Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/1277ec-156a-46c4-9f03-e25751b3ffd5/1/r5nJTgvmGErgj92PgnmHG4Q55HQ.roa
File:                     r5nJTgvmGErgj92PgnmHG4Q55HQ.roa (raw, json)
Hash identifier:          6MNQfyzaahoWRGsiDwsnjFka/uy5pB/S92sxE6Waevs=
Subject key identifier:   AF:99:C9:4E:0B:E6:18:4A:E0:8F:DD:8F:82:79:87:1B:84:39:E4:74
Certificate issuer:       /CN=2cc25ff32918f0b49306259d483afb9e381a3915
Certificate serial:       019C6BC7A8989817FE6056D62692034630B2
Authority key identifier: 2C:C2:5F:F3:29:18:F0:B4:93:06:25:9D:48:3A:FB:9E:38:1A:39:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LMJf8ykY8LSTBiWdSDr7njgaORU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/1277ec-156a-46c4-9f03-e25751b3ffd5/1/r5nJTgvmGErgj92PgnmHG4Q55HQ.roa
Signing time:             Tue 17 Feb 2026 13:26:12 +0000
ROA not before:           Tue 17 Feb 2026 13:26:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211881
IP address blocks:        185.158.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/1277ec-156a-46c4-9f03-e25751b3ffd5/1/LMJf8ykY8LSTBiWdSDr7njgaORU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/1277ec-156a-46c4-9f03-e25751b3ffd5/1/LMJf8ykY8LSTBiWdSDr7njgaORU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LMJf8ykY8LSTBiWdSDr7njgaORU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6b:c7:a8:98:98:17:fe:60:56:d6:26:92:03:46:30:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2cc25ff32918f0b49306259d483afb9e381a3915
        Validity
            Not Before: Feb 17 13:26:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=af99c94e0be6184ae08fdd8f8279871b8439e474
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ae:aa:ce:cf:bb:45:98:fa:94:16:2f:45:81:
                    44:43:3d:82:91:86:e3:58:f7:57:8a:c3:3f:5e:42:
                    e1:e0:75:2a:a0:05:75:de:92:b7:c3:d8:07:ac:58:
                    3e:a6:04:7a:c5:a4:22:53:6f:17:b0:c5:f5:5b:c9:
                    f2:ff:18:64:3a:9b:c7:22:d1:38:ac:49:f2:1d:0b:
                    df:bc:88:c6:9d:83:71:a1:10:d8:36:c8:ed:0c:12:
                    21:97:ba:8e:4b:f4:25:15:75:05:44:f4:f1:4c:bb:
                    60:07:76:f4:64:d9:a8:e3:96:0e:56:5c:ee:9f:03:
                    b1:6c:58:35:d8:4d:00:dc:5d:c0:0e:fa:4e:0e:9f:
                    d9:58:a0:f3:ee:32:ee:d5:b4:4e:85:6b:88:8d:40:
                    56:68:8e:d0:b3:65:1d:61:9b:3e:5f:d8:4b:7d:cd:
                    ce:76:76:43:79:40:29:fd:ef:0c:61:5a:df:f3:ed:
                    ea:d4:77:e2:8e:29:c3:7b:62:89:4f:8c:b3:27:06:
                    13:c7:0b:8a:f1:30:d1:ed:f8:95:10:c6:10:57:89:
                    79:80:66:61:25:11:b1:a8:69:06:3c:84:9c:1a:2b:
                    88:10:b2:38:92:ca:26:cf:40:07:26:a4:05:fd:cd:
                    3b:14:e0:4b:cb:e5:1f:62:d8:0e:d0:5a:ea:4a:40:
                    25:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:99:C9:4E:0B:E6:18:4A:E0:8F:DD:8F:82:79:87:1B:84:39:E4:74
            X509v3 Authority Key Identifier:
                keyid:2C:C2:5F:F3:29:18:F0:B4:93:06:25:9D:48:3A:FB:9E:38:1A:39:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LMJf8ykY8LSTBiWdSDr7njgaORU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/1277ec-156a-46c4-9f03-e25751b3ffd5/1/r5nJTgvmGErgj92PgnmHG4Q55HQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/1277ec-156a-46c4-9f03-e25751b3ffd5/1/LMJf8ykY8LSTBiWdSDr7njgaORU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:a8:de:f9:03:1c:07:f0:7a:28:d6:03:19:4b:d0:f6:de:be:
         24:aa:e8:ca:7d:6a:be:9c:47:75:24:3e:62:22:57:f3:26:ad:
         cc:fc:f1:5a:a7:ee:c0:eb:6f:66:81:17:02:68:21:5a:91:66:
         c6:cb:06:2b:ae:d8:09:db:6c:59:3a:b3:ca:b7:fa:d3:82:b8:
         e5:2e:f7:5f:66:0e:7c:89:fc:06:c5:d1:81:7f:95:29:94:3f:
         77:4b:8d:95:d4:19:bb:84:56:63:a3:08:36:de:a2:0d:59:1d:
         43:5c:2a:3c:3a:e6:ce:5d:2e:17:1b:e1:8f:14:71:c6:0d:5e:
         be:9b:d0:8d:31:7a:1e:27:45:7e:9a:cf:ab:e2:68:a0:f1:1f:
         bc:bb:48:6c:50:07:f1:ea:dd:ca:23:32:34:2a:1b:dd:55:11:
         dc:ce:cb:be:b2:55:80:e3:ca:72:67:d5:5c:85:13:e5:fc:d6:
         e6:66:dd:03:bc:67:85:c6:a4:d3:01:c8:ff:a7:39:3e:71:02:
         60:79:be:a8:84:a7:e6:bf:e3:89:78:4a:89:b6:72:e2:37:a6:
         17:3b:de:ba:3d:00:c5:14:bf:b3:7c:06:55:93:8d:a8:fd:e3:
         af:76:04:f5:d8:7e:aa:30:2e:c4:6c:3b:3e:2c:7a:f5:a7:a3:
         f3:62:f6:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxrx6iYmBf+YFbWJpIDRjCyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjYzI1ZmYzMjkxOGYwYjQ5MzA2MjU5ZDQ4M2FmYjllMzgx
YTM5MTUwHhcNMjYwMjE3MTMyNjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjk5Yzk0ZTBiZTYxODRhZTA4ZmRkOGY4Mjc5ODcxYjg0MzllNDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAta6qzs+7RZj6lBYvRYFEQz2CkYbj
WPdXisM/XkLh4HUqoAV13pK3w9gHrFg+pgR6xaQiU28XsMX1W8ny/xhkOpvHItE4
rEnyHQvfvIjGnYNxoRDYNsjtDBIhl7qOS/QlFXUFRPTxTLtgB3b0ZNmo45YOVlzu
nwOxbFg12E0A3F3ADvpODp/ZWKDz7jLu1bROhWuIjUBWaI7Qs2UdYZs+X9hLfc3O
dnZDeUAp/e8MYVrf8+3q1HfijinDe2KJT4yzJwYTxwuK8TDR7fiVEMYQV4l5gGZh
JRGxqGkGPIScGiuIELI4ksomz0AHJqQF/c07FOBLy+UfYtgO0FrqSkAl7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK+ZyU4L5hhK4I/dj4J5hxuEOeR0MB8GA1UdIwQY
MBaAFCzCX/MpGPC0kwYlnUg6+544GjkVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTE1KZjh5a1k4TFNUQmlXZFNEcjduamdhT1JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8xMjc3ZWMtMTU2YS00NmM0LTlmMDMt
ZTI1NzUxYjNmZmQ1LzEvcjVuSlRndm1HRXJnajkyUGdubUhHNFE1NUhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS8xMjc3ZWMtMTU2YS00NmM0LTlmMDMtZTI1NzUxYjNmZmQ1
LzEvTE1KZjh5a1k4TFNUQmlXZFNEcjduamdhT1JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ6vMA0G
CSqGSIb3DQEBCwUAA4IBAQCaqN75AxwH8Hoo1gMZS9D23r4kqujKfWq+nEd1JD5i
IlfzJq3M/PFap+7A629mgRcCaCFakWbGywYrrtgJ22xZOrPKt/rTgrjlLvdfZg58
ifwGxdGBf5UplD93S42V1Bm7hFZjowg23qINWR1DXCo8OubOXS4XG+GPFHHGDV6+
m9CNMXoeJ0V+ms+r4mig8R+8u0hsUAfx6t3KIzI0KhvdVRHczsu+slWA48pyZ9Vc
hRPl/NbmZt0DvGeFxqTTAcj/pzk+cQJgeb6ohKfmv+OJeEqJtnLiN6YXO966PQDF
FL+zfAZVk42o/eOvdgT12H6qMC7EbDs+LHr1p6PzYvY2
-----END CERTIFICATE-----