Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/d67087-765b-46eb-808c-677bab613aff/1/qrq3uoi9THjVLQlfAz1J2FQsGx8.roa
File:                     qrq3uoi9THjVLQlfAz1J2FQsGx8.roa (raw, json)
Hash identifier:          3OxLf+sI9av93bfkLtTgT+YFdGnS4ZkT6MUd/nH1pGQ=
Subject key identifier:   AA:BA:B7:BA:88:BD:4C:78:D5:2D:09:5F:03:3D:49:D8:54:2C:1B:1F
Certificate issuer:       /CN=dfecad56eaae1235fa788e4ead3922c296e283a5
Certificate serial:       019C65B259DE2932E881FED51FD407312D8E
Authority key identifier: DF:EC:AD:56:EA:AE:12:35:FA:78:8E:4E:AD:39:22:C2:96:E2:83:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3-ytVuquEjX6eI5OrTkiwpbig6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/d67087-765b-46eb-808c-677bab613aff/1/qrq3uoi9THjVLQlfAz1J2FQsGx8.roa
Signing time:             Mon 16 Feb 2026 09:05:13 +0000
ROA not before:           Mon 16 Feb 2026 09:05:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210707
IP address blocks:        91.237.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/d67087-765b-46eb-808c-677bab613aff/1/3-ytVuquEjX6eI5OrTkiwpbig6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/d67087-765b-46eb-808c-677bab613aff/1/3-ytVuquEjX6eI5OrTkiwpbig6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3-ytVuquEjX6eI5OrTkiwpbig6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 21:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:65:b2:59:de:29:32:e8:81:fe:d5:1f:d4:07:31:2d:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfecad56eaae1235fa788e4ead3922c296e283a5
        Validity
            Not Before: Feb 16 09:05:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aabab7ba88bd4c78d52d095f033d49d8542c1b1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c6:30:3a:cd:0c:11:54:26:f1:ab:82:cb:0f:
                    65:36:1a:89:b8:d2:e6:36:b9:19:9c:8d:8a:a7:65:
                    fb:14:07:5e:4d:4d:d9:c5:22:ff:c8:1f:da:ff:87:
                    87:ff:5c:1c:cc:e5:85:be:b5:1b:b0:4b:10:d5:3f:
                    c8:7d:66:2b:27:e5:31:10:f1:0e:ff:3d:fc:54:46:
                    a0:9e:49:22:3a:4b:24:5a:e3:e9:fe:43:9c:5d:d3:
                    ac:7b:ab:23:af:66:12:bf:31:1b:ad:33:b8:7a:69:
                    cb:5d:fd:6f:b8:24:5c:3b:02:2d:1a:44:5e:cf:0d:
                    62:9b:61:13:e2:68:79:4e:2f:c3:6c:69:6b:b8:7c:
                    04:e9:d0:b9:22:39:74:7e:80:95:3e:a4:cf:e0:1f:
                    23:90:1b:42:55:5f:d5:6a:11:bb:52:72:6d:a7:8b:
                    19:ef:4a:31:34:1b:43:3b:a8:c2:73:e8:56:36:16:
                    75:9e:7a:c9:6d:81:7a:5c:c4:b4:0b:d4:80:f9:15:
                    d0:03:8b:d3:a3:43:fd:1c:ef:44:b9:48:82:cb:3e:
                    f0:b5:1b:12:6e:60:41:c3:e3:28:02:b8:c6:b9:79:
                    16:9f:ca:dd:95:48:63:aa:1f:f7:32:a4:ba:45:3c:
                    88:8d:6f:1e:da:6f:ef:ef:b0:f2:97:52:73:bf:6f:
                    80:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:BA:B7:BA:88:BD:4C:78:D5:2D:09:5F:03:3D:49:D8:54:2C:1B:1F
            X509v3 Authority Key Identifier:
                keyid:DF:EC:AD:56:EA:AE:12:35:FA:78:8E:4E:AD:39:22:C2:96:E2:83:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3-ytVuquEjX6eI5OrTkiwpbig6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/d67087-765b-46eb-808c-677bab613aff/1/qrq3uoi9THjVLQlfAz1J2FQsGx8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/d67087-765b-46eb-808c-677bab613aff/1/3-ytVuquEjX6eI5OrTkiwpbig6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:a9:12:f5:93:cd:1d:9c:b4:2e:03:ef:a1:66:11:f6:6f:10:
         9a:44:25:d6:1f:7a:4f:00:41:94:0d:a8:2a:1c:51:56:b0:da:
         d6:62:68:52:8a:d9:ab:5d:a3:6f:88:a5:f7:2f:75:d2:71:4f:
         ab:d4:28:21:db:c5:b0:42:f8:75:eb:2a:0a:dc:56:ba:ee:1e:
         7d:a8:7a:be:7f:5d:1f:50:e9:2f:c9:cd:6a:dd:3f:e4:48:34:
         b4:53:30:62:50:12:9e:19:27:3b:e4:5e:a8:75:e0:f9:cf:e1:
         65:4b:60:7e:ea:df:c6:0d:91:db:94:50:b8:23:76:c8:4a:c4:
         1a:4c:08:60:fa:d0:41:ee:65:3b:b2:6d:e2:c8:fe:9a:97:87:
         7e:cb:4d:53:c9:c8:1e:19:d8:4c:f9:84:c6:80:de:7a:30:5c:
         85:49:ec:b4:4e:9e:fd:b5:50:f3:f6:51:c7:5c:68:aa:ee:34:
         46:d6:22:f7:a4:57:8f:92:e1:29:d8:d2:46:30:d4:b1:08:f4:
         27:c1:4f:fe:d0:05:1e:45:ad:85:33:9c:2e:a4:46:ba:73:a0:
         4d:5d:7e:de:77:20:99:05:07:db:38:6f:cc:7d:89:42:82:9a:
         c4:bd:62:b2:34:0d:7c:60:83:d6:0c:2a:21:61:e6:b6:fd:4a:
         7d:45:85:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxlslneKTLogf7VH9QHMS2OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZWNhZDU2ZWFhZTEyMzVmYTc4OGU0ZWFkMzkyMmMyOTZl
MjgzYTUwHhcNMjYwMjE2MDkwNTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWJhYjdiYTg4YmQ0Yzc4ZDUyZDA5NWYwMzNkNDlkODU0MmMxYjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosYwOs0MEVQm8auCyw9lNhqJuNLm
NrkZnI2Kp2X7FAdeTU3ZxSL/yB/a/4eH/1wczOWFvrUbsEsQ1T/IfWYrJ+UxEPEO
/z38VEagnkkiOkskWuPp/kOcXdOse6sjr2YSvzEbrTO4emnLXf1vuCRcOwItGkRe
zw1im2ET4mh5Ti/DbGlruHwE6dC5Ijl0foCVPqTP4B8jkBtCVV/VahG7UnJtp4sZ
70oxNBtDO6jCc+hWNhZ1nnrJbYF6XMS0C9SA+RXQA4vTo0P9HO9EuUiCyz7wtRsS
bmBBw+MoArjGuXkWn8rdlUhjqh/3MqS6RTyIjW8e2m/v77Dyl1Jzv2+ApwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKq6t7qIvUx41S0JXwM9SdhULBsfMB8GA1UdIwQY
MBaAFN/srVbqrhI1+niOTq05IsKW4oOlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMy15dFZ1cXVFalg2ZUk1T3JUa2l3cGJpZzZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9kNjcwODctNzY1Yi00NmViLTgwOGMt
Njc3YmFiNjEzYWZmLzEvcXJxM3VvaTlUSGpWTFFsZkF6MUoyRlFzR3g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9kNjcwODctNzY1Yi00NmViLTgwOGMtNjc3YmFiNjEzYWZm
LzEvMy15dFZ1cXVFalg2ZUk1T3JUa2l3cGJpZzZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+3+MA0G
CSqGSIb3DQEBCwUAA4IBAQA9qRL1k80dnLQuA++hZhH2bxCaRCXWH3pPAEGUDagq
HFFWsNrWYmhSitmrXaNviKX3L3XScU+r1Cgh28WwQvh16yoK3Fa67h59qHq+f10f
UOkvyc1q3T/kSDS0UzBiUBKeGSc75F6odeD5z+FlS2B+6t/GDZHblFC4I3bISsQa
TAhg+tBB7mU7sm3iyP6al4d+y01TycgeGdhM+YTGgN56MFyFSey0Tp79tVDz9lHH
XGiq7jRG1iL3pFePkuEp2NJGMNSxCPQnwU/+0AUeRa2FM5wupEa6c6BNXX7edyCZ
BQfbOG/MfYlCgprEvWKyNA18YIPWDCohYea2/Up9RYU9
-----END CERTIFICATE-----