Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/K9Rcc3WzxcMz5W462D1Uq4gMncI.roa
File:                     K9Rcc3WzxcMz5W462D1Uq4gMncI.roa (raw, json)
Hash identifier:          sMPLEzXi/TLAjcusPwFMkhIofh4njesGN5Oaf9QbDY8=
Subject key identifier:   2B:D4:5C:73:75:B3:C5:C3:33:E5:6E:3A:D8:3D:54:AB:88:0C:9D:C2
Certificate issuer:       /CN=874bf8070cee4305d1a389e910fb5102bbcc1941
Certificate serial:       019C7611A27A01CD2A324AD2BFF0DB9A691B
Authority key identifier: 87:4B:F8:07:0C:EE:43:05:D1:A3:89:E9:10:FB:51:02:BB:CC:19:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/K9Rcc3WzxcMz5W462D1Uq4gMncI.roa
Signing time:             Thu 19 Feb 2026 13:23:13 +0000
ROA not before:           Thu 19 Feb 2026 13:23:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        85.237.92.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:76:11:a2:7a:01:cd:2a:32:4a:d2:bf:f0:db:9a:69:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=874bf8070cee4305d1a389e910fb5102bbcc1941
        Validity
            Not Before: Feb 19 13:23:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2bd45c7375b3c5c333e56e3ad83d54ab880c9dc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:23:12:33:95:89:9a:37:07:fb:09:27:0b:99:
                    66:9a:5a:95:bd:4a:e9:17:6f:df:e0:94:a7:52:18:
                    63:15:79:cc:4c:65:3c:7a:78:f3:34:39:c6:23:91:
                    67:f8:07:78:1e:3e:4b:f3:cd:5c:7c:c6:ea:8c:5d:
                    34:d4:98:0a:38:7a:f7:98:12:0a:21:cf:b4:79:4b:
                    f1:7b:1f:00:3d:ba:1f:33:b8:51:3f:e8:9f:6a:dd:
                    be:0f:f5:56:1a:0a:1b:79:e1:f7:21:18:99:d6:dc:
                    61:32:ce:1e:82:90:bf:04:cf:c6:76:bd:e0:a1:97:
                    ad:ce:92:9d:ef:30:4e:ee:9a:ef:49:cf:33:f6:5f:
                    08:2d:48:fb:12:39:43:8c:e5:a5:72:b6:6c:47:7e:
                    49:f0:8f:88:65:2d:49:7a:57:9a:28:6c:d3:e2:73:
                    c9:2a:c0:4e:c1:8d:96:69:c8:04:1e:87:18:2b:69:
                    f9:bd:d5:b4:0a:1a:62:9a:87:9b:a2:2c:7e:92:41:
                    42:b6:3d:e3:b9:34:13:df:37:09:34:ef:06:a1:37:
                    74:91:f4:6c:78:fd:bf:13:9f:23:d6:31:48:e0:44:
                    80:82:68:17:ed:85:39:fe:55:ef:cd:82:e2:a6:e4:
                    83:86:19:0c:3e:17:23:f2:1f:e2:c6:e7:69:62:b0:
                    fd:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:D4:5C:73:75:B3:C5:C3:33:E5:6E:3A:D8:3D:54:AB:88:0C:9D:C2
            X509v3 Authority Key Identifier:
                keyid:87:4B:F8:07:0C:EE:43:05:D1:A3:89:E9:10:FB:51:02:BB:CC:19:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/K9Rcc3WzxcMz5W462D1Uq4gMncI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:90:37:9f:eb:67:f8:06:d8:5f:58:c8:33:b6:70:c4:c0:e1:
         db:cc:e8:7d:22:06:ea:55:ff:7a:68:2d:f5:3f:36:36:4c:9a:
         db:30:3e:6b:c0:07:0f:58:ae:d0:be:af:89:9d:3a:8d:3c:e0:
         64:36:87:73:24:a8:04:5f:5f:7f:6e:a2:2c:8f:5d:43:c5:24:
         fb:48:16:0d:af:90:6c:4e:16:7a:f8:cf:8a:7a:68:d0:95:27:
         3f:49:76:9b:e3:34:c3:09:3d:f7:fd:de:3a:0f:05:8d:fc:fd:
         a0:8d:a3:c6:0f:f1:81:cb:d4:7a:09:b5:e7:f0:85:cd:ca:a4:
         37:c0:ac:9d:3b:8c:5a:15:ee:54:eb:f3:6f:5c:3e:19:20:1d:
         8f:56:84:1d:0a:30:f8:e2:a1:11:f7:8a:8f:da:10:83:93:96:
         aa:9e:cd:a2:b6:fe:2b:b8:88:7c:bb:11:ed:74:af:db:0c:50:
         dd:14:52:b9:84:0c:16:8b:3d:9d:9f:27:dd:7f:a9:5c:c7:3d:
         10:83:1c:78:4c:24:25:6a:79:f4:79:75:c4:77:65:fe:53:71:
         6a:cd:c0:1c:e2:6a:ee:3d:41:a9:70:a9:87:02:2b:d3:ee:59:
         1e:75:ac:7a:63:e3:e2:8a:b8:87:d8:1c:50:d4:dd:e7:44:e6:
         e6:a6:93:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx2EaJ6Ac0qMkrSv/DbmmkbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NGJmODA3MGNlZTQzMDVkMWEzODllOTEwZmI1MTAyYmJj
YzE5NDEwHhcNMjYwMjE5MTMyMzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmQ0NWM3Mzc1YjNjNWMzMzNlNTZlM2FkODNkNTRhYjg4MGM5ZGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSMSM5WJmjcH+wknC5lmmlqVvUrp
F2/f4JSnUhhjFXnMTGU8enjzNDnGI5Fn+Ad4Hj5L881cfMbqjF001JgKOHr3mBIK
Ic+0eUvxex8APbofM7hRP+ifat2+D/VWGgobeeH3IRiZ1txhMs4egpC/BM/Gdr3g
oZetzpKd7zBO7prvSc8z9l8ILUj7EjlDjOWlcrZsR35J8I+IZS1JeleaKGzT4nPJ
KsBOwY2WacgEHocYK2n5vdW0Chpimoeboix+kkFCtj3juTQT3zcJNO8GoTd0kfRs
eP2/E58j1jFI4ESAgmgX7YU5/lXvzYLipuSDhhkMPhcj8h/ixudpYrD9qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCvUXHN1s8XDM+VuOtg9VKuIDJ3CMB8GA1UdIwQY
MBaAFIdL+AcM7kMF0aOJ6RD7UQK7zBlBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDB2NEJ3enVRd1hSbzRucEVQdFJBcnZNR1VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9lZWUxMzEtYmI4Yy00ODg3LTg2OWIt
NmZlNGQ4ZmVkMTYwLzEvSzlSY2MzV3p4Y016NVc0NjJEMVVxNGdNbmNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9lZWUxMzEtYmI4Yy00ODg3LTg2OWItNmZlNGQ4ZmVkMTYw
LzEvaDB2NEJ3enVRd1hSbzRucEVQdFJBcnZNR1VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVe1cMA0G
CSqGSIb3DQEBCwUAA4IBAQCLkDef62f4BthfWMgztnDEwOHbzOh9IgbqVf96aC31
PzY2TJrbMD5rwAcPWK7Qvq+JnTqNPOBkNodzJKgEX19/bqIsj11DxST7SBYNr5Bs
ThZ6+M+KemjQlSc/SXab4zTDCT33/d46DwWN/P2gjaPGD/GBy9R6CbXn8IXNyqQ3
wKydO4xaFe5U6/NvXD4ZIB2PVoQdCjD44qER94qP2hCDk5aqns2itv4ruIh8uxHt
dK/bDFDdFFK5hAwWiz2dnyfdf6lcxz0Qgxx4TCQlann0eXXEd2X+U3FqzcAc4mru
PUGpcKmHAivT7lkedax6Y+PiiriH2BxQ1N3nRObmppPX
-----END CERTIFICATE-----