Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/853b38-ee47-404c-a399-cc1a7ccab702/1/qaTAqrI1fUHmVwthqrZ_p4zXwY0.roa
File:                     qaTAqrI1fUHmVwthqrZ_p4zXwY0.roa (raw, json)
Hash identifier:          HUrv9uurkx2++8ILE32eKLmOAxI79xmY3LBCL4R3hHA=
Subject key identifier:   A9:A4:C0:AA:B2:35:7D:41:E6:57:0B:61:AA:B6:7F:A7:8C:D7:C1:8D
Certificate issuer:       /CN=ae25eaaf91a1662c96fbef9de4c5fa1e1d087497
Certificate serial:       019C4753B13AFB7C39CB699D4C9952A556BF
Authority key identifier: AE:25:EA:AF:91:A1:66:2C:96:FB:EF:9D:E4:C5:FA:1E:1D:08:74:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/riXqr5GhZiyW---d5MX6Hh0IdJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/853b38-ee47-404c-a399-cc1a7ccab702/1/qaTAqrI1fUHmVwthqrZ_p4zXwY0.roa
Signing time:             Tue 10 Feb 2026 11:33:12 +0000
ROA not before:           Tue 10 Feb 2026 11:33:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     393406
IP address blocks:        195.149.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/853b38-ee47-404c-a399-cc1a7ccab702/1/riXqr5GhZiyW---d5MX6Hh0IdJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/853b38-ee47-404c-a399-cc1a7ccab702/1/riXqr5GhZiyW---d5MX6Hh0IdJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/riXqr5GhZiyW---d5MX6Hh0IdJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 02:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:47:53:b1:3a:fb:7c:39:cb:69:9d:4c:99:52:a5:56:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae25eaaf91a1662c96fbef9de4c5fa1e1d087497
        Validity
            Not Before: Feb 10 11:33:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a9a4c0aab2357d41e6570b61aab67fa78cd7c18d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:d7:0d:6b:bc:0d:30:d7:8f:16:d4:f8:ad:c8:
                    ef:ca:2f:47:d3:84:73:94:11:08:c8:a1:26:2d:6b:
                    7c:04:1d:8a:6b:ae:b1:3f:52:f8:7e:b9:70:69:cb:
                    b8:e4:9b:8d:d0:08:51:7c:7d:42:fa:6f:af:f2:37:
                    5d:53:61:cf:9c:98:92:e8:61:84:e9:78:b0:64:ab:
                    42:8f:97:fc:56:aa:32:22:fc:53:5e:94:44:6e:4c:
                    55:55:24:21:f9:a0:37:bf:c2:93:93:62:c5:d5:fb:
                    f2:f1:57:a1:30:e3:c1:67:60:ea:5f:54:f2:8c:27:
                    5a:3f:6d:b8:40:bf:0d:dc:d1:ff:11:fd:ba:05:5f:
                    85:1f:ca:0d:02:4f:1a:61:f2:02:5f:88:bc:0b:a3:
                    b3:b1:23:1e:86:fb:15:1e:2b:44:11:0f:20:98:be:
                    bb:ac:6a:12:bc:48:6d:c5:1f:48:94:2e:f5:52:fe:
                    e7:6e:b3:1d:62:6e:c0:1a:96:50:65:58:1d:8f:7a:
                    41:b4:8a:f9:14:d4:aa:d0:4d:03:ba:6c:d3:a6:12:
                    7e:a1:92:dd:3d:bd:f9:a3:a6:05:bd:67:f3:cf:13:
                    3e:2a:e2:2f:97:5f:48:06:5d:99:d6:68:f1:c6:9a:
                    e4:f7:2e:a5:01:4a:85:91:04:ef:28:0e:2a:91:f9:
                    1d:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:A4:C0:AA:B2:35:7D:41:E6:57:0B:61:AA:B6:7F:A7:8C:D7:C1:8D
            X509v3 Authority Key Identifier:
                keyid:AE:25:EA:AF:91:A1:66:2C:96:FB:EF:9D:E4:C5:FA:1E:1D:08:74:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/riXqr5GhZiyW---d5MX6Hh0IdJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/853b38-ee47-404c-a399-cc1a7ccab702/1/qaTAqrI1fUHmVwthqrZ_p4zXwY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/853b38-ee47-404c-a399-cc1a7ccab702/1/riXqr5GhZiyW---d5MX6Hh0IdJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.149.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:ac:0f:d5:a4:1c:fe:c3:fc:06:98:9c:e4:9d:07:c2:eb:ca:
         51:7c:c5:4d:ca:75:a1:bf:82:df:8d:eb:11:1e:6d:1c:4e:17:
         c9:a6:b8:48:97:3b:4b:1a:8a:bb:d6:10:71:d3:f7:b8:8f:ef:
         34:ad:3d:ba:6a:f3:4f:56:c1:b4:1c:cd:e4:59:c6:bd:17:e0:
         9e:72:d1:09:ce:40:4d:d9:d1:55:6a:7c:39:c5:3e:6c:eb:a4:
         93:fc:6b:8e:71:c8:96:3f:4d:37:de:38:7d:06:0d:d9:12:97:
         84:ee:43:eb:5f:dd:63:8e:45:f1:a0:c7:7b:29:ac:52:3f:51:
         b1:bf:1b:71:7b:d6:67:c2:0b:c6:d8:77:4f:f7:ea:0b:bd:8f:
         36:ca:d1:ef:c6:81:69:30:0f:4f:6b:79:e2:2d:5f:48:6b:6b:
         66:be:cd:47:51:7e:3a:34:08:90:20:da:11:f7:ce:56:bc:df:
         74:73:63:39:04:40:be:e1:84:ae:19:7d:a3:71:94:fc:df:93:
         b8:cc:6b:c2:41:34:62:38:75:ba:e1:74:db:c3:4b:54:5e:f6:
         0f:4f:48:35:86:86:9b:db:ac:20:f2:1f:25:62:0f:b6:dd:30:
         16:e9:da:1e:7e:04:af:6c:9a:98:c4:fe:bd:7d:9a:32:8b:a2:
         28:7d:70:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxHU7E6+3w5y2mdTJlSpVa/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlMjVlYWFmOTFhMTY2MmM5NmZiZWY5ZGU0YzVmYTFlMWQw
ODc0OTcwHhcNMjYwMjEwMTEzMzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWE0YzBhYWIyMzU3ZDQxZTY1NzBiNjFhYWI2N2ZhNzhjZDdjMThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9cNa7wNMNePFtT4rcjvyi9H04Rz
lBEIyKEmLWt8BB2Ka66xP1L4frlwacu45JuN0AhRfH1C+m+v8jddU2HPnJiS6GGE
6XiwZKtCj5f8VqoyIvxTXpREbkxVVSQh+aA3v8KTk2LF1fvy8VehMOPBZ2DqX1Ty
jCdaP224QL8N3NH/Ef26BV+FH8oNAk8aYfICX4i8C6OzsSMehvsVHitEEQ8gmL67
rGoSvEhtxR9IlC71Uv7nbrMdYm7AGpZQZVgdj3pBtIr5FNSq0E0DumzTphJ+oZLd
Pb35o6YFvWfzzxM+KuIvl19IBl2Z1mjxxprk9y6lAUqFkQTvKA4qkfkdowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKmkwKqyNX1B5lcLYaq2f6eM18GNMB8GA1UdIwQY
MBaAFK4l6q+RoWYslvvvneTF+h4dCHSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmlYcXI1R2haaXlXLS0tZDVNWDZIaDBJZEpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC84NTNiMzgtZWU0Ny00MDRjLWEzOTkt
Y2MxYTdjY2FiNzAyLzEvcWFUQXFySTFmVUhtVnd0aHFyWl9wNHpYd1kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC84NTNiMzgtZWU0Ny00MDRjLWEzOTktY2MxYTdjY2FiNzAy
LzEvcmlYcXI1R2haaXlXLS0tZDVNWDZIaDBJZEpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5VyMA0G
CSqGSIb3DQEBCwUAA4IBAQByrA/VpBz+w/wGmJzknQfC68pRfMVNynWhv4LfjesR
Hm0cThfJprhIlztLGoq71hBx0/e4j+80rT26avNPVsG0HM3kWca9F+CectEJzkBN
2dFVanw5xT5s66ST/GuOcciWP0033jh9Bg3ZEpeE7kPrX91jjkXxoMd7KaxSP1Gx
vxtxe9ZnwgvG2HdP9+oLvY82ytHvxoFpMA9Pa3niLV9Ia2tmvs1HUX46NAiQINoR
985WvN90c2M5BEC+4YSuGX2jcZT835O4zGvCQTRiOHW64XTbw0tUXvYPT0g1hoab
26wg8h8lYg+23TAW6doefgSvbJqYxP69fZoyi6IofXBu
-----END CERTIFICATE-----