Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CvsV-YSFG_gQ02uWtpIV06EYaIA.roa
File:                     CvsV-YSFG_gQ02uWtpIV06EYaIA.roa (raw, json)
Hash identifier:          6wW0lDnG3Fm2FSHZ7/7E7EJzl8nSZSneoN1/6dBomaQ=
Subject key identifier:   0A:FB:15:F9:84:85:1B:F8:10:D3:6B:96:B6:92:15:D3:A1:18:68:80
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019C805E912E1AA703095AF348995FAC5DE9
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CvsV-YSFG_gQ02uWtpIV06EYaIA.roa
Signing time:             Sat 21 Feb 2026 13:23:26 +0000
ROA not before:           Sat 21 Feb 2026 13:23:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214483
IP address blocks:        216.116.190.0/24 maxlen: 24
                          216.116.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:80:5e:91:2e:1a:a7:03:09:5a:f3:48:99:5f:ac:5d:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Feb 21 13:23:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0afb15f984851bf810d36b96b69215d3a1186880
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:51:32:3a:eb:ba:de:14:ac:4c:3b:0d:05:6f:
                    10:8b:30:88:e8:5f:4a:cc:75:e2:ab:7d:49:fc:11:
                    ac:ff:12:cf:9d:8c:c8:9f:83:0b:52:85:fd:62:e4:
                    1c:e6:e2:1b:4b:f7:a8:e9:dc:be:80:0a:93:0c:e5:
                    36:66:aa:65:a2:61:26:60:37:bb:2f:6c:c4:7e:6f:
                    19:47:e1:6e:90:82:3c:7b:b1:67:56:0d:4f:59:41:
                    4c:b0:d9:0e:12:50:28:ef:fb:ac:83:df:86:60:3b:
                    53:ab:39:4c:99:4a:a1:ad:82:90:db:32:74:b2:d8:
                    81:42:13:f7:99:88:ca:05:68:ba:6b:ca:67:f7:fd:
                    a1:fa:85:3a:72:2d:a5:4c:89:0d:59:a4:70:91:b9:
                    47:3c:9e:5b:e6:b5:4e:82:6a:07:d5:17:ca:c8:e3:
                    38:e9:8c:90:3e:98:35:f3:8d:f3:f9:ed:80:65:72:
                    c3:72:0f:b9:90:95:58:f0:f5:0b:ac:63:b1:b0:b8:
                    4e:7b:ff:7a:2a:e9:a4:65:25:90:c2:b8:9f:b3:f7:
                    8c:68:d0:25:d8:c0:a7:11:46:3a:31:68:3d:24:30:
                    cc:5f:96:91:19:b2:b7:81:d3:42:20:eb:eb:12:d2:
                    68:17:42:37:09:b3:bc:f3:b6:b5:6d:6d:31:9d:05:
                    83:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:FB:15:F9:84:85:1B:F8:10:D3:6B:96:B6:92:15:D3:A1:18:68:80
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CvsV-YSFG_gQ02uWtpIV06EYaIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.116.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         56:82:91:ab:84:8d:99:74:08:57:2a:b4:dd:21:1e:1a:f7:60:
         06:a2:d5:98:c6:57:24:47:61:1e:70:16:54:bb:6b:f2:50:23:
         73:a8:e2:32:c8:c5:3f:e5:62:9f:75:d9:64:72:b1:02:9b:e7:
         fb:e1:4e:6c:a2:35:cc:d2:07:af:ee:e5:f6:c1:d5:2a:3a:1a:
         11:4c:fe:87:62:9b:bf:90:76:b9:df:b5:cb:e6:2e:69:f7:21:
         05:5b:27:5a:db:1b:0b:14:b0:6b:17:06:97:94:16:4f:19:bc:
         12:10:2b:37:e4:63:34:32:97:c1:d0:30:6e:00:16:c1:2e:5b:
         c3:67:d0:8a:b7:8a:98:f1:98:e5:2e:21:99:f3:78:df:97:42:
         1a:21:11:d6:00:38:05:a3:5f:d9:82:87:88:d5:62:31:3b:ca:
         4c:18:f0:cf:0f:54:d1:7a:df:71:7b:1c:ea:3f:a2:cf:af:5f:
         3f:5e:43:1d:41:a9:d3:d6:31:80:6e:03:c0:03:11:d0:58:c3:
         9d:54:89:6e:8c:84:b0:c6:18:27:f5:d8:8c:cb:b9:4b:68:f4:
         79:ac:e7:0e:91:53:71:5b:0c:5c:f6:5f:78:38:43:54:9e:42:
         16:82:81:bd:ca:ea:78:fe:57:c0:f1:41:eb:b7:48:34:77:22:
         a0:1c:f9:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyAXpEuGqcDCVrzSJlfrF3pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwMjIxMTMyMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWZiMTVmOTg0ODUxYmY4MTBkMzZiOTZiNjkyMTVkM2ExMTg2ODgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAslEyOuu63hSsTDsNBW8QizCI6F9K
zHXiq31J/BGs/xLPnYzIn4MLUoX9YuQc5uIbS/eo6dy+gAqTDOU2ZqplomEmYDe7
L2zEfm8ZR+FukII8e7FnVg1PWUFMsNkOElAo7/usg9+GYDtTqzlMmUqhrYKQ2zJ0
stiBQhP3mYjKBWi6a8pn9/2h+oU6ci2lTIkNWaRwkblHPJ5b5rVOgmoH1RfKyOM4
6YyQPpg1843z+e2AZXLDcg+5kJVY8PULrGOxsLhOe/96KumkZSWQwrifs/eMaNAl
2MCnEUY6MWg9JDDMX5aRGbK3gdNCIOvrEtJoF0I3CbO887a1bW0xnQWD0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAr7FfmEhRv4ENNrlraSFdOhGGiAMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvQ3ZzVi1ZU0ZHX2dRMDJ1V3RwSVYwNkVZYUlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2HS+MA0G
CSqGSIb3DQEBCwUAA4IBAQBWgpGrhI2ZdAhXKrTdIR4a92AGotWYxlckR2EecBZU
u2vyUCNzqOIyyMU/5WKfddlkcrECm+f74U5sojXM0gev7uX2wdUqOhoRTP6HYpu/
kHa537XL5i5p9yEFWyda2xsLFLBrFwaXlBZPGbwSECs35GM0MpfB0DBuABbBLlvD
Z9CKt4qY8ZjlLiGZ83jfl0IaIRHWADgFo1/ZgoeI1WIxO8pMGPDPD1TRet9xexzq
P6LPr18/XkMdQanT1jGAbgPAAxHQWMOdVIlujISwxhgn9diMy7lLaPR5rOcOkVNx
Wwxc9l94OENUnkIWgoG9yup4/lfA8UHrt0g0dyKgHPk1
-----END CERTIFICATE-----