Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/ffc29c-43e8-4086-b145-7a096f607e26/1/_NwNsp9b9uhvyyyQcxAfQ3IS8fI.roa
File:                     _NwNsp9b9uhvyyyQcxAfQ3IS8fI.roa (raw, json)
Hash identifier:          Ttx9R/0zVGUKZuQJ7g+6z7yt6OgTL+9nJFIi7ROKEa0=
Subject key identifier:   FC:DC:0D:B2:9F:5B:F6:E8:6F:CB:2C:90:73:10:1F:43:72:12:F1:F2
Certificate issuer:       /CN=6d6f35d8990a7b294c453956e0e8242c0aacb031
Certificate serial:       019C526BA840DAFC9E4B1D089D752E570D92
Authority key identifier: 6D:6F:35:D8:99:0A:7B:29:4C:45:39:56:E0:E8:24:2C:0A:AC:B0:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW812JkKeylMRTlW4OgkLAqssDE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/ffc29c-43e8-4086-b145-7a096f607e26/1/_NwNsp9b9uhvyyyQcxAfQ3IS8fI.roa
Signing time:             Thu 12 Feb 2026 15:15:12 +0000
ROA not before:           Thu 12 Feb 2026 15:15:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205179
IP address blocks:        185.251.128.0/22 maxlen: 24
                          185.251.128.0/24 maxlen: 24
                          185.251.129.0/24 maxlen: 24
                          185.251.130.0/24 maxlen: 24
                          185.251.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/ffc29c-43e8-4086-b145-7a096f607e26/1/bW812JkKeylMRTlW4OgkLAqssDE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/ffc29c-43e8-4086-b145-7a096f607e26/1/bW812JkKeylMRTlW4OgkLAqssDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW812JkKeylMRTlW4OgkLAqssDE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:52:6b:a8:40:da:fc:9e:4b:1d:08:9d:75:2e:57:0d:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6f35d8990a7b294c453956e0e8242c0aacb031
        Validity
            Not Before: Feb 12 15:15:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fcdc0db29f5bf6e86fcb2c9073101f437212f1f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:03:13:43:b1:88:dd:cb:5e:53:f4:d1:ea:29:
                    b4:cd:6f:32:d3:bc:5d:44:ab:45:ab:f9:91:e1:b5:
                    13:35:a6:e3:ff:ab:86:6c:87:13:23:44:a3:a2:d8:
                    df:4f:6d:e8:24:f1:63:56:22:4f:51:a8:04:26:08:
                    43:5e:fb:ac:93:bb:ff:3f:b7:26:d9:2f:1c:e8:ce:
                    9b:86:c9:65:05:db:a5:98:69:bf:77:86:82:49:42:
                    da:ce:1c:66:9a:5e:80:95:f3:c2:08:2e:bd:5c:1e:
                    be:5c:69:11:fd:8b:73:78:79:05:22:ef:f0:bf:4b:
                    e2:83:b4:d2:4c:5d:38:31:32:4b:5a:51:73:41:63:
                    ae:d6:88:8a:2c:51:db:f1:63:a2:67:77:ca:1c:b9:
                    82:61:98:37:4d:07:37:ec:27:a6:e9:46:51:7d:22:
                    81:87:d6:f7:57:3f:f7:8a:a3:72:4d:e5:5e:b3:6f:
                    dc:42:41:ca:a0:bf:27:66:e9:1e:81:f9:db:49:cc:
                    a1:67:63:59:e0:3e:ab:37:b9:ca:9d:88:6f:24:ed:
                    2a:29:85:79:b4:0b:7e:07:d2:d1:29:c4:c8:d2:e6:
                    4f:6c:aa:e3:e4:2a:e8:27:c9:d4:b3:06:c3:25:2d:
                    4e:7f:a5:21:8b:b3:fe:57:87:44:29:6a:0e:f2:f3:
                    29:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:DC:0D:B2:9F:5B:F6:E8:6F:CB:2C:90:73:10:1F:43:72:12:F1:F2
            X509v3 Authority Key Identifier:
                keyid:6D:6F:35:D8:99:0A:7B:29:4C:45:39:56:E0:E8:24:2C:0A:AC:B0:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW812JkKeylMRTlW4OgkLAqssDE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/ffc29c-43e8-4086-b145-7a096f607e26/1/_NwNsp9b9uhvyyyQcxAfQ3IS8fI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/ffc29c-43e8-4086-b145-7a096f607e26/1/bW812JkKeylMRTlW4OgkLAqssDE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.251.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         04:0d:a1:be:16:18:38:24:75:1a:cd:cd:fe:3d:ca:5e:34:86:
         10:f3:4b:a0:53:7b:39:d5:2a:0a:9f:9d:df:89:31:a7:98:05:
         87:4c:a4:1b:54:91:ea:18:9b:f9:30:88:55:ec:59:53:88:5f:
         cd:4a:07:70:1f:d7:f9:2e:1c:c8:ef:4a:04:b8:71:67:25:3b:
         47:40:d1:f5:d8:29:3b:74:5f:07:41:c3:01:c8:60:5f:7a:28:
         28:80:42:3d:19:26:96:ce:70:7b:f8:20:3f:2c:35:23:3d:a9:
         5f:55:8f:87:f8:20:41:a0:89:d6:5b:3f:f2:0d:ae:95:3f:ac:
         8d:96:ef:ed:2a:5b:16:41:4f:5e:84:2c:ac:b3:71:c5:28:d8:
         20:b6:63:1b:d9:52:9c:22:1e:a4:50:7b:49:f8:f7:75:0e:ed:
         2e:a8:b9:71:51:47:44:b4:be:1a:86:03:9c:62:3e:0a:a9:64:
         9a:0e:3f:ed:45:92:8d:ca:30:3c:04:9f:9e:4c:44:53:65:7e:
         5a:b9:87:24:e0:46:23:8b:a0:3d:61:78:7b:99:ef:ae:8b:16:
         05:da:03:0d:f7:da:c0:5f:ff:a9:24:b8:53:82:30:34:af:66:
         d1:57:5e:1e:61:66:35:2c:91:f8:08:73:c1:27:2c:60:dd:12:
         b9:64:37:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxSa6hA2vyeSx0InXUuVw2SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNmYzNWQ4OTkwYTdiMjk0YzQ1Mzk1NmUwZTgyNDJjMGFh
Y2IwMzEwHhcNMjYwMjEyMTUxNTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2RjMGRiMjlmNWJmNmU4NmZjYjJjOTA3MzEwMWY0MzcyMTJmMWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgMTQ7GI3cteU/TR6im0zW8y07xd
RKtFq/mR4bUTNabj/6uGbIcTI0SjotjfT23oJPFjViJPUagEJghDXvusk7v/P7cm
2S8c6M6bhsllBdulmGm/d4aCSULazhxmml6AlfPCCC69XB6+XGkR/YtzeHkFIu/w
v0vig7TSTF04MTJLWlFzQWOu1oiKLFHb8WOiZ3fKHLmCYZg3TQc37Cem6UZRfSKB
h9b3Vz/3iqNyTeVes2/cQkHKoL8nZukegfnbScyhZ2NZ4D6rN7nKnYhvJO0qKYV5
tAt+B9LRKcTI0uZPbKrj5CroJ8nUswbDJS1Of6Uhi7P+V4dEKWoO8vMpgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPzcDbKfW/bob8sskHMQH0NyEvHyMB8GA1UdIwQY
MBaAFG1vNdiZCnspTEU5VuDoJCwKrLAxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlc4MTJKa0tleWxNUlRsVzRPZ2tMQXFzc0RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZmMyOWMtNDNlOC00MDg2LWIxNDUt
N2EwOTZmNjA3ZTI2LzEvX053TnNwOWI5dWh2eXl5UWN4QWZRM0lTOGZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZmMyOWMtNDNlOC00MDg2LWIxNDUtN2EwOTZmNjA3ZTI2
LzEvYlc4MTJKa0tleWxNUlRsVzRPZ2tMQXFzc0RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufuAMA0G
CSqGSIb3DQEBCwUAA4IBAQAEDaG+Fhg4JHUazc3+PcpeNIYQ80ugU3s51SoKn53f
iTGnmAWHTKQbVJHqGJv5MIhV7FlTiF/NSgdwH9f5LhzI70oEuHFnJTtHQNH12Ck7
dF8HQcMByGBfeigogEI9GSaWznB7+CA/LDUjPalfVY+H+CBBoInWWz/yDa6VP6yN
lu/tKlsWQU9ehCyss3HFKNggtmMb2VKcIh6kUHtJ+Pd1Du0uqLlxUUdEtL4ahgOc
Yj4KqWSaDj/tRZKNyjA8BJ+eTERTZX5auYck4EYji6A9YXh7me+uixYF2gMN99rA
X/+pJLhTgjA0r2bRV14eYWY1LJH4CHPBJyxg3RK5ZDec
-----END CERTIFICATE-----