Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/nD_TYErQuCa6pKSiX4EPCO1cJ1M.roa
File:                     nD_TYErQuCa6pKSiX4EPCO1cJ1M.roa (raw, json)
Hash identifier:          Grw8+lF/Xjxt8WC8pFNNeWRTuO44e3tzus6ft1FVG8I=
Subject key identifier:   9C:3F:D3:60:4A:D0:B8:26:BA:A4:A4:A2:5F:81:0F:08:ED:5C:27:53
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019C7B1DA8EDE515319582E2F14FF808F1EF
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/nD_TYErQuCa6pKSiX4EPCO1cJ1M.roa
Signing time:             Fri 20 Feb 2026 12:54:27 +0000
ROA not before:           Fri 20 Feb 2026 12:54:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198949
IP address blocks:        141.136.58.0/24 maxlen: 24
                          141.136.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Feb 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7b:1d:a8:ed:e5:15:31:95:82:e2:f1:4f:f8:08:f1:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Feb 20 12:54:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9c3fd3604ad0b826baa4a4a25f810f08ed5c2753
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:0d:a3:78:c9:ae:ca:6b:d0:67:e8:2d:5d:55:
                    a0:f8:46:3e:e7:34:3b:03:bd:18:f9:fc:13:b6:30:
                    46:d4:8a:79:56:ff:31:f0:bf:ed:f2:17:0b:e1:3c:
                    24:8f:2c:4d:e9:2a:c6:3b:28:90:77:82:7a:df:f5:
                    f8:8c:91:db:a7:16:96:56:2b:c9:c3:f4:99:56:82:
                    ee:c1:6c:9e:23:33:54:89:59:d6:25:60:52:f4:dd:
                    4a:74:66:f1:5f:10:e5:45:25:bc:eb:f3:fa:ce:c0:
                    62:f5:ed:61:c5:3d:9e:98:e0:40:f5:2f:e7:7d:fa:
                    c3:ed:e5:e5:28:45:32:ac:11:6a:b1:21:d5:97:85:
                    4d:48:f2:6d:77:fc:75:33:00:b5:4a:00:f8:1c:09:
                    d5:fe:0e:7d:fa:bc:3c:52:9b:bf:11:14:2f:0a:eb:
                    23:78:48:53:e0:c1:ec:78:44:73:54:ef:a1:73:02:
                    e9:83:bd:8f:9b:4c:95:fe:f8:81:db:2c:3b:c4:41:
                    c9:b4:db:3c:e8:6d:5a:f0:31:39:0f:da:9f:5a:e8:
                    25:6b:37:c9:22:3b:09:0b:de:ae:41:ac:3f:52:ad:
                    a0:1f:44:0f:cd:7f:66:f8:fe:b4:f7:d6:08:0e:d7:
                    8d:d9:d2:17:98:47:32:ad:7f:d2:7f:7b:7c:24:0e:
                    ad:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:3F:D3:60:4A:D0:B8:26:BA:A4:A4:A2:5F:81:0F:08:ED:5C:27:53
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/nD_TYErQuCa6pKSiX4EPCO1cJ1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.136.58.0/24
                  141.136.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:fd:83:b9:b5:c6:eb:e6:22:49:a2:53:7e:62:c4:49:9d:55:
         8c:7b:20:ec:ea:ea:3a:d4:08:0f:7d:58:ac:20:72:f6:29:6d:
         3c:9f:98:03:68:19:1a:34:bc:b4:17:74:f9:36:07:89:5d:d9:
         10:8a:e1:a5:7c:50:79:6f:e6:45:72:ce:90:2d:cf:59:e5:a0:
         c3:cc:ca:d1:38:0b:91:81:9e:bf:93:90:3e:35:e3:ae:07:66:
         d2:09:9e:9c:d0:b8:e1:f1:8f:58:2f:58:75:f6:02:d3:8d:fa:
         55:61:e3:70:23:ef:22:08:00:21:2e:4c:98:07:c3:50:aa:6d:
         73:f9:bf:f1:00:89:a1:a9:e7:86:b1:8a:6e:b8:33:f0:c6:bc:
         13:ae:dd:4e:ef:36:66:9d:92:29:55:d5:4d:97:37:df:e9:78:
         b1:27:67:de:cf:64:29:20:e2:9f:6b:2b:65:91:f5:ec:f0:e9:
         db:1e:6d:5a:30:3f:37:cf:4a:80:69:c8:0b:93:e3:3b:6e:b4:
         ce:d4:0e:ca:70:34:0e:7a:a1:19:4c:90:30:27:5e:d3:44:a1:
         a8:8d:ea:8f:96:58:3d:b7:c4:0a:2e:79:c2:00:20:1f:29:47:
         57:17:cc:05:21:46:0b:7c:21:0f:d5:08:1d:28:13:05:69:57:
         7b:db:26:28
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZx7Hajt5RUxlYLi8U/4CPHvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwMjIwMTI1NDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzNmZDM2MDRhZDBiODI2YmFhNGE0YTI1ZjgxMGYwOGVkNWMyNzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQ2jeMmuymvQZ+gtXVWg+EY+5zQ7
A70Y+fwTtjBG1Ip5Vv8x8L/t8hcL4TwkjyxN6SrGOyiQd4J63/X4jJHbpxaWVivJ
w/SZVoLuwWyeIzNUiVnWJWBS9N1KdGbxXxDlRSW86/P6zsBi9e1hxT2emOBA9S/n
ffrD7eXlKEUyrBFqsSHVl4VNSPJtd/x1MwC1SgD4HAnV/g59+rw8Upu/ERQvCusj
eEhT4MHseERzVO+hcwLpg72Pm0yV/viB2yw7xEHJtNs86G1a8DE5D9qfWuglazfJ
IjsJC96uQaw/Uq2gH0QPzX9m+P6099YIDteN2dIXmEcyrX/Sf3t8JA6tIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJw/02BK0LgmuqSkol+BDwjtXCdTMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvbkRfVFlFclF1Q2E2cEtTaVg0RVBDTzFjSjFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjYg6AwQA
jYg8MA0GCSqGSIb3DQEBCwUAA4IBAQC5/YO5tcbr5iJJolN+YsRJnVWMeyDs6uo6
1AgPfVisIHL2KW08n5gDaBkaNLy0F3T5NgeJXdkQiuGlfFB5b+ZFcs6QLc9Z5aDD
zMrROAuRgZ6/k5A+NeOuB2bSCZ6c0Ljh8Y9YL1h19gLTjfpVYeNwI+8iCAAhLkyY
B8NQqm1z+b/xAImhqeeGsYpuuDPwxrwTrt1O7zZmnZIpVdVNlzff6XixJ2fez2Qp
IOKfaytlkfXs8OnbHm1aMD83z0qAacgLk+M7brTO1A7KcDQOeqEZTJAwJ17TRKGo
jeqPllg9t8QKLnnCACAfKUdXF8wFIUYLfCEP1QgdKBMFaVd72yYo
-----END CERTIFICATE-----