         12:f4:c3:87:9d:de:7b:72:5f:c3:66:fd:3a:c8:ef:f6:66:61:
         3c:e2:72:56:35:c6:22:1b:c1:d5:12:f5:65:44:20:f4:13:f6:
         b0:a6:51:52:b0:c9:dc:94:54:1d:c0:e1:c9:bc:64:c8:34:72:
         6e:1a:18:19:01:4c:ab:56:1b:73:f7:1d:f9:83:19:c2:2a:74:
         e2:e0:3e:c5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZx6aLDOyibAglJC0plG6nHeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0OTkwZWMyMDExMWY0MmZiNjJmMzlhODFjNzM5MmE5MjE5
NTViZjIwHhcNMjYwMjIwMDkzNjQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzE5ODEzM2IyZmYzYjE2YzQ0NjViMTE3ZjIyNWRkMWNhYmY1ZmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyQaCPXlvGKuY557PPaf9W/tp0sz
llPgSCdw088sb6P53iN/DQ9l6nUOMYWeNCzo+QHwIyQPKw46YH5YKBLqJZH7ks9R
QQ6HUksniZIJuqtL76WZeFJtfTqinmilbYnrYlSl8WUbynGDHa9MThIQvFlaDel8
PoxuxpEGQLaVkJe0Nmr3yxu4I+Ih6BhiC9YyHZTsHENmJWuy7+catOMkN8rkj+tl
+ZOdCByYuWnxxVxx6Esrbht/vilLoEN3leC81uZnuic2QETrLhYtisifvRipjsiF
DGwhzg9DnVt05IhhVgBEAjXB10ueT3TL32riAZ09CsWtW15FLAiCWm3n/wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPcZgTOy/zsWxEZbEX8iXdHKv1+uMB8GA1UdIwQY
MBaAFMSZDsIBEfQvti85qBxzkqkhlVvyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEprT3dnRVI5Qy0yTHptb0hIT1NxU0dWV19JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS85YzdjZTQtMmNkNC00ODU0LTg4NDAt
YjBmZTkyMjFlZmI3LzEvOXhtQk03TF9PeGJFUmxzUmZ5SmQwY3FfWDY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS85YzdjZTQtMmNkNC00ODU0LTg4NDAtYjBmZTkyMjFlZmI3
LzEveEprT3dnRVI5Qy0yTHptb0hIT1NxU0dWV19JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLZ5sAwQD
UaLQAwQAwl1jMA0GCSqGSIb3DQEBCwUAA4IBAQAP8pCCW6RtbZTS6xcpG3n8kTWL
GLJy0/Bp2LNJmyHYftlqiF+sTQi4Oq6KzKDL3sJOGFj3I8oG5Dv+giLvGkrKDNe/
p6p0vym6nN5KzaL4ETryCmf/4229GNknNQ9mNEnDPtrtiIqeOg2MpU2ihdSwp7tV
UmqtbxfHg8/1k74eWRgfmxO0fOyc6Atn9IRdRAKWUucCrVDvZwA6QSZuQTFCmxAV
h/+c7B8nupHibkW1uRxp/nES9MOHnd57cl/DZv06yO/2ZmE84nJWNcYiG8HVEvVl
RCD0E/awplFSsMnclFQdwOHJvGTINHJuGhgZAUyrVhtz9x35gxnCKnTi4D7F
-----END CERTIFICATE-----