Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/pq1RblxOcQVVpHv1RgmRXQInDtg.roa
File:                     pq1RblxOcQVVpHv1RgmRXQInDtg.roa (raw, json)
Hash identifier:          ifk+fKQCKQhVNYzjMhHg5Fij9puagh6FnpCYoXlsv3w=
Subject key identifier:   A6:AD:51:6E:5C:4E:71:05:55:A4:7B:F5:46:09:91:5D:02:27:0E:D8
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019C6F4F4CFA4E28C0E74270C619D28AFCD1
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/pq1RblxOcQVVpHv1RgmRXQInDtg.roa
Signing time:             Wed 18 Feb 2026 05:53:13 +0000
ROA not before:           Wed 18 Feb 2026 05:53:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24961
IP address blocks:        45.14.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Feb 2026 01:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6f:4f:4c:fa:4e:28:c0:e7:42:70:c6:19:d2:8a:fc:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb 18 05:53:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a6ad516e5c4e710555a47bf54609915d02270ed8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ab:a5:e7:f5:a3:2d:66:8a:89:20:d9:24:0c:
                    20:8c:98:0c:06:44:67:c6:72:a1:97:bf:8c:af:73:
                    28:33:43:22:c3:cf:c0:52:fb:7c:98:a2:8a:51:47:
                    b3:86:50:20:84:c6:44:df:95:2d:74:75:da:ae:39:
                    28:93:51:43:0d:16:69:03:2d:bb:4f:48:c4:2b:c2:
                    23:42:48:57:75:d7:53:93:10:9e:2a:27:a2:8a:16:
                    8d:e7:9b:f7:eb:5c:1f:d4:50:99:08:f4:cd:f6:5f:
                    83:9b:93:ec:10:97:ac:12:9c:fe:b1:9a:f1:bc:86:
                    e4:69:19:50:6a:7a:b0:de:6b:0e:01:a1:b4:da:56:
                    24:38:de:c8:79:b6:2d:73:56:a5:0c:d7:6f:b0:0f:
                    ec:16:7a:a7:22:0c:ad:9b:5c:10:93:36:04:79:fd:
                    da:42:1c:0f:a3:26:e8:57:ed:3f:ba:da:d2:8d:5f:
                    e5:9e:1c:02:c1:a8:77:60:ce:32:3e:79:05:0d:56:
                    5e:f1:47:59:9d:9e:c5:a5:35:b4:58:d2:cb:32:fb:
                    5c:ee:3a:b3:64:d0:79:19:6d:61:c6:3d:a1:2c:36:
                    48:bd:6f:3b:a8:7e:75:a3:f3:f8:85:50:ed:8d:66:
                    63:6e:a5:12:c8:90:d9:86:86:ae:2d:c5:5f:00:8c:
                    79:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:AD:51:6E:5C:4E:71:05:55:A4:7B:F5:46:09:91:5D:02:27:0E:D8
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/pq1RblxOcQVVpHv1RgmRXQInDtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:9a:48:db:d5:d1:a3:87:d6:b4:56:c5:f8:74:a1:54:4d:e3:
         2d:01:28:12:d2:4e:88:9a:66:15:22:f4:e6:5c:2d:22:db:9e:
         05:a4:ce:78:bd:16:e8:f5:16:30:c4:9c:6c:6c:62:26:00:c7:
         e6:f4:a5:4d:b9:77:b3:25:af:73:26:59:09:86:af:80:5f:b6:
         5a:6b:8e:9e:6f:26:c7:5a:11:de:e5:0e:ae:2e:e9:59:12:0a:
         a5:7d:1b:17:1d:f0:c7:a0:d2:5e:d3:a5:40:d1:5f:c3:74:56:
         22:59:d3:bb:ff:3d:e9:5f:8f:0f:3c:fc:1a:19:1c:63:13:de:
         a7:de:a1:b0:46:ef:d4:df:fc:d5:95:ff:7b:cc:14:73:90:34:
         ee:51:4d:b5:44:8b:65:84:14:68:c3:dc:19:98:0e:7e:81:ad:
         f8:ca:cc:cc:50:e8:4d:89:a1:b7:6d:40:7d:00:d8:2f:de:a2:
         83:8a:97:8d:84:d2:18:5d:08:ce:a0:25:bc:81:5f:73:4f:cf:
         f6:97:c5:6f:3f:63:29:12:d8:dc:f3:42:65:cb:a0:13:25:ab:
         1e:f2:cd:d4:58:ec:ef:3f:92:d1:ba:a8:08:eb:3a:35:b1:67:
         22:dd:eb:35:27:6b:b3:16:58:7f:4d:e9:ef:bd:7d:81:f5:d9:
         48:65:66:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxvT0z6TijA50JwxhnSivzRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwMjE4MDU1MzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmFkNTE2ZTVjNGU3MTA1NTVhNDdiZjU0NjA5OTE1ZDAyMjcwZWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmaul5/WjLWaKiSDZJAwgjJgMBkRn
xnKhl7+Mr3MoM0Miw8/AUvt8mKKKUUezhlAghMZE35UtdHXarjkok1FDDRZpAy27
T0jEK8IjQkhXdddTkxCeKieiihaN55v361wf1FCZCPTN9l+Dm5PsEJesEpz+sZrx
vIbkaRlQanqw3msOAaG02lYkON7IebYtc1alDNdvsA/sFnqnIgytm1wQkzYEef3a
QhwPoyboV+0/utrSjV/lnhwCwah3YM4yPnkFDVZe8UdZnZ7FpTW0WNLLMvtc7jqz
ZNB5GW1hxj2hLDZIvW87qH51o/P4hVDtjWZjbqUSyJDZhoauLcVfAIx50wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKatUW5cTnEFVaR79UYJkV0CJw7YMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvcHExUmJseE9jUVZWcEh2MVJnbVJYUUluRHRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ6kMA0G
CSqGSIb3DQEBCwUAA4IBAQCKmkjb1dGjh9a0VsX4dKFUTeMtASgS0k6ImmYVIvTm
XC0i254FpM54vRbo9RYwxJxsbGImAMfm9KVNuXezJa9zJlkJhq+AX7Zaa46ebybH
WhHe5Q6uLulZEgqlfRsXHfDHoNJe06VA0V/DdFYiWdO7/z3pX48PPPwaGRxjE96n
3qGwRu/U3/zVlf97zBRzkDTuUU21RItlhBRow9wZmA5+ga34yszMUOhNiaG3bUB9
ANgv3qKDipeNhNIYXQjOoCW8gV9zT8/2l8VvP2MpEtjc80Jly6ATJase8s3UWOzv
P5LRuqgI6zo1sWci3es1J2uzFlh/TenvvX2B9dlIZWaQ
-----END CERTIFICATE-----