Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/cmKW1WmKTWGaVrgelK-MBQhTv28.roa
File:                     cmKW1WmKTWGaVrgelK-MBQhTv28.roa (raw, json)
Hash identifier:          GGNu7y6Dn+gWGkwswol3OKk8LnCnOlR63TS26dh0g+8=
Subject key identifier:   72:62:96:D5:69:8A:4D:61:9A:56:B8:1E:94:AF:8C:05:08:53:BF:6F
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019C765562C416B179061FAB16FC2E6F1F73
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/cmKW1WmKTWGaVrgelK-MBQhTv28.roa
Signing time:             Thu 19 Feb 2026 14:37:13 +0000
ROA not before:           Thu 19 Feb 2026 14:37:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        163.5.1.0/24 maxlen: 24
                          163.5.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Feb 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:76:55:62:c4:16:b1:79:06:1f:ab:16:fc:2e:6f:1f:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Feb 19 14:37:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=726296d5698a4d619a56b81e94af8c050853bf6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:c8:e5:18:eb:68:0d:91:e0:5f:59:77:12:47:
                    e0:bb:1f:64:5c:72:6e:f5:6d:30:7f:90:01:30:39:
                    25:91:f0:45:ec:6f:d3:e5:e6:4e:97:b5:ad:f8:c4:
                    ee:a9:fd:59:cc:74:85:3f:cf:a6:26:53:7e:a1:ba:
                    cf:91:46:1e:26:ec:9e:86:ca:ff:e7:51:92:e6:87:
                    43:c2:87:74:73:9b:7d:7b:31:94:51:c3:27:c3:40:
                    92:f3:4f:aa:08:34:22:dd:70:74:a7:de:53:eb:f9:
                    79:1f:83:83:bb:b9:22:ef:26:e0:92:bf:38:c2:d6:
                    64:db:2a:f6:09:63:63:65:64:20:b6:28:fd:50:37:
                    cb:8b:93:36:3a:aa:4d:37:8f:4d:d8:c1:70:31:b9:
                    92:bb:1c:30:8d:eb:d6:12:2c:96:36:80:14:1c:11:
                    3e:b5:78:c3:5a:4a:b6:3a:30:15:5b:c6:44:c3:8d:
                    4d:88:b2:62:0b:bf:51:6a:9d:b3:7b:b0:5e:a9:fc:
                    85:66:a8:cd:8d:02:86:20:19:ae:83:80:7e:91:53:
                    ba:a5:b3:9e:51:0d:8e:c1:ba:ac:d8:a8:e5:01:02:
                    cd:e4:03:82:bc:3e:4b:d9:af:29:80:44:ed:cc:71:
                    fd:2a:db:8b:15:15:3a:b7:86:5a:b2:47:02:a4:1c:
                    f7:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:62:96:D5:69:8A:4D:61:9A:56:B8:1E:94:AF:8C:05:08:53:BF:6F
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/cmKW1WmKTWGaVrgelK-MBQhTv28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.1.0/24
                  163.5.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:bf:7d:66:2c:f3:1a:77:cf:16:4d:4c:ab:41:1d:62:b0:ff:
         d7:cb:15:9a:91:01:ad:3e:7c:f2:c7:63:f2:d6:1a:a9:c4:22:
         fb:5e:62:7f:4f:f4:93:47:46:14:e3:58:c0:e6:31:7a:8b:99:
         98:8f:d1:28:bf:0f:a3:98:73:4e:60:ff:b6:bb:e4:0b:55:46:
         4c:30:02:07:9b:d2:ff:2c:48:1b:73:b2:68:e7:cf:ae:9b:dc:
         11:e7:97:05:e9:e7:a4:32:9a:47:4c:04:e1:b5:59:51:b2:07:
         e5:b7:5e:d9:72:91:0b:46:b5:37:3c:8d:c4:41:88:6f:d7:5f:
         e0:e2:30:a8:49:a7:23:9d:c4:1b:68:8c:43:a4:a0:16:39:6f:
         d6:8d:d3:d7:c8:d0:d3:5f:3f:77:1b:df:6c:00:e2:72:6e:f2:
         05:07:0f:8c:58:ba:4a:ba:83:c4:b9:18:14:5f:d8:0f:ef:e1:
         09:8c:b1:86:3d:99:7e:33:a3:2b:bb:f6:37:b9:ec:01:28:b1:
         60:dc:69:95:a1:0e:07:95:47:63:77:93:92:c0:b9:53:e1:0d:
         40:9a:74:19:62:d7:2f:d6:30:66:7d:9f:a9:9b:de:17:01:ec:
         9d:ec:d5:09:9d:6d:c9:3e:cc:e8:0c:fb:cf:bf:7f:12:97:39:
         b8:fe:9a:34
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZx2VWLEFrF5Bh+rFvwubx9zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMjE5MTQzNzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjYyOTZkNTY5OGE0ZDYxOWE1NmI4MWU5NGFmOGMwNTA4NTNiZjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMjlGOtoDZHgX1l3Ekfgux9kXHJu
9W0wf5ABMDklkfBF7G/T5eZOl7Wt+MTuqf1ZzHSFP8+mJlN+obrPkUYeJuyehsr/
51GS5odDwod0c5t9ezGUUcMnw0CS80+qCDQi3XB0p95T6/l5H4ODu7ki7ybgkr84
wtZk2yr2CWNjZWQgtij9UDfLi5M2OqpNN49N2MFwMbmSuxwwjevWEiyWNoAUHBE+
tXjDWkq2OjAVW8ZEw41NiLJiC79Rap2ze7BeqfyFZqjNjQKGIBmug4B+kVO6pbOe
UQ2Owbqs2KjlAQLN5AOCvD5L2a8pgETtzHH9KtuLFRU6t4ZaskcCpBz3SwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHJiltVpik1hmla4HpSvjAUIU79vMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvY21LVzFXbUtUV0dhVnJnZWxLLU1CUWhUdjI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowUBAwQA
owUrMA0GCSqGSIb3DQEBCwUAA4IBAQBXv31mLPMad88WTUyrQR1isP/XyxWakQGt
Pnzyx2Py1hqpxCL7XmJ/T/STR0YU41jA5jF6i5mYj9Eovw+jmHNOYP+2u+QLVUZM
MAIHm9L/LEgbc7Jo58+um9wR55cF6eekMppHTAThtVlRsgflt17ZcpELRrU3PI3E
QYhv11/g4jCoSacjncQbaIxDpKAWOW/WjdPXyNDTXz93G99sAOJybvIFBw+MWLpK
uoPEuRgUX9gP7+EJjLGGPZl+M6Mru/Y3uewBKLFg3GmVoQ4HlUdjd5OSwLlT4Q1A
mnQZYtcv1jBmfZ+pm94XAeyd7NUJnW3JPszoDPvPv38Slzm4/po0
-----END CERTIFICATE-----