Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/e07cf7-50c1-4e18-8fae-1522f7537bcb/1/VFVPR_IRVw5BlqiNs1YWSmHiqsE.roa
File:                     VFVPR_IRVw5BlqiNs1YWSmHiqsE.roa (raw, json)
Hash identifier:          V8+sjv3juPFIm0G9xudc5DKK5HaQCguQbshspKidKdQ=
Subject key identifier:   54:55:4F:47:F2:11:57:0E:41:96:A8:8D:B3:56:16:4A:61:E2:AA:C1
Certificate issuer:       /CN=3e16309d25d13ce5c796a5a174e42c3cd9bcb5eb
Certificate serial:       019C6BA887E6F98A6BA388D5509B92325BB5
Authority key identifier: 3E:16:30:9D:25:D1:3C:E5:C7:96:A5:A1:74:E4:2C:3C:D9:BC:B5:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PhYwnSXRPOXHlqWhdOQsPNm8tes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/e07cf7-50c1-4e18-8fae-1522f7537bcb/1/VFVPR_IRVw5BlqiNs1YWSmHiqsE.roa
Signing time:             Tue 17 Feb 2026 12:52:12 +0000
ROA not before:           Tue 17 Feb 2026 12:52:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25563
IP address blocks:        92.43.216.0/21 maxlen: 24
                          185.84.192.0/22 maxlen: 24
                          2a01:768::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/e07cf7-50c1-4e18-8fae-1522f7537bcb/1/PhYwnSXRPOXHlqWhdOQsPNm8tes.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/e07cf7-50c1-4e18-8fae-1522f7537bcb/1/PhYwnSXRPOXHlqWhdOQsPNm8tes.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PhYwnSXRPOXHlqWhdOQsPNm8tes.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6b:a8:87:e6:f9:8a:6b:a3:88:d5:50:9b:92:32:5b:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e16309d25d13ce5c796a5a174e42c3cd9bcb5eb
        Validity
            Not Before: Feb 17 12:52:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=54554f47f211570e4196a88db356164a61e2aac1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:a2:1e:fb:71:4d:f0:da:80:21:ce:23:69:61:
                    c6:34:2f:62:41:46:1a:20:9a:ce:8b:86:01:9d:03:
                    7d:a5:94:55:2d:0e:a6:cd:0c:fb:b5:6d:f7:94:f1:
                    44:f3:0b:6b:e8:8a:e2:43:2f:95:8c:cf:7e:a4:2f:
                    cc:e2:57:6a:4a:98:58:2d:0d:3c:39:d7:39:48:c9:
                    44:16:8c:57:19:56:1e:46:f5:51:61:8f:0d:17:d5:
                    45:da:87:90:dc:69:e2:81:07:97:9e:95:0a:a7:0c:
                    3b:c3:d9:7f:ef:f4:9f:7d:02:89:c2:78:7d:89:9d:
                    33:70:10:5e:d6:11:ca:14:d2:b8:e7:8f:68:0a:1f:
                    1e:2d:f0:c3:96:8d:e9:37:0d:91:82:a7:04:b9:42:
                    37:ea:47:a9:84:5a:c5:7e:cd:c0:bc:c4:58:6f:49:
                    2a:a0:73:da:85:2f:34:76:5a:34:2b:2a:68:26:06:
                    03:bb:00:79:23:2c:9f:47:ca:95:20:23:89:03:ab:
                    62:78:63:96:9a:d3:2b:cc:67:5d:38:05:ef:7d:79:
                    7d:16:76:40:95:ad:d1:0d:b1:ab:7e:75:38:eb:d7:
                    94:2d:f8:75:56:54:ab:1e:da:2d:6e:bd:5d:b5:a0:
                    6f:77:f5:15:67:6a:1d:f5:0b:23:13:95:0a:31:7b:
                    f5:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:55:4F:47:F2:11:57:0E:41:96:A8:8D:B3:56:16:4A:61:E2:AA:C1
            X509v3 Authority Key Identifier:
                keyid:3E:16:30:9D:25:D1:3C:E5:C7:96:A5:A1:74:E4:2C:3C:D9:BC:B5:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PhYwnSXRPOXHlqWhdOQsPNm8tes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/e07cf7-50c1-4e18-8fae-1522f7537bcb/1/VFVPR_IRVw5BlqiNs1YWSmHiqsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/e07cf7-50c1-4e18-8fae-1522f7537bcb/1/PhYwnSXRPOXHlqWhdOQsPNm8tes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.43.216.0/21
                  185.84.192.0/22
                IPv6:
                  2a01:768::/32

    Signature Algorithm: sha256WithRSAEncryption
         95:6e:2c:97:35:a3:bd:2e:83:4f:03:a6:0d:94:35:dd:56:ba:
         7a:a1:43:b0:92:0a:70:54:a4:ed:ad:e3:f1:70:0e:4f:7b:15:
         ca:c8:49:60:df:4c:72:1f:43:12:65:8b:a4:2c:7a:b3:cb:89:
         bd:5d:28:02:ed:a7:70:4f:fb:fa:af:b1:61:45:d2:95:df:a3:
         ff:54:1b:09:e2:58:41:05:a8:5f:53:30:50:9b:72:38:59:43:
         a6:aa:29:f0:31:4c:fc:33:25:4a:e1:39:18:c4:8a:27:76:76:
         5a:b6:21:c7:55:8e:4b:b2:03:95:61:1e:66:f9:21:a7:c8:ad:
         62:c9:94:6b:a7:8f:d2:f2:7c:26:c2:ad:1a:3b:52:a8:a1:40:
         f4:1f:d0:26:38:14:90:04:0d:1c:6b:a5:3d:63:45:e5:85:65:
         9d:d6:8f:52:90:fe:c5:ca:3d:80:af:0c:65:60:77:13:c7:2a:
         94:ef:9e:7f:a8:c4:53:9b:ad:38:b8:e6:09:e8:ba:97:34:54:
         02:aa:f6:a9:d0:57:0e:90:9d:67:1c:ca:70:bb:d2:60:d4:e9:
         da:5e:52:0e:0b:c0:df:43:29:8e:31:d6:12:13:11:79:0f:90:
         b5:4f:26:a6:84:51:f7:e0:d9:35:13:f1:33:6e:ea:2c:5b:4b:
         be:eb:1c:ec
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZxrqIfm+Ypro4jVUJuSMlu1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMTYzMDlkMjVkMTNjZTVjNzk2YTVhMTc0ZTQyYzNjZDli
Y2I1ZWIwHhcNMjYwMjE3MTI1MjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDU1NGY0N2YyMTE1NzBlNDE5NmE4OGRiMzU2MTY0YTYxZTJhYWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxqIe+3FN8NqAIc4jaWHGNC9iQUYa
IJrOi4YBnQN9pZRVLQ6mzQz7tW33lPFE8wtr6IriQy+VjM9+pC/M4ldqSphYLQ08
Odc5SMlEFoxXGVYeRvVRYY8NF9VF2oeQ3GnigQeXnpUKpww7w9l/7/SffQKJwnh9
iZ0zcBBe1hHKFNK4549oCh8eLfDDlo3pNw2RgqcEuUI36kephFrFfs3AvMRYb0kq
oHPahS80dlo0KypoJgYDuwB5IyyfR8qVICOJA6tieGOWmtMrzGddOAXvfXl9FnZA
la3RDbGrfnU469eULfh1VlSrHtotbr1dtaBvd/UVZ2od9QsjE5UKMXv1KwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFRVT0fyEVcOQZaojbNWFkph4qrBMB8GA1UdIwQY
MBaAFD4WMJ0l0Tzlx5aloXTkLDzZvLXrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGhZd25TWFJQT1hIbHFXaGRPUXNQTm04dGVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC9lMDdjZjctNTBjMS00ZTE4LThmYWUt
MTUyMmY3NTM3YmNiLzEvVkZWUFJfSVJWdzVCbHFpTnMxWVdTbUhpcXNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC9lMDdjZjctNTBjMS00ZTE4LThmYWUtMTUyMmY3NTM3YmNi
LzEvUGhZd25TWFJQT1hIbHFXaGRPUXNQTm04dGVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDXCvYAwQC
uVTAMA0EAgACMAcDBQAqAQdoMA0GCSqGSIb3DQEBCwUAA4IBAQCVbiyXNaO9LoNP
A6YNlDXdVrp6oUOwkgpwVKTtrePxcA5PexXKyElg30xyH0MSZYukLHqzy4m9XSgC
7adwT/v6r7FhRdKV36P/VBsJ4lhBBahfUzBQm3I4WUOmqinwMUz8MyVK4TkYxIon
dnZatiHHVY5LsgOVYR5m+SGnyK1iyZRrp4/S8nwmwq0aO1KooUD0H9AmOBSQBA0c
a6U9Y0XlhWWd1o9SkP7Fyj2ArwxlYHcTxyqU755/qMRTm604uOYJ6LqXNFQCqvap
0FcOkJ1nHMpwu9Jg1OnaXlIOC8DfQymOMdYSExF5D5C1TyamhFH34Nk1E/Ezbuos
W0u+6xzs
-----END CERTIFICATE-----