Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/JTNrzrMbF0rtM3etK8qhhUHsIPc.roa
File:                     JTNrzrMbF0rtM3etK8qhhUHsIPc.roa (raw, json)
Hash identifier:          eQqC1omyD5cbFjIxbMulGkPRGVEXmVkRq54g+dwNUe8=
Subject key identifier:   25:33:6B:CE:B3:1B:17:4A:ED:33:77:AD:2B:CA:A1:85:41:EC:20:F7
Certificate issuer:       /CN=e754c347d68d15493de71bb962f0a567e134d603
Certificate serial:       019C6BEA73B3823894929BF89366DDA86433
Authority key identifier: E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/JTNrzrMbF0rtM3etK8qhhUHsIPc.roa
Signing time:             Tue 17 Feb 2026 14:04:13 +0000
ROA not before:           Tue 17 Feb 2026 14:04:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210703
IP address blocks:        45.43.90.0/23 maxlen: 24
                          45.43.90.0/24 maxlen: 24
                          45.43.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6b:ea:73:b3:82:38:94:92:9b:f8:93:66:dd:a8:64:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e754c347d68d15493de71bb962f0a567e134d603
        Validity
            Not Before: Feb 17 14:04:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=25336bceb31b174aed3377ad2bcaa18541ec20f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:6b:92:7b:b1:fd:e8:d1:2b:89:aa:d8:b0:95:
                    af:5d:38:c5:4c:d7:1e:f8:c2:57:65:ad:44:29:33:
                    db:7f:37:43:b5:a2:8a:fb:e0:7f:ff:ac:e6:ec:ae:
                    49:be:89:50:e3:07:4d:01:17:95:7a:73:2e:13:fc:
                    1e:3d:0f:a1:52:60:a5:26:61:d4:5b:84:de:17:34:
                    48:c1:6a:e3:e5:74:41:38:09:88:bd:b7:5a:51:01:
                    3d:d8:bc:16:26:1e:d0:5d:1f:c4:9a:10:b6:98:73:
                    bf:fe:a3:5d:4a:37:d8:44:8b:19:b8:de:ef:9d:26:
                    6f:c2:52:7c:99:cc:28:ee:34:64:e4:0a:5b:9b:ed:
                    c0:42:02:91:5b:d2:1d:7a:c6:69:05:34:aa:35:69:
                    ea:46:56:a0:ed:ee:6e:3e:e7:d3:1d:cc:82:30:e9:
                    c4:67:05:7f:cd:0e:50:2b:45:24:38:88:6f:ba:bc:
                    4d:3e:25:be:5a:9c:e4:33:85:23:69:d7:38:d9:46:
                    6f:e9:a1:9c:e8:06:f7:d5:d5:b2:5a:0b:da:b2:94:
                    4c:4f:cd:db:1f:f1:c2:14:bc:50:e4:b7:e2:33:81:
                    04:07:5e:c5:78:07:4f:2f:66:41:60:b1:59:4c:6e:
                    bd:12:99:38:fa:f6:4b:ad:f5:df:ac:85:d0:d5:c4:
                    33:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:33:6B:CE:B3:1B:17:4A:ED:33:77:AD:2B:CA:A1:85:41:EC:20:F7
            X509v3 Authority Key Identifier:
                keyid:E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/JTNrzrMbF0rtM3etK8qhhUHsIPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.90.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:9d:e7:03:38:53:2b:fb:09:24:9d:52:69:ce:15:ec:73:22:
         00:6e:d7:6c:2e:98:f2:8d:d8:10:d8:6f:31:88:5e:57:94:4f:
         56:b6:25:a8:c8:c0:0f:d9:c2:c2:d7:28:f1:19:be:fc:0f:6b:
         81:76:85:c0:0b:18:51:57:cb:54:9d:e5:55:5f:8e:4d:2d:b5:
         14:40:4c:0e:4b:fe:ef:dd:15:e3:90:27:99:49:28:c1:b6:e0:
         c4:2c:8e:27:f3:ee:e3:36:5b:ec:ee:2b:3c:5d:0d:51:01:09:
         bb:88:86:e5:ab:cc:36:a2:20:f4:9d:51:5d:e7:2b:a7:33:0e:
         b8:39:de:2c:46:5b:f8:52:fe:88:be:85:c7:46:80:c3:77:8b:
         b8:cd:7b:ca:28:56:94:81:1c:b5:aa:e3:01:e9:ea:f4:e8:c2:
         85:0f:a2:3b:07:a7:61:40:f2:05:79:5c:51:8f:bc:af:a0:1d:
         30:c0:5a:8c:06:97:86:3d:a0:2d:fc:06:e5:18:56:d8:e4:a0:
         34:f6:b0:d9:cf:47:02:6c:ed:00:96:68:4d:fd:b2:5e:dc:ba:
         c0:3b:c4:9c:cf:fc:6c:e4:cc:9a:99:f5:72:dd:b3:0e:08:f0:
         43:d8:4a:70:b0:b3:be:82:ad:6f:cc:c2:4e:4a:f0:7f:a0:2b:
         cc:90:1f:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxr6nOzgjiUkpv4k2bdqGQzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NTRjMzQ3ZDY4ZDE1NDkzZGU3MWJiOTYyZjBhNTY3ZTEz
NGQ2MDMwHhcNMjYwMjE3MTQwNDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTMzNmJjZWIzMWIxNzRhZWQzMzc3YWQyYmNhYTE4NTQxZWMyMGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2uSe7H96NEriarYsJWvXTjFTNce
+MJXZa1EKTPbfzdDtaKK++B//6zm7K5JvolQ4wdNAReVenMuE/wePQ+hUmClJmHU
W4TeFzRIwWrj5XRBOAmIvbdaUQE92LwWJh7QXR/EmhC2mHO//qNdSjfYRIsZuN7v
nSZvwlJ8mcwo7jRk5Apbm+3AQgKRW9IdesZpBTSqNWnqRlag7e5uPufTHcyCMOnE
ZwV/zQ5QK0UkOIhvurxNPiW+WpzkM4Ujadc42UZv6aGc6Ab31dWyWgvaspRMT83b
H/HCFLxQ5LfiM4EEB17FeAdPL2ZBYLFZTG69Epk4+vZLrfXfrIXQ1cQznwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCUza86zGxdK7TN3rSvKoYVB7CD3MB8GA1UdIwQY
MBaAFOdUw0fWjRVJPecbuWLwpWfhNNYDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2It
MzdiNjJkMjIzOTI0LzEvSlROcnpyTWJGMHJ0TTNldEs4cWhoVUhzSVBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2ItMzdiNjJkMjIzOTI0
LzEvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLStaMA0G
CSqGSIb3DQEBCwUAA4IBAQAhnecDOFMr+wkknVJpzhXscyIAbtdsLpjyjdgQ2G8x
iF5XlE9WtiWoyMAP2cLC1yjxGb78D2uBdoXACxhRV8tUneVVX45NLbUUQEwOS/7v
3RXjkCeZSSjBtuDELI4n8+7jNlvs7is8XQ1RAQm7iIblq8w2oiD0nVFd5yunMw64
Od4sRlv4Uv6IvoXHRoDDd4u4zXvKKFaUgRy1quMB6er06MKFD6I7B6dhQPIFeVxR
j7yvoB0wwFqMBpeGPaAt/AblGFbY5KA09rDZz0cCbO0AlmhN/bJe3LrAO8Scz/xs
5MyamfVy3bMOCPBD2EpwsLO+gq1vzMJOSvB/oCvMkB/l
-----END CERTIFICATE-----