Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/QACcx3bmkYq5FVm71dmit53bn4Q.roa
File:                     QACcx3bmkYq5FVm71dmit53bn4Q.roa (raw, json)
Hash identifier:          oQ/m7QfRfNheRWfUqid3dTy2xJX9VnnT62jOhchvHuk=
Subject key identifier:   40:00:9C:C7:76:E6:91:8A:B9:15:59:BB:D5:D9:A2:B7:9D:DB:9F:84
Certificate issuer:       /CN=ac8a0e0b1b21f093333c0748145b1628418cf2b5
Certificate serial:       019C7A9EB1959D2BD929B72DE1F32A065D6D
Authority key identifier: AC:8A:0E:0B:1B:21:F0:93:33:3C:07:48:14:5B:16:28:41:8C:F2:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rIoOCxsh8JMzPAdIFFsWKEGM8rU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/QACcx3bmkYq5FVm71dmit53bn4Q.roa
Signing time:             Fri 20 Feb 2026 10:35:46 +0000
ROA not before:           Fri 20 Feb 2026 10:35:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49570
IP address blocks:        91.105.208.0/21 maxlen: 21
                          185.130.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/rIoOCxsh8JMzPAdIFFsWKEGM8rU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/rIoOCxsh8JMzPAdIFFsWKEGM8rU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rIoOCxsh8JMzPAdIFFsWKEGM8rU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 04:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7a:9e:b1:95:9d:2b:d9:29:b7:2d:e1:f3:2a:06:5d:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac8a0e0b1b21f093333c0748145b1628418cf2b5
        Validity
            Not Before: Feb 20 10:35:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=40009cc776e6918ab91559bbd5d9a2b79ddb9f84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:27:ff:29:7c:00:85:bd:54:0d:32:80:15:8a:
                    10:56:1d:ec:9d:14:d1:59:30:62:bc:ed:f5:80:ee:
                    c6:1f:3d:74:1b:71:46:90:5f:0d:85:22:e0:d8:80:
                    0a:eb:b7:7c:bc:1b:b5:7d:41:25:74:c0:7f:8c:b6:
                    12:b0:57:3c:2a:19:05:4f:85:97:e0:64:8b:20:3a:
                    3f:35:82:6c:3a:02:99:eb:6a:c7:71:41:cb:65:cc:
                    b1:aa:45:27:8e:67:90:85:0d:9c:ed:fb:ff:de:6b:
                    09:89:3f:a8:00:d4:c5:a4:bc:47:e9:58:79:fe:e8:
                    73:0f:24:31:88:31:42:e1:5b:f7:6a:29:f6:92:6f:
                    06:4d:eb:38:9b:b7:c5:a3:9b:fc:18:03:73:45:ae:
                    82:e1:08:4b:ba:0b:97:78:14:11:cd:62:fb:7d:42:
                    98:a4:98:1b:d9:60:62:4b:f5:78:98:f5:c5:27:3d:
                    42:02:3a:8d:b6:c5:cb:72:66:81:15:3f:37:d8:8a:
                    53:1d:27:a0:ac:e5:6c:c1:52:e8:6d:86:17:60:6b:
                    86:ef:e9:e4:cf:dd:9d:91:61:12:c3:f9:77:d2:a4:
                    bf:d0:c5:72:b3:4a:f1:a0:3e:f9:e6:73:f0:bd:b3:
                    e8:12:64:ee:36:2e:7f:47:aa:9f:5b:9b:8c:6c:b2:
                    f6:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:00:9C:C7:76:E6:91:8A:B9:15:59:BB:D5:D9:A2:B7:9D:DB:9F:84
            X509v3 Authority Key Identifier:
                keyid:AC:8A:0E:0B:1B:21:F0:93:33:3C:07:48:14:5B:16:28:41:8C:F2:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rIoOCxsh8JMzPAdIFFsWKEGM8rU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/QACcx3bmkYq5FVm71dmit53bn4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/rIoOCxsh8JMzPAdIFFsWKEGM8rU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.105.208.0/21
                  185.130.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         41:82:ae:6b:31:2e:26:e8:46:7e:09:a3:38:1b:ce:5d:65:8c:
         45:d1:83:52:d0:8b:67:b0:17:13:c1:43:89:bb:50:10:cc:37:
         94:3b:2e:b9:5a:ba:fc:db:87:85:49:8c:b8:da:8d:eb:cf:ef:
         72:bb:da:17:09:b7:bd:b5:76:45:5c:49:30:2c:da:d2:81:e7:
         56:9d:30:97:04:51:4a:b0:49:e2:9b:89:11:db:e1:a5:f4:96:
         39:2a:93:f9:e8:bf:64:e7:fd:d3:d8:50:34:95:5d:be:c6:22:
         ce:12:97:95:f4:f2:26:04:ca:88:e3:d7:e6:e6:2f:e9:63:71:
         93:c7:d7:d8:e0:bb:1e:5e:ca:02:7e:87:23:a0:aa:8e:6f:8f:
         be:78:f0:16:e4:1d:ab:0e:42:59:35:af:ec:57:41:6e:42:42:
         ba:90:e3:45:92:68:ee:d7:bd:47:f3:71:77:93:21:48:a2:ab:
         3f:a0:38:a3:07:ef:22:72:f6:07:01:aa:04:d6:21:bd:6c:75:
         5a:ec:87:f3:1f:21:12:ec:27:1b:37:cd:c3:e0:10:28:18:de:
         e6:90:fc:ce:aa:9b:b6:0a:21:6d:86:b4:5a:1e:5b:39:12:cd:
         ae:c7:ab:20:f3:af:91:9b:9d:73:32:fa:e5:30:e7:f0:b2:bb:
         b6:88:9f:ba
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZx6nrGVnSvZKbct4fMqBl1tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjOGEwZTBiMWIyMWYwOTMzMzNjMDc0ODE0NWIxNjI4NDE4
Y2YyYjUwHhcNMjYwMjIwMTAzNTQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDAwOWNjNzc2ZTY5MThhYjkxNTU5YmJkNWQ5YTJiNzlkZGI5Zjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7yf/KXwAhb1UDTKAFYoQVh3snRTR
WTBivO31gO7GHz10G3FGkF8NhSLg2IAK67d8vBu1fUEldMB/jLYSsFc8KhkFT4WX
4GSLIDo/NYJsOgKZ62rHcUHLZcyxqkUnjmeQhQ2c7fv/3msJiT+oANTFpLxH6Vh5
/uhzDyQxiDFC4Vv3ain2km8GTes4m7fFo5v8GANzRa6C4QhLuguXeBQRzWL7fUKY
pJgb2WBiS/V4mPXFJz1CAjqNtsXLcmaBFT832IpTHSegrOVswVLobYYXYGuG7+nk
z92dkWESw/l30qS/0MVys0rxoD755nPwvbPoEmTuNi5/R6qfW5uMbLL2ewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEAAnMd25pGKuRVZu9XZored25+EMB8GA1UdIwQY
MBaAFKyKDgsbIfCTMzwHSBRbFihBjPK1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcklvT0N4c2g4Sk16UEFkSUZGc1dLRUdNOHJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84Y2U2YTEtMTMwYy00ODBlLWE5MDMt
ZGI4ZWZmMWIxMWEwLzEvUUFDY3gzYm1rWXE1RlZtNzFkbWl0NTNibjRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84Y2U2YTEtMTMwYy00ODBlLWE5MDMtZGI4ZWZmMWIxMWEw
LzEvcklvT0N4c2g4Sk16UEFkSUZGc1dLRUdNOHJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDW2nQAwQC
uYJ4MA0GCSqGSIb3DQEBCwUAA4IBAQBBgq5rMS4m6EZ+CaM4G85dZYxF0YNS0Itn
sBcTwUOJu1AQzDeUOy65Wrr824eFSYy42o3rz+9yu9oXCbe9tXZFXEkwLNrSgedW
nTCXBFFKsEnim4kR2+Gl9JY5KpP56L9k5/3T2FA0lV2+xiLOEpeV9PImBMqI49fm
5i/pY3GTx9fY4LseXsoCfocjoKqOb4++ePAW5B2rDkJZNa/sV0FuQkK6kONFkmju
171H83F3kyFIoqs/oDijB+8icvYHAaoE1iG9bHVa7IfzHyES7CcbN83D4BAoGN7m
kPzOqpu2CiFthrRaHls5Es2ux6sg86+Rm51zMvrlMOfwsru2iJ+6
-----END CERTIFICATE-----