Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/f59ee1-6afe-4e38-b995-419b5723eef9/1/7ciFHPcyDl_GiD4yOy7-6YbFSE4.roa
File:                     7ciFHPcyDl_GiD4yOy7-6YbFSE4.roa (raw, json)
Hash identifier:          spKjqMXNtC0h5y4SSbTIV4kFe/adq7sNxeFXmSbfQ7o=
Subject key identifier:   ED:C8:85:1C:F7:32:0E:5F:C6:88:3E:32:3B:2E:FE:E9:86:C5:48:4E
Certificate issuer:       /CN=099f12f3fa7311cd993ab6bc5bb29a1bf2ad48a1
Certificate serial:       019C574172C034B3A8681C8F07CB6FCD5BBC
Authority key identifier: 09:9F:12:F3:FA:73:11:CD:99:3A:B6:BC:5B:B2:9A:1B:F2:AD:48:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CZ8S8_pzEc2ZOra8W7KaG_KtSKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/f59ee1-6afe-4e38-b995-419b5723eef9/1/7ciFHPcyDl_GiD4yOy7-6YbFSE4.roa
Signing time:             Fri 13 Feb 2026 13:47:12 +0000
ROA not before:           Fri 13 Feb 2026 13:47:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49544
IP address blocks:        45.149.251.0/24 maxlen: 24
                          2a0f:8200::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/f59ee1-6afe-4e38-b995-419b5723eef9/1/CZ8S8_pzEc2ZOra8W7KaG_KtSKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/f59ee1-6afe-4e38-b995-419b5723eef9/1/CZ8S8_pzEc2ZOra8W7KaG_KtSKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CZ8S8_pzEc2ZOra8W7KaG_KtSKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:57:41:72:c0:34:b3:a8:68:1c:8f:07:cb:6f:cd:5b:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=099f12f3fa7311cd993ab6bc5bb29a1bf2ad48a1
        Validity
            Not Before: Feb 13 13:47:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=edc8851cf7320e5fc6883e323b2efee986c5484e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e1:75:9c:a0:26:0c:bd:5a:34:24:93:24:d5:
                    c6:e4:d1:81:34:8e:57:0e:07:d0:54:f2:76:2f:f0:
                    c3:6e:79:bd:ea:ba:58:2e:64:ae:43:34:70:f2:69:
                    0d:12:ec:0f:cc:1f:ff:6c:a6:30:0b:60:76:b9:27:
                    7c:19:78:ea:af:d3:f1:c0:51:48:6e:36:74:5f:e7:
                    d3:bb:fc:44:0b:c8:92:ff:7f:c0:d2:e6:fa:c0:5b:
                    30:f6:1f:0b:70:a3:64:68:44:0b:24:89:42:15:f9:
                    c2:b5:b1:e8:60:8c:f5:70:a0:e4:28:e2:57:fe:c0:
                    b1:93:d3:1b:e4:d7:9d:21:02:9e:36:e9:1e:a0:06:
                    e1:85:01:8c:37:3a:61:11:5f:5b:47:4b:9d:ca:58:
                    b6:27:53:bc:36:f8:bc:f0:4c:d9:04:ca:2a:ae:9a:
                    41:fd:fd:97:f1:1b:2c:ab:87:8e:87:5d:b2:c9:25:
                    c4:35:a8:32:78:8c:84:58:e6:eb:a7:4a:3a:41:20:
                    b6:5f:db:b0:7c:65:6d:1d:80:f5:de:3a:fb:19:2d:
                    0f:eb:7b:10:4a:65:18:fd:2c:7a:af:f3:47:89:3c:
                    64:61:0b:08:96:0d:e1:53:d3:97:76:42:de:68:c7:
                    23:b9:0c:c6:70:c1:e3:d5:b0:c3:6a:92:dc:a9:eb:
                    8c:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:C8:85:1C:F7:32:0E:5F:C6:88:3E:32:3B:2E:FE:E9:86:C5:48:4E
            X509v3 Authority Key Identifier:
                keyid:09:9F:12:F3:FA:73:11:CD:99:3A:B6:BC:5B:B2:9A:1B:F2:AD:48:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CZ8S8_pzEc2ZOra8W7KaG_KtSKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/f59ee1-6afe-4e38-b995-419b5723eef9/1/7ciFHPcyDl_GiD4yOy7-6YbFSE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/f59ee1-6afe-4e38-b995-419b5723eef9/1/CZ8S8_pzEc2ZOra8W7KaG_KtSKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.251.0/24
                IPv6:
                  2a0f:8200::/32

    Signature Algorithm: sha256WithRSAEncryption
         28:17:d7:b5:a7:6b:d3:50:d6:42:85:94:f8:89:70:0b:ee:0f:
         a4:d3:01:55:61:bb:25:5b:48:1e:66:48:93:bc:8c:5b:e9:37:
         be:bd:07:ea:34:a7:01:4f:d0:cd:38:0b:2e:04:c8:26:2d:94:
         df:f1:cb:dd:a0:0e:75:9f:d6:fc:f0:aa:97:1a:4d:e0:df:36:
         28:b4:8f:54:64:9d:b4:56:12:2c:af:ef:b8:b9:09:b8:18:85:
         21:23:2e:95:01:44:82:8c:3e:0e:ac:1b:d6:74:52:bd:bd:54:
         ab:8b:c2:a4:3a:e1:9e:46:e8:92:ed:8d:18:68:4e:ec:38:19:
         77:88:67:1b:f1:3e:21:08:29:dd:fd:71:a8:aa:cc:85:3a:4e:
         f6:64:49:b8:b7:46:04:f0:e6:85:d0:df:51:6f:39:86:8a:34:
         ac:b5:74:45:17:97:d2:f8:ad:a3:b6:81:d2:1f:24:08:9c:0e:
         ae:3f:aa:fb:02:e7:cf:f4:8c:84:28:ec:d8:e8:6d:be:7d:99:
         e5:fa:c9:0f:c0:5a:c7:63:26:a5:1b:a8:e0:6a:b3:ab:d8:33:
         35:f5:4f:4c:c0:28:57:30:a9:de:33:3a:45:b5:ad:da:b5:07:
         bd:07:96:7c:40:7a:78:fa:bf:18:ad:ad:35:88:f6:28:ea:a7:
         7f:dc:8d:4c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZxXQXLANLOoaByPB8tvzVu8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5OWYxMmYzZmE3MzExY2Q5OTNhYjZiYzViYjI5YTFiZjJh
ZDQ4YTEwHhcNMjYwMjEzMTM0NzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGM4ODUxY2Y3MzIwZTVmYzY4ODNlMzIzYjJlZmVlOTg2YzU0ODRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+F1nKAmDL1aNCSTJNXG5NGBNI5X
DgfQVPJ2L/DDbnm96rpYLmSuQzRw8mkNEuwPzB//bKYwC2B2uSd8GXjqr9PxwFFI
bjZ0X+fTu/xEC8iS/3/A0ub6wFsw9h8LcKNkaEQLJIlCFfnCtbHoYIz1cKDkKOJX
/sCxk9Mb5NedIQKeNukeoAbhhQGMNzphEV9bR0udyli2J1O8Nvi88EzZBMoqrppB
/f2X8Rssq4eOh12yySXENagyeIyEWObrp0o6QSC2X9uwfGVtHYD13jr7GS0P63sQ
SmUY/Sx6r/NHiTxkYQsIlg3hU9OXdkLeaMcjuQzGcMHj1bDDapLcqeuMuwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO3IhRz3Mg5fxog+Mjsu/umGxUhOMB8GA1UdIwQY
MBaAFAmfEvP6cxHNmTq2vFuymhvyrUihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1o4UzhfcHpFYzJaT3JhOFc3S2FHX0t0U0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9mNTllZTEtNmFmZS00ZTM4LWI5OTUt
NDE5YjU3MjNlZWY5LzEvN2NpRkhQY3lEbF9HaUQ0eU95Ny02WWJGU0U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9mNTllZTEtNmFmZS00ZTM4LWI5OTUtNDE5YjU3MjNlZWY5
LzEvQ1o4UzhfcHpFYzJaT3JhOFc3S2FHX0t0U0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALZX7MA0E
AgACMAcDBQAqD4IAMA0GCSqGSIb3DQEBCwUAA4IBAQAoF9e1p2vTUNZChZT4iXAL
7g+k0wFVYbslW0geZkiTvIxb6Te+vQfqNKcBT9DNOAsuBMgmLZTf8cvdoA51n9b8
8KqXGk3g3zYotI9UZJ20VhIsr++4uQm4GIUhIy6VAUSCjD4OrBvWdFK9vVSri8Kk
OuGeRuiS7Y0YaE7sOBl3iGcb8T4hCCnd/XGoqsyFOk72ZEm4t0YE8OaF0N9RbzmG
ijSstXRFF5fS+K2jtoHSHyQInA6uP6r7AufP9IyEKOzY6G2+fZnl+skPwFrHYyal
G6jgarOr2DM19U9MwChXMKneMzpFta3atQe9B5Z8QHp4+r8Yra01iPYo6qd/3I1M
-----END CERTIFICATE-----