Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/QOchHly4SC4x8_sGVoN2QEAzdLk.roa
File:                     QOchHly4SC4x8_sGVoN2QEAzdLk.roa (raw, json)
Hash identifier:          7kiQ/Lgo351/VabpZJu/jbKrDd0WC0FwJKPpg0ShOY4=
Subject key identifier:   40:E7:21:1E:5C:B8:48:2E:31:F3:FB:06:56:83:76:40:40:33:74:B9
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       019C4E77151632F115199501C6E2431D62E0
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/QOchHly4SC4x8_sGVoN2QEAzdLk.roa
Signing time:             Wed 11 Feb 2026 20:49:12 +0000
ROA not before:           Wed 11 Feb 2026 20:49:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     393406
IP address blocks:        89.28.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 13:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4e:77:15:16:32:f1:15:19:95:01:c6:e2:43:1d:62:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Feb 11 20:49:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=40e7211e5cb8482e31f3fb0656837640403374b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:fe:4a:af:3a:38:94:60:eb:d9:64:76:15:53:
                    0f:2d:11:96:06:10:ef:fe:09:9b:ee:89:8a:b8:09:
                    08:a0:2c:84:12:ad:94:44:88:5c:61:8d:e6:c6:ef:
                    02:19:63:33:ef:7e:5c:5b:4b:9b:c1:1b:f9:ba:0c:
                    90:4b:97:e9:48:95:c3:24:52:1d:0a:75:37:b3:a9:
                    9c:37:6f:8a:e4:8a:18:78:de:0e:5b:55:9c:21:d3:
                    0c:4c:79:1b:02:14:f8:8b:52:c1:5d:f3:b1:e9:f8:
                    96:81:2f:9a:81:87:65:4b:9a:a2:de:53:12:5c:02:
                    5d:58:cf:7a:c1:fe:d5:05:ff:93:d5:63:ad:94:d3:
                    0a:84:d3:8e:6c:57:6c:96:8e:99:94:84:a3:64:30:
                    74:ba:92:f0:9d:88:1b:0b:e0:a5:42:f3:5e:71:0e:
                    3f:d9:bc:17:d8:a1:81:2f:12:30:1f:b5:dd:f1:2c:
                    d5:fd:52:9b:58:24:80:4a:97:11:d6:22:e3:8b:d1:
                    6c:fe:d9:4a:9c:17:12:44:ca:33:7f:4e:f8:39:10:
                    f9:df:b9:3f:9e:e0:6a:d2:d5:4a:a5:9a:f4:41:d4:
                    9f:55:1d:06:50:33:31:6f:6d:a8:48:98:92:fc:a2:
                    13:55:9c:26:8b:6e:61:f1:59:ca:b3:e6:9d:80:06:
                    4c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:E7:21:1E:5C:B8:48:2E:31:F3:FB:06:56:83:76:40:40:33:74:B9
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/QOchHly4SC4x8_sGVoN2QEAzdLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.28.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:55:b3:6e:3d:3f:17:0b:5e:6a:90:3d:2e:24:fb:c3:a5:37:
         c4:1a:be:04:c7:0c:1e:6e:dc:39:80:48:ec:2b:21:47:65:e5:
         fd:56:f5:62:47:82:7f:00:7e:71:47:e6:fc:b9:82:7f:52:1e:
         d3:d9:d0:8c:af:41:d5:41:cd:18:25:bd:59:3e:f6:52:f5:9a:
         64:62:78:13:e5:c4:eb:a1:9e:74:1f:8f:07:a5:a5:ea:15:c0:
         0e:e0:52:b0:8f:d1:d1:2e:84:bc:7b:13:2e:60:9a:29:fc:d0:
         f3:d2:76:c8:a4:d7:25:f4:8f:50:a8:b7:ac:52:17:75:d9:63:
         a3:c9:26:37:d4:9e:2f:f8:2d:9f:98:c1:96:b8:cf:60:9c:65:
         8e:57:db:c1:99:39:3a:f7:2f:7c:2a:1f:c2:60:d1:5b:01:9a:
         f7:9b:b9:a6:fd:ea:69:01:28:9c:29:91:a5:9a:d2:5c:d9:3d:
         14:65:40:4c:86:b3:be:8c:49:be:8e:33:c2:3a:95:ad:e3:b6:
         a8:e5:57:80:86:51:23:e4:8d:3e:3b:0c:42:6b:42:1a:c9:7b:
         fc:ff:72:d0:78:c1:a5:e6:b7:05:a9:5e:e3:a1:0c:f1:c6:4b:
         ef:fe:d6:57:c1:6a:e5:4f:97:85:fc:9d:31:e8:98:c7:4f:8c:
         be:41:b6:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxOdxUWMvEVGZUBxuJDHWLgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjYwMjExMjA0OTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGU3MjExZTVjYjg0ODJlMzFmM2ZiMDY1NjgzNzY0MDQwMzM3NGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/5Krzo4lGDr2WR2FVMPLRGWBhDv
/gmb7omKuAkIoCyEEq2URIhcYY3mxu8CGWMz735cW0ubwRv5ugyQS5fpSJXDJFId
CnU3s6mcN2+K5IoYeN4OW1WcIdMMTHkbAhT4i1LBXfOx6fiWgS+agYdlS5qi3lMS
XAJdWM96wf7VBf+T1WOtlNMKhNOObFdslo6ZlISjZDB0upLwnYgbC+ClQvNecQ4/
2bwX2KGBLxIwH7Xd8SzV/VKbWCSASpcR1iLji9Fs/tlKnBcSRMozf074ORD537k/
nuBq0tVKpZr0QdSfVR0GUDMxb22oSJiS/KITVZwmi25h8VnKs+adgAZMywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEDnIR5cuEguMfP7BlaDdkBAM3S5MB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvUU9jaEhseTRTQzR4OF9zR1ZvTjJRRUF6ZExrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRzNMA0G
CSqGSIb3DQEBCwUAA4IBAQA4VbNuPT8XC15qkD0uJPvDpTfEGr4Exwwebtw5gEjs
KyFHZeX9VvViR4J/AH5xR+b8uYJ/Uh7T2dCMr0HVQc0YJb1ZPvZS9ZpkYngT5cTr
oZ50H48HpaXqFcAO4FKwj9HRLoS8exMuYJop/NDz0nbIpNcl9I9QqLesUhd12WOj
ySY31J4v+C2fmMGWuM9gnGWOV9vBmTk69y98Kh/CYNFbAZr3m7mm/eppASicKZGl
mtJc2T0UZUBMhrO+jEm+jjPCOpWt47ao5VeAhlEj5I0+OwxCa0IayXv8/3LQeMGl
5rcFqV7joQzxxkvv/tZXwWrlT5eF/J0x6JjHT4y+QbaL
-----END CERTIFICATE-----