Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/4859c9-b391-497f-9a7a-25c374ceccda/1/Tu0HTeu7VFiGpoxzmAHKn4jmWSk.roa
File:                     Tu0HTeu7VFiGpoxzmAHKn4jmWSk.roa (raw, json)
Hash identifier:          +d9iXfQa+gZ+9cKBpXzuasEKwtK//SWvTy+/XK9Fz84=
Subject key identifier:   4E:ED:07:4D:EB:BB:54:58:86:A6:8C:73:98:01:CA:9F:88:E6:59:29
Certificate issuer:       /CN=0cad4273094d3710816dce2d1004a6258501f6db
Certificate serial:       019C93BA724606307769695177DB1837F6F9
Authority key identifier: 0C:AD:42:73:09:4D:37:10:81:6D:CE:2D:10:04:A6:25:85:01:F6:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DK1CcwlNNxCBbc4tEASmJYUB9ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/4859c9-b391-497f-9a7a-25c374ceccda/1/Tu0HTeu7VFiGpoxzmAHKn4jmWSk.roa
Signing time:             Wed 25 Feb 2026 07:36:35 +0000
ROA not before:           Wed 25 Feb 2026 07:36:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214751
IP address blocks:        185.115.150.0/24 maxlen: 24
                          185.115.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/4859c9-b391-497f-9a7a-25c374ceccda/1/DK1CcwlNNxCBbc4tEASmJYUB9ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/4859c9-b391-497f-9a7a-25c374ceccda/1/DK1CcwlNNxCBbc4tEASmJYUB9ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DK1CcwlNNxCBbc4tEASmJYUB9ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:93:ba:72:46:06:30:77:69:69:51:77:db:18:37:f6:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0cad4273094d3710816dce2d1004a6258501f6db
        Validity
            Not Before: Feb 25 07:36:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4eed074debbb545886a68c739801ca9f88e65929
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:f9:a2:bc:a4:d0:da:5e:f1:44:82:7a:06:7f:
                    59:cd:e3:80:9f:10:65:ea:7c:df:50:63:f4:ec:69:
                    d5:49:70:e1:b1:d0:50:07:d2:9b:46:a1:b9:6f:5f:
                    a6:44:c6:b9:de:f6:f3:ba:f9:cd:69:f9:63:57:29:
                    2d:b6:dd:e9:de:15:6a:f3:25:1e:6f:21:99:1a:8b:
                    4b:cb:66:8c:be:42:76:34:54:5a:e9:8c:4e:f6:39:
                    7e:8e:7e:86:24:7f:54:d6:a0:51:cb:48:8f:30:af:
                    1b:21:14:ab:1e:6d:3e:46:5c:c0:ba:b5:70:de:44:
                    c8:80:da:1b:e8:bc:07:5e:bc:af:e0:ad:1f:58:cd:
                    11:40:46:25:4a:33:12:ce:64:7e:be:9e:ce:60:4e:
                    c4:e1:75:99:49:51:2a:e1:e0:19:61:21:4c:74:97:
                    28:cc:ae:44:df:cf:bf:ef:78:30:ee:fa:b2:7c:1d:
                    68:3b:63:ae:4c:85:dd:84:1f:0b:eb:b6:97:13:a8:
                    af:8f:20:e2:d5:f6:98:55:9d:f0:02:e0:45:b8:d5:
                    69:26:41:28:5b:99:36:ed:e5:80:db:41:21:9c:27:
                    4b:dc:76:f9:51:4c:82:dd:81:9e:f4:a9:0b:c5:1a:
                    d7:49:06:a9:56:25:c9:51:6f:b1:b5:08:bf:d0:81:
                    7b:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:ED:07:4D:EB:BB:54:58:86:A6:8C:73:98:01:CA:9F:88:E6:59:29
            X509v3 Authority Key Identifier:
                keyid:0C:AD:42:73:09:4D:37:10:81:6D:CE:2D:10:04:A6:25:85:01:F6:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DK1CcwlNNxCBbc4tEASmJYUB9ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/4859c9-b391-497f-9a7a-25c374ceccda/1/Tu0HTeu7VFiGpoxzmAHKn4jmWSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/4859c9-b391-497f-9a7a-25c374ceccda/1/DK1CcwlNNxCBbc4tEASmJYUB9ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:84:c1:40:00:47:5c:4b:43:4e:c9:d9:fa:77:fa:45:49:e9:
         e6:8e:53:15:3c:86:50:04:42:0b:c4:f3:fd:eb:15:f3:41:95:
         e5:cc:ce:01:93:c8:f8:05:e5:ed:f2:c5:37:24:ce:cb:b3:5b:
         9f:51:87:b0:cc:dd:c8:41:ee:e4:95:43:e7:e4:9f:05:ee:a9:
         18:5c:59:a4:e0:18:07:8f:c7:a5:4a:ff:fc:0d:e0:95:54:bc:
         4b:8a:9a:4f:98:b0:9b:ae:52:91:5a:79:34:12:d8:7c:bb:fb:
         07:7e:52:9e:26:bd:67:28:44:5d:14:f6:1c:ac:55:73:08:81:
         eb:a8:9e:b1:0b:7d:b6:a4:10:de:f5:81:e1:19:60:f1:a0:f2:
         05:35:51:55:0c:30:fd:de:3d:f1:a7:6f:c5:b2:21:de:b3:7a:
         d3:4a:22:e7:31:6f:a6:1d:a8:62:e1:d9:f5:72:31:47:e3:22:
         95:92:cc:d9:9c:2b:65:2b:47:e0:29:7b:5c:8b:8d:78:72:ae:
         ba:80:39:cf:82:a5:e9:a5:b7:c4:31:ca:60:8c:b4:80:b1:cc:
         2e:2c:f3:ce:e3:be:19:6b:99:50:fe:e5:83:c4:3a:ba:65:ee:
         26:46:2b:bf:67:78:75:ad:40:c1:22:9b:5b:23:c5:f0:7b:bc:
         3f:94:e3:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyTunJGBjB3aWlRd9sYN/b5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjYWQ0MjczMDk0ZDM3MTA4MTZkY2UyZDEwMDRhNjI1ODUw
MWY2ZGIwHhcNMjYwMjI1MDczNjM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWVkMDc0ZGViYmI1NDU4ODZhNjhjNzM5ODAxY2E5Zjg4ZTY1OTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1vmivKTQ2l7xRIJ6Bn9ZzeOAnxBl
6nzfUGP07GnVSXDhsdBQB9KbRqG5b1+mRMa53vbzuvnNafljVykttt3p3hVq8yUe
byGZGotLy2aMvkJ2NFRa6YxO9jl+jn6GJH9U1qBRy0iPMK8bIRSrHm0+RlzAurVw
3kTIgNob6LwHXryv4K0fWM0RQEYlSjMSzmR+vp7OYE7E4XWZSVEq4eAZYSFMdJco
zK5E38+/73gw7vqyfB1oO2OuTIXdhB8L67aXE6ivjyDi1faYVZ3wAuBFuNVpJkEo
W5k27eWA20EhnCdL3Hb5UUyC3YGe9KkLxRrXSQapViXJUW+xtQi/0IF7iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE7tB03ru1RYhqaMc5gByp+I5lkpMB8GA1UdIwQY
MBaAFAytQnMJTTcQgW3OLRAEpiWFAfbbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREsxQ2N3bE5OeENCYmM0dEVBU21KWVVCOXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi80ODU5YzktYjM5MS00OTdmLTlhN2Et
MjVjMzc0Y2VjY2RhLzEvVHUwSFRldTdWRmlHcG94em1BSEtuNGptV1NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi80ODU5YzktYjM5MS00OTdmLTlhN2EtMjVjMzc0Y2VjY2Rh
LzEvREsxQ2N3bE5OeENCYmM0dEVBU21KWVVCOXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuXOWMA0G
CSqGSIb3DQEBCwUAA4IBAQBghMFAAEdcS0NOydn6d/pFSenmjlMVPIZQBEILxPP9
6xXzQZXlzM4Bk8j4BeXt8sU3JM7Ls1ufUYewzN3IQe7klUPn5J8F7qkYXFmk4BgH
j8elSv/8DeCVVLxLippPmLCbrlKRWnk0Eth8u/sHflKeJr1nKERdFPYcrFVzCIHr
qJ6xC322pBDe9YHhGWDxoPIFNVFVDDD93j3xp2/FsiHes3rTSiLnMW+mHahi4dn1
cjFH4yKVkszZnCtlK0fgKXtci414cq66gDnPgqXppbfEMcpgjLSAscwuLPPO474Z
a5lQ/uWDxDq6Ze4mRiu/Z3h1rUDBIptbI8Xwe7w/lONP
-----END CERTIFICATE-----