Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/frMVgzQaPIs1Gz7R4vF3dTAHWzc.roa
File:                     frMVgzQaPIs1Gz7R4vF3dTAHWzc.roa (raw, json)
Hash identifier:          qpSuTjOUyEClBJcAXKNR1v6GJxRuHi1KjNiauEeSO7o=
Subject key identifier:   7E:B3:15:83:34:1A:3C:8B:35:1B:3E:D1:E2:F1:77:75:30:07:5B:37
Certificate issuer:       /CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
Certificate serial:       019C9867D4410E1B1F1C0CECEFCA7B67208A
Authority key identifier: D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/frMVgzQaPIs1Gz7R4vF3dTAHWzc.roa
Signing time:             Thu 26 Feb 2026 05:24:27 +0000
ROA not before:           Thu 26 Feb 2026 05:24:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213876
IP address blocks:        85.149.221.0/24 maxlen: 24
                          85.149.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 14:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:98:67:d4:41:0e:1b:1f:1c:0c:ec:ef:ca:7b:67:20:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
        Validity
            Not Before: Feb 26 05:24:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7eb31583341a3c8b351b3ed1e2f1777530075b37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:4d:ee:19:19:e7:84:07:07:1e:e3:c3:31:ac:
                    1e:a6:02:6b:89:f1:fa:6d:cb:a5:d5:77:b5:50:df:
                    30:f2:eb:d5:a5:06:0b:c8:81:75:11:8c:7d:40:1d:
                    46:32:f9:ac:dc:87:43:24:0f:54:bc:97:41:38:9f:
                    e5:8e:b6:93:8c:e3:a5:2b:1d:38:88:6a:7c:34:f9:
                    5b:91:4d:7c:b2:bb:90:eb:2e:fe:a6:1f:13:51:e1:
                    1a:a7:3c:a0:8f:fb:8d:15:ad:ef:45:8b:52:7a:bd:
                    b0:9d:7d:fd:0e:c4:60:30:6c:76:ef:97:21:e8:dd:
                    ef:a2:39:8d:78:d7:7c:a7:0d:5c:22:b6:09:80:a2:
                    f9:54:65:73:96:45:4a:46:3c:64:e9:9e:27:8b:c4:
                    ac:aa:41:91:82:60:ad:f1:5a:30:b7:7a:5d:0e:68:
                    e2:c3:8d:e9:7b:bb:60:d3:d9:02:80:7c:ad:7e:6b:
                    13:f9:93:0e:ce:9a:ad:41:e8:4f:f2:28:ca:c8:3d:
                    52:b8:b8:a2:d0:d0:ca:e4:22:9d:5d:c9:da:31:70:
                    98:ac:b8:6b:da:5b:1e:45:80:e4:cd:3a:b2:df:a2:
                    b8:62:a1:b1:9c:c0:83:e9:d2:28:14:82:00:df:70:
                    6b:6d:8b:45:1a:2d:d8:7a:76:45:48:8f:d3:18:d3:
                    e1:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:B3:15:83:34:1A:3C:8B:35:1B:3E:D1:E2:F1:77:75:30:07:5B:37
            X509v3 Authority Key Identifier:
                keyid:D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/frMVgzQaPIs1Gz7R4vF3dTAHWzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.149.221.0-85.149.222.255

    Signature Algorithm: sha256WithRSAEncryption
         44:be:72:aa:87:1b:47:79:75:41:d1:31:6a:d7:45:2d:e5:a4:
         67:65:da:44:86:ce:a7:b4:25:f8:ee:e6:fd:2d:ad:ba:1a:f8:
         59:9f:65:dc:49:34:0d:2f:54:e3:0a:58:7b:14:fb:c1:55:c6:
         a8:b0:d5:b8:ea:63:44:65:e6:49:3f:cc:36:4c:7e:c6:1f:38:
         0b:7f:e6:34:db:c3:48:af:f4:02:5d:4c:63:1d:3b:9f:10:f9:
         5d:d3:5e:d8:c2:e4:07:56:e6:7b:94:93:b2:83:0b:51:60:12:
         5f:36:91:f7:d4:f5:a7:fe:d6:b0:5b:c3:fc:3b:76:21:14:55:
         35:67:9e:e1:51:00:80:0e:f3:ac:77:71:83:45:67:a6:64:48:
         5e:d2:b2:da:7a:df:56:20:26:33:91:3a:1a:43:a9:90:dc:94:
         3a:b3:81:05:32:5f:a3:28:b2:22:45:d0:4d:5e:75:19:0c:fa:
         ea:c1:6d:7b:cc:8b:d6:5d:87:79:1c:4d:a0:0e:6c:cd:86:00:
         f5:4e:aa:1d:d6:a9:28:1e:84:a8:5b:38:1a:c3:be:32:77:c4:
         95:60:83:6a:4c:3b:24:78:17:00:a2:c8:a6:76:d9:a6:f5:e2:
         aa:11:35:83:7f:55:53:37:e3:cf:68:f3:aa:ca:4c:8e:dc:af:
         3c:0a:94:a5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZyYZ9RBDhsfHAzs78p7ZyCKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDNjYTJjMjMxYWZkZjNiMDM1NWM3N2E3Y2JiMjI2Zjgx
Yjc0ZGUwHhcNMjYwMjI2MDUyNDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWIzMTU4MzM0MWEzYzhiMzUxYjNlZDFlMmYxNzc3NTMwMDc1YjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj03uGRnnhAcHHuPDMawepgJrifH6
bcul1Xe1UN8w8uvVpQYLyIF1EYx9QB1GMvms3IdDJA9UvJdBOJ/ljraTjOOlKx04
iGp8NPlbkU18sruQ6y7+ph8TUeEapzygj/uNFa3vRYtSer2wnX39DsRgMGx275ch
6N3vojmNeNd8pw1cIrYJgKL5VGVzlkVKRjxk6Z4ni8SsqkGRgmCt8Vowt3pdDmji
w43pe7tg09kCgHytfmsT+ZMOzpqtQehP8ijKyD1SuLii0NDK5CKdXcnaMXCYrLhr
2lseRYDkzTqy36K4YqGxnMCD6dIoFIIA33BrbYtFGi3YenZFSI/TGNPhMwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFH6zFYM0GjyLNRs+0eLxd3UwB1s3MB8GA1UdIwQY
MBaAFNjTyiwjGv3zsDVcd6fLsib4G3TeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTkt
OTkxMjhiZjZhODQxLzEvZnJNVmd6UWFQSXMxR3o3UjR2RjNkVEFIV3pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTktOTkxMjhiZjZhODQx
LzEvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABVld0D
BABVld4wDQYJKoZIhvcNAQELBQADggEBAES+cqqHG0d5dUHRMWrXRS3lpGdl2kSG
zqe0Jfju5v0trboa+FmfZdxJNA0vVOMKWHsU+8FVxqiw1bjqY0Rl5kk/zDZMfsYf
OAt/5jTbw0iv9AJdTGMdO58Q+V3TXtjC5AdW5nuUk7KDC1FgEl82kffU9af+1rBb
w/w7diEUVTVnnuFRAIAO86x3cYNFZ6ZkSF7Sstp631YgJjOROhpDqZDclDqzgQUy
X6MosiJF0E1edRkM+urBbXvMi9Zdh3kcTaAObM2GAPVOqh3WqSgehKhbOBrDvjJ3
xJVgg2pMOyR4FwCiyKZ22ab14qoRNYN/VVM3489o86rKTI7crzwKlKU=
-----END CERTIFICATE-----