Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/a45d1c-e3b6-4f23-a8c6-ef332a0256d6/1/p5Wte5KuVonuaL_tZSX57RTdUT4.roa
File:                     p5Wte5KuVonuaL_tZSX57RTdUT4.roa (raw, json)
Hash identifier:          qSw05xyX0DIMUSTujhOo8yXFH7V8hwTiYDbx9AgCqbg=
Subject key identifier:   A7:95:AD:7B:92:AE:56:89:EE:68:BF:ED:65:25:F9:ED:14:DD:51:3E
Certificate issuer:       /CN=d7a80068bd7328ef41120f4788c28d3a92047067
Certificate serial:       019C46ECA74C98125C4AEE55797D40558F2B
Authority key identifier: D7:A8:00:68:BD:73:28:EF:41:12:0F:47:88:C2:8D:3A:92:04:70:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/16gAaL1zKO9BEg9HiMKNOpIEcGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/a45d1c-e3b6-4f23-a8c6-ef332a0256d6/1/p5Wte5KuVonuaL_tZSX57RTdUT4.roa
Signing time:             Tue 10 Feb 2026 09:40:40 +0000
ROA not before:           Tue 10 Feb 2026 09:40:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208185
IP address blocks:        91.206.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/a45d1c-e3b6-4f23-a8c6-ef332a0256d6/1/16gAaL1zKO9BEg9HiMKNOpIEcGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/a45d1c-e3b6-4f23-a8c6-ef332a0256d6/1/16gAaL1zKO9BEg9HiMKNOpIEcGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/16gAaL1zKO9BEg9HiMKNOpIEcGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:46:ec:a7:4c:98:12:5c:4a:ee:55:79:7d:40:55:8f:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7a80068bd7328ef41120f4788c28d3a92047067
        Validity
            Not Before: Feb 10 09:40:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a795ad7b92ae5689ee68bfed6525f9ed14dd513e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:52:5b:bb:29:3e:d8:05:7a:d3:94:21:6e:0b:
                    54:26:a8:c6:82:ec:e3:63:33:6c:e4:85:95:a7:05:
                    83:a1:86:3a:b4:99:9d:93:31:ee:98:20:b7:3b:5a:
                    28:92:99:a6:0c:2a:5d:04:7b:15:a4:b0:c6:e2:45:
                    b3:7e:32:7a:01:fb:13:f1:fa:81:c7:94:92:67:04:
                    c9:a2:25:b1:46:1f:0c:66:14:80:98:a3:01:23:a8:
                    90:61:d4:59:43:cd:fe:b9:17:19:47:df:c3:0b:79:
                    4f:15:cf:80:bd:50:25:e6:22:2b:87:13:d7:e1:da:
                    ed:8d:50:95:46:ed:ae:36:4a:e9:6f:20:78:53:94:
                    7d:ef:9a:dd:3f:63:a3:ce:f9:de:2a:d8:b4:09:19:
                    76:13:8d:a7:e5:10:a3:a6:d5:66:b4:03:53:9d:e7:
                    a5:0e:1f:6c:59:3e:9f:bc:e6:8c:0d:e8:20:08:b7:
                    a9:08:5f:d4:e3:31:29:e0:16:35:1b:85:77:0d:2d:
                    1a:3c:dc:cc:e8:b0:2f:ea:c6:df:79:49:08:26:67:
                    d5:7f:61:7c:c5:c0:5d:c7:10:70:b8:20:2b:4c:71:
                    61:fd:f5:4a:90:e1:ff:d5:12:b7:e5:81:06:25:07:
                    77:24:c5:91:3c:92:46:4d:a9:5a:61:03:a9:4d:56:
                    f9:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:95:AD:7B:92:AE:56:89:EE:68:BF:ED:65:25:F9:ED:14:DD:51:3E
            X509v3 Authority Key Identifier:
                keyid:D7:A8:00:68:BD:73:28:EF:41:12:0F:47:88:C2:8D:3A:92:04:70:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/16gAaL1zKO9BEg9HiMKNOpIEcGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/a45d1c-e3b6-4f23-a8c6-ef332a0256d6/1/p5Wte5KuVonuaL_tZSX57RTdUT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/a45d1c-e3b6-4f23-a8c6-ef332a0256d6/1/16gAaL1zKO9BEg9HiMKNOpIEcGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:a1:66:dd:16:7b:ec:16:09:77:0d:1b:49:11:22:32:90:97:
         dd:17:39:5d:1d:62:2b:b7:b7:61:43:07:52:a4:8e:92:f2:89:
         95:b9:1a:19:61:2c:3a:fa:96:bd:ce:f2:7c:9e:b2:5c:06:11:
         ad:07:11:57:a5:1f:e0:cd:ec:46:a6:f3:14:bb:64:dd:83:1e:
         b0:52:79:34:22:05:17:5d:3b:15:c7:e4:9b:5b:b5:11:05:94:
         5d:c4:56:b1:77:aa:3a:44:69:d2:d3:97:34:65:9c:05:af:fa:
         5d:f9:89:e3:de:f7:27:e5:4f:a4:30:e2:9f:84:f1:75:ba:d8:
         83:8e:5b:80:33:08:c6:6c:0e:66:48:d3:c4:51:78:27:80:f2:
         56:21:59:bf:4a:c5:f9:b1:66:9a:cd:b5:f7:79:21:09:77:a7:
         21:14:db:14:42:ad:4f:15:2a:78:50:ad:f5:b3:47:fa:5e:6c:
         d9:29:97:0a:5e:77:b6:79:e6:50:75:7b:3c:65:08:30:26:d8:
         7a:f4:b3:a9:6e:c8:7e:f6:1d:16:a7:91:a8:ab:a9:eb:75:e3:
         d5:09:50:16:5a:a8:c3:7e:75:57:34:61:38:ed:da:43:bb:24:
         39:ee:f1:02:06:d1:ec:ac:32:7b:2c:44:7c:81:a9:94:6a:3e:
         0f:9c:5f:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxG7KdMmBJcSu5VeX1AVY8rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3YTgwMDY4YmQ3MzI4ZWY0MTEyMGY0Nzg4YzI4ZDNhOTIw
NDcwNjcwHhcNMjYwMjEwMDk0MDQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzk1YWQ3YjkyYWU1Njg5ZWU2OGJmZWQ2NTI1ZjllZDE0ZGQ1MTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVJbuyk+2AV605QhbgtUJqjGguzj
YzNs5IWVpwWDoYY6tJmdkzHumCC3O1ookpmmDCpdBHsVpLDG4kWzfjJ6AfsT8fqB
x5SSZwTJoiWxRh8MZhSAmKMBI6iQYdRZQ83+uRcZR9/DC3lPFc+AvVAl5iIrhxPX
4drtjVCVRu2uNkrpbyB4U5R975rdP2OjzvneKti0CRl2E42n5RCjptVmtANTneel
Dh9sWT6fvOaMDeggCLepCF/U4zEp4BY1G4V3DS0aPNzM6LAv6sbfeUkIJmfVf2F8
xcBdxxBwuCArTHFh/fVKkOH/1RK35YEGJQd3JMWRPJJGTalaYQOpTVb5IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKeVrXuSrlaJ7mi/7WUl+e0U3VE+MB8GA1UdIwQY
MBaAFNeoAGi9cyjvQRIPR4jCjTqSBHBnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTZnQWFMMXpLTzlCRWc5SGlNS05PcElFY0djLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9hNDVkMWMtZTNiNi00ZjIzLWE4YzYt
ZWYzMzJhMDI1NmQ2LzEvcDVXdGU1S3VWb251YUxfdFpTWDU3UlRkVVQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9hNDVkMWMtZTNiNi00ZjIzLWE4YzYtZWYzMzJhMDI1NmQ2
LzEvMTZnQWFMMXpLTzlCRWc5SGlNS05PcElFY0djLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW85uMA0G
CSqGSIb3DQEBCwUAA4IBAQAtoWbdFnvsFgl3DRtJESIykJfdFzldHWIrt7dhQwdS
pI6S8omVuRoZYSw6+pa9zvJ8nrJcBhGtBxFXpR/gzexGpvMUu2Tdgx6wUnk0IgUX
XTsVx+SbW7URBZRdxFaxd6o6RGnS05c0ZZwFr/pd+Ynj3vcn5U+kMOKfhPF1utiD
jluAMwjGbA5mSNPEUXgngPJWIVm/SsX5sWaazbX3eSEJd6chFNsUQq1PFSp4UK31
s0f6XmzZKZcKXne2eeZQdXs8ZQgwJth69LOpbsh+9h0Wp5Goq6nrdePVCVAWWqjD
fnVXNGE47dpDuyQ57vECBtHsrDJ7LER8gamUaj4PnF/j
-----END CERTIFICATE-----