Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/44eS9htfDegZUnC2w7wAUmZuaWA.roa
File:                     44eS9htfDegZUnC2w7wAUmZuaWA.roa (raw, json)
Hash identifier:          6w+zcuKEWJgbCaB6Bdw72Y4/uXhHkVUunNc7dMXW0G0=
Subject key identifier:   E3:87:92:F6:1B:5F:0D:E8:19:52:70:B6:C3:BC:00:52:66:6E:69:60
Certificate issuer:       /CN=543c5c34a62ffbed8fc0f0ec01b42c0c50ee7ef7
Certificate serial:       019C513D880C440B582DBD9A11C7D2E5B3ED
Authority key identifier: 54:3C:5C:34:A6:2F:FB:ED:8F:C0:F0:EC:01:B4:2C:0C:50:EE:7E:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VDxcNKYv--2PwPDsAbQsDFDufvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/44eS9htfDegZUnC2w7wAUmZuaWA.roa
Signing time:             Thu 12 Feb 2026 09:45:12 +0000
ROA not before:           Thu 12 Feb 2026 09:45:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207567
IP address blocks:        185.23.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/VDxcNKYv--2PwPDsAbQsDFDufvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/VDxcNKYv--2PwPDsAbQsDFDufvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VDxcNKYv--2PwPDsAbQsDFDufvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:51:3d:88:0c:44:0b:58:2d:bd:9a:11:c7:d2:e5:b3:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=543c5c34a62ffbed8fc0f0ec01b42c0c50ee7ef7
        Validity
            Not Before: Feb 12 09:45:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e38792f61b5f0de8195270b6c3bc0052666e6960
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:7d:ce:0b:d6:03:1b:af:b8:eb:79:0c:27:5e:
                    54:37:f0:68:1a:14:0c:22:da:f6:84:19:dd:07:f5:
                    68:ff:1c:85:12:93:12:12:7b:94:24:6d:b8:9b:c8:
                    91:4a:9f:5a:67:d7:da:01:1a:57:ac:46:d8:36:f8:
                    d8:e1:b5:c5:9c:c4:2b:79:81:fd:50:f9:76:0c:1d:
                    79:2f:2c:d4:26:73:6d:ba:96:f9:bc:40:81:7d:87:
                    3f:b0:e5:57:20:7e:42:6c:51:8e:09:b1:1f:af:64:
                    28:03:cf:9e:44:e3:0c:bd:3f:15:d3:ca:4f:4b:40:
                    da:20:03:0b:2b:dd:ed:58:5b:e4:8e:48:79:5e:e3:
                    67:29:52:78:b4:37:7f:f8:9a:f0:18:46:7f:f3:0a:
                    06:81:fb:9a:3c:69:7e:06:ef:40:a6:27:44:c7:46:
                    72:f4:e2:36:b0:52:52:7f:41:c6:cb:ab:b0:ce:fd:
                    65:69:2c:a7:c5:cc:a0:5d:73:96:78:3c:a4:93:af:
                    be:89:46:03:9a:a7:20:cb:0b:f2:96:d4:31:6d:8d:
                    a3:74:aa:db:63:74:55:5b:78:62:15:17:9b:bc:ff:
                    bc:2a:bb:42:73:10:e4:b9:04:c2:d8:d6:0c:fe:da:
                    f7:f5:7f:72:47:23:f5:b1:9d:0c:2f:85:09:f0:58:
                    30:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:87:92:F6:1B:5F:0D:E8:19:52:70:B6:C3:BC:00:52:66:6E:69:60
            X509v3 Authority Key Identifier:
                keyid:54:3C:5C:34:A6:2F:FB:ED:8F:C0:F0:EC:01:B4:2C:0C:50:EE:7E:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VDxcNKYv--2PwPDsAbQsDFDufvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/44eS9htfDegZUnC2w7wAUmZuaWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/VDxcNKYv--2PwPDsAbQsDFDufvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:32:c9:47:32:28:fa:c2:35:91:fc:04:0f:13:c2:8a:98:5f:
         28:da:2d:e7:eb:86:0f:b4:1b:ad:c6:54:ec:ee:34:bb:32:6b:
         38:23:cc:77:5e:78:db:3b:70:2a:ab:bf:f6:1a:3b:43:57:2f:
         09:bc:9a:d8:4d:fa:11:f3:e6:29:ce:d8:5e:b4:9a:c9:e8:42:
         5a:01:df:b8:3a:10:98:fa:6a:d5:a9:73:ae:a2:5c:0c:12:05:
         08:e9:88:36:3d:44:e8:68:9b:72:df:26:b8:c3:8a:77:13:6d:
         a8:f9:30:03:b5:9b:ed:5a:f3:30:16:aa:4b:12:07:5f:08:f3:
         a5:23:6f:c4:63:83:02:d9:bd:aa:ec:a0:c3:91:32:d5:b1:c8:
         f5:cd:4e:4f:e8:86:76:6e:8a:50:f3:43:84:e0:fe:a9:d9:2e:
         0e:8a:a3:4e:8d:ef:6e:e1:4e:06:52:c0:5b:42:5e:6c:1a:9d:
         a5:de:4d:83:ba:49:50:e8:be:a3:98:d6:93:e4:32:33:d7:17:
         c8:95:9c:43:a9:de:fc:16:c5:15:93:44:07:c5:d2:68:f5:11:
         05:0a:d2:87:5a:88:20:82:24:a6:c0:91:b7:46:5a:d0:ec:e4:
         17:f4:6a:69:aa:b4:c8:2e:e9:5f:75:d1:76:08:f8:d9:fd:03:
         8e:0e:2f:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxRPYgMRAtYLb2aEcfS5bPtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0M2M1YzM0YTYyZmZiZWQ4ZmMwZjBlYzAxYjQyYzBjNTBl
ZTdlZjcwHhcNMjYwMjEyMDk0NTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzg3OTJmNjFiNWYwZGU4MTk1MjcwYjZjM2JjMDA1MjY2NmU2OTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApX3OC9YDG6+463kMJ15UN/BoGhQM
Itr2hBndB/Vo/xyFEpMSEnuUJG24m8iRSp9aZ9faARpXrEbYNvjY4bXFnMQreYH9
UPl2DB15LyzUJnNtupb5vECBfYc/sOVXIH5CbFGOCbEfr2QoA8+eROMMvT8V08pP
S0DaIAMLK93tWFvkjkh5XuNnKVJ4tDd/+JrwGEZ/8woGgfuaPGl+Bu9ApidEx0Zy
9OI2sFJSf0HGy6uwzv1laSynxcygXXOWeDykk6++iUYDmqcgywvyltQxbY2jdKrb
Y3RVW3hiFRebvP+8KrtCcxDkuQTC2NYM/tr39X9yRyP1sZ0ML4UJ8FgwFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOOHkvYbXw3oGVJwtsO8AFJmbmlgMB8GA1UdIwQY
MBaAFFQ8XDSmL/vtj8Dw7AG0LAxQ7n73MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkR4Y05LWXYtLTJQd1BEc0FiUXNERkR1ZnZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS8xNmUwMjItNGRhOC00Njg0LTg1ZTYt
ZjRmMWY5M2UwNDY3LzEvNDRlUzlodGZEZWdaVW5DMnc3d0FVbVp1YVdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS8xNmUwMjItNGRhOC00Njg0LTg1ZTYtZjRmMWY5M2UwNDY3
LzEvVkR4Y05LWXYtLTJQd1BEc0FiUXNERkR1ZnZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRcTMA0G
CSqGSIb3DQEBCwUAA4IBAQCYMslHMij6wjWR/AQPE8KKmF8o2i3n64YPtButxlTs
7jS7Mms4I8x3XnjbO3Aqq7/2GjtDVy8JvJrYTfoR8+YpzthetJrJ6EJaAd+4OhCY
+mrVqXOuolwMEgUI6Yg2PUToaJty3ya4w4p3E22o+TADtZvtWvMwFqpLEgdfCPOl
I2/EY4MC2b2q7KDDkTLVscj1zU5P6IZ2bopQ80OE4P6p2S4OiqNOje9u4U4GUsBb
Ql5sGp2l3k2DuklQ6L6jmNaT5DIz1xfIlZxDqd78FsUVk0QHxdJo9REFCtKHWogg
giSmwJG3RlrQ7OQX9GppqrTILulfddF2CPjZ/QOODi/M
-----END CERTIFICATE-----