Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/yWZ-5OdaSQI1LPfjNeNs7tCX608.roa
File:                     yWZ-5OdaSQI1LPfjNeNs7tCX608.roa (raw, json)
Hash identifier:          esuWPq3Xg5U/Su3ABpCWC8pkIxvEw4LQCmVfV8WC2QE=
Subject key identifier:   C9:66:7E:E4:E7:5A:49:02:35:2C:F7:E3:35:E3:6C:EE:D0:97:EB:4F
Certificate issuer:       /CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
Certificate serial:       019C58E118E70B8BFD79002A5FA3B0B14321
Authority key identifier: E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/yWZ-5OdaSQI1LPfjNeNs7tCX608.roa
Signing time:             Fri 13 Feb 2026 21:21:12 +0000
ROA not before:           Fri 13 Feb 2026 21:21:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214961
IP address blocks:        94.154.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 24 Feb 2026 06:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:58:e1:18:e7:0b:8b:fd:79:00:2a:5f:a3:b0:b1:43:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
        Validity
            Not Before: Feb 13 21:21:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c9667ee4e75a4902352cf7e335e36ceed097eb4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:4f:a4:c9:2f:38:20:76:37:ee:c1:93:34:ef:
                    d4:3f:e0:2f:9e:7e:03:84:3b:81:1d:41:3f:b3:29:
                    a9:7c:8f:f6:05:29:97:6b:ea:fb:28:98:df:24:9d:
                    f8:fa:07:db:a1:a2:15:19:28:1b:a7:e0:a8:7d:b8:
                    23:7e:89:dd:d3:b7:9d:77:48:82:3e:fd:ea:1d:e2:
                    d6:9f:d4:17:0b:12:da:69:6b:82:c8:2d:a9:f1:dc:
                    6e:e0:b3:5e:ec:40:d6:f7:3d:b7:40:c9:ef:8c:5c:
                    4f:28:0c:07:c0:76:05:8c:2c:8c:81:41:01:84:81:
                    0b:7e:4d:d4:1e:a1:e8:75:2b:c7:0f:bd:1d:57:c4:
                    5f:a1:d1:d5:a8:da:59:3e:b6:86:67:f0:6a:8b:34:
                    16:c9:e6:26:00:5b:80:2e:81:4c:b0:79:be:b4:85:
                    f0:b7:87:76:61:65:e7:23:45:93:a8:8d:5c:3d:d1:
                    56:0f:89:d6:d6:2e:b8:67:6e:f9:d5:9b:f9:1f:ff:
                    38:ea:5e:3f:54:9a:dc:1c:d4:8e:21:ea:27:27:98:
                    22:ef:85:1e:ec:04:33:93:49:47:b8:fe:65:0f:20:
                    19:fc:2a:b9:33:7f:cf:a4:ea:46:f1:d4:25:97:ad:
                    00:5b:99:ff:21:ed:54:0b:57:d8:13:2d:61:0b:12:
                    1b:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:66:7E:E4:E7:5A:49:02:35:2C:F7:E3:35:E3:6C:EE:D0:97:EB:4F
            X509v3 Authority Key Identifier:
                keyid:E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/yWZ-5OdaSQI1LPfjNeNs7tCX608.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:75:15:d5:a8:a7:51:ef:aa:69:d1:15:5e:97:86:f5:3c:90:
         17:a5:61:e5:3b:07:07:47:b5:56:17:2f:23:cb:aa:44:63:c5:
         f4:82:d0:aa:ec:fb:7f:7e:57:0d:f3:6d:aa:9e:a2:e0:33:a3:
         73:78:d5:ce:44:13:9c:97:1b:31:ac:85:96:15:a3:2b:92:e7:
         8d:10:a6:14:b3:fe:1d:1c:8b:2c:4f:94:15:f6:00:6a:ee:38:
         ac:07:d1:a8:f0:34:50:9f:0a:8d:5c:ff:a5:02:98:62:ef:e7:
         16:f6:fa:6a:60:96:6d:b7:b6:e4:d6:43:99:52:b9:e8:bf:57:
         11:73:6d:24:f8:cb:1d:e0:06:3c:b7:e7:da:ec:f1:c6:61:27:
         3d:7d:ad:20:5b:c2:37:07:65:a9:3a:3c:18:6e:fc:06:98:6f:
         8f:98:ba:bf:67:26:c0:90:64:7c:ac:c0:1d:05:b0:74:0e:6a:
         82:e9:49:9d:ef:5b:f2:be:1e:f6:01:53:4e:99:3a:1d:47:ae:
         3c:03:31:09:40:b4:b4:c9:34:a9:ab:36:d3:43:d8:55:10:66:
         ff:3f:fc:4f:b1:0f:8f:6f:c3:2c:09:16:a2:d7:53:b1:69:92:
         2d:d8:2e:c5:5e:08:7b:31:e1:4a:a6:9c:d7:79:d5:61:10:f5:
         46:ab:f4:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxY4RjnC4v9eQAqX6OwsUMhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Y2YzODg0Yjc4MDA3YTI1ZGJlMmUyY2VmMGNjNzNiNjk5
MjFmODgwHhcNMjYwMjEzMjEyMTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTY2N2VlNGU3NWE0OTAyMzUyY2Y3ZTMzNWUzNmNlZWQwOTdlYjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyE+kyS84IHY37sGTNO/UP+Avnn4D
hDuBHUE/sympfI/2BSmXa+r7KJjfJJ34+gfboaIVGSgbp+Cofbgjfond07edd0iC
Pv3qHeLWn9QXCxLaaWuCyC2p8dxu4LNe7EDW9z23QMnvjFxPKAwHwHYFjCyMgUEB
hIELfk3UHqHodSvHD70dV8RfodHVqNpZPraGZ/BqizQWyeYmAFuALoFMsHm+tIXw
t4d2YWXnI0WTqI1cPdFWD4nW1i64Z2751Zv5H/846l4/VJrcHNSOIeonJ5gi74Ue
7AQzk0lHuP5lDyAZ/Cq5M3/PpOpG8dQll60AW5n/Ie1UC1fYEy1hCxIbjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMlmfuTnWkkCNSz34zXjbO7Ql+tPMB8GA1UdIwQY
MBaAFOfPOIS3gAeiXb4uLO8Mxztpkh+IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgt
YTE4NGYzNTU2ZTQzLzEveVdaLTVPZGFTUUkxTFBmak5lTnM3dENYNjA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgtYTE4NGYzNTU2ZTQz
LzEvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpogMA0G
CSqGSIb3DQEBCwUAA4IBAQAcdRXVqKdR76pp0RVel4b1PJAXpWHlOwcHR7VWFy8j
y6pEY8X0gtCq7Pt/flcN822qnqLgM6NzeNXORBOclxsxrIWWFaMrkueNEKYUs/4d
HIssT5QV9gBq7jisB9Go8DRQnwqNXP+lAphi7+cW9vpqYJZtt7bk1kOZUrnov1cR
c20k+Msd4AY8t+fa7PHGYSc9fa0gW8I3B2WpOjwYbvwGmG+PmLq/ZybAkGR8rMAd
BbB0DmqC6Umd71vyvh72AVNOmTodR648AzEJQLS0yTSpqzbTQ9hVEGb/P/xPsQ+P
b8MsCRai11OxaZIt2C7FXgh7MeFKppzXedVhEPVGq/TX
-----END CERTIFICATE-----