Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Cmdv6x8ko4cGBRrH_1q_pPQdDa8.roa
File:                     Cmdv6x8ko4cGBRrH_1q_pPQdDa8.roa (raw, json)
Hash identifier:          ocIMq4E0b/1ILaBHGLPTEkKcypmA40RlOB1m6NjJM8E=
Subject key identifier:   0A:67:6F:EB:1F:24:A3:87:06:05:1A:C7:FF:5A:BF:A4:F4:1D:0D:AF
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019C71EE5F9454B2CB90E47C82499E8EEE6C
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Cmdv6x8ko4cGBRrH_1q_pPQdDa8.roa
Signing time:             Wed 18 Feb 2026 18:06:13 +0000
ROA not before:           Wed 18 Feb 2026 18:06:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3170
IP address blocks:        37.46.150.0/24 maxlen: 24
                          45.141.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 16:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:71:ee:5f:94:54:b2:cb:90:e4:7c:82:49:9e:8e:ee:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Feb 18 18:06:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0a676feb1f24a38706051ac7ff5abfa4f41d0daf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:81:db:6d:1d:93:7b:94:25:d7:66:fa:2b:c6:
                    9c:ff:88:d9:f1:8b:27:38:15:64:6d:c9:34:73:29:
                    a7:1d:05:df:5f:c5:58:ff:86:01:aa:a1:9f:92:38:
                    70:72:39:ad:ff:6a:ad:ef:d9:bb:b3:18:f7:46:e9:
                    6f:d7:6a:68:da:4e:93:69:ac:74:00:2d:56:81:93:
                    e1:79:4c:9f:bc:c0:e1:a9:a5:5d:58:46:aa:8d:7e:
                    d1:2d:fa:1e:4d:d6:05:94:c5:03:1c:2c:66:69:61:
                    f3:a8:86:4c:06:3c:35:38:ca:1d:3f:a9:23:4d:6b:
                    3f:fd:bd:cd:3a:d0:18:10:18:8b:8b:08:30:6b:b5:
                    f1:47:90:ee:30:59:dc:4c:f4:a7:15:30:f3:d1:4e:
                    a3:13:d8:9a:09:77:e1:5d:f0:ac:ec:c1:4a:bd:56:
                    44:0d:cc:a9:af:e7:3b:3e:a9:10:df:f7:43:75:e0:
                    ce:46:3a:5c:30:5b:a6:d6:7b:01:d8:3c:f2:a4:8c:
                    c9:9b:8d:80:61:e2:7a:6e:4c:38:78:ab:69:9a:da:
                    0f:26:03:9b:30:ec:3a:32:15:79:2c:62:8b:80:35:
                    e6:2b:2e:50:ea:5c:29:5f:51:97:35:fb:b1:8a:28:
                    c0:84:ed:37:b4:d6:b7:0e:16:79:23:42:77:a3:d6:
                    70:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:67:6F:EB:1F:24:A3:87:06:05:1A:C7:FF:5A:BF:A4:F4:1D:0D:AF
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Cmdv6x8ko4cGBRrH_1q_pPQdDa8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.46.150.0/24
                  45.141.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:58:30:c1:42:8f:75:6f:c5:6d:12:51:03:36:92:9c:75:33:
         42:2a:85:44:20:3c:69:2e:99:1b:1f:1a:7f:34:15:cd:38:3d:
         41:0d:21:35:f9:22:61:42:08:5f:d7:28:1d:bd:69:5f:d4:f4:
         a6:2a:54:6e:94:ff:ed:03:8f:96:56:6b:aa:fd:c9:b3:6a:ca:
         44:88:d0:ad:73:fa:cb:00:2e:71:a0:92:1c:9c:03:0f:e0:98:
         d7:0f:7c:9e:bf:d4:6c:7e:6e:b6:b2:46:c2:06:74:c1:19:7c:
         5d:cc:2d:ca:33:b2:e5:bc:3b:41:92:a1:28:3b:3d:61:c8:42:
         66:37:8b:e2:33:33:19:ea:be:32:04:9c:da:ca:0b:ab:2c:bf:
         fa:21:84:98:99:89:cf:73:b9:1b:0b:d0:b0:c1:74:68:f0:da:
         41:46:51:86:1b:56:25:f0:13:5f:5f:58:ac:c7:2f:aa:d2:38:
         57:49:2d:9e:6f:87:3e:a0:55:6d:69:8f:3f:9f:83:82:81:35:
         4b:c2:91:c9:c4:8d:f1:c7:ca:e8:fa:db:af:68:90:5c:03:c9:
         df:73:9d:9f:fd:18:b8:ec:b0:cd:71:6e:d7:c6:05:87:87:3b:
         f7:62:f5:b8:fa:59:d8:ed:30:36:cd:de:58:31:41:ac:35:62:
         60:a1:61:ca
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxx7l+UVLLLkOR8gkmeju5sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwMjE4MTgwNjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTY3NmZlYjFmMjRhMzg3MDYwNTFhYzdmZjVhYmZhNGY0MWQwZGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIHbbR2Te5Ql12b6K8ac/4jZ8Ysn
OBVkbck0cymnHQXfX8VY/4YBqqGfkjhwcjmt/2qt79m7sxj3Rulv12po2k6Taax0
AC1WgZPheUyfvMDhqaVdWEaqjX7RLfoeTdYFlMUDHCxmaWHzqIZMBjw1OModP6kj
TWs//b3NOtAYEBiLiwgwa7XxR5DuMFncTPSnFTDz0U6jE9iaCXfhXfCs7MFKvVZE
Dcypr+c7PqkQ3/dDdeDORjpcMFum1nsB2DzypIzJm42AYeJ6bkw4eKtpmtoPJgOb
MOw6MhV5LGKLgDXmKy5Q6lwpX1GXNfuxiijAhO03tNa3DhZ5I0J3o9Zw5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFApnb+sfJKOHBgUax/9av6T0HQ2vMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvQ21kdjZ4OGtvNGNHQlJySF8xcV9wUFFkRGE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJS6WAwQA
LY0ZMA0GCSqGSIb3DQEBCwUAA4IBAQA9WDDBQo91b8VtElEDNpKcdTNCKoVEIDxp
LpkbHxp/NBXNOD1BDSE1+SJhQghf1ygdvWlf1PSmKlRulP/tA4+WVmuq/cmzaspE
iNCtc/rLAC5xoJIcnAMP4JjXD3yev9Rsfm62skbCBnTBGXxdzC3KM7LlvDtBkqEo
Oz1hyEJmN4viMzMZ6r4yBJzaygurLL/6IYSYmYnPc7kbC9CwwXRo8NpBRlGGG1Yl
8BNfX1isxy+q0jhXSS2eb4c+oFVtaY8/n4OCgTVLwpHJxI3xx8ro+tuvaJBcA8nf
c52f/Ri47LDNcW7XxgWHhzv3YvW4+lnY7TA2zd5YMUGsNWJgoWHK
-----END CERTIFICATE-----