Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/RuweBzwiaFmz16Es8XHGXLl4_X0.roa
File:                     RuweBzwiaFmz16Es8XHGXLl4_X0.roa (raw, json)
Hash identifier:          OoIurQRUbMPe9Iil8UldbX5ooI0zQuKsatM6kvK2oY0=
Subject key identifier:   46:EC:1E:07:3C:22:68:59:B3:D7:A1:2C:F1:71:C6:5C:B9:78:FD:7D
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       019C567AC7A573E3A963DB2F1FBE486FEE19
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/RuweBzwiaFmz16Es8XHGXLl4_X0.roa
Signing time:             Fri 13 Feb 2026 10:10:12 +0000
ROA not before:           Fri 13 Feb 2026 10:10:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        89.28.204.0/24 maxlen: 24
                          152.89.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 13:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:56:7a:c7:a5:73:e3:a9:63:db:2f:1f:be:48:6f:ee:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Feb 13 10:10:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=46ec1e073c226859b3d7a12cf171c65cb978fd7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:6d:d6:14:03:e0:db:3c:10:66:2e:67:62:65:
                    71:7b:56:c4:3b:c0:58:25:d6:06:c6:c4:13:96:e4:
                    fa:6a:57:ed:4a:bf:1b:36:f0:4f:ed:58:6a:0d:ec:
                    e3:86:b3:5e:5a:75:dc:0e:94:8a:6f:f5:5d:28:91:
                    bb:59:dd:86:f9:d2:bf:f8:51:a9:b8:b6:45:b9:8d:
                    63:37:38:6a:78:19:47:ac:88:48:ad:cc:18:32:e0:
                    ee:3f:fb:86:5c:6c:d6:a5:ff:5b:70:4e:d3:0d:ec:
                    49:02:3b:f8:a4:50:72:73:1e:16:03:d7:ae:d1:c4:
                    70:33:a2:36:3c:dd:57:fa:d1:bb:a6:b6:c6:a4:47:
                    3d:59:d2:82:98:07:43:4f:2a:0a:1e:db:db:fe:62:
                    8e:f2:fc:b4:49:fb:c6:9c:58:3a:ba:2b:a3:c0:d9:
                    0d:7f:51:e1:63:b9:41:e1:ae:f5:11:0d:b4:20:22:
                    3c:49:7f:46:64:ac:e9:20:d6:9d:51:0a:b8:36:18:
                    fb:62:68:4e:81:dd:b5:d8:5d:64:98:77:7d:ef:ae:
                    b4:24:c9:db:0f:bb:ff:a2:2e:1b:f7:76:9d:46:71:
                    dd:b0:14:8e:54:dc:a7:d1:f4:4c:10:73:bc:4d:8e:
                    99:c5:f1:a7:eb:21:f2:67:2d:4a:85:3b:4f:20:4d:
                    db:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:EC:1E:07:3C:22:68:59:B3:D7:A1:2C:F1:71:C6:5C:B9:78:FD:7D
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/RuweBzwiaFmz16Es8XHGXLl4_X0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.28.204.0/24
                  152.89.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:8a:bb:16:38:4c:fb:f7:6b:65:ce:b9:2a:01:aa:9c:aa:84:
         1d:e2:d5:3e:08:32:79:d6:f0:91:fc:62:61:06:5e:db:76:8e:
         4b:d3:ec:31:14:be:96:fa:e9:18:be:94:cc:5d:94:a8:e6:a0:
         a2:b8:16:93:9e:89:78:cb:47:ca:3b:4d:5c:8d:4f:7b:e5:96:
         08:6b:74:a7:17:b1:7e:74:bb:3e:c6:33:62:02:c9:8a:cb:8f:
         a1:04:2c:52:7b:ff:7d:04:14:c0:21:c1:a9:81:2f:bf:5e:a0:
         18:13:d9:44:97:0a:bd:a0:8b:ba:e0:cb:5b:6f:ae:62:3c:09:
         81:f6:b0:fa:3b:44:8a:8c:7c:9e:58:45:22:31:cf:89:c2:a9:
         3f:dd:a7:5c:c1:0a:f3:ed:c9:a1:9a:57:38:be:34:fd:31:0d:
         59:4c:c4:85:4d:4b:b8:f3:e4:c3:d5:11:39:34:24:85:7f:4a:
         a5:bd:73:62:69:7f:52:57:5c:f9:a8:0f:07:c4:3f:88:c9:89:
         44:21:f2:e6:34:34:20:f7:26:3c:e2:85:d4:c6:6a:12:fd:b0:
         fa:82:ea:b2:5a:5d:a1:08:44:bf:fa:f7:32:2e:6c:3b:c8:dc:
         1f:ad:3f:a6:99:87:06:3e:43:8f:36:5b:43:29:83:53:11:f9:
         8c:3d:0c:1e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxWeselc+OpY9svH75Ib+4ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjYwMjEzMTAxMDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmVjMWUwNzNjMjI2ODU5YjNkN2ExMmNmMTcxYzY1Y2I5NzhmZDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuG3WFAPg2zwQZi5nYmVxe1bEO8BY
JdYGxsQTluT6alftSr8bNvBP7VhqDezjhrNeWnXcDpSKb/VdKJG7Wd2G+dK/+FGp
uLZFuY1jNzhqeBlHrIhIrcwYMuDuP/uGXGzWpf9bcE7TDexJAjv4pFBycx4WA9eu
0cRwM6I2PN1X+tG7prbGpEc9WdKCmAdDTyoKHtvb/mKO8vy0SfvGnFg6uiujwNkN
f1HhY7lB4a71EQ20ICI8SX9GZKzpINadUQq4Nhj7YmhOgd212F1kmHd97660JMnb
D7v/oi4b93adRnHdsBSOVNyn0fRMEHO8TY6ZxfGn6yHyZy1KhTtPIE3bQQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEbsHgc8ImhZs9ehLPFxxly5eP19MB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvUnV3ZUJ6d2lhRm16MTZFczhYSEdYTGw0X1gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWRzMAwQA
mFnBMA0GCSqGSIb3DQEBCwUAA4IBAQBeirsWOEz792tlzrkqAaqcqoQd4tU+CDJ5
1vCR/GJhBl7bdo5L0+wxFL6W+ukYvpTMXZSo5qCiuBaTnol4y0fKO01cjU975ZYI
a3SnF7F+dLs+xjNiAsmKy4+hBCxSe/99BBTAIcGpgS+/XqAYE9lElwq9oIu64Mtb
b65iPAmB9rD6O0SKjHyeWEUiMc+Jwqk/3adcwQrz7cmhmlc4vjT9MQ1ZTMSFTUu4
8+TD1RE5NCSFf0qlvXNiaX9SV1z5qA8HxD+IyYlEIfLmNDQg9yY84oXUxmoS/bD6
guqyWl2hCES/+vcyLmw7yNwfrT+mmYcGPkOPNltDKYNTEfmMPQwe
-----END CERTIFICATE-----