Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/TMQEaKP3mvxTiN2aRX5Ua9MF75A.roa
File:                     TMQEaKP3mvxTiN2aRX5Ua9MF75A.roa (raw, json)
Hash identifier:          Gnop/5n+7PScIKRYNbeipEb7q/jmEXCJgCjtr/ktRys=
Subject key identifier:   4C:C4:04:68:A3:F7:9A:FC:53:88:DD:9A:45:7E:54:6B:D3:05:EF:90
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019C897C3F66ED85D75EC812935F47AFAD10
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/TMQEaKP3mvxTiN2aRX5Ua9MF75A.roa
Signing time:             Mon 23 Feb 2026 07:52:27 +0000
ROA not before:           Mon 23 Feb 2026 07:52:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51558
IP address blocks:        185.176.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:89:7c:3f:66:ed:85:d7:5e:c8:12:93:5f:47:af:ad:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Feb 23 07:52:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4cc40468a3f79afc5388dd9a457e546bd305ef90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:67:d4:ca:0f:97:1b:61:74:ea:77:de:22:a7:
                    1a:e4:e1:b5:e0:f1:27:4d:f0:52:31:27:a0:fb:76:
                    a7:7b:90:10:b6:19:9c:c8:41:88:83:a6:05:37:87:
                    5c:d2:d6:8b:81:53:c3:b9:39:df:65:64:59:49:52:
                    6f:f9:b6:3e:36:6e:a8:ab:ff:50:25:e4:91:68:3d:
                    51:f5:42:bc:7a:34:64:c2:3b:81:29:06:64:f8:f0:
                    da:ca:b1:82:d6:4b:0b:14:0d:44:66:cb:6e:39:56:
                    8e:29:1c:0b:d4:16:a5:ac:e0:47:9f:92:9c:4f:74:
                    07:aa:13:b2:aa:78:cc:00:ef:23:14:6f:56:b7:5f:
                    91:11:25:e8:8b:8a:e3:46:3b:fd:6a:b0:d6:ca:10:
                    07:aa:ad:dc:cb:b3:f2:79:20:ee:a2:81:9c:4e:aa:
                    9c:fb:d6:86:f5:c2:6b:17:31:74:c4:f8:3b:fb:68:
                    a7:88:b0:de:b1:73:5d:17:ce:b8:c8:ea:67:98:00:
                    aa:41:77:01:e6:a9:34:ee:c5:e0:b9:27:67:ae:c8:
                    eb:5a:92:b0:8c:45:1c:3c:22:94:8a:72:5c:d1:2f:
                    04:98:48:61:7b:fd:45:b7:aa:66:91:71:6b:64:32:
                    8d:8e:1d:4d:64:72:09:a3:cc:b0:96:6d:1f:b2:de:
                    84:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:C4:04:68:A3:F7:9A:FC:53:88:DD:9A:45:7E:54:6B:D3:05:EF:90
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/TMQEaKP3mvxTiN2aRX5Ua9MF75A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:9f:3e:f1:5c:4c:47:ba:79:1a:0b:d2:1e:22:0b:99:3e:61:
         a5:6f:b7:22:8a:2d:1a:7d:09:59:d7:10:18:b5:64:e2:bf:51:
         72:2d:33:92:0e:b9:3b:f8:4c:90:36:f4:00:4a:bd:4a:eb:14:
         47:b6:b8:09:3d:10:08:97:22:9b:94:8e:88:46:c2:f4:a6:f1:
         53:c7:10:a0:37:c4:64:7d:a5:2d:08:b3:f8:e4:f9:7a:99:c1:
         51:23:2d:fd:8e:1b:da:f2:85:c5:d5:70:66:63:dc:ed:35:37:
         4c:3f:4b:a7:d2:04:47:d6:5b:0c:65:08:99:14:4a:2f:3f:31:
         23:41:dc:87:9d:ce:cf:26:26:03:ea:04:3c:0c:77:67:57:16:
         1c:4c:1a:e5:81:c5:2e:00:4d:f1:48:69:ae:a7:d7:7e:7f:ec:
         dd:3a:3f:26:73:46:89:f5:be:b4:bb:29:34:21:5a:58:f5:bb:
         10:c2:5e:de:b4:c2:fa:df:fe:b3:7d:a4:32:73:93:ad:54:7e:
         f7:b0:2d:8b:21:bb:c2:1a:6a:b8:dc:d9:ac:be:ce:9a:62:00:
         60:ea:d7:ce:22:5d:69:8b:58:cb:92:e4:b4:5c:9a:34:c1:0c:
         6f:2f:c2:af:90:90:32:8e:21:aa:e0:d2:92:c6:15:62:32:3b:
         86:37:16:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyJfD9m7YXXXsgSk19Hr60QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMjIzMDc1MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2M0MDQ2OGEzZjc5YWZjNTM4OGRkOWE0NTdlNTQ2YmQzMDVlZjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmfUyg+XG2F06nfeIqca5OG14PEn
TfBSMSeg+3ane5AQthmcyEGIg6YFN4dc0taLgVPDuTnfZWRZSVJv+bY+Nm6oq/9Q
JeSRaD1R9UK8ejRkwjuBKQZk+PDayrGC1ksLFA1EZstuOVaOKRwL1BalrOBHn5Kc
T3QHqhOyqnjMAO8jFG9Wt1+RESXoi4rjRjv9arDWyhAHqq3cy7PyeSDuooGcTqqc
+9aG9cJrFzF0xPg7+2iniLDesXNdF864yOpnmACqQXcB5qk07sXguSdnrsjrWpKw
jEUcPCKUinJc0S8EmEhhe/1Ft6pmkXFrZDKNjh1NZHIJo8ywlm0fst6EMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEzEBGij95r8U4jdmkV+VGvTBe+QMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvVE1RRWFLUDNtdnhUaU4yYVJYNVVhOU1GNzVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubBeMA0G
CSqGSIb3DQEBCwUAA4IBAQBWnz7xXExHunkaC9IeIguZPmGlb7ciii0afQlZ1xAY
tWTiv1FyLTOSDrk7+EyQNvQASr1K6xRHtrgJPRAIlyKblI6IRsL0pvFTxxCgN8Rk
faUtCLP45Pl6mcFRIy39jhva8oXF1XBmY9ztNTdMP0un0gRH1lsMZQiZFEovPzEj
QdyHnc7PJiYD6gQ8DHdnVxYcTBrlgcUuAE3xSGmup9d+f+zdOj8mc0aJ9b60uyk0
IVpY9bsQwl7etML63/6zfaQyc5OtVH73sC2LIbvCGmq43Nmsvs6aYgBg6tfOIl1p
i1jLkuS0XJo0wQxvL8KvkJAyjiGq4NKSxhViMjuGNxYC
-----END CERTIFICATE-----