Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/8ff697-57fc-40ff-8a53-68c849277d73/1/fzKhZS7tgEqUrdZvJWQiBhGYXjs.roa
File:                     fzKhZS7tgEqUrdZvJWQiBhGYXjs.roa (raw, json)
Hash identifier:          oNIwrLOUrwNgDI/YRh0BOg1IxHhuOn9PuGYKfadJj30=
Subject key identifier:   7F:32:A1:65:2E:ED:80:4A:94:AD:D6:6F:25:64:22:06:11:98:5E:3B
Certificate issuer:       /CN=0a70202c312dd2c7a6ffc317aa86e4e2069249a6
Certificate serial:       019C4F4A927257C6C4387C2CAE67220AA93D
Authority key identifier: 0A:70:20:2C:31:2D:D2:C7:A6:FF:C3:17:AA:86:E4:E2:06:92:49:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CnAgLDEt0sem_8MXqobk4gaSSaY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/8ff697-57fc-40ff-8a53-68c849277d73/1/fzKhZS7tgEqUrdZvJWQiBhGYXjs.roa
Signing time:             Thu 12 Feb 2026 00:40:13 +0000
ROA not before:           Thu 12 Feb 2026 00:40:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199834
IP address blocks:        185.141.26.0/24 maxlen: 24
                          185.188.31.0/24 maxlen: 24
                          2001:37c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/8ff697-57fc-40ff-8a53-68c849277d73/1/CnAgLDEt0sem_8MXqobk4gaSSaY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/8ff697-57fc-40ff-8a53-68c849277d73/1/CnAgLDEt0sem_8MXqobk4gaSSaY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CnAgLDEt0sem_8MXqobk4gaSSaY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4f:4a:92:72:57:c6:c4:38:7c:2c:ae:67:22:0a:a9:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a70202c312dd2c7a6ffc317aa86e4e2069249a6
        Validity
            Not Before: Feb 12 00:40:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7f32a1652eed804a94add66f2564220611985e3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:cc:8f:4a:96:9e:b0:e8:da:ea:4b:87:80:19:
                    fb:ad:a0:67:c2:85:20:c7:ef:0c:77:cb:90:92:58:
                    10:88:ca:fa:45:8f:14:71:5b:9a:86:70:71:20:4d:
                    cb:fa:f0:5e:57:21:a1:62:07:05:57:ca:37:47:0f:
                    3b:51:c0:be:ae:aa:32:ed:44:cc:b2:76:95:ea:04:
                    28:43:1c:9b:4e:63:6b:64:2b:b1:b8:c8:3b:f1:65:
                    60:e4:0c:0d:d7:65:13:19:8d:eb:e9:1f:4c:da:a4:
                    2b:a2:7b:bb:02:f7:54:59:82:2a:4d:c0:f6:a4:e8:
                    7d:b3:32:f9:0f:1c:a6:49:27:5b:c2:06:c3:a4:e2:
                    eb:10:04:29:0f:b9:26:9b:ea:71:64:d3:be:74:22:
                    8d:11:a3:86:3a:2a:d0:14:67:03:d3:74:1a:65:9b:
                    f3:fa:eb:31:56:b3:63:9d:0f:3d:d3:f4:79:79:90:
                    c6:bd:3a:d5:7f:b4:c0:13:9f:e7:5a:5d:ad:fe:41:
                    3d:97:1f:38:60:90:00:0b:c2:f6:a8:2f:32:5c:ee:
                    4f:04:36:4d:37:e3:09:e5:61:8b:02:bb:28:bd:80:
                    16:2d:da:83:9e:f3:4c:d3:f2:19:7b:48:b6:81:68:
                    39:06:14:2a:b9:fa:4b:d3:74:ee:f2:28:a8:55:e9:
                    ef:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:32:A1:65:2E:ED:80:4A:94:AD:D6:6F:25:64:22:06:11:98:5E:3B
            X509v3 Authority Key Identifier:
                keyid:0A:70:20:2C:31:2D:D2:C7:A6:FF:C3:17:AA:86:E4:E2:06:92:49:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CnAgLDEt0sem_8MXqobk4gaSSaY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/8ff697-57fc-40ff-8a53-68c849277d73/1/fzKhZS7tgEqUrdZvJWQiBhGYXjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/8ff697-57fc-40ff-8a53-68c849277d73/1/CnAgLDEt0sem_8MXqobk4gaSSaY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.26.0/24
                  185.188.31.0/24
                IPv6:
                  2001:37c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         46:bd:9b:1a:1c:4e:c9:38:e1:88:5e:d2:a4:25:cc:c5:24:d0:
         41:33:ae:ad:07:d4:11:b7:93:97:98:9d:fd:aa:64:b2:dc:cf:
         a9:b2:32:8d:e5:ff:a5:d5:ed:d1:b3:7a:3b:ea:d3:50:86:70:
         63:04:c4:ec:17:9b:b0:48:c1:1b:3c:f4:87:f2:1a:24:19:9b:
         b6:c1:80:e4:87:ae:21:f9:14:34:29:02:49:89:ba:41:3e:43:
         e5:b1:85:76:0c:65:26:60:59:b4:5d:2d:8d:10:7c:7a:96:4b:
         05:88:05:f1:76:90:53:ab:d5:93:d8:bd:7b:b0:d9:20:bb:a5:
         e3:80:4d:99:5a:23:46:3a:e2:83:70:cc:ba:b7:80:dc:f0:fe:
         ea:4d:10:d5:20:e1:6a:61:c7:79:5a:5d:13:6f:96:52:8f:fa:
         c7:55:52:bd:5b:19:a3:b0:c0:04:0a:24:2a:50:f3:eb:3a:24:
         ea:95:c9:74:5a:5e:a1:b3:d6:3c:fb:7a:7c:86:52:67:92:d5:
         bf:0c:b1:01:a6:a4:74:5d:49:2a:da:69:9e:32:81:75:fe:38:
         c2:ae:2d:78:74:84:0a:c4:cb:7f:cf:a8:43:26:0a:eb:4a:4e:
         c8:a1:94:de:24:f9:fa:39:29:f5:62:21:82:8f:5c:97:c0:76:
         ff:00:7a:9b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZxPSpJyV8bEOHwsrmciCqk9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNzAyMDJjMzEyZGQyYzdhNmZmYzMxN2FhODZlNGUyMDY5
MjQ5YTYwHhcNMjYwMjEyMDA0MDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjMyYTE2NTJlZWQ4MDRhOTRhZGQ2NmYyNTY0MjIwNjExOTg1ZTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA78yPSpaesOja6kuHgBn7raBnwoUg
x+8Md8uQklgQiMr6RY8UcVuahnBxIE3L+vBeVyGhYgcFV8o3Rw87UcC+rqoy7UTM
snaV6gQoQxybTmNrZCuxuMg78WVg5AwN12UTGY3r6R9M2qQronu7AvdUWYIqTcD2
pOh9szL5DxymSSdbwgbDpOLrEAQpD7kmm+pxZNO+dCKNEaOGOirQFGcD03QaZZvz
+usxVrNjnQ890/R5eZDGvTrVf7TAE5/nWl2t/kE9lx84YJAAC8L2qC8yXO5PBDZN
N+MJ5WGLArsovYAWLdqDnvNM0/IZe0i2gWg5BhQqufpL03Tu8iioVenvNwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFH8yoWUu7YBKlK3WbyVkIgYRmF47MB8GA1UdIwQY
MBaAFApwICwxLdLHpv/DF6qG5OIGkkmmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ25BZ0xERXQwc2VtXzhNWHFvYms0Z2FTU2FZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS84ZmY2OTctNTdmYy00MGZmLThhNTMt
NjhjODQ5Mjc3ZDczLzEvZnpLaFpTN3RnRXFVcmRadkpXUWlCaEdZWGpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS84ZmY2OTctNTdmYy00MGZmLThhNTMtNjhjODQ5Mjc3ZDcz
LzEvQ25BZ0xERXQwc2VtXzhNWHFvYms0Z2FTU2FZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuY0aAwQA
ubwfMA0EAgACMAcDBQMgATfAMA0GCSqGSIb3DQEBCwUAA4IBAQBGvZsaHE7JOOGI
XtKkJczFJNBBM66tB9QRt5OXmJ39qmSy3M+psjKN5f+l1e3Rs3o76tNQhnBjBMTs
F5uwSMEbPPSH8hokGZu2wYDkh64h+RQ0KQJJibpBPkPlsYV2DGUmYFm0XS2NEHx6
lksFiAXxdpBTq9WT2L17sNkgu6XjgE2ZWiNGOuKDcMy6t4Dc8P7qTRDVIOFqYcd5
Wl0Tb5ZSj/rHVVK9WxmjsMAECiQqUPPrOiTqlcl0Wl6hs9Y8+3p8hlJnktW/DLEB
pqR0XUkq2mmeMoF1/jjCri14dIQKxMt/z6hDJgrrSk7IoZTeJPn6OSn1YiGCj1yX
wHb/AHqb
-----END CERTIFICATE-----