Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/29a422-a791-4dcf-90fb-2c9127ab48c3/1/_rWJNNnmk3R1x9pU0oYdGau3c7M.roa
File:                     _rWJNNnmk3R1x9pU0oYdGau3c7M.roa (raw, json)
Hash identifier:          IHOPlEpatbDJApch2mWBilUmuofV8Wjb6ufkWpEothw=
Subject key identifier:   FE:B5:89:34:D9:E6:93:74:75:C7:DA:54:D2:86:1D:19:AB:B7:73:B3
Certificate issuer:       /CN=74d032528bb1d159766cd79de4786dcd962a1fbb
Certificate serial:       019C7AEA627C64FD1DF4E41758E210D45169
Authority key identifier: 74:D0:32:52:8B:B1:D1:59:76:6C:D7:9D:E4:78:6D:CD:96:2A:1F:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dNAyUoux0Vl2bNed5HhtzZYqH7s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/29a422-a791-4dcf-90fb-2c9127ab48c3/1/_rWJNNnmk3R1x9pU0oYdGau3c7M.roa
Signing time:             Fri 20 Feb 2026 11:58:26 +0000
ROA not before:           Fri 20 Feb 2026 11:58:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5533
IP address blocks:        185.146.92.0/22 maxlen: 22
                          2a07:4f40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/29a422-a791-4dcf-90fb-2c9127ab48c3/1/dNAyUoux0Vl2bNed5HhtzZYqH7s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/29a422-a791-4dcf-90fb-2c9127ab48c3/1/dNAyUoux0Vl2bNed5HhtzZYqH7s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dNAyUoux0Vl2bNed5HhtzZYqH7s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7a:ea:62:7c:64:fd:1d:f4:e4:17:58:e2:10:d4:51:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74d032528bb1d159766cd79de4786dcd962a1fbb
        Validity
            Not Before: Feb 20 11:58:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=feb58934d9e6937475c7da54d2861d19abb773b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:47:69:5a:b7:78:56:ec:3e:b2:6b:bb:c7:72:
                    ee:3a:28:b3:f4:ff:86:d7:ee:36:a1:96:6d:3f:b2:
                    35:bd:6c:8a:a4:02:1e:82:56:35:a4:0d:25:9e:79:
                    ba:92:5d:c8:37:c2:a0:9e:8b:f7:d5:6a:20:f9:48:
                    0e:48:22:78:df:3a:33:d3:71:eb:94:96:13:8c:11:
                    3b:b9:36:89:03:a7:d0:8c:b2:9b:9a:8a:4a:b3:7a:
                    91:00:c1:c1:88:11:ad:fb:c2:0c:c1:51:be:38:dc:
                    fe:28:31:d0:fb:1a:33:64:af:b2:38:fe:ea:89:ea:
                    15:6c:66:14:5d:6d:10:b9:2c:72:48:7e:1e:02:c8:
                    e4:ee:9c:4b:2c:44:49:40:70:4d:d5:c9:bf:ba:5f:
                    72:e6:a5:15:8b:ae:cc:e7:5c:6e:aa:44:1b:c7:fa:
                    3c:88:21:67:63:aa:5f:3d:e9:a6:c9:9c:60:9d:33:
                    e7:31:0f:eb:88:86:26:49:18:ec:c7:8b:12:2b:e8:
                    53:65:fa:31:2d:cc:9f:c0:48:77:3b:62:78:3c:c9:
                    1c:2d:a4:53:4b:37:0e:20:8c:37:07:2f:5a:d8:7c:
                    07:a1:05:98:61:7c:1a:97:36:1c:9f:57:4e:9a:95:
                    a8:10:98:4a:c6:68:24:01:0a:0b:df:90:5a:35:01:
                    6e:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:B5:89:34:D9:E6:93:74:75:C7:DA:54:D2:86:1D:19:AB:B7:73:B3
            X509v3 Authority Key Identifier:
                keyid:74:D0:32:52:8B:B1:D1:59:76:6C:D7:9D:E4:78:6D:CD:96:2A:1F:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dNAyUoux0Vl2bNed5HhtzZYqH7s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29a422-a791-4dcf-90fb-2c9127ab48c3/1/_rWJNNnmk3R1x9pU0oYdGau3c7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29a422-a791-4dcf-90fb-2c9127ab48c3/1/dNAyUoux0Vl2bNed5HhtzZYqH7s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.92.0/22
                IPv6:
                  2a07:4f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         0c:cc:a4:2c:00:25:c1:0c:47:63:b3:4e:db:60:0d:96:4b:b1:
         52:98:fe:91:83:5f:16:13:6b:6a:ba:72:47:fb:91:60:38:86:
         0d:1e:cc:ec:00:09:f1:79:75:56:41:46:50:2f:b4:cc:ef:22:
         f4:be:68:f7:80:2a:c8:85:ee:ac:43:9c:92:3b:12:13:da:cc:
         55:e8:a7:57:e9:e6:fa:7c:bf:3e:12:cd:0f:f1:17:5b:2b:dc:
         bc:6d:6f:6c:52:a9:cd:06:7d:1d:93:17:96:7e:ac:b4:54:c4:
         e2:b8:a2:7f:65:f9:9f:a3:d7:7f:51:57:24:bd:a1:0d:fa:de:
         bf:ed:64:b0:79:31:0a:e0:dc:10:8d:8e:cf:f5:2d:12:2a:92:
         85:e1:9c:a5:00:6d:14:f8:0a:3e:b7:89:a2:35:1e:3b:e3:be:
         0e:5b:c4:83:32:34:70:f0:68:b7:91:ea:c8:30:99:5d:5a:86:
         b5:d6:82:65:7f:d4:3d:03:25:8a:36:cc:22:a1:22:41:2c:ec:
         f0:69:4a:3a:05:83:4f:04:dc:ee:7d:57:ad:53:06:00:8d:47:
         33:4e:b0:5e:7d:ed:2f:29:2a:88:ca:8f:dd:29:66:77:63:27:
         19:28:ee:a3:54:33:c8:ed:36:83:b2:a6:9f:f2:1e:23:3e:37:
         53:5c:01:34
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZx66mJ8ZP0d9OQXWOIQ1FFpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZDAzMjUyOGJiMWQxNTk3NjZjZDc5ZGU0Nzg2ZGNkOTYy
YTFmYmIwHhcNMjYwMjIwMTE1ODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWI1ODkzNGQ5ZTY5Mzc0NzVjN2RhNTRkMjg2MWQxOWFiYjc3M2IzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkEdpWrd4Vuw+smu7x3LuOiiz9P+G
1+42oZZtP7I1vWyKpAIeglY1pA0lnnm6kl3IN8Kgnov31Wog+UgOSCJ43zoz03Hr
lJYTjBE7uTaJA6fQjLKbmopKs3qRAMHBiBGt+8IMwVG+ONz+KDHQ+xozZK+yOP7q
ieoVbGYUXW0QuSxySH4eAsjk7pxLLERJQHBN1cm/ul9y5qUVi67M51xuqkQbx/o8
iCFnY6pfPemmyZxgnTPnMQ/riIYmSRjsx4sSK+hTZfoxLcyfwEh3O2J4PMkcLaRT
SzcOIIw3By9a2HwHoQWYYXwalzYcn1dOmpWoEJhKxmgkAQoL35BaNQFu3wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFP61iTTZ5pN0dcfaVNKGHRmrt3OzMB8GA1UdIwQY
MBaAFHTQMlKLsdFZdmzXneR4bc2WKh+7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZE5BeVVvdXgwVmwyYk5lZDVIaHR6WllxSDdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yOWE0MjItYTc5MS00ZGNmLTkwZmIt
MmM5MTI3YWI0OGMzLzEvX3JXSk5Obm1rM1IxeDlwVTBvWWRHYXUzYzdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yOWE0MjItYTc5MS00ZGNmLTkwZmItMmM5MTI3YWI0OGMz
LzEvZE5BeVVvdXgwVmwyYk5lZDVIaHR6WllxSDdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZJcMA0E
AgACMAcDBQMqB09AMA0GCSqGSIb3DQEBCwUAA4IBAQAMzKQsACXBDEdjs07bYA2W
S7FSmP6Rg18WE2tqunJH+5FgOIYNHszsAAnxeXVWQUZQL7TM7yL0vmj3gCrIhe6s
Q5ySOxIT2sxV6KdX6eb6fL8+Es0P8RdbK9y8bW9sUqnNBn0dkxeWfqy0VMTiuKJ/
Zfmfo9d/UVckvaEN+t6/7WSweTEK4NwQjY7P9S0SKpKF4ZylAG0U+Ao+t4miNR47
474OW8SDMjRw8Gi3kerIMJldWoa11oJlf9Q9AyWKNswioSJBLOzwaUo6BYNPBNzu
fVetUwYAjUczTrBefe0vKSqIyo/dKWZ3YycZKO6jVDPI7TaDsqaf8h4jPjdTXAE0
-----END CERTIFICATE-----