Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/E6UE2krhype5dEzk47kdTgLnbpY.roa
File:                     E6UE2krhype5dEzk47kdTgLnbpY.roa (raw, json)
Hash identifier:          vsoIyEhJQxtatJF7s3epaLpBxKoTWt/dlawVFelKxOY=
Subject key identifier:   13:A5:04:DA:4A:E1:CA:97:B9:74:4C:E4:E3:B9:1D:4E:02:E7:6E:96
Certificate issuer:       /CN=0c90c356e2864f43894857443555d8b5c0352819
Certificate serial:       019C46110CF34E72BD488E72E9799365F56D
Authority key identifier: 0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/E6UE2krhype5dEzk47kdTgLnbpY.roa
Signing time:             Tue 10 Feb 2026 05:40:48 +0000
ROA not before:           Tue 10 Feb 2026 05:40:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204194
IP address blocks:        185.3.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 20:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:46:11:0c:f3:4e:72:bd:48:8e:72:e9:79:93:65:f5:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c90c356e2864f43894857443555d8b5c0352819
        Validity
            Not Before: Feb 10 05:40:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=13a504da4ae1ca97b9744ce4e3b91d4e02e76e96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:dc:53:4d:4c:d0:f3:1d:39:ef:cd:07:9b:38:
                    a6:77:3e:4c:ad:30:bd:12:1c:67:1d:1e:c5:24:68:
                    6f:18:d8:f6:f9:e4:5f:cf:fd:4d:e6:93:b9:2f:93:
                    05:4d:b6:fc:6c:38:68:50:ad:e5:1a:f5:3f:bb:29:
                    a3:34:ec:d4:60:76:c1:cb:0c:3b:01:f4:a3:d5:63:
                    e7:04:62:4c:f8:de:4d:25:e6:29:5c:6b:21:9d:86:
                    22:fc:3b:c9:16:39:9c:5a:82:f3:09:af:43:61:c6:
                    51:be:61:8f:86:19:42:97:4d:2e:8b:7c:c4:27:88:
                    3a:f2:64:23:ba:9d:86:e8:77:79:64:22:df:85:54:
                    46:08:52:cd:d2:2c:6a:69:34:f5:fc:42:ee:ff:73:
                    f9:8d:8c:72:8d:30:6d:c0:e5:17:f7:5b:67:23:de:
                    b9:e2:df:9e:bc:57:ea:ac:49:12:96:48:9e:b4:91:
                    be:46:4f:5d:50:3c:c2:dc:5c:e4:68:62:cc:76:01:
                    33:90:a5:7b:2c:6f:69:8b:15:65:7c:55:0b:58:72:
                    96:fb:fd:d8:f8:e6:86:84:da:01:2d:aa:b5:fc:d6:
                    36:a1:ed:26:38:9e:87:4d:c7:33:87:0a:2e:9c:9a:
                    34:27:2f:68:50:35:c6:9a:d4:b6:f1:02:c2:1e:42:
                    56:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:A5:04:DA:4A:E1:CA:97:B9:74:4C:E4:E3:B9:1D:4E:02:E7:6E:96
            X509v3 Authority Key Identifier:
                keyid:0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/E6UE2krhype5dEzk47kdTgLnbpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.3.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:14:f7:ce:48:84:a6:48:76:92:37:b1:07:44:10:c9:e2:6b:
         1a:7a:5e:eb:12:f4:eb:6b:d0:29:20:8a:43:dc:e6:34:52:87:
         55:3f:21:8b:c5:f8:b4:ce:21:c4:0f:01:b0:69:79:6a:dc:11:
         ec:95:f1:33:48:f4:44:8f:dd:df:fa:7d:e5:cf:c3:8e:4a:32:
         97:38:8e:43:cd:34:34:a7:54:c9:9d:1b:e0:a6:c8:d7:7d:3a:
         8a:3a:c2:fd:01:86:f5:da:62:f0:ad:87:99:d1:99:b8:98:e0:
         6a:a2:93:e8:85:db:67:8f:a9:0b:ad:ad:7d:da:2b:df:65:33:
         1e:1c:8a:f1:cb:aa:ac:14:48:bb:77:2f:8f:2e:31:e3:42:1c:
         15:ff:60:bc:81:28:98:27:a9:f8:59:60:5a:0e:a1:7c:92:93:
         7c:28:82:3e:27:cb:99:ef:b5:60:bc:77:4d:f8:d1:37:c8:ae:
         50:cb:2d:92:78:ac:ce:c6:f0:12:5e:72:b4:81:66:a2:c6:69:
         5a:17:df:44:25:80:0d:63:0d:a4:63:eb:ec:6c:bd:a0:a7:2e:
         14:77:e2:ad:f6:d3:3b:cd:a0:98:37:a0:50:94:97:fa:d0:5e:
         58:8f:b5:e5:0a:88:b6:94:f1:04:bc:e9:3a:50:28:22:eb:0e:
         aa:41:a4:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxGEQzzTnK9SI5y6XmTZfVtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjOTBjMzU2ZTI4NjRmNDM4OTQ4NTc0NDM1NTVkOGI1YzAz
NTI4MTkwHhcNMjYwMjEwMDU0MDQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2E1MDRkYTRhZTFjYTk3Yjk3NDRjZTRlM2I5MWQ0ZTAyZTc2ZTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4NxTTUzQ8x05780Hmzimdz5MrTC9
EhxnHR7FJGhvGNj2+eRfz/1N5pO5L5MFTbb8bDhoUK3lGvU/uymjNOzUYHbByww7
AfSj1WPnBGJM+N5NJeYpXGshnYYi/DvJFjmcWoLzCa9DYcZRvmGPhhlCl00ui3zE
J4g68mQjup2G6Hd5ZCLfhVRGCFLN0ixqaTT1/ELu/3P5jYxyjTBtwOUX91tnI965
4t+evFfqrEkSlkietJG+Rk9dUDzC3FzkaGLMdgEzkKV7LG9pixVlfFULWHKW+/3Y
+OaGhNoBLaq1/NY2oe0mOJ6HTcczhwounJo0Jy9oUDXGmtS28QLCHkJWGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBOlBNpK4cqXuXRM5OO5HU4C526WMB8GA1UdIwQY
MBaAFAyQw1bihk9DiUhXRDVV2LXANSgZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDct
ZTM3OTlhZGU5ZGZlLzEvRTZVRTJrcmh5cGU1ZEV6azQ3a2RUZ0xuYnBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDctZTM3OTlhZGU5ZGZl
LzEvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQO/MA0G
CSqGSIb3DQEBCwUAA4IBAQBFFPfOSISmSHaSN7EHRBDJ4msael7rEvTra9ApIIpD
3OY0UodVPyGLxfi0ziHEDwGwaXlq3BHslfEzSPREj93f+n3lz8OOSjKXOI5DzTQ0
p1TJnRvgpsjXfTqKOsL9AYb12mLwrYeZ0Zm4mOBqopPohdtnj6kLra192ivfZTMe
HIrxy6qsFEi7dy+PLjHjQhwV/2C8gSiYJ6n4WWBaDqF8kpN8KII+J8uZ77VgvHdN
+NE3yK5Qyy2SeKzOxvASXnK0gWaixmlaF99EJYANYw2kY+vsbL2gpy4Ud+Kt9tM7
zaCYN6BQlJf60F5Yj7XlCoi2lPEEvOk6UCgi6w6qQaTv
-----END CERTIFICATE-----