Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/j-k2ZJh8UT6ril1arX_mQHMs2t0.roa
File:                     j-k2ZJh8UT6ril1arX_mQHMs2t0.roa (raw, json)
Hash identifier:          OOVrPN0QW8jRQPEM3xqRh+9QbawW5N/5sIxvenZ2Llw=
Subject key identifier:   8F:E9:36:64:98:7C:51:3E:AB:8A:5D:5A:AD:7F:E6:40:73:2C:DA:DD
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       019C657E2B9E4092CD4E2E87B99278CCD462
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/j-k2ZJh8UT6ril1arX_mQHMs2t0.roa
Signing time:             Mon 16 Feb 2026 08:08:13 +0000
ROA not before:           Mon 16 Feb 2026 08:08:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201061
IP address blocks:        193.234.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 03:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:65:7e:2b:9e:40:92:cd:4e:2e:87:b9:92:78:cc:d4:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Feb 16 08:08:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8fe93664987c513eab8a5d5aad7fe640732cdadd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:68:9c:64:62:c8:b5:53:6c:e3:00:f3:4f:35:
                    7a:aa:83:e2:96:23:cf:75:4d:a9:4c:15:75:f0:12:
                    e6:f7:a6:63:02:c9:ba:ba:35:27:96:ba:75:a8:c1:
                    83:38:b3:a9:c4:ce:7e:18:ce:c7:a4:07:b3:a8:d8:
                    ac:da:fe:aa:96:1b:c1:09:d2:61:17:85:e5:5d:eb:
                    ed:fc:8c:62:23:98:a0:36:c4:9f:92:45:fc:da:4d:
                    b3:c6:f1:fb:58:37:16:9c:d5:25:e0:98:f2:74:86:
                    b7:77:e3:ac:7e:5a:89:4a:17:e4:db:09:58:8c:c2:
                    dd:80:61:e5:33:2e:ec:5f:7d:04:ee:ad:50:63:ae:
                    aa:b0:66:9e:dd:a0:69:da:1a:6b:64:33:b0:85:23:
                    41:4a:46:e6:81:a1:97:d5:3c:78:88:18:8b:2f:ec:
                    88:0e:66:7a:b6:22:64:bf:11:f3:5f:e8:11:ea:06:
                    70:85:93:97:8a:bc:70:10:aa:6b:4e:99:ae:15:8b:
                    34:94:3f:5a:2d:ea:0e:e2:72:d8:90:56:5e:bd:5a:
                    0a:8e:03:e1:ef:3e:07:6d:d2:f9:b9:5e:8c:95:1d:
                    d0:e3:fb:33:18:e5:3a:96:fb:f3:04:1e:d5:ef:27:
                    e5:3e:bb:ca:b0:e5:ca:a0:ad:2e:8d:35:af:ca:8d:
                    cb:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:E9:36:64:98:7C:51:3E:AB:8A:5D:5A:AD:7F:E6:40:73:2C:DA:DD
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/j-k2ZJh8UT6ril1arX_mQHMs2t0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.234.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:e2:0a:ef:15:04:84:24:39:ab:f7:d5:79:be:2e:75:f7:81:
         f9:81:b3:cc:65:ae:70:e0:02:55:09:c8:d0:c8:b9:a1:fd:ee:
         d6:af:c6:b8:b8:19:e8:f5:03:b5:40:da:d3:ab:e3:6c:d6:22:
         df:60:be:e6:24:e5:1e:dc:85:1d:d6:40:84:b9:31:05:9a:a2:
         57:35:73:09:c3:4b:74:f5:e4:1f:af:2e:7a:21:d1:93:64:f0:
         e1:8a:44:ca:3c:4e:8f:af:7d:cf:71:10:68:bf:aa:1e:58:c6:
         c2:c1:b9:5b:ca:a5:4c:ef:14:a7:88:f7:c8:80:8b:ba:2c:64:
         34:da:31:51:40:46:b9:06:21:0c:91:98:20:a7:3d:29:11:f3:
         8b:47:9c:09:97:b9:08:39:f7:b6:26:98:f5:6c:6d:49:29:1e:
         35:f9:0c:21:27:3d:1b:d2:dd:e0:f3:57:50:76:e5:16:59:8a:
         fa:aa:77:9d:fd:f1:4f:ed:66:4e:37:10:a7:45:9d:68:92:2b:
         1b:7d:23:17:19:f4:1a:cb:1b:75:e8:7c:dc:9c:9f:2b:30:8e:
         80:a3:b4:18:77:6e:a1:87:85:0b:b2:db:e8:89:9c:f7:0f:f1:
         11:48:28:46:c0:53:5f:b4:0c:ff:8d:11:a3:d5:80:32:86:6f:
         e0:d8:85:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxlfiueQJLNTi6HuZJ4zNRiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjYwMjE2MDgwODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmU5MzY2NDk4N2M1MTNlYWI4YTVkNWFhZDdmZTY0MDczMmNkYWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWicZGLItVNs4wDzTzV6qoPiliPP
dU2pTBV18BLm96ZjAsm6ujUnlrp1qMGDOLOpxM5+GM7HpAezqNis2v6qlhvBCdJh
F4XlXevt/IxiI5igNsSfkkX82k2zxvH7WDcWnNUl4JjydIa3d+OsflqJShfk2wlY
jMLdgGHlMy7sX30E7q1QY66qsGae3aBp2hprZDOwhSNBSkbmgaGX1Tx4iBiLL+yI
DmZ6tiJkvxHzX+gR6gZwhZOXirxwEKprTpmuFYs0lD9aLeoO4nLYkFZevVoKjgPh
7z4HbdL5uV6MlR3Q4/szGOU6lvvzBB7V7yflPrvKsOXKoK0ujTWvyo3LLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI/pNmSYfFE+q4pdWq1/5kBzLNrdMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvai1rMlpKaDhVVDZyaWwxYXJYX21RSE1zMnQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwepYMA0G
CSqGSIb3DQEBCwUAA4IBAQA04grvFQSEJDmr99V5vi5194H5gbPMZa5w4AJVCcjQ
yLmh/e7Wr8a4uBno9QO1QNrTq+Ns1iLfYL7mJOUe3IUd1kCEuTEFmqJXNXMJw0t0
9eQfry56IdGTZPDhikTKPE6Pr33PcRBov6oeWMbCwblbyqVM7xSniPfIgIu6LGQ0
2jFRQEa5BiEMkZggpz0pEfOLR5wJl7kIOfe2Jpj1bG1JKR41+QwhJz0b0t3g81dQ
duUWWYr6qned/fFP7WZONxCnRZ1okisbfSMXGfQayxt16HzcnJ8rMI6Ao7QYd26h
h4ULstvoiZz3D/ERSChGwFNftAz/jRGj1YAyhm/g2IU3
-----END CERTIFICATE-----