Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/3d9af9-0829-411b-b76e-e26567f2aee1/1/ME8J3_Lqo4Jl0Qlw0Go-W9n_fhc.roa
File:                     ME8J3_Lqo4Jl0Qlw0Go-W9n_fhc.roa (raw, json)
Hash identifier:          f3hV7y2bBKIVX1QPsIDsCNThmNsZM2K60scI4YyAfLw=
Subject key identifier:   30:4F:09:DF:F2:EA:A3:82:65:D1:09:70:D0:6A:3E:5B:D9:FF:7E:17
Certificate issuer:       /CN=a2174318cfafe755f183a97fb7b957abeef53f37
Certificate serial:       019C74D13337BF542613BB07DFB2BF68EAA1
Authority key identifier: A2:17:43:18:CF:AF:E7:55:F1:83:A9:7F:B7:B9:57:AB:EE:F5:3F:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ohdDGM-v51Xxg6l_t7lXq-71Pzc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/3d9af9-0829-411b-b76e-e26567f2aee1/1/ME8J3_Lqo4Jl0Qlw0Go-W9n_fhc.roa
Signing time:             Thu 19 Feb 2026 07:33:13 +0000
ROA not before:           Thu 19 Feb 2026 07:33:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12496
IP address blocks:        193.39.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/3d9af9-0829-411b-b76e-e26567f2aee1/1/ohdDGM-v51Xxg6l_t7lXq-71Pzc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/3d9af9-0829-411b-b76e-e26567f2aee1/1/ohdDGM-v51Xxg6l_t7lXq-71Pzc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ohdDGM-v51Xxg6l_t7lXq-71Pzc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 13:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:74:d1:33:37:bf:54:26:13:bb:07:df:b2:bf:68:ea:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2174318cfafe755f183a97fb7b957abeef53f37
        Validity
            Not Before: Feb 19 07:33:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=304f09dff2eaa38265d10970d06a3e5bd9ff7e17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:1e:71:8e:cb:c2:5c:1b:fd:72:6d:b3:d0:cd:
                    e2:a2:f2:ae:fa:ff:d8:c0:06:87:dd:92:77:d1:c9:
                    13:31:7a:e0:d3:96:2c:d6:06:e5:ce:58:6a:d8:05:
                    cc:cc:5b:e8:b1:bb:70:c4:b7:48:cf:a4:cf:75:5b:
                    dc:3d:fd:04:0d:eb:66:f2:25:23:53:17:07:9f:15:
                    df:78:ae:91:1a:56:11:d2:c4:0d:61:2c:09:6c:9d:
                    6c:f0:b2:6a:46:b0:17:fd:51:18:d8:72:0b:fc:24:
                    6e:d9:cb:7a:fc:e5:6f:38:f8:30:8e:3c:02:d1:33:
                    79:46:a8:6d:09:92:14:4d:9c:31:73:0a:f0:50:79:
                    c9:c1:74:95:99:f4:88:f9:3e:64:c3:9f:b5:5f:97:
                    de:b5:6e:b9:b7:20:44:78:12:f7:f7:48:7e:e5:72:
                    a2:10:83:40:64:b7:b8:de:55:77:85:0b:6b:d1:e4:
                    58:a0:e9:f6:61:8b:11:46:77:13:08:68:e7:14:09:
                    42:30:7a:7b:12:55:ae:eb:0a:0a:84:9e:6a:dc:2c:
                    00:fe:c7:23:70:c6:d1:e9:2b:29:d2:3d:f6:0e:b8:
                    17:3b:0e:1a:bf:92:1d:7c:95:52:a2:dd:5a:53:c9:
                    27:b2:ce:58:4a:ef:b4:9b:97:e5:44:8b:7f:5d:f2:
                    24:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:4F:09:DF:F2:EA:A3:82:65:D1:09:70:D0:6A:3E:5B:D9:FF:7E:17
            X509v3 Authority Key Identifier:
                keyid:A2:17:43:18:CF:AF:E7:55:F1:83:A9:7F:B7:B9:57:AB:EE:F5:3F:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ohdDGM-v51Xxg6l_t7lXq-71Pzc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/3d9af9-0829-411b-b76e-e26567f2aee1/1/ME8J3_Lqo4Jl0Qlw0Go-W9n_fhc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/3d9af9-0829-411b-b76e-e26567f2aee1/1/ohdDGM-v51Xxg6l_t7lXq-71Pzc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.39.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:76:df:63:76:41:b4:2e:23:20:56:eb:42:a1:40:18:04:41:
         4b:f7:a1:98:24:f8:09:d4:fd:25:a4:49:4f:ad:42:a8:03:46:
         ac:32:01:78:0b:06:18:36:bf:e3:04:a3:a7:67:e7:7f:d0:ac:
         fe:59:b3:62:59:66:a8:31:19:3d:e4:2a:ca:54:c3:6c:ed:78:
         61:83:39:1f:f0:64:51:ec:1d:d2:15:5b:4b:f7:49:2e:d3:f7:
         cb:44:07:1f:f9:13:81:80:04:47:3e:d7:6c:7e:d6:04:37:64:
         38:ba:c7:3c:fd:8f:10:40:32:b9:06:a7:3a:92:49:fc:d7:f0:
         e1:b0:1c:69:85:07:9f:02:a2:91:0b:4a:a7:49:c5:a8:f7:63:
         4f:57:25:97:33:5f:df:21:8e:d1:ea:08:4b:f3:07:87:20:83:
         a0:f4:2a:b1:64:4b:32:06:f9:0a:53:76:f9:dd:4c:ef:7c:eb:
         fb:ee:66:1b:49:12:2d:03:2c:c0:00:a8:cc:21:c1:87:a0:0c:
         af:06:c6:8b:0c:bc:fd:00:29:2f:f6:0a:9a:e4:b5:3f:52:9e:
         16:1e:20:70:9e:c0:00:3a:ea:40:e7:dc:6b:af:70:c6:60:00:
         80:8c:c5:55:d3:96:5f:ab:27:73:86:4e:5a:23:2f:4a:4d:eb:
         c9:18:6a:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx00TM3v1QmE7sH37K/aOqhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMTc0MzE4Y2ZhZmU3NTVmMTgzYTk3ZmI3Yjk1N2FiZWVm
NTNmMzcwHhcNMjYwMjE5MDczMzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDRmMDlkZmYyZWFhMzgyNjVkMTA5NzBkMDZhM2U1YmQ5ZmY3ZTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnB5xjsvCXBv9cm2z0M3iovKu+v/Y
wAaH3ZJ30ckTMXrg05Ys1gblzlhq2AXMzFvosbtwxLdIz6TPdVvcPf0EDetm8iUj
UxcHnxXfeK6RGlYR0sQNYSwJbJ1s8LJqRrAX/VEY2HIL/CRu2ct6/OVvOPgwjjwC
0TN5RqhtCZIUTZwxcwrwUHnJwXSVmfSI+T5kw5+1X5fetW65tyBEeBL390h+5XKi
EINAZLe43lV3hQtr0eRYoOn2YYsRRncTCGjnFAlCMHp7ElWu6woKhJ5q3CwA/scj
cMbR6Ssp0j32DrgXOw4av5IdfJVSot1aU8knss5YSu+0m5flRIt/XfIkbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDBPCd/y6qOCZdEJcNBqPlvZ/34XMB8GA1UdIwQY
MBaAFKIXQxjPr+dV8YOpf7e5V6vu9T83MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2hkREdNLXY1MVh4ZzZsX3Q3bFhxLTcxUHpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8zZDlhZjktMDgyOS00MTFiLWI3NmUt
ZTI2NTY3ZjJhZWUxLzEvTUU4SjNfTHFvNEpsMFFsdzBHby1XOW5fZmhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8zZDlhZjktMDgyOS00MTFiLWI3NmUtZTI2NTY3ZjJhZWUx
LzEvb2hkREdNLXY1MVh4ZzZsX3Q3bFhxLTcxUHpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwScIMA0G
CSqGSIb3DQEBCwUAA4IBAQAXdt9jdkG0LiMgVutCoUAYBEFL96GYJPgJ1P0lpElP
rUKoA0asMgF4CwYYNr/jBKOnZ+d/0Kz+WbNiWWaoMRk95CrKVMNs7Xhhgzkf8GRR
7B3SFVtL90ku0/fLRAcf+ROBgARHPtdsftYEN2Q4usc8/Y8QQDK5Bqc6kkn81/Dh
sBxphQefAqKRC0qnScWo92NPVyWXM1/fIY7R6ghL8weHIIOg9CqxZEsyBvkKU3b5
3UzvfOv77mYbSRItAyzAAKjMIcGHoAyvBsaLDLz9ACkv9gqa5LU/Up4WHiBwnsAA
OupA59xrr3DGYACAjMVV05Zfqydzhk5aIy9KTevJGGqn
-----END CERTIFICATE-----