Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/oEzd70GBc89wuPrghjleeGdo8sA.roa
File:                     oEzd70GBc89wuPrghjleeGdo8sA.roa (raw, json)
Hash identifier:          XTx9ORtlLm/ABttZFmHynm9a1AsxWcX+O0c3olAJQ7A=
Subject key identifier:   A0:4C:DD:EF:41:81:73:CF:70:B8:FA:E0:86:39:5E:78:67:68:F2:C0
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019C771DE2FA546CD48FD3FD5FD9974B5D4D
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/oEzd70GBc89wuPrghjleeGdo8sA.roa
Signing time:             Thu 19 Feb 2026 18:16:13 +0000
ROA not before:           Thu 19 Feb 2026 18:16:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152179
IP address blocks:        216.116.160.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:77:1d:e2:fa:54:6c:d4:8f:d3:fd:5f:d9:97:4b:5d:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Feb 19 18:16:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a04cddef418173cf70b8fae086395e786768f2c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ea:76:d1:fe:97:01:c8:d7:c5:7c:13:0e:94:
                    c3:d4:bd:fd:ab:81:6e:4d:1a:d1:ea:63:f4:b1:d7:
                    19:99:71:0f:6d:67:a3:f2:0f:cc:cd:39:eb:57:d8:
                    96:e3:1a:39:9e:7d:b7:ea:a8:9c:67:58:63:61:2a:
                    a5:8d:4d:3b:6a:cd:ee:bb:07:0f:b6:4e:80:ac:b8:
                    36:a7:88:84:1c:1d:cb:0f:59:5d:34:b6:0e:3e:83:
                    88:43:f7:bc:b7:d7:ac:6f:42:84:d5:e6:25:d7:d5:
                    54:bc:dc:1f:22:94:f0:68:04:bb:f1:ba:9f:ca:e4:
                    8d:83:d8:9d:77:67:a8:8e:f5:7a:68:f3:bc:89:7d:
                    40:b2:6d:5c:fd:3d:a8:f0:aa:d8:fb:04:5d:c9:38:
                    25:c1:f4:2d:70:f8:72:f5:df:34:37:d5:d6:5f:4e:
                    81:1f:e3:d8:8e:71:48:af:bb:11:9c:d3:8a:60:d8:
                    c2:fb:61:13:2f:2e:7e:6d:f2:5b:cd:6a:75:27:cf:
                    ba:75:3f:0f:9b:33:72:fe:c7:a2:0f:b1:24:f9:be:
                    10:d9:1d:92:bb:1c:75:43:41:35:ae:96:7b:e5:2a:
                    ab:d0:b0:d3:69:61:c8:fa:32:01:66:fd:4b:30:a7:
                    ed:8e:df:f4:e9:bb:6a:0a:16:1b:a2:90:cb:19:63:
                    58:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:4C:DD:EF:41:81:73:CF:70:B8:FA:E0:86:39:5E:78:67:68:F2:C0
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/oEzd70GBc89wuPrghjleeGdo8sA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.116.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         4d:c6:8a:6d:91:6d:15:87:04:fc:81:17:10:26:c3:86:35:1a:
         f8:e6:ec:26:7f:5f:61:47:d8:a6:c4:b2:e5:51:c4:82:da:af:
         45:81:34:17:7f:68:af:1b:35:65:69:e8:3d:d4:23:c1:15:49:
         25:ad:a7:59:01:3e:3d:46:08:19:51:c7:b8:0c:ea:9f:6b:22:
         e4:95:b7:37:e5:9e:1a:83:c4:ee:71:91:f4:f4:3d:fa:64:c4:
         1f:d2:63:14:6d:78:9e:b4:8a:ec:8d:14:49:a6:4a:b4:4c:f3:
         06:33:b4:bc:bb:81:90:ef:74:c7:9b:39:a0:1d:5a:d5:0c:84:
         7f:2b:9e:ab:80:c9:f3:38:95:d2:36:d4:76:bd:66:bc:60:22:
         c7:8b:98:9e:02:53:58:3b:c0:ee:ed:2d:b8:bb:2f:e6:50:2b:
         c8:ed:41:04:99:d0:d7:57:f5:6f:93:c7:ee:06:1c:f2:4e:34:
         ef:16:d1:79:fe:4f:96:52:3e:39:75:57:e7:c3:ab:8f:0f:1f:
         2c:d9:06:9b:47:34:57:51:e2:f7:c4:6b:ab:9e:b6:40:3e:a4:
         3f:2d:08:bc:ce:a9:e0:59:2e:de:af:84:b0:31:74:68:6f:3e:
         53:43:b5:c3:06:61:c3:0b:c2:c1:04:24:c9:e2:e8:02:11:2d:
         96:8b:10:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx3HeL6VGzUj9P9X9mXS11NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwMjE5MTgxNjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDRjZGRlZjQxODE3M2NmNzBiOGZhZTA4NjM5NWU3ODY3NjhmMmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOp20f6XAcjXxXwTDpTD1L39q4Fu
TRrR6mP0sdcZmXEPbWej8g/MzTnrV9iW4xo5nn236qicZ1hjYSqljU07as3uuwcP
tk6ArLg2p4iEHB3LD1ldNLYOPoOIQ/e8t9esb0KE1eYl19VUvNwfIpTwaAS78bqf
yuSNg9idd2eojvV6aPO8iX1Asm1c/T2o8KrY+wRdyTglwfQtcPhy9d80N9XWX06B
H+PYjnFIr7sRnNOKYNjC+2ETLy5+bfJbzWp1J8+6dT8PmzNy/seiD7Ek+b4Q2R2S
uxx1Q0E1rpZ75Sqr0LDTaWHI+jIBZv1LMKftjt/06btqChYbopDLGWNYNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKBM3e9BgXPPcLj64IY5XnhnaPLAMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvb0V6ZDcwR0JjODl3dVByZ2hqbGVlR2RvOHNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF2HSgMA0G
CSqGSIb3DQEBCwUAA4IBAQBNxoptkW0VhwT8gRcQJsOGNRr45uwmf19hR9imxLLl
UcSC2q9FgTQXf2ivGzVlaeg91CPBFUklradZAT49RggZUce4DOqfayLklbc35Z4a
g8TucZH09D36ZMQf0mMUbXietIrsjRRJpkq0TPMGM7S8u4GQ73THmzmgHVrVDIR/
K56rgMnzOJXSNtR2vWa8YCLHi5ieAlNYO8Du7S24uy/mUCvI7UEEmdDXV/Vvk8fu
BhzyTjTvFtF5/k+WUj45dVfnw6uPDx8s2QabRzRXUeL3xGurnrZAPqQ/LQi8zqng
WS7er4SwMXRobz5TQ7XDBmHDC8LBBCTJ4ugCES2WixDC
-----END CERTIFICATE-----