Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/a75e63-8149-49c6-939f-c6bf2ffb7253/1/bsiJMh925Q6yXtQJa1CQ5jNihts.roa
File:                     bsiJMh925Q6yXtQJa1CQ5jNihts.roa (raw, json)
Hash identifier:          X9V/B7+nYNlAPiuflw59MNnI7H3EmEftfAgXQa1P4vk=
Subject key identifier:   6E:C8:89:32:1F:76:E5:0E:B2:5E:D4:09:6B:50:90:E6:33:62:86:DB
Certificate issuer:       /CN=4f32d40a53bb60b86759e6ec0a5207300b41af70
Certificate serial:       019C5269D4227C2D58FDF0B90E66A5AF4D42
Authority key identifier: 4F:32:D4:0A:53:BB:60:B8:67:59:E6:EC:0A:52:07:30:0B:41:AF:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TzLUClO7YLhnWebsClIHMAtBr3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/a75e63-8149-49c6-939f-c6bf2ffb7253/1/bsiJMh925Q6yXtQJa1CQ5jNihts.roa
Signing time:             Thu 12 Feb 2026 15:13:13 +0000
ROA not before:           Thu 12 Feb 2026 15:13:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205179
IP address blocks:        185.50.176.0/24 maxlen: 24
                          185.50.177.0/24 maxlen: 24
                          185.50.178.0/24 maxlen: 24
                          185.50.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/a75e63-8149-49c6-939f-c6bf2ffb7253/1/TzLUClO7YLhnWebsClIHMAtBr3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/a75e63-8149-49c6-939f-c6bf2ffb7253/1/TzLUClO7YLhnWebsClIHMAtBr3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TzLUClO7YLhnWebsClIHMAtBr3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:52:69:d4:22:7c:2d:58:fd:f0:b9:0e:66:a5:af:4d:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f32d40a53bb60b86759e6ec0a5207300b41af70
        Validity
            Not Before: Feb 12 15:13:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6ec889321f76e50eb25ed4096b5090e6336286db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:38:b7:51:3a:37:68:f0:71:a9:1b:06:6a:50:
                    c6:d7:61:79:27:9a:d3:09:4e:e1:78:ae:13:90:ce:
                    81:eb:1b:b1:2f:52:e8:cb:00:0a:c9:ec:ad:1e:66:
                    1d:89:4b:64:6f:15:09:e9:56:93:ac:d4:5a:1f:e0:
                    f7:79:38:f2:b3:e4:31:ef:33:17:2f:78:2b:16:06:
                    3b:8e:64:b1:89:c6:0f:24:2a:69:a9:03:92:d2:76:
                    49:ae:4d:c9:9f:1e:92:c1:c3:04:b5:f7:b2:7d:84:
                    be:7a:8e:e3:b2:96:45:d9:45:b6:43:9b:19:e0:0e:
                    8a:b8:0e:7a:6e:6e:e5:fd:4e:83:ea:7b:43:2e:85:
                    d7:e0:d4:b1:cf:35:c9:39:6f:33:81:90:a4:51:90:
                    e4:cb:98:a1:66:92:d7:ff:df:fa:78:ac:dc:28:04:
                    88:8b:bc:93:02:ed:58:5e:47:2b:4b:12:69:61:c0:
                    61:02:81:a6:53:5e:fd:3d:68:4b:c0:86:44:9f:92:
                    79:3d:68:8b:70:76:31:f9:a3:f1:d1:43:00:06:84:
                    c1:c2:5a:cc:f4:35:82:f8:fc:8d:d9:26:37:b1:1d:
                    c3:42:7f:96:65:2c:30:f5:df:0e:05:df:24:b1:15:
                    ef:7d:f7:98:d0:4d:b3:0e:d7:56:f7:cc:65:ff:17:
                    c7:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:C8:89:32:1F:76:E5:0E:B2:5E:D4:09:6B:50:90:E6:33:62:86:DB
            X509v3 Authority Key Identifier:
                keyid:4F:32:D4:0A:53:BB:60:B8:67:59:E6:EC:0A:52:07:30:0B:41:AF:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TzLUClO7YLhnWebsClIHMAtBr3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/a75e63-8149-49c6-939f-c6bf2ffb7253/1/bsiJMh925Q6yXtQJa1CQ5jNihts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/a75e63-8149-49c6-939f-c6bf2ffb7253/1/TzLUClO7YLhnWebsClIHMAtBr3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.50.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         04:13:6b:bf:c0:c4:46:58:a7:37:c0:25:4a:62:90:d3:ac:81:
         bb:c1:ac:fa:1e:eb:2d:bc:ff:ad:b9:75:0b:ae:b1:76:3d:74:
         00:cd:46:3d:fc:12:1d:f0:3a:2a:8b:da:34:e6:1a:4f:2b:fa:
         68:7d:1f:c0:ac:4a:bf:08:be:b9:42:22:0f:3f:0b:6d:ed:ef:
         a4:73:b4:37:cd:ff:69:e4:b2:b1:e7:5c:2a:3f:de:8e:68:c0:
         df:e4:1b:82:bc:bd:89:c5:a2:01:c1:3e:76:e6:71:0d:9b:4f:
         e6:8e:5f:19:38:00:c5:d7:78:9d:d8:f8:61:69:52:6e:f1:96:
         8c:1d:8d:42:a9:01:0c:88:4e:bf:aa:e7:c7:cb:02:61:a6:1a:
         eb:ef:77:f2:67:ff:40:04:c1:60:80:12:ad:d0:e6:1e:d5:6e:
         6a:45:02:85:ab:75:d3:04:14:97:e4:82:7b:85:0f:21:88:ca:
         44:f0:ca:56:52:d0:2b:44:2c:09:4d:d9:97:c8:87:76:3a:12:
         74:a1:c7:7e:6f:76:6f:48:77:51:5e:be:4b:81:43:56:f6:58:
         ef:45:27:44:fb:08:18:a7:94:9f:cc:53:fd:11:47:ca:dc:fb:
         36:d3:60:27:ab:d0:85:f6:6f:b2:fd:ad:5b:78:4b:80:db:8d:
         57:9b:13:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxSadQifC1Y/fC5Dmalr01CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMzJkNDBhNTNiYjYwYjg2NzU5ZTZlYzBhNTIwNzMwMGI0
MWFmNzAwHhcNMjYwMjEyMTUxMzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWM4ODkzMjFmNzZlNTBlYjI1ZWQ0MDk2YjUwOTBlNjMzNjI4NmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzi3UTo3aPBxqRsGalDG12F5J5rT
CU7heK4TkM6B6xuxL1LoywAKyeytHmYdiUtkbxUJ6VaTrNRaH+D3eTjys+Qx7zMX
L3grFgY7jmSxicYPJCppqQOS0nZJrk3Jnx6SwcMEtfeyfYS+eo7jspZF2UW2Q5sZ
4A6KuA56bm7l/U6D6ntDLoXX4NSxzzXJOW8zgZCkUZDky5ihZpLX/9/6eKzcKASI
i7yTAu1YXkcrSxJpYcBhAoGmU179PWhLwIZEn5J5PWiLcHYx+aPx0UMABoTBwlrM
9DWC+PyN2SY3sR3DQn+WZSww9d8OBd8ksRXvffeY0E2zDtdW98xl/xfHLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG7IiTIfduUOsl7UCWtQkOYzYobbMB8GA1UdIwQY
MBaAFE8y1ApTu2C4Z1nm7ApSBzALQa9wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHpMVUNsTzdZTGhuV2Vic0NsSUhNQXRCcjNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9hNzVlNjMtODE0OS00OWM2LTkzOWYt
YzZiZjJmZmI3MjUzLzEvYnNpSk1oOTI1UTZ5WHRRSmExQ1E1ak5paHRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9hNzVlNjMtODE0OS00OWM2LTkzOWYtYzZiZjJmZmI3MjUz
LzEvVHpMVUNsTzdZTGhuV2Vic0NsSUhNQXRCcjNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTKwMA0G
CSqGSIb3DQEBCwUAA4IBAQAEE2u/wMRGWKc3wCVKYpDTrIG7waz6HustvP+tuXUL
rrF2PXQAzUY9/BId8Doqi9o05hpPK/pofR/ArEq/CL65QiIPPwtt7e+kc7Q3zf9p
5LKx51wqP96OaMDf5BuCvL2JxaIBwT525nENm0/mjl8ZOADF13id2PhhaVJu8ZaM
HY1CqQEMiE6/qufHywJhphrr73fyZ/9ABMFggBKt0OYe1W5qRQKFq3XTBBSX5IJ7
hQ8hiMpE8MpWUtArRCwJTdmXyId2OhJ0ocd+b3ZvSHdRXr5LgUNW9ljvRSdE+wgY
p5SfzFP9EUfK3Ps202Anq9CF9m+y/a1beEuA241XmxOu
-----END CERTIFICATE-----