Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/h9u4DfipobReXuEiWzWzM5DyqDg.roa
File:                     h9u4DfipobReXuEiWzWzM5DyqDg.roa (raw, json)
Hash identifier:          EkmpfqduZILDOkjZmc9IOhDZh2tXHoeaKKFboeH+zxA=
Subject key identifier:   87:DB:B8:0D:F8:A9:A1:B4:5E:5E:E1:22:5B:35:B3:33:90:F2:A8:38
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019C56745F26AE752A9F47FAB25AAEAB543B
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/h9u4DfipobReXuEiWzWzM5DyqDg.roa
Signing time:             Fri 13 Feb 2026 10:03:12 +0000
ROA not before:           Fri 13 Feb 2026 10:03:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        178.239.127.0/24 maxlen: 24
                          185.95.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Feb 2026 21:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:56:74:5f:26:ae:75:2a:9f:47:fa:b2:5a:ae:ab:54:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Feb 13 10:03:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=87dbb80df8a9a1b45e5ee1225b35b33390f2a838
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:0e:3c:11:2c:16:fd:94:0d:f0:a7:c4:d9:51:
                    64:4f:ad:1f:d4:ca:b1:53:8d:0c:ce:75:b2:64:8a:
                    e5:0e:18:a9:19:61:46:95:dc:de:10:10:b3:61:2e:
                    a8:6f:34:9b:b7:4c:9f:a0:18:ef:a9:28:a3:98:7b:
                    95:42:5c:14:7b:55:ce:31:6d:79:e1:89:76:ae:7a:
                    83:4d:c0:da:6e:68:7c:41:36:cc:77:0c:48:92:bf:
                    1f:76:57:2c:0a:9e:3c:4e:b2:bc:20:07:be:f8:06:
                    88:e1:b1:ab:69:8a:29:68:13:3a:ca:bc:bc:ad:37:
                    38:62:2f:1f:f2:e5:e2:88:fa:c7:33:d1:bf:07:2b:
                    dd:aa:ed:95:bd:61:fe:c9:a9:26:44:f0:12:33:2e:
                    fe:f0:86:a2:cb:b0:2b:00:e3:54:f5:07:f9:95:bb:
                    50:b2:c3:80:25:0c:0d:6e:e9:75:d4:d0:c3:59:a3:
                    d3:3d:15:02:2c:e7:5b:c5:a9:72:b7:bd:1b:40:59:
                    b7:7d:66:1a:dc:c3:0c:6e:9a:92:d8:63:5d:41:31:
                    d4:1d:29:dd:89:49:1b:3c:f2:5e:ab:5e:05:25:5c:
                    ed:0b:b3:81:34:23:fb:dc:cb:15:ff:88:12:e6:f8:
                    a8:2f:90:3c:f9:94:ce:d4:cb:02:bd:05:d0:8d:f8:
                    54:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:DB:B8:0D:F8:A9:A1:B4:5E:5E:E1:22:5B:35:B3:33:90:F2:A8:38
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/h9u4DfipobReXuEiWzWzM5DyqDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.127.0/24
                  185.95.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:be:46:74:e9:bf:81:8b:ad:20:2a:5c:f1:9d:ea:26:d0:0f:
         8a:a9:9c:4b:40:bb:4b:3b:3f:18:1d:0e:77:69:f1:ef:1e:60:
         1a:92:ce:c5:e8:6d:c9:ca:52:f4:f2:c7:37:40:05:bb:3d:69:
         4c:4a:0b:7a:c5:78:0a:c6:da:95:73:b4:27:4e:b3:f5:91:46:
         e8:2c:96:72:03:06:c5:b1:35:0a:73:df:37:4a:d3:25:17:8b:
         4d:f0:2a:fe:22:b3:1e:d5:e5:94:73:27:63:fe:e2:20:ed:18:
         c2:0e:5c:6e:45:b2:a1:64:12:b2:22:e0:6f:7c:a6:5d:1e:0a:
         bf:b7:16:73:b0:0c:0e:0f:fa:85:be:0f:c8:13:4a:2e:42:63:
         4f:d1:f0:7e:a3:73:49:75:22:b8:9a:db:af:77:76:37:bc:da:
         79:7d:dc:fe:d4:8c:2b:8b:64:30:36:dc:57:77:72:ec:0c:a1:
         c3:28:95:75:e2:7b:4f:1c:94:fb:96:37:3e:05:d9:af:48:57:
         84:13:e1:0c:5b:88:3e:9b:25:54:4c:eb:7f:d8:64:32:c5:0f:
         de:97:a3:df:05:c1:e2:32:0d:87:fa:10:ff:43:9b:a0:e4:97:
         06:28:de:bb:ef:f0:f6:ec:a4:f9:51:9f:4e:7f:5f:5e:43:47:
         ef:19:97:28
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxWdF8mrnUqn0f6slquq1Q7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjYwMjEzMTAwMzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2RiYjgwZGY4YTlhMWI0NWU1ZWUxMjI1YjM1YjMzMzkwZjJhODM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0w48ESwW/ZQN8KfE2VFkT60f1Mqx
U40MznWyZIrlDhipGWFGldzeEBCzYS6obzSbt0yfoBjvqSijmHuVQlwUe1XOMW15
4Yl2rnqDTcDabmh8QTbMdwxIkr8fdlcsCp48TrK8IAe++AaI4bGraYopaBM6yry8
rTc4Yi8f8uXiiPrHM9G/Byvdqu2VvWH+yakmRPASMy7+8Iaiy7ArAONU9Qf5lbtQ
ssOAJQwNbul11NDDWaPTPRUCLOdbxalyt70bQFm3fWYa3MMMbpqS2GNdQTHUHSnd
iUkbPPJeq14FJVztC7OBNCP73MsV/4gS5vioL5A8+ZTO1MsCvQXQjfhUcQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIfbuA34qaG0Xl7hIls1szOQ8qg4MB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvaDl1NERmaXBvYlJlWHVFaVd6V3pNNUR5cURnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsu9/AwQA
uV+eMA0GCSqGSIb3DQEBCwUAA4IBAQAfvkZ06b+Bi60gKlzxneom0A+KqZxLQLtL
Oz8YHQ53afHvHmAaks7F6G3JylL08sc3QAW7PWlMSgt6xXgKxtqVc7QnTrP1kUbo
LJZyAwbFsTUKc983StMlF4tN8Cr+IrMe1eWUcydj/uIg7RjCDlxuRbKhZBKyIuBv
fKZdHgq/txZzsAwOD/qFvg/IE0ouQmNP0fB+o3NJdSK4mtuvd3Y3vNp5fdz+1Iwr
i2QwNtxXd3LsDKHDKJV14ntPHJT7ljc+BdmvSFeEE+EMW4g+myVUTOt/2GQyxQ/e
l6PfBcHiMg2H+hD/Q5ug5JcGKN677/D27KT5UZ9Of19eQ0fvGZco
-----END CERTIFICATE-----