Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/26e77f-fa37-4900-a33d-d1d6dea98790/1/oBSIemnga5g3zbM0MhQPYpUQkXk.roa
File:                     oBSIemnga5g3zbM0MhQPYpUQkXk.roa (raw, json)
Hash identifier:          vUqBxjZNdA/2K4hIUfgJGI6rYfhtyuZbedTN6yjPJdk=
Subject key identifier:   A0:14:88:7A:69:E0:6B:98:37:CD:B3:34:32:14:0F:62:95:10:91:79
Certificate issuer:       /CN=1abc9fb3312a4abf1ddc28518e7608e0ec3275df
Certificate serial:       019C46B9E285D81AFDAD7CC32DAB52DCB5D5
Authority key identifier: 1A:BC:9F:B3:31:2A:4A:BF:1D:DC:28:51:8E:76:08:E0:EC:32:75:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GryfszEqSr8d3ChRjnYI4Owydd8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/26e77f-fa37-4900-a33d-d1d6dea98790/1/oBSIemnga5g3zbM0MhQPYpUQkXk.roa
Signing time:             Tue 10 Feb 2026 08:45:13 +0000
ROA not before:           Tue 10 Feb 2026 08:45:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42926
IP address blocks:        185.93.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/26e77f-fa37-4900-a33d-d1d6dea98790/1/GryfszEqSr8d3ChRjnYI4Owydd8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/26e77f-fa37-4900-a33d-d1d6dea98790/1/GryfszEqSr8d3ChRjnYI4Owydd8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GryfszEqSr8d3ChRjnYI4Owydd8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:46:b9:e2:85:d8:1a:fd:ad:7c:c3:2d:ab:52:dc:b5:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1abc9fb3312a4abf1ddc28518e7608e0ec3275df
        Validity
            Not Before: Feb 10 08:45:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a014887a69e06b9837cdb33432140f6295109179
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:aa:e0:9f:ea:81:35:fb:d7:54:e1:25:12:ac:
                    aa:88:d1:5e:cf:f9:6c:d5:5a:78:2b:68:6a:51:b4:
                    02:79:32:d5:8f:0e:ed:ee:93:32:55:e3:58:99:21:
                    93:f9:eb:b9:1e:fb:06:ea:64:52:2b:3b:dc:a2:0f:
                    d4:b8:9a:44:76:84:cb:09:23:ef:d5:b5:5f:0c:55:
                    75:37:c4:e6:cd:6d:f2:dc:dd:16:cd:4c:3c:68:31:
                    bc:5e:f5:86:9f:ff:23:16:ae:ca:37:1e:5f:0e:75:
                    b3:b1:32:cf:fc:b6:8f:d1:99:25:05:9c:0d:d8:01:
                    1f:55:13:42:05:51:6b:0c:43:6e:ea:a9:0e:81:04:
                    1c:62:67:79:45:2a:ba:c1:e5:d8:79:02:d2:51:a0:
                    35:e1:7d:61:31:b6:17:36:a1:7a:43:48:be:db:ab:
                    90:ff:6b:2a:26:e3:ab:ae:4a:30:3f:0b:a9:46:c9:
                    42:2f:42:1b:0b:a1:c0:7a:54:ec:7e:19:0d:aa:5b:
                    8e:48:48:76:17:9e:f0:b4:c1:43:81:9b:2a:ae:1f:
                    39:5f:3b:15:27:cb:01:dc:5c:9b:f3:c5:54:2a:f9:
                    d0:55:d9:c4:e0:04:a4:68:e8:f4:47:f1:b6:e3:6c:
                    42:60:e0:79:5d:54:57:c9:3e:19:fa:18:8c:23:7f:
                    f8:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:14:88:7A:69:E0:6B:98:37:CD:B3:34:32:14:0F:62:95:10:91:79
            X509v3 Authority Key Identifier:
                keyid:1A:BC:9F:B3:31:2A:4A:BF:1D:DC:28:51:8E:76:08:E0:EC:32:75:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GryfszEqSr8d3ChRjnYI4Owydd8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/26e77f-fa37-4900-a33d-d1d6dea98790/1/oBSIemnga5g3zbM0MhQPYpUQkXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/26e77f-fa37-4900-a33d-d1d6dea98790/1/GryfszEqSr8d3ChRjnYI4Owydd8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:62:7c:4d:b5:cf:24:bd:2e:be:1b:28:31:b0:a3:8a:4e:b4:
         6b:76:4f:6a:c3:d4:47:36:46:b2:cb:19:36:06:9e:2e:e2:ce:
         91:f6:9a:66:ac:c0:62:01:21:08:59:04:de:25:6c:52:ca:f6:
         86:cd:51:02:a6:90:75:1d:62:0d:22:b9:d5:87:78:65:ba:c0:
         15:9a:e9:50:58:f9:ce:9d:4f:01:4a:30:4b:c5:92:dd:5c:7a:
         e7:96:54:92:99:ea:ea:d4:3c:56:f7:e4:05:10:16:64:b7:9d:
         c3:5e:47:4c:cf:67:77:30:42:16:51:3a:40:af:23:fe:63:d9:
         b2:1f:64:a8:f6:00:6a:af:ed:89:c6:aa:72:0f:7a:d3:17:0a:
         06:c9:0a:b3:af:59:48:f8:05:cd:99:8f:fe:05:da:f2:dd:cf:
         80:13:ad:fc:6b:5f:4b:65:b7:c2:46:25:9d:25:f1:fe:51:98:
         04:35:f5:de:0c:25:a1:2d:57:9d:51:be:b4:15:de:8e:54:71:
         ba:7e:b6:18:89:c8:e8:5c:0c:c1:2a:bd:d0:35:5e:44:9d:3a:
         a9:7a:ff:ff:b8:8a:28:74:3d:41:da:65:40:d0:64:2a:d0:40:
         cf:9d:05:87:06:29:6d:3e:25:cb:d2:c5:4a:4e:9a:8b:3b:5f:
         70:84:c8:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxGueKF2Br9rXzDLatS3LXVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhYmM5ZmIzMzEyYTRhYmYxZGRjMjg1MThlNzYwOGUwZWMz
Mjc1ZGYwHhcNMjYwMjEwMDg0NTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDE0ODg3YTY5ZTA2Yjk4MzdjZGIzMzQzMjE0MGY2Mjk1MTA5MTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqrgn+qBNfvXVOElEqyqiNFez/ls
1Vp4K2hqUbQCeTLVjw7t7pMyVeNYmSGT+eu5HvsG6mRSKzvcog/UuJpEdoTLCSPv
1bVfDFV1N8TmzW3y3N0WzUw8aDG8XvWGn/8jFq7KNx5fDnWzsTLP/LaP0ZklBZwN
2AEfVRNCBVFrDENu6qkOgQQcYmd5RSq6weXYeQLSUaA14X1hMbYXNqF6Q0i+26uQ
/2sqJuOrrkowPwupRslCL0IbC6HAelTsfhkNqluOSEh2F57wtMFDgZsqrh85XzsV
J8sB3Fyb88VUKvnQVdnE4ASkaOj0R/G242xCYOB5XVRXyT4Z+hiMI3/4ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKAUiHpp4GuYN82zNDIUD2KVEJF5MB8GA1UdIwQY
MBaAFBq8n7MxKkq/HdwoUY52CODsMnXfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3J5ZnN6RXFTcjhkM0NoUmpuWUk0T3d5ZGQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy8yNmU3N2YtZmEzNy00OTAwLWEzM2Qt
ZDFkNmRlYTk4NzkwLzEvb0JTSWVtbmdhNWczemJNME1oUVBZcFVRa1hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy8yNmU3N2YtZmEzNy00OTAwLWEzM2QtZDFkNmRlYTk4Nzkw
LzEvR3J5ZnN6RXFTcjhkM0NoUmpuWUk0T3d5ZGQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV1HMA0G
CSqGSIb3DQEBCwUAA4IBAQCmYnxNtc8kvS6+GygxsKOKTrRrdk9qw9RHNkayyxk2
Bp4u4s6R9ppmrMBiASEIWQTeJWxSyvaGzVECppB1HWINIrnVh3hlusAVmulQWPnO
nU8BSjBLxZLdXHrnllSSmerq1DxW9+QFEBZkt53DXkdMz2d3MEIWUTpAryP+Y9my
H2So9gBqr+2JxqpyD3rTFwoGyQqzr1lI+AXNmY/+Bdry3c+AE638a19LZbfCRiWd
JfH+UZgENfXeDCWhLVedUb60Fd6OVHG6frYYicjoXAzBKr3QNV5EnTqpev//uIoo
dD1B2mVA0GQq0EDPnQWHBiltPiXL0sVKTpqLO19whMjM
-----END CERTIFICATE-----