Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/8khK9FRPf0byhiBZHnCIdhAcOEk.roa
File:                     8khK9FRPf0byhiBZHnCIdhAcOEk.roa (raw, json)
Hash identifier:          M5jEdLm9AcXZIxKRXOcHMpGqLP1Wk6IQD7HnH4NNOWA=
Subject key identifier:   F2:48:4A:F4:54:4F:7F:46:F2:86:20:59:1E:70:88:76:10:1C:38:49
Certificate issuer:       /CN=0c90c356e2864f43894857443555d8b5c0352819
Certificate serial:       019C46110D78FA56F93FB703A04C8B5811ED
Authority key identifier: 0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/8khK9FRPf0byhiBZHnCIdhAcOEk.roa
Signing time:             Tue 10 Feb 2026 05:40:48 +0000
ROA not before:           Tue 10 Feb 2026 05:40:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204241
IP address blocks:        185.3.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 20:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:46:11:0d:78:fa:56:f9:3f:b7:03:a0:4c:8b:58:11:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c90c356e2864f43894857443555d8b5c0352819
        Validity
            Not Before: Feb 10 05:40:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f2484af4544f7f46f28620591e708876101c3849
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:12:77:7a:ec:b9:43:0a:ec:21:0c:2c:f8:61:
                    7f:14:f1:38:ff:a1:8f:64:7e:90:2f:81:eb:2e:d9:
                    dc:23:68:31:b4:1b:04:42:42:09:bb:79:d3:09:7f:
                    23:b4:1c:ea:ef:b9:88:f3:3e:ae:6a:04:aa:42:c6:
                    a4:17:3b:e8:86:d4:8c:75:6c:53:ec:5e:0b:a7:f6:
                    0e:57:52:0b:ee:f1:4e:8c:63:44:bd:21:19:e2:6f:
                    f2:e3:e0:7b:c3:4f:a4:ea:67:0e:2c:2f:08:46:07:
                    a7:34:76:a8:7a:9e:a1:b0:a4:23:4f:dc:ce:30:3e:
                    44:c9:38:af:51:e7:7c:67:33:46:9f:58:ff:a6:11:
                    c0:a4:8d:e4:2f:22:45:70:f7:1c:6e:9b:01:fe:08:
                    09:9b:cf:9e:9f:6d:cb:6c:22:2c:96:c8:c1:8c:67:
                    a7:47:cc:00:57:32:d1:f6:97:f9:be:71:19:ae:14:
                    40:90:5b:75:c7:9a:38:64:f7:84:c5:51:ee:cd:f4:
                    20:0e:39:77:b8:22:d2:cb:03:c5:a0:6f:39:93:4b:
                    6d:86:97:a9:ef:f2:e4:85:ba:eb:f0:0f:89:f0:76:
                    40:d4:aa:62:91:21:12:81:db:73:55:4a:3c:b8:20:
                    b2:6b:0e:58:5f:d6:52:a8:1c:aa:9a:dc:7d:4c:8b:
                    17:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:48:4A:F4:54:4F:7F:46:F2:86:20:59:1E:70:88:76:10:1C:38:49
            X509v3 Authority Key Identifier:
                keyid:0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/8khK9FRPf0byhiBZHnCIdhAcOEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.3.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:1c:ac:81:7f:13:db:c8:3a:ef:a9:20:b3:13:f9:81:7d:b4:
         64:0f:6c:68:dd:3e:54:a8:84:87:04:df:77:aa:a2:b5:0d:b9:
         83:05:a3:86:9c:7c:cc:c7:f6:e9:11:9f:92:0b:84:6b:85:bb:
         2f:e8:a7:02:72:19:dc:71:43:58:11:5a:bb:d6:33:c2:34:e6:
         6e:d6:16:e9:dd:e6:c0:29:fd:5b:bb:eb:96:80:a2:7f:8d:f5:
         18:c1:9d:a6:e3:1f:f9:3b:c1:10:c2:30:6e:a0:a3:4c:55:92:
         c9:ea:8c:a7:f9:e7:e3:11:6c:7e:8d:fb:44:2a:f3:24:ab:35:
         8b:9c:7e:27:9e:6d:73:98:a2:5f:15:d7:1c:ce:5a:75:61:97:
         cf:53:20:6b:2d:c8:92:0f:45:d7:cb:ca:7a:b2:89:30:cd:02:
         dc:fc:44:4b:ee:77:ed:f4:cb:52:2f:1c:3f:28:87:fb:2c:83:
         50:7d:11:2b:cc:45:63:aa:3d:64:26:7e:fe:9b:4f:ba:08:fd:
         ec:08:b0:89:8d:af:7f:b9:f2:13:75:4d:a3:33:13:bb:f3:95:
         57:b6:fb:74:49:70:c7:70:03:b8:20:4a:76:83:a0:6d:3a:e7:
         ad:f5:84:43:c9:35:39:98:47:26:c1:c1:4d:6f:86:62:7e:f0:
         b4:be:ac:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxGEQ14+lb5P7cDoEyLWBHtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjOTBjMzU2ZTI4NjRmNDM4OTQ4NTc0NDM1NTVkOGI1YzAz
NTI4MTkwHhcNMjYwMjEwMDU0MDQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjQ4NGFmNDU0NGY3ZjQ2ZjI4NjIwNTkxZTcwODg3NjEwMWMzODQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyxJ3euy5QwrsIQws+GF/FPE4/6GP
ZH6QL4HrLtncI2gxtBsEQkIJu3nTCX8jtBzq77mI8z6uagSqQsakFzvohtSMdWxT
7F4Lp/YOV1IL7vFOjGNEvSEZ4m/y4+B7w0+k6mcOLC8IRgenNHaoep6hsKQjT9zO
MD5EyTivUed8ZzNGn1j/phHApI3kLyJFcPccbpsB/ggJm8+en23LbCIslsjBjGen
R8wAVzLR9pf5vnEZrhRAkFt1x5o4ZPeExVHuzfQgDjl3uCLSywPFoG85k0tthpep
7/Lkhbrr8A+J8HZA1KpikSESgdtzVUo8uCCyaw5YX9ZSqByqmtx9TIsXuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJISvRUT39G8oYgWR5wiHYQHDhJMB8GA1UdIwQY
MBaAFAyQw1bihk9DiUhXRDVV2LXANSgZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDct
ZTM3OTlhZGU5ZGZlLzEvOGtoSzlGUlBmMGJ5aGlCWkhuQ0lkaEFjT0VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDctZTM3OTlhZGU5ZGZl
LzEvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQO+MA0G
CSqGSIb3DQEBCwUAA4IBAQB7HKyBfxPbyDrvqSCzE/mBfbRkD2xo3T5UqISHBN93
qqK1DbmDBaOGnHzMx/bpEZ+SC4Rrhbsv6KcCchnccUNYEVq71jPCNOZu1hbp3ebA
Kf1bu+uWgKJ/jfUYwZ2m4x/5O8EQwjBuoKNMVZLJ6oyn+efjEWx+jftEKvMkqzWL
nH4nnm1zmKJfFdcczlp1YZfPUyBrLciSD0XXy8p6sokwzQLc/ERL7nft9MtSLxw/
KIf7LINQfRErzEVjqj1kJn7+m0+6CP3sCLCJja9/ufITdU2jMxO785VXtvt0SXDH
cAO4IEp2g6BtOuet9YRDyTU5mEcmwcFNb4ZifvC0vqxK
-----END CERTIFICATE-----