Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/eec2e9-cbae-4659-9384-13b746bba262/1/hjHmhKUkMq2huO3HMGHtinUbmu0.roa
File:                     hjHmhKUkMq2huO3HMGHtinUbmu0.roa (raw, json)
Hash identifier:          qnr8V99TDGg77oRKiMRfR1bkws1Uoea8b25llDz2SOo=
Subject key identifier:   86:31:E6:84:A5:24:32:AD:A1:B8:ED:C7:30:61:ED:8A:75:1B:9A:ED
Certificate issuer:       /CN=f5e41e7327c2c310ce066afaf8719886d71fb380
Certificate serial:       019C5842B5D88516B7C56E82620840B2638D
Authority key identifier: F5:E4:1E:73:27:C2:C3:10:CE:06:6A:FA:F8:71:98:86:D7:1F:B3:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9eQecyfCwxDOBmr6-HGYhtcfs4A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/eec2e9-cbae-4659-9384-13b746bba262/1/hjHmhKUkMq2huO3HMGHtinUbmu0.roa
Signing time:             Fri 13 Feb 2026 18:28:12 +0000
ROA not before:           Fri 13 Feb 2026 18:28:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209809
IP address blocks:        194.26.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/eec2e9-cbae-4659-9384-13b746bba262/1/9eQecyfCwxDOBmr6-HGYhtcfs4A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/eec2e9-cbae-4659-9384-13b746bba262/1/9eQecyfCwxDOBmr6-HGYhtcfs4A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9eQecyfCwxDOBmr6-HGYhtcfs4A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:58:42:b5:d8:85:16:b7:c5:6e:82:62:08:40:b2:63:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5e41e7327c2c310ce066afaf8719886d71fb380
        Validity
            Not Before: Feb 13 18:28:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8631e684a52432ada1b8edc73061ed8a751b9aed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:5a:b8:0d:a1:04:3a:79:0a:93:d2:66:1e:dc:
                    73:fc:53:45:5a:4d:e9:00:19:ac:9b:c0:ff:67:9d:
                    67:f7:cb:7d:98:02:a7:2f:58:aa:48:b8:2d:7c:0f:
                    83:c3:69:a9:83:f9:42:13:b4:12:72:fb:61:24:f1:
                    30:b5:9e:30:c9:d4:68:e8:37:f2:6f:0a:9f:45:e5:
                    c4:c4:c2:dc:ea:f2:e1:81:b5:ec:42:05:e3:cf:65:
                    6b:c4:2a:92:8d:9d:62:31:e0:b4:cc:5f:18:f8:60:
                    55:63:1a:b3:be:51:fb:08:95:f3:02:5b:37:97:06:
                    70:9e:e7:e5:b6:71:53:72:b5:4d:bd:f8:77:7c:ae:
                    e3:bb:9e:1f:4f:c3:49:1e:1a:fc:89:76:d5:d1:62:
                    7f:21:dd:7e:b5:b6:0c:39:9e:8f:8c:f2:97:32:61:
                    fd:67:24:4f:e6:d5:13:a0:e1:a4:d8:dd:a4:39:d5:
                    62:f9:58:c4:b1:a1:87:8d:be:40:c6:c3:79:4f:6f:
                    cc:3f:5e:e5:00:dc:d7:00:82:88:2b:ba:d7:58:c2:
                    29:61:ac:e3:e4:6a:ac:cd:e4:76:a7:d1:b1:a3:4c:
                    61:a7:4e:da:67:74:8c:a4:aa:85:4e:b8:f7:66:50:
                    84:8b:55:02:34:d3:d5:78:73:db:1e:c5:df:13:3f:
                    7d:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:31:E6:84:A5:24:32:AD:A1:B8:ED:C7:30:61:ED:8A:75:1B:9A:ED
            X509v3 Authority Key Identifier:
                keyid:F5:E4:1E:73:27:C2:C3:10:CE:06:6A:FA:F8:71:98:86:D7:1F:B3:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9eQecyfCwxDOBmr6-HGYhtcfs4A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/eec2e9-cbae-4659-9384-13b746bba262/1/hjHmhKUkMq2huO3HMGHtinUbmu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/eec2e9-cbae-4659-9384-13b746bba262/1/9eQecyfCwxDOBmr6-HGYhtcfs4A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:53:2f:8e:de:45:c9:6a:57:b7:5c:63:e2:1a:8a:e8:e5:c0:
         f4:d8:0d:3c:6c:0d:4f:5e:cf:e6:81:28:c7:36:b3:60:4f:ce:
         d7:3c:bd:be:3e:a1:7b:ea:57:3d:32:5d:e4:c7:b9:10:27:44:
         84:88:ae:6c:3b:5b:06:cd:28:b4:c5:f8:6e:90:f4:f7:27:ca:
         e8:7d:7e:f6:d6:86:55:ca:89:39:40:84:5d:4a:3f:2e:ac:8d:
         1a:13:ca:2d:43:22:1d:0a:16:98:60:b6:dd:dc:d1:54:b3:f9:
         eb:1d:c6:4a:6a:65:7c:ec:ff:43:74:7d:9a:b4:b6:00:3b:4e:
         85:1b:81:95:a2:55:9e:95:94:d3:67:e6:47:95:9f:d4:c7:dc:
         d0:79:b2:d8:80:ba:bd:43:43:0a:76:90:aa:1f:8e:21:7a:fe:
         ae:3f:fe:82:2a:31:94:a3:49:61:e7:66:5c:32:d7:2b:9b:52:
         6a:7e:eb:81:bd:13:c6:9b:10:3b:e5:b8:01:d5:23:9d:a4:4b:
         c6:ca:9f:00:34:bc:44:1f:56:8c:a9:0c:3e:66:04:92:7f:af:
         a6:41:73:e4:6f:82:2f:c0:c6:e1:58:28:77:e3:bb:4d:4f:b5:
         c5:31:40:13:57:b8:c2:75:e1:e7:be:d2:3e:00:6e:d6:9b:6e:
         f8:0e:2a:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxYQrXYhRa3xW6CYghAsmONMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZTQxZTczMjdjMmMzMTBjZTA2NmFmYWY4NzE5ODg2ZDcx
ZmIzODAwHhcNMjYwMjEzMTgyODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjMxZTY4NGE1MjQzMmFkYTFiOGVkYzczMDYxZWQ4YTc1MWI5YWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1lq4DaEEOnkKk9JmHtxz/FNFWk3p
ABmsm8D/Z51n98t9mAKnL1iqSLgtfA+Dw2mpg/lCE7QScvthJPEwtZ4wydRo6Dfy
bwqfReXExMLc6vLhgbXsQgXjz2VrxCqSjZ1iMeC0zF8Y+GBVYxqzvlH7CJXzAls3
lwZwnufltnFTcrVNvfh3fK7ju54fT8NJHhr8iXbV0WJ/Id1+tbYMOZ6PjPKXMmH9
ZyRP5tUToOGk2N2kOdVi+VjEsaGHjb5AxsN5T2/MP17lANzXAIKIK7rXWMIpYazj
5GqszeR2p9Gxo0xhp07aZ3SMpKqFTrj3ZlCEi1UCNNPVeHPbHsXfEz99nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYx5oSlJDKtobjtxzBh7Yp1G5rtMB8GA1UdIwQY
MBaAFPXkHnMnwsMQzgZq+vhxmIbXH7OAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWVRZWN5ZkN3eERPQm1yNi1IR1lodGNmczRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9lZWMyZTktY2JhZS00NjU5LTkzODQt
MTNiNzQ2YmJhMjYyLzEvaGpIbWhLVWtNcTJodU8zSE1HSHRpblVibXUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9lZWMyZTktY2JhZS00NjU5LTkzODQtMTNiNzQ2YmJhMjYy
LzEvOWVRZWN5ZkN3eERPQm1yNi1IR1lodGNmczRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhpCMA0G
CSqGSIb3DQEBCwUAA4IBAQBVUy+O3kXJale3XGPiGoro5cD02A08bA1PXs/mgSjH
NrNgT87XPL2+PqF76lc9Ml3kx7kQJ0SEiK5sO1sGzSi0xfhukPT3J8rofX721oZV
yok5QIRdSj8urI0aE8otQyIdChaYYLbd3NFUs/nrHcZKamV87P9DdH2atLYAO06F
G4GVolWelZTTZ+ZHlZ/Ux9zQebLYgLq9Q0MKdpCqH44hev6uP/6CKjGUo0lh52Zc
Mtcrm1JqfuuBvRPGmxA75bgB1SOdpEvGyp8ANLxEH1aMqQw+ZgSSf6+mQXPkb4Iv
wMbhWCh347tNT7XFMUATV7jCdeHnvtI+AG7Wm274Diqj
-----END CERTIFICATE-----