Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/l-ZKr09NttdeXg94r2iAP2Tf2os.roa
File:                     l-ZKr09NttdeXg94r2iAP2Tf2os.roa (raw, json)
Hash identifier:          uIZHiQuAz0fk7L1tQpqZz3KSl9Uj4Nhz/RwPNmUtXv0=
Subject key identifier:   97:E6:4A:AF:4F:4D:B6:D7:5E:5E:0F:78:AF:68:80:3F:64:DF:DA:8B
Certificate issuer:       /CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Certificate serial:       019C7515DDDD66FB7DACAA81A2DC9B8E7F89
Authority key identifier: 1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/l-ZKr09NttdeXg94r2iAP2Tf2os.roa
Signing time:             Thu 19 Feb 2026 08:48:13 +0000
ROA not before:           Thu 19 Feb 2026 08:48:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        194.59.6.0/24 maxlen: 24
                          194.59.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 14:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:75:15:dd:dd:66:fb:7d:ac:aa:81:a2:dc:9b:8e:7f:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
        Validity
            Not Before: Feb 19 08:48:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=97e64aaf4f4db6d75e5e0f78af68803f64dfda8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:01:0a:48:a0:ea:ac:d3:c7:87:64:4a:4a:2f:
                    54:49:4d:8e:b8:99:e6:96:42:b2:94:16:26:57:bf:
                    3f:ff:13:9a:9e:b4:e5:21:e6:91:2b:8b:d2:22:e5:
                    a4:51:04:df:49:84:e5:c0:80:13:68:48:c3:ac:bb:
                    0d:4c:bc:0c:d7:dc:e5:0c:96:7f:30:ba:57:fb:d6:
                    a4:d8:ed:ce:4d:e0:88:4f:af:c1:9c:b3:f7:5a:15:
                    9c:6f:95:4f:1e:3f:a2:95:77:95:7e:ce:90:fa:78:
                    f4:34:8c:dc:db:31:81:c1:d0:86:9d:be:53:43:17:
                    fe:01:55:df:3f:92:6e:28:a9:9b:68:4d:db:8d:6d:
                    83:4d:d9:60:18:12:d4:34:7c:53:68:fe:87:5c:14:
                    fa:62:ca:67:5b:21:47:7a:c8:f7:1b:be:30:6a:62:
                    4e:10:23:91:17:56:35:83:ad:f1:53:1e:17:15:de:
                    4e:41:14:50:f1:cc:1e:d2:c8:af:60:78:87:20:dc:
                    df:9c:1b:a8:f0:28:04:3a:61:19:b0:1e:12:10:0c:
                    fc:e1:75:06:0b:4a:fb:24:b3:e6:db:f4:ce:e2:c9:
                    d9:1c:ed:0b:28:10:48:78:59:2b:69:6a:d6:41:43:
                    87:96:8d:49:ff:9b:89:38:9e:cc:03:94:19:fd:89:
                    e1:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:E6:4A:AF:4F:4D:B6:D7:5E:5E:0F:78:AF:68:80:3F:64:DF:DA:8B
            X509v3 Authority Key Identifier:
                keyid:1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/l-ZKr09NttdeXg94r2iAP2Tf2os.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.6.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:b5:fc:70:8c:71:20:ea:6c:d0:1e:c4:63:43:66:83:b3:0c:
         28:b7:d5:48:93:5a:f0:dc:57:f3:d7:c8:85:84:c4:8a:d7:e3:
         5a:61:30:30:24:d5:43:bf:71:3a:16:25:6a:91:da:e5:43:bb:
         99:11:74:4d:65:2b:6f:fb:1f:1a:50:5f:57:ce:32:bd:f2:8c:
         5b:88:7f:8a:d0:78:3d:c4:b8:c1:3a:dd:0f:58:fb:55:cf:84:
         4b:8d:a7:80:d8:c3:7a:f6:53:0a:5b:34:e8:e4:9d:2d:72:4c:
         f2:14:22:f4:30:ed:ba:67:af:18:00:94:63:9e:34:a7:b2:86:
         9e:e5:6b:66:26:46:de:a1:5b:a3:29:56:23:91:db:7a:d7:3a:
         f3:07:21:e8:98:db:1e:94:08:4d:0a:36:7a:f7:86:06:b9:4f:
         60:55:a9:18:e4:83:e5:85:0b:08:68:10:9a:0f:7c:69:06:2e:
         73:15:86:5b:b7:5c:2b:76:45:05:76:bc:66:a2:42:ef:27:da:
         65:1f:a4:4d:c2:02:43:36:09:bd:e1:1f:a2:6b:6e:fa:4e:1a:
         8e:99:84:47:d5:0f:1a:4b:3b:4c:34:b8:fc:fc:38:b7:61:26:
         0f:f7:f4:ba:d2:f0:ac:ba:88:02:b8:ec:a8:0c:3e:d3:40:e3:
         35:a2:04:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx1Fd3dZvt9rKqBotybjn+JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2FkNzc1NDc5NWRkZDYwNWYyODgzOGJiN2NjMzU5ZGY3
YTI2NmEwHhcNMjYwMjE5MDg0ODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2U2NGFhZjRmNGRiNmQ3NWU1ZTBmNzhhZjY4ODAzZjY0ZGZkYThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1AEKSKDqrNPHh2RKSi9USU2OuJnm
lkKylBYmV78//xOanrTlIeaRK4vSIuWkUQTfSYTlwIATaEjDrLsNTLwM19zlDJZ/
MLpX+9ak2O3OTeCIT6/BnLP3WhWcb5VPHj+ilXeVfs6Q+nj0NIzc2zGBwdCGnb5T
Qxf+AVXfP5JuKKmbaE3bjW2DTdlgGBLUNHxTaP6HXBT6YspnWyFHesj3G74wamJO
ECORF1Y1g63xUx4XFd5OQRRQ8cwe0sivYHiHINzfnBuo8CgEOmEZsB4SEAz84XUG
C0r7JLPm2/TO4snZHO0LKBBIeFkraWrWQUOHlo1J/5uJOJ7MA5QZ/YnhzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJfmSq9PTbbXXl4PeK9ogD9k39qLMB8GA1UdIwQY
MBaAFBx613VHld3WBfKIOLt8w1nfeiZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgt
YWRhNWMyMGUzZjdiLzEvbC1aS3IwOU50dGRlWGc5NHIyaUFQMlRmMm9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgtYWRhNWMyMGUzZjdi
LzEvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwjsGMA0G
CSqGSIb3DQEBCwUAA4IBAQBHtfxwjHEg6mzQHsRjQ2aDswwot9VIk1rw3Ffz18iF
hMSK1+NaYTAwJNVDv3E6FiVqkdrlQ7uZEXRNZStv+x8aUF9XzjK98oxbiH+K0Hg9
xLjBOt0PWPtVz4RLjaeA2MN69lMKWzTo5J0tckzyFCL0MO26Z68YAJRjnjSnsoae
5WtmJkbeoVujKVYjkdt61zrzByHomNselAhNCjZ694YGuU9gVakY5IPlhQsIaBCa
D3xpBi5zFYZbt1wrdkUFdrxmokLvJ9plH6RNwgJDNgm94R+ia276ThqOmYRH1Q8a
SztMNLj8/Di3YSYP9/S60vCsuogCuOyoDD7TQOM1ogRP
-----END CERTIFICATE-----