Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/1Cbhm5Q8SrrKYeIFm9FmDpjDPv0.roa
File:                     1Cbhm5Q8SrrKYeIFm9FmDpjDPv0.roa (raw, json)
Hash identifier:          rNP5Ce/7PFqUSX09ZQDZG/krcOVkd/Q/rMGkvkaBBMQ=
Subject key identifier:   D4:26:E1:9B:94:3C:4A:BA:CA:61:E2:05:9B:D1:66:0E:98:C3:3E:FD
Certificate issuer:       /CN=0e3f31c9eace6f0a5eccdb8df2b01c7351568686
Certificate serial:       019C7BD2034BF32A908ECC32230FAD54093D
Authority key identifier: 0E:3F:31:C9:EA:CE:6F:0A:5E:CC:DB:8D:F2:B0:1C:73:51:56:86:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dj8xyerObwpezNuN8rAcc1FWhoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/1Cbhm5Q8SrrKYeIFm9FmDpjDPv0.roa
Signing time:             Fri 20 Feb 2026 16:11:26 +0000
ROA not before:           Fri 20 Feb 2026 16:11:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        185.170.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/Dj8xyerObwpezNuN8rAcc1FWhoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/Dj8xyerObwpezNuN8rAcc1FWhoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dj8xyerObwpezNuN8rAcc1FWhoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7b:d2:03:4b:f3:2a:90:8e:cc:32:23:0f:ad:54:09:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e3f31c9eace6f0a5eccdb8df2b01c7351568686
        Validity
            Not Before: Feb 20 16:11:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d426e19b943c4abaca61e2059bd1660e98c33efd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:9e:42:77:b1:8f:15:b3:fd:55:99:7b:31:6b:
                    2e:09:0e:2f:de:60:30:cd:b2:67:ad:7d:f7:09:b2:
                    f7:66:49:36:e7:91:d6:0c:f5:c6:57:35:94:89:d7:
                    b2:af:a1:40:04:42:56:85:d8:e7:73:50:27:a3:40:
                    85:24:68:e1:b2:60:c1:2f:28:7f:07:a7:06:db:45:
                    9c:99:7e:28:4f:3a:5c:ee:6d:a8:cc:f4:61:92:ef:
                    5f:d6:81:d5:3b:e1:72:3d:ce:1b:31:97:7a:be:bb:
                    ca:ae:d5:08:62:7c:79:66:04:f9:43:57:f5:b4:a8:
                    37:ce:4d:ab:4c:83:1e:43:80:7b:1b:1b:c4:df:c3:
                    4b:03:df:21:2e:2c:12:91:98:45:f9:4e:c1:66:10:
                    57:cc:fd:8b:33:05:97:24:c2:35:67:01:ea:d1:05:
                    c1:03:f4:3f:71:91:84:a7:90:96:14:26:dc:e6:44:
                    88:e0:32:13:b5:f8:fd:68:fa:b3:82:6e:a6:eb:e2:
                    98:6c:7e:29:6d:ad:ee:f5:1a:34:33:85:e2:70:5f:
                    02:65:6e:5a:5d:65:e1:44:e2:4e:0e:ac:c5:0e:eb:
                    d2:85:ff:2a:68:6a:56:17:c9:42:dd:b8:a0:04:ad:
                    21:f9:9a:b7:ec:0e:de:d3:fa:0e:51:61:f1:14:c9:
                    f3:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:26:E1:9B:94:3C:4A:BA:CA:61:E2:05:9B:D1:66:0E:98:C3:3E:FD
            X509v3 Authority Key Identifier:
                keyid:0E:3F:31:C9:EA:CE:6F:0A:5E:CC:DB:8D:F2:B0:1C:73:51:56:86:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dj8xyerObwpezNuN8rAcc1FWhoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/1Cbhm5Q8SrrKYeIFm9FmDpjDPv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/Dj8xyerObwpezNuN8rAcc1FWhoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:71:92:53:46:e0:d7:b4:40:f5:01:e4:6c:31:2e:21:14:a0:
         98:c6:54:f4:f2:aa:f3:88:32:60:d5:d5:95:30:68:fb:60:53:
         80:a6:86:d2:a7:0b:ac:51:ab:f4:b7:d5:dd:fe:0a:5c:d6:4a:
         e2:4c:cf:5e:85:c4:f2:ee:6c:0f:65:14:0b:f5:7c:cd:51:76:
         14:73:ec:f7:51:66:6b:63:b1:f0:a7:79:7a:72:64:5b:d9:9c:
         e7:d1:d9:cf:9a:70:e1:5e:3a:cb:84:d1:ee:1e:a0:22:28:9e:
         73:60:65:48:cc:0b:72:43:4b:4b:e4:cb:7f:6d:80:49:10:01:
         ee:1f:30:54:a8:cf:81:3b:32:47:f2:a3:fa:f4:9d:e8:44:c7:
         a7:6a:08:e7:12:c8:00:7a:ce:51:8d:b6:77:0f:c3:ae:0a:84:
         a2:37:b3:91:1d:17:f4:9c:5a:9c:3b:db:f7:bd:d3:01:12:80:
         4e:cf:08:68:b8:4f:27:0c:c0:0a:c6:93:3d:0f:0d:21:de:b8:
         3c:da:85:5f:b8:79:d2:87:97:82:ff:55:36:ee:6a:b6:3d:f2:
         0b:ff:c7:5e:7d:0b:f6:ec:06:91:9d:0a:4b:93:ec:fa:37:54:
         c1:2b:c8:0b:33:d2:20:95:be:2a:ea:fc:10:5f:d2:5a:c9:df:
         4d:0e:10:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx70gNL8yqQjswyIw+tVAk9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlM2YzMWM5ZWFjZTZmMGE1ZWNjZGI4ZGYyYjAxYzczNTE1
Njg2ODYwHhcNMjYwMjIwMTYxMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDI2ZTE5Yjk0M2M0YWJhY2E2MWUyMDU5YmQxNjYwZTk4YzMzZWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu55Cd7GPFbP9VZl7MWsuCQ4v3mAw
zbJnrX33CbL3Zkk255HWDPXGVzWUideyr6FABEJWhdjnc1Ano0CFJGjhsmDBLyh/
B6cG20WcmX4oTzpc7m2ozPRhku9f1oHVO+FyPc4bMZd6vrvKrtUIYnx5ZgT5Q1f1
tKg3zk2rTIMeQ4B7GxvE38NLA98hLiwSkZhF+U7BZhBXzP2LMwWXJMI1ZwHq0QXB
A/Q/cZGEp5CWFCbc5kSI4DITtfj9aPqzgm6m6+KYbH4pba3u9Ro0M4XicF8CZW5a
XWXhROJODqzFDuvShf8qaGpWF8lC3bigBK0h+Zq37A7e0/oOUWHxFMnzQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNQm4ZuUPEq6ymHiBZvRZg6Ywz79MB8GA1UdIwQY
MBaAFA4/Mcnqzm8KXszbjfKwHHNRVoaGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGo4eHllck9id3Blek51TjhyQWNjMUZXaG9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9hNmRkYTEtMWI4Ny00ZWMzLTkzOGYt
ZGQ1ZGRkMDVkYjBiLzEvMUNiaG01UThTcnJLWWVJRm05Rm1EcGpEUHYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9hNmRkYTEtMWI4Ny00ZWMzLTkzOGYtZGQ1ZGRkMDVkYjBi
LzEvRGo4eHllck9id3Blek51TjhyQWNjMUZXaG9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaqQMA0G
CSqGSIb3DQEBCwUAA4IBAQB7cZJTRuDXtED1AeRsMS4hFKCYxlT08qrziDJg1dWV
MGj7YFOApobSpwusUav0t9Xd/gpc1kriTM9ehcTy7mwPZRQL9XzNUXYUc+z3UWZr
Y7Hwp3l6cmRb2Zzn0dnPmnDhXjrLhNHuHqAiKJ5zYGVIzAtyQ0tL5Mt/bYBJEAHu
HzBUqM+BOzJH8qP69J3oRMenagjnEsgAes5RjbZ3D8OuCoSiN7ORHRf0nFqcO9v3
vdMBEoBOzwhouE8nDMAKxpM9Dw0h3rg82oVfuHnSh5eC/1U27mq2PfIL/8defQv2
7AaRnQpLk+z6N1TBK8gLM9Iglb4q6vwQX9Jayd9NDhDh
-----END CERTIFICATE-----