Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/5u7ZZD9lOFoFzJauPRF9LoR4JqU.roa
File:                     5u7ZZD9lOFoFzJauPRF9LoR4JqU.roa (raw, json)
Hash identifier:          6383aOZyG4GruUyJbTAEn/2+zHT/N7r0tO3vmVgZ0+Q=
Subject key identifier:   E6:EE:D9:64:3F:65:38:5A:05:CC:96:AE:3D:11:7D:2E:84:78:26:A5
Certificate issuer:       /CN=421bae989898d9402424aadafbb47c3a6d4c25b3
Certificate serial:       019C666C33A376C8DA697D5D6D41DFD57E29
Authority key identifier: 42:1B:AE:98:98:98:D9:40:24:24:AA:DA:FB:B4:7C:3A:6D:4C:25:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QhuumJiY2UAkJKra-7R8Om1MJbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/5u7ZZD9lOFoFzJauPRF9LoR4JqU.roa
Signing time:             Mon 16 Feb 2026 12:28:12 +0000
ROA not before:           Mon 16 Feb 2026 12:28:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214914
IP address blocks:        83.174.155.0/24 maxlen: 24
                          83.174.159.0/24 maxlen: 24
                          185.42.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/QhuumJiY2UAkJKra-7R8Om1MJbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/QhuumJiY2UAkJKra-7R8Om1MJbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QhuumJiY2UAkJKra-7R8Om1MJbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:66:6c:33:a3:76:c8:da:69:7d:5d:6d:41:df:d5:7e:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=421bae989898d9402424aadafbb47c3a6d4c25b3
        Validity
            Not Before: Feb 16 12:28:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e6eed9643f65385a05cc96ae3d117d2e847826a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:88:44:2c:e9:d3:5b:a1:32:5b:02:4b:7c:8f:
                    dd:e0:b6:fb:8f:49:fa:d1:38:5b:f3:e2:45:5b:1c:
                    22:03:d9:82:c7:36:cf:13:47:a8:8b:af:44:f8:88:
                    b6:86:8c:42:d9:35:3e:46:60:7d:e6:c0:96:6d:9f:
                    a0:c1:e4:53:bb:f1:77:4b:33:91:7c:71:17:32:9f:
                    c8:f2:be:23:1f:e2:69:8b:5f:d2:93:2a:12:16:77:
                    8f:e3:fd:be:75:ce:cd:c2:c8:fd:6a:07:1f:52:f4:
                    5e:02:38:6a:6a:5d:2d:52:fa:a2:91:91:08:e8:00:
                    b4:da:61:40:2d:2e:3d:79:35:a4:7b:fd:d2:cd:ad:
                    ca:53:35:da:4e:5c:b9:1f:86:88:9b:8f:05:89:15:
                    90:28:f9:cb:bd:1f:65:ad:f6:61:91:f2:b2:ad:a9:
                    07:ed:4e:8a:e8:ab:3c:8d:a7:d5:ae:d7:8c:75:78:
                    8f:cb:36:f1:46:21:0e:97:32:5c:16:55:6b:88:af:
                    05:40:eb:31:68:27:12:c1:bb:7c:0b:e0:64:24:c1:
                    87:89:d4:a2:2b:10:cf:70:42:07:60:13:3b:e1:15:
                    40:e3:cc:03:0a:f1:d8:ab:60:9a:9f:f3:eb:f9:8b:
                    43:c7:ae:66:29:b6:89:41:58:e0:c8:45:aa:2a:cd:
                    b3:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:EE:D9:64:3F:65:38:5A:05:CC:96:AE:3D:11:7D:2E:84:78:26:A5
            X509v3 Authority Key Identifier:
                keyid:42:1B:AE:98:98:98:D9:40:24:24:AA:DA:FB:B4:7C:3A:6D:4C:25:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QhuumJiY2UAkJKra-7R8Om1MJbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/5u7ZZD9lOFoFzJauPRF9LoR4JqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/QhuumJiY2UAkJKra-7R8Om1MJbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.174.155.0/24
                  83.174.159.0/24
                  185.42.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:f6:9b:e8:a8:fa:b8:ef:0f:9a:f6:0f:d3:fe:fc:0a:43:e5:
         54:65:6d:77:65:d4:99:5d:b7:8b:b8:11:57:5f:35:03:ef:ad:
         4a:46:68:cd:e6:76:2b:07:73:17:7b:a3:8a:a2:5f:b7:ca:04:
         b7:2c:39:80:1f:6e:c9:5c:d2:e0:0d:5a:3c:31:43:c9:cc:81:
         c9:29:2a:92:2c:da:5a:54:e2:cd:8e:93:07:47:2f:29:9e:30:
         c3:48:41:e3:c1:83:dc:6c:98:f6:49:c9:a0:bf:7a:ec:25:1b:
         10:19:f5:c1:e4:2a:88:30:66:23:24:d7:7b:09:7a:1a:2e:d7:
         35:d7:29:17:e2:d8:46:77:5f:15:58:fb:9b:c8:10:dd:cb:42:
         93:1d:c6:80:1e:61:28:9c:09:93:28:f2:54:82:92:6f:fc:22:
         8f:1f:15:ed:d8:66:68:25:1f:46:97:c5:25:59:fb:20:6d:d6:
         1e:de:b7:b8:26:17:ea:72:61:10:1d:a6:3c:a6:7f:49:3d:94:
         99:71:48:4e:d3:37:0c:16:34:b2:7e:48:6b:de:38:b6:b5:72:
         db:37:ca:e6:fb:9d:82:3f:7e:50:64:75:33:94:ae:05:23:8b:
         3d:e1:1e:6c:95:fc:fa:61:2e:bb:4e:96:84:3b:d2:ac:90:ba:
         12:dd:b0:ff
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZxmbDOjdsjaaX1dbUHf1X4pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMWJhZTk4OTg5OGQ5NDAyNDI0YWFkYWZiYjQ3YzNhNmQ0
YzI1YjMwHhcNMjYwMjE2MTIyODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmVlZDk2NDNmNjUzODVhMDVjYzk2YWUzZDExN2QyZTg0NzgyNmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy4hELOnTW6EyWwJLfI/d4Lb7j0n6
0Thb8+JFWxwiA9mCxzbPE0eoi69E+Ii2hoxC2TU+RmB95sCWbZ+gweRTu/F3SzOR
fHEXMp/I8r4jH+Jpi1/SkyoSFneP4/2+dc7Nwsj9agcfUvReAjhqal0tUvqikZEI
6AC02mFALS49eTWke/3Sza3KUzXaTly5H4aIm48FiRWQKPnLvR9lrfZhkfKyrakH
7U6K6Ks8jafVrteMdXiPyzbxRiEOlzJcFlVriK8FQOsxaCcSwbt8C+BkJMGHidSi
KxDPcEIHYBM74RVA48wDCvHYq2Can/Pr+YtDx65mKbaJQVjgyEWqKs2zQQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFObu2WQ/ZThaBcyWrj0RfS6EeCalMB8GA1UdIwQY
MBaAFEIbrpiYmNlAJCSq2vu0fDptTCWzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWh1dW1KaVkyVUFrSktyYS03UjhPbTFNSmJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9iMzRjYjAtMmY3MS00ZjU5LWJkNWUt
NjdlZmNiM2Q4NmZlLzEvNXU3WlpEOWxPRm9GekphdVBSRjlMb1I0SnFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9iMzRjYjAtMmY3MS00ZjU5LWJkNWUtNjdlZmNiM2Q4NmZl
LzEvUWh1dW1KaVkyVUFrSktyYS03UjhPbTFNSmJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAU66bAwQA
U66fAwQAuSrTMA0GCSqGSIb3DQEBCwUAA4IBAQCo9pvoqPq47w+a9g/T/vwKQ+VU
ZW13ZdSZXbeLuBFXXzUD761KRmjN5nYrB3MXe6OKol+3ygS3LDmAH27JXNLgDVo8
MUPJzIHJKSqSLNpaVOLNjpMHRy8pnjDDSEHjwYPcbJj2Scmgv3rsJRsQGfXB5CqI
MGYjJNd7CXoaLtc11ykX4thGd18VWPubyBDdy0KTHcaAHmEonAmTKPJUgpJv/CKP
HxXt2GZoJR9Gl8UlWfsgbdYe3re4JhfqcmEQHaY8pn9JPZSZcUhO0zcMFjSyfkhr
3ji2tXLbN8rm+52CP35QZHUzlK4FI4s94R5slfz6YS67TpaEO9KskLoS3bD/
-----END CERTIFICATE-----