Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/2zlMgtzyu-Z3PQV3_FKqG0hE9Bo.roa
File:                     2zlMgtzyu-Z3PQV3_FKqG0hE9Bo.roa (raw, json)
Hash identifier:          nnMP95GAZ+DjD/mecEGCJ28xkRqwMeqhPltnEbq4eyw=
Subject key identifier:   DB:39:4C:82:DC:F2:BB:E6:77:3D:05:77:FC:52:AA:1B:48:44:F4:1A
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       019C7584A5679663A6151D8C78473723F3BA
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/2zlMgtzyu-Z3PQV3_FKqG0hE9Bo.roa
Signing time:             Thu 19 Feb 2026 10:49:13 +0000
ROA not before:           Thu 19 Feb 2026 10:49:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        83.147.0.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:75:84:a5:67:96:63:a6:15:1d:8c:78:47:37:23:f3:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Feb 19 10:49:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db394c82dcf2bbe6773d0577fc52aa1b4844f41a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:49:e5:aa:96:e2:8d:54:f0:d8:98:45:dc:d8:
                    2f:17:4f:49:a1:24:09:98:52:7b:72:de:df:d7:85:
                    f3:12:d4:85:53:0f:b5:a7:78:08:a1:27:84:04:98:
                    09:af:68:e1:1b:a0:07:98:5a:e6:cd:a8:6d:c2:7e:
                    e9:b0:5e:c3:65:07:b2:59:71:d7:e4:2e:5d:61:2f:
                    95:80:eb:62:d0:ca:88:e8:d6:b3:29:da:00:ef:3e:
                    ff:76:18:54:6e:91:69:ff:e9:90:ba:e0:86:01:7b:
                    d6:61:9d:aa:7b:2d:50:94:3e:ae:a0:c9:f5:25:d1:
                    db:a2:bd:d8:13:ec:01:f3:26:fd:3f:e7:e2:25:36:
                    4d:c4:32:0c:ab:a5:3a:c6:80:98:72:78:d9:eb:da:
                    99:08:90:6c:4f:d1:4f:1d:73:7d:9b:ea:28:87:ef:
                    62:4a:f7:d1:28:9c:ad:c9:ac:05:0f:e5:57:ae:6e:
                    ec:42:69:4a:d6:71:80:14:18:4d:8b:5e:7b:ba:a8:
                    28:87:a2:9d:91:f5:31:44:42:07:2f:50:6c:1f:6d:
                    2d:ff:53:be:03:f0:ec:9b:0b:e0:e9:1f:61:78:a9:
                    11:1a:4d:ee:f4:56:55:8b:b9:16:d6:12:bd:3e:31:
                    26:37:fa:23:86:76:b1:7a:ca:84:96:7e:d1:c1:27:
                    08:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:39:4C:82:DC:F2:BB:E6:77:3D:05:77:FC:52:AA:1B:48:44:F4:1A
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/2zlMgtzyu-Z3PQV3_FKqG0hE9Bo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:c2:a1:4a:e6:a8:c5:d4:18:3a:87:d1:71:3e:54:fc:62:ae:
         a7:83:0a:43:4f:68:74:d8:45:44:3b:c6:50:32:13:3a:20:b0:
         3a:f4:17:38:10:fe:2b:ea:53:e1:ae:24:8d:21:9d:87:02:83:
         e6:34:13:f3:d7:2b:55:2f:72:39:7c:5f:f4:66:f3:9c:13:5f:
         e6:72:3b:51:67:3f:11:fb:79:25:e7:9d:41:6d:09:68:c1:fb:
         f7:ef:d3:2d:63:88:44:b5:b3:66:47:8f:df:ac:dd:03:7f:eb:
         46:13:17:90:d8:bc:02:2a:d4:e7:a4:94:82:79:c1:70:a9:8c:
         57:f6:93:16:bd:e6:1e:8e:54:db:cf:7f:d8:c9:33:66:5f:50:
         a8:38:be:ed:2d:27:fc:5d:60:a0:a9:e7:de:c5:3e:da:0c:a3:
         87:9f:dc:61:87:eb:24:9b:54:30:1a:28:18:3c:f6:36:6a:c7:
         61:31:3e:2f:58:be:7a:5e:2a:6c:50:2b:fe:c7:09:52:35:a8:
         1a:b5:42:5c:6d:bd:da:d4:45:ef:55:47:01:c3:3e:9f:f2:9e:
         3d:28:6a:46:ab:59:76:55:91:4d:7d:c2:a1:83:6d:5e:86:07:
         45:ed:52:f8:40:40:94:55:58:c8:f3:40:08:18:37:2e:55:fa:
         48:da:38:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx1hKVnlmOmFR2MeEc3I/O6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjYwMjE5MTA0OTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjM5NGM4MmRjZjJiYmU2NzczZDA1NzdmYzUyYWExYjQ4NDRmNDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEnlqpbijVTw2JhF3NgvF09JoSQJ
mFJ7ct7f14XzEtSFUw+1p3gIoSeEBJgJr2jhG6AHmFrmzahtwn7psF7DZQeyWXHX
5C5dYS+VgOti0MqI6NazKdoA7z7/dhhUbpFp/+mQuuCGAXvWYZ2qey1QlD6uoMn1
JdHbor3YE+wB8yb9P+fiJTZNxDIMq6U6xoCYcnjZ69qZCJBsT9FPHXN9m+ooh+9i
SvfRKJytyawFD+VXrm7sQmlK1nGAFBhNi157uqgoh6KdkfUxREIHL1BsH20t/1O+
A/Dsmwvg6R9heKkRGk3u9FZVi7kW1hK9PjEmN/ojhnaxesqEln7RwScITQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNs5TILc8rvmdz0Fd/xSqhtIRPQaMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvMnpsTWd0enl1LVozUFFWM19GS3FHMGhFOUJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU5MAMA0G
CSqGSIb3DQEBCwUAA4IBAQAZwqFK5qjF1Bg6h9FxPlT8Yq6ngwpDT2h02EVEO8ZQ
MhM6ILA69Bc4EP4r6lPhriSNIZ2HAoPmNBPz1ytVL3I5fF/0ZvOcE1/mcjtRZz8R
+3kl551BbQlowfv379MtY4hEtbNmR4/frN0Df+tGExeQ2LwCKtTnpJSCecFwqYxX
9pMWveYejlTbz3/YyTNmX1CoOL7tLSf8XWCgqefexT7aDKOHn9xhh+skm1QwGigY
PPY2asdhMT4vWL56XipsUCv+xwlSNagatUJcbb3a1EXvVUcBwz6f8p49KGpGq1l2
VZFNfcKhg21ehgdF7VL4QECUVVjI80AIGDcuVfpI2jjc
-----END CERTIFICATE-----