Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/2yaiEWtLmpPiapCWGtA7U5XvdOE.roa
File:                     2yaiEWtLmpPiapCWGtA7U5XvdOE.roa (raw, json)
Hash identifier:          QTRjx2iDNf8MTubJB2iwk2hbKTf/IjC2lcxT2uexPfM=
Subject key identifier:   DB:26:A2:11:6B:4B:9A:93:E2:6A:90:96:1A:D0:3B:53:95:EF:74:E1
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       019C413F4BC9D56A6410FABCB9A243D47007
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/2yaiEWtLmpPiapCWGtA7U5XvdOE.roa
Signing time:             Mon 09 Feb 2026 07:13:13 +0000
ROA not before:           Mon 09 Feb 2026 07:13:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63199
IP address blocks:        193.151.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:41:3f:4b:c9:d5:6a:64:10:fa:bc:b9:a2:43:d4:70:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Feb  9 07:13:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db26a2116b4b9a93e26a90961ad03b5395ef74e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:91:cb:06:a9:d4:db:e9:0c:62:3a:67:5e:6a:
                    b7:54:73:a6:66:eb:5e:56:47:b7:8a:60:10:06:ef:
                    97:d0:1f:5b:2b:28:ea:aa:73:37:da:c6:5e:2c:40:
                    e0:9a:35:a1:c7:3c:bb:0f:95:17:c4:c8:3d:60:d5:
                    b9:75:ad:4f:6d:c0:f9:1e:b2:b1:9c:8e:2b:a8:00:
                    13:e8:e8:0f:85:bd:5f:fc:f9:73:7e:9c:75:fd:9f:
                    3b:07:28:e6:91:8f:ec:78:20:d6:2f:1b:1c:15:7e:
                    df:4c:bb:c6:03:29:7b:ba:de:00:75:b4:0a:c6:fb:
                    71:3a:fd:b7:b9:be:f7:4c:52:9f:3a:26:31:1a:36:
                    96:eb:19:ba:5e:a9:c3:81:de:dc:18:80:f8:61:9c:
                    c0:5e:5e:db:00:cd:28:df:57:0a:55:98:30:0f:70:
                    e1:29:2b:e7:49:c6:6b:87:2a:de:e2:3c:c7:2e:46:
                    50:5d:0f:e1:95:81:b0:61:ec:3a:0d:96:c0:0e:91:
                    e1:77:bd:36:dc:a2:84:ac:e9:81:6f:82:94:49:3e:
                    85:6b:01:2c:8c:35:42:40:34:e5:2b:48:d3:98:59:
                    47:5a:98:7f:be:41:fd:be:3b:ea:3a:43:ce:12:ff:
                    00:8e:e9:2a:d4:99:81:c4:88:11:44:75:ed:54:fb:
                    f9:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:26:A2:11:6B:4B:9A:93:E2:6A:90:96:1A:D0:3B:53:95:EF:74:E1
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/2yaiEWtLmpPiapCWGtA7U5XvdOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:fa:37:aa:6e:ed:51:96:7a:06:fc:ba:07:63:57:fb:b4:c9:
         87:d8:80:a3:94:1e:04:df:71:21:f2:af:6f:04:ea:6f:22:85:
         11:35:98:cd:16:d1:2f:ba:e0:88:6a:ae:08:79:fe:a0:31:dc:
         53:7b:c3:ed:ff:4e:48:44:39:42:51:89:8e:db:dc:10:54:dd:
         39:54:aa:31:c3:eb:63:8f:be:25:b9:1a:2d:7b:75:18:bc:0a:
         df:4d:ba:59:2f:b4:9a:3a:2d:9d:79:fc:e4:5e:ca:65:cf:94:
         e7:28:cf:cb:38:4c:cb:6d:23:54:06:e2:70:1a:a3:8d:f3:c9:
         40:6e:d7:21:56:15:40:54:23:de:f7:38:e8:a6:ce:c6:0a:a7:
         fa:97:b3:f0:5b:9d:4b:82:b4:99:58:03:b7:75:21:bd:b1:cf:
         e4:eb:f4:5f:cf:5d:58:52:7e:dc:03:2f:79:49:6c:a4:eb:df:
         6b:0f:7b:f2:81:b7:d5:78:cd:d2:fa:e8:71:9c:0f:46:1c:90:
         06:84:71:7b:6a:74:dc:b3:b0:c4:be:e2:fb:b1:50:7c:5e:d9:
         e9:de:22:2a:60:9e:d1:90:b2:d5:d5:4e:1f:1a:b8:47:cb:03:
         29:a1:37:c1:bd:89:81:1b:3a:03:84:76:0e:f3:d2:86:1a:3c:
         23:8b:f6:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxBP0vJ1WpkEPq8uaJD1HAHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjYwMjA5MDcxMzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjI2YTIxMTZiNGI5YTkzZTI2YTkwOTYxYWQwM2I1Mzk1ZWY3NGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpHLBqnU2+kMYjpnXmq3VHOmZute
Vke3imAQBu+X0B9bKyjqqnM32sZeLEDgmjWhxzy7D5UXxMg9YNW5da1PbcD5HrKx
nI4rqAAT6OgPhb1f/Plzfpx1/Z87ByjmkY/seCDWLxscFX7fTLvGAyl7ut4AdbQK
xvtxOv23ub73TFKfOiYxGjaW6xm6XqnDgd7cGID4YZzAXl7bAM0o31cKVZgwD3Dh
KSvnScZrhyre4jzHLkZQXQ/hlYGwYew6DZbADpHhd7023KKErOmBb4KUST6FawEs
jDVCQDTlK0jTmFlHWph/vkH9vjvqOkPOEv8Ajukq1JmBxIgRRHXtVPv5RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNsmohFrS5qT4mqQlhrQO1OV73ThMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvMnlhaUVXdExtcFBpYXBDV0d0QTdVNVh2ZE9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZemMA0G
CSqGSIb3DQEBCwUAA4IBAQBB+jeqbu1RlnoG/LoHY1f7tMmH2ICjlB4E33Eh8q9v
BOpvIoURNZjNFtEvuuCIaq4Ief6gMdxTe8Pt/05IRDlCUYmO29wQVN05VKoxw+tj
j74luRote3UYvArfTbpZL7SaOi2defzkXsplz5TnKM/LOEzLbSNUBuJwGqON88lA
btchVhVAVCPe9zjops7GCqf6l7PwW51LgrSZWAO3dSG9sc/k6/Rfz11YUn7cAy95
SWyk699rD3vygbfVeM3S+uhxnA9GHJAGhHF7anTcs7DEvuL7sVB8Xtnp3iIqYJ7R
kLLV1U4fGrhHywMpoTfBvYmBGzoDhHYO89KGGjwji/bO
-----END CERTIFICATE-----