Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/9-uYpBrZ0SnlXEdYG-rWZOkX4-8.roa
File:                     9-uYpBrZ0SnlXEdYG-rWZOkX4-8.roa (raw, json)
Hash identifier:          ch9SwzgHwXntgNAkT37G/8PeEwHz84mvTnudFL4bbYg=
Subject key identifier:   F7:EB:98:A4:1A:D9:D1:29:E5:5C:47:58:1B:EA:D6:64:E9:17:E3:EF
Certificate issuer:       /CN=712f9cb3c298b150beb79080376f74bdeac438ac
Certificate serial:       019C578532A0905ECFDD35D31105794F605E
Authority key identifier: 71:2F:9C:B3:C2:98:B1:50:BE:B7:90:80:37:6F:74:BD:EA:C4:38:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cS-cs8KYsVC-t5CAN290verEOKw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/9-uYpBrZ0SnlXEdYG-rWZOkX4-8.roa
Signing time:             Fri 13 Feb 2026 15:01:12 +0000
ROA not before:           Fri 13 Feb 2026 15:01:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202663
IP address blocks:        185.22.129.192/28 maxlen: 28
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/cS-cs8KYsVC-t5CAN290verEOKw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/cS-cs8KYsVC-t5CAN290verEOKw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cS-cs8KYsVC-t5CAN290verEOKw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:57:85:32:a0:90:5e:cf:dd:35:d3:11:05:79:4f:60:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=712f9cb3c298b150beb79080376f74bdeac438ac
        Validity
            Not Before: Feb 13 15:01:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f7eb98a41ad9d129e55c47581bead664e917e3ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:39:b6:08:c2:b1:88:59:a6:41:44:ae:22:1c:
                    85:d6:01:5c:17:74:f0:a0:3d:2e:93:e8:79:9b:7d:
                    af:ae:4f:29:a7:fa:d7:f9:f6:07:44:f9:05:f4:be:
                    50:fd:b2:e7:2e:23:64:f9:f4:55:4d:87:47:0c:e9:
                    e7:46:3c:98:cc:c7:e0:48:05:79:ea:1d:36:41:ac:
                    e8:91:83:8a:47:54:86:a8:44:04:cf:54:47:7b:ad:
                    4e:58:46:d9:0c:8c:9a:32:67:60:ea:9f:ab:7c:93:
                    03:94:ca:49:bc:e1:f1:8b:79:d7:3c:a6:33:ee:c8:
                    2b:e7:c2:24:8c:7d:ce:40:76:18:d2:02:9a:2e:a3:
                    10:f0:27:68:09:f4:3d:f8:65:63:2e:d8:da:f5:57:
                    82:9a:74:6c:55:4b:8b:75:23:fa:1d:93:f0:78:10:
                    6b:8f:77:20:c6:f5:90:67:2e:39:19:a1:0f:84:06:
                    2a:15:6a:4a:dd:05:de:7b:2f:ad:cf:9a:a7:80:57:
                    ab:cb:f2:fd:8b:81:e5:4f:1b:1c:3c:4a:48:09:dd:
                    2a:6f:ae:c1:e3:b1:0b:fa:2f:7d:7d:13:0a:6e:76:
                    40:87:95:26:0a:98:83:0f:60:6d:a6:45:c1:2b:f9:
                    ee:e6:1e:0d:67:87:08:9a:13:ec:a3:3f:d3:db:7c:
                    e1:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:EB:98:A4:1A:D9:D1:29:E5:5C:47:58:1B:EA:D6:64:E9:17:E3:EF
            X509v3 Authority Key Identifier:
                keyid:71:2F:9C:B3:C2:98:B1:50:BE:B7:90:80:37:6F:74:BD:EA:C4:38:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cS-cs8KYsVC-t5CAN290verEOKw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/9-uYpBrZ0SnlXEdYG-rWZOkX4-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/cS-cs8KYsVC-t5CAN290verEOKw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.22.129.192/28

    Signature Algorithm: sha256WithRSAEncryption
         02:3c:b7:0b:38:db:06:36:e6:d0:02:12:39:ca:ac:1b:84:bf:
         cf:c3:83:1e:98:c1:d0:6e:23:88:0f:d0:86:d0:3e:bd:31:70:
         b9:cc:fd:02:15:b5:70:61:c2:27:27:bb:bf:3d:5f:6e:d8:4d:
         ab:a4:77:80:1c:19:85:f5:09:c2:7e:1e:d1:55:ca:c1:a8:fd:
         43:2b:12:69:3b:27:93:53:bd:4c:35:62:9e:ee:b5:0b:f8:08:
         21:d9:a7:5a:fb:7f:44:d3:1c:78:0e:82:88:38:20:7e:e6:2a:
         94:cb:62:d8:ec:e6:81:5e:5b:0d:cc:cf:7a:e3:8d:e5:76:23:
         a9:c6:85:60:d7:d8:6e:e7:ca:1a:48:fd:af:5c:66:55:69:18:
         53:7f:50:67:78:44:fb:e0:35:0c:5c:02:2f:74:4c:55:bb:60:
         48:d9:59:97:a3:0b:ed:61:d4:0e:dc:e9:58:e0:6e:30:b5:b3:
         60:19:7b:23:0f:6e:06:44:46:37:bc:78:56:f9:65:0e:d4:05:
         e9:60:b0:65:4a:54:b9:aa:d8:a7:ab:60:4b:d8:97:e5:68:cf:
         b2:8e:ea:58:ca:dc:a8:db:d2:47:25:e4:8d:9f:38:ad:d5:d8:
         b1:b1:2c:ce:75:bb:dc:9e:da:d3:cd:37:30:27:be:fc:39:bf:
         aa:af:ac:0b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZxXhTKgkF7P3TXTEQV5T2BeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxMmY5Y2IzYzI5OGIxNTBiZWI3OTA4MDM3NmY3NGJkZWFj
NDM4YWMwHhcNMjYwMjEzMTUwMTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2ViOThhNDFhZDlkMTI5ZTU1YzQ3NTgxYmVhZDY2NGU5MTdlM2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTm2CMKxiFmmQUSuIhyF1gFcF3Tw
oD0uk+h5m32vrk8pp/rX+fYHRPkF9L5Q/bLnLiNk+fRVTYdHDOnnRjyYzMfgSAV5
6h02QazokYOKR1SGqEQEz1RHe61OWEbZDIyaMmdg6p+rfJMDlMpJvOHxi3nXPKYz
7sgr58IkjH3OQHYY0gKaLqMQ8CdoCfQ9+GVjLtja9VeCmnRsVUuLdSP6HZPweBBr
j3cgxvWQZy45GaEPhAYqFWpK3QXeey+tz5qngFery/L9i4HlTxscPEpICd0qb67B
47EL+i99fRMKbnZAh5UmCpiDD2BtpkXBK/nu5h4NZ4cImhPsoz/T23zh8QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPfrmKQa2dEp5VxHWBvq1mTpF+PvMB8GA1UdIwQY
MBaAFHEvnLPCmLFQvreQgDdvdL3qxDisMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1MtY3M4S1lzVkMtdDVDQU4yOTB2ZXJFT0t3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9lMmUxMTktZmQ3OC00YjFhLWIxNmEt
OTg3ZGE0MzkyMDU2LzEvOS11WXBCclowU25sWEVkWUctcldaT2tYNC04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9lMmUxMTktZmQ3OC00YjFhLWIxNmEtOTg3ZGE0MzkyMDU2
LzEvY1MtY3M4S1lzVkMtdDVDQU4yOTB2ZXJFT0t3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUEuRaBwDAN
BgkqhkiG9w0BAQsFAAOCAQEAAjy3CzjbBjbm0AISOcqsG4S/z8ODHpjB0G4jiA/Q
htA+vTFwucz9AhW1cGHCJye7vz1fbthNq6R3gBwZhfUJwn4e0VXKwaj9QysSaTsn
k1O9TDVinu61C/gIIdmnWvt/RNMceA6CiDggfuYqlMti2OzmgV5bDczPeuON5XYj
qcaFYNfYbufKGkj9r1xmVWkYU39QZ3hE++A1DFwCL3RMVbtgSNlZl6ML7WHUDtzp
WOBuMLWzYBl7Iw9uBkRGN7x4VvllDtQF6WCwZUpUuarYp6tgS9iX5WjPso7qWMrc
qNvSRyXkjZ84rdXYsbEsznW73J7a0803MCe+/Dm/qq+sCw==
-----END CERTIFICATE-----