Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/PKn31FXR53Xwk3m5RbkfVPu3O18.roa
File:                     PKn31FXR53Xwk3m5RbkfVPu3O18.roa (raw, json)
Hash identifier:          V5aXDxNY8oqP48Wlz/CnGhRsycmT9xhp49YGWm6D66E=
Subject key identifier:   3C:A9:F7:D4:55:D1:E7:75:F0:93:79:B9:45:B9:1F:54:FB:B7:3B:5F
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019C668C3EB12153834B529CFBB6A67D5327
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/PKn31FXR53Xwk3m5RbkfVPu3O18.roa
Signing time:             Mon 16 Feb 2026 13:03:12 +0000
ROA not before:           Mon 16 Feb 2026 13:03:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     174
IP address blocks:        178.254.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:66:8c:3e:b1:21:53:83:4b:52:9c:fb:b6:a6:7d:53:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Feb 16 13:03:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3ca9f7d455d1e775f09379b945b91f54fbb73b5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:af:52:96:29:e2:22:09:c4:fe:26:3a:3d:ec:
                    b5:3e:fc:ca:95:ad:4e:c3:4a:1d:d0:3c:fd:50:f5:
                    03:c5:fc:ec:70:3d:ab:50:06:05:89:ab:6c:a2:ac:
                    69:74:3c:36:94:f8:d5:b1:9a:44:9a:4a:09:bc:59:
                    8d:bd:51:b1:be:1b:db:f8:51:68:65:73:90:d8:ae:
                    96:cc:74:c1:c4:12:f2:94:fe:d3:52:d6:f1:6c:ba:
                    be:59:86:8c:a0:d3:a7:4f:ac:1c:93:6e:93:67:75:
                    41:98:f1:0a:05:34:c5:65:30:6a:2e:a1:75:e7:2a:
                    0f:30:b8:2e:4f:e5:b1:d6:27:17:c9:63:e8:0b:60:
                    81:3f:13:55:ee:27:49:33:f8:89:03:ed:23:52:63:
                    5e:89:63:78:86:a6:b1:c4:3f:ad:e4:79:87:25:b5:
                    fa:de:2d:02:21:a8:7f:5f:c5:91:af:4b:5e:3e:e2:
                    5f:35:aa:29:c6:f8:cd:84:a0:c1:70:95:b9:3a:60:
                    de:c0:2d:f5:30:89:f3:36:38:98:d7:30:b8:0d:bb:
                    6e:d2:f3:02:bf:1e:96:24:6f:35:21:04:21:34:76:
                    e4:60:60:a0:18:6a:4d:a0:da:55:2a:12:6e:b1:c0:
                    a7:6d:5b:91:6b:d2:0a:17:62:12:1a:34:46:58:ca:
                    98:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:A9:F7:D4:55:D1:E7:75:F0:93:79:B9:45:B9:1F:54:FB:B7:3B:5F
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/PKn31FXR53Xwk3m5RbkfVPu3O18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.254.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:87:11:2b:37:b0:fd:38:19:fe:ca:ca:3a:a4:d7:e5:00:59:
         df:2a:45:e6:d8:6d:e6:6c:4a:5c:95:c2:34:59:f3:c1:1d:48:
         35:1f:77:5a:d3:c0:46:8d:b3:e8:f2:ff:8b:1f:65:95:f6:c6:
         10:d9:ee:72:a0:31:87:aa:c4:b5:80:d7:40:03:8e:15:fa:cf:
         05:92:6c:15:09:64:dc:7f:87:41:c8:6c:0d:91:55:3b:0d:07:
         ef:36:9e:4c:2a:4a:7d:48:2b:ac:81:7e:d5:52:f8:76:3b:b0:
         7c:45:0b:1b:d5:45:07:58:bb:6c:b2:03:ea:89:2e:67:6f:bb:
         92:d8:9f:33:0d:45:ed:8b:c1:f7:54:e0:26:8f:93:91:28:37:
         23:44:3b:32:5e:66:71:05:59:e6:bf:e4:5d:e3:5f:97:81:75:
         37:f4:98:ca:5a:59:27:48:b2:bd:fa:95:d9:0a:17:32:00:2c:
         f6:59:95:3a:d5:1f:fa:2e:92:04:f1:b0:2f:1b:ce:68:52:d8:
         a8:89:ba:53:1e:d9:d9:16:e3:b9:6e:93:75:b1:cb:db:f4:32:
         98:59:ab:4a:77:93:a2:fa:fe:6f:72:7f:a7:e8:1b:53:e7:5b:
         78:3c:61:cc:7c:98:da:eb:6b:4d:43:4e:ed:16:13:0e:90:54:
         36:9b:3c:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxmjD6xIVODS1Kc+7amfVMnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjYwMjE2MTMwMzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2E5ZjdkNDU1ZDFlNzc1ZjA5Mzc5Yjk0NWI5MWY1NGZiYjczYjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsa9SliniIgnE/iY6Pey1PvzKla1O
w0od0Dz9UPUDxfzscD2rUAYFiatsoqxpdDw2lPjVsZpEmkoJvFmNvVGxvhvb+FFo
ZXOQ2K6WzHTBxBLylP7TUtbxbLq+WYaMoNOnT6wck26TZ3VBmPEKBTTFZTBqLqF1
5yoPMLguT+Wx1icXyWPoC2CBPxNV7idJM/iJA+0jUmNeiWN4hqaxxD+t5HmHJbX6
3i0CIah/X8WRr0tePuJfNaopxvjNhKDBcJW5OmDewC31MInzNjiY1zC4Dbtu0vMC
vx6WJG81IQQhNHbkYGCgGGpNoNpVKhJuscCnbVuRa9IKF2ISGjRGWMqYfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDyp99RV0ed18JN5uUW5H1T7tztfMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvUEtuMzFGWFI1M1h3azNtNVJia2ZWUHUzTzE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv6yMA0G
CSqGSIb3DQEBCwUAA4IBAQAMhxErN7D9OBn+yso6pNflAFnfKkXm2G3mbEpclcI0
WfPBHUg1H3da08BGjbPo8v+LH2WV9sYQ2e5yoDGHqsS1gNdAA44V+s8FkmwVCWTc
f4dByGwNkVU7DQfvNp5MKkp9SCusgX7VUvh2O7B8RQsb1UUHWLtssgPqiS5nb7uS
2J8zDUXti8H3VOAmj5ORKDcjRDsyXmZxBVnmv+Rd41+XgXU39JjKWlknSLK9+pXZ
ChcyACz2WZU61R/6LpIE8bAvG85oUtioibpTHtnZFuO5bpN1scvb9DKYWatKd5Oi
+v5vcn+n6BtT51t4PGHMfJja62tNQ07tFhMOkFQ2mzyC
-----END CERTIFICATE-----