Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/xiLzKMbsP2hR2dinGnnh2ffYdNg.roa
File:                     xiLzKMbsP2hR2dinGnnh2ffYdNg.roa (raw, json)
Hash identifier:          UNKk8UicZLwGLHFDEuUZ+yTryGyRHEhcFM6P+iXQVAg=
Subject key identifier:   C6:22:F3:28:C6:EC:3F:68:51:D9:D8:A7:1A:79:E1:D9:F7:D8:74:D8
Certificate issuer:       /CN=de12eb9c75d359d25137b5ef4e176f5eeb6c4342
Certificate serial:       019C50FD71D86F63CF739E3D66EA0AFD3DAA
Authority key identifier: DE:12:EB:9C:75:D3:59:D2:51:37:B5:EF:4E:17:6F:5E:EB:6C:43:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3hLrnHXTWdJRN7XvThdvXutsQ0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/xiLzKMbsP2hR2dinGnnh2ffYdNg.roa
Signing time:             Thu 12 Feb 2026 08:35:12 +0000
ROA not before:           Thu 12 Feb 2026 08:35:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211486
IP address blocks:        94.26.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/3hLrnHXTWdJRN7XvThdvXutsQ0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/3hLrnHXTWdJRN7XvThdvXutsQ0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3hLrnHXTWdJRN7XvThdvXutsQ0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:50:fd:71:d8:6f:63:cf:73:9e:3d:66:ea:0a:fd:3d:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de12eb9c75d359d25137b5ef4e176f5eeb6c4342
        Validity
            Not Before: Feb 12 08:35:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c622f328c6ec3f6851d9d8a71a79e1d9f7d874d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:25:39:2a:5f:af:69:cb:5c:e8:0e:3d:1f:89:
                    58:cf:45:66:2c:0e:10:f7:0c:fe:39:88:7a:f5:29:
                    a2:8f:18:cf:40:97:8f:25:e2:a2:e4:54:3c:f9:af:
                    fe:df:b2:51:b7:ed:0c:0e:49:f3:41:d3:b6:7c:46:
                    79:7f:f7:8a:bf:dd:41:1f:93:9e:53:87:53:b0:a9:
                    41:7e:23:8b:db:fa:2d:0d:e9:9b:8f:f2:e4:74:34:
                    87:12:96:f8:29:fa:0a:8a:a3:bf:ef:2f:ae:7a:fb:
                    8b:8d:89:94:a8:f3:6c:39:95:c7:38:95:63:0b:7f:
                    9a:0d:e7:29:c0:a3:40:60:ad:06:0f:9d:19:67:c0:
                    da:5b:fa:c4:2c:55:8b:f0:c0:58:8f:78:9e:f0:d6:
                    15:aa:a7:ba:62:ef:43:f8:15:6b:f7:40:46:ed:31:
                    0c:c5:0d:f7:1d:50:4e:77:02:fe:b0:5e:b7:ff:fc:
                    80:ca:dc:12:88:57:84:dd:8b:38:84:6d:4b:00:26:
                    eb:e0:ee:23:07:d0:cb:2b:9d:c2:0f:83:42:e2:77:
                    1d:45:8f:06:28:0a:f6:a1:f0:95:20:3e:c6:d3:c4:
                    8a:ea:8e:1c:47:9c:c1:16:ec:36:3d:a5:5c:cc:03:
                    42:c8:de:aa:f1:d2:b0:1b:ca:bb:bb:76:08:71:24:
                    1a:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:22:F3:28:C6:EC:3F:68:51:D9:D8:A7:1A:79:E1:D9:F7:D8:74:D8
            X509v3 Authority Key Identifier:
                keyid:DE:12:EB:9C:75:D3:59:D2:51:37:B5:EF:4E:17:6F:5E:EB:6C:43:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3hLrnHXTWdJRN7XvThdvXutsQ0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/xiLzKMbsP2hR2dinGnnh2ffYdNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/3hLrnHXTWdJRN7XvThdvXutsQ0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.26.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:62:89:56:07:d3:49:ab:4b:c2:28:71:67:ac:c8:b0:62:6a:
         17:17:be:af:c1:db:1e:4a:d9:66:59:23:53:87:53:44:31:04:
         cd:93:8e:1a:68:41:7a:2e:fa:b1:78:b0:a3:96:e5:4b:af:fd:
         f7:b1:6b:24:bb:59:42:9a:3d:71:8a:10:05:2d:28:a8:81:87:
         13:b7:fa:d9:1e:b5:63:30:ee:8c:6a:c0:ba:ab:53:8a:9e:93:
         5c:80:54:c1:57:cd:65:50:27:df:07:c8:ef:7f:c2:07:9e:64:
         53:52:90:0b:c9:cd:f5:16:5e:e2:63:dc:b2:b5:f2:a9:6c:c7:
         64:c1:3b:e6:a1:17:70:66:bc:0d:ea:cb:71:02:ff:1c:82:4f:
         b1:ec:a0:d6:76:9c:d8:7f:91:39:c5:8d:49:0c:55:9e:61:fc:
         b5:76:ec:bf:2d:33:47:25:47:21:26:26:2e:26:d7:71:fa:45:
         de:aa:c2:36:0e:2b:2c:2f:cc:13:e8:4e:56:cd:89:3f:05:ae:
         cd:02:6a:d4:79:1c:4c:03:00:4a:28:c2:36:ef:8b:b0:1e:97:
         db:a7:33:8f:13:15:0a:f2:97:a9:d2:f1:d7:94:38:36:c0:b2:
         c6:2d:bb:3f:07:ea:ba:b7:fc:43:00:7e:0b:83:0d:6a:91:f2:
         c9:4b:69:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxQ/XHYb2PPc549ZuoK/T2qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMTJlYjljNzVkMzU5ZDI1MTM3YjVlZjRlMTc2ZjVlZWI2
YzQzNDIwHhcNMjYwMjEyMDgzNTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjIyZjMyOGM2ZWMzZjY4NTFkOWQ4YTcxYTc5ZTFkOWY3ZDg3NGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApiU5Kl+vactc6A49H4lYz0VmLA4Q
9wz+OYh69SmijxjPQJePJeKi5FQ8+a/+37JRt+0MDknzQdO2fEZ5f/eKv91BH5Oe
U4dTsKlBfiOL2/otDembj/LkdDSHEpb4KfoKiqO/7y+uevuLjYmUqPNsOZXHOJVj
C3+aDecpwKNAYK0GD50ZZ8DaW/rELFWL8MBYj3ie8NYVqqe6Yu9D+BVr90BG7TEM
xQ33HVBOdwL+sF63//yAytwSiFeE3Ys4hG1LACbr4O4jB9DLK53CD4NC4ncdRY8G
KAr2ofCVID7G08SK6o4cR5zBFuw2PaVczANCyN6q8dKwG8q7u3YIcSQaqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMYi8yjG7D9oUdnYpxp54dn32HTYMB8GA1UdIwQY
MBaAFN4S65x101nSUTe1704Xb17rbENCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2hMcm5IWFRXZEpSTjdYdlRoZHZYdXRzUTBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC8yNjlhMDQtNzdiNC00ZWU3LWIxNjQt
YzE2Nzg3MjcyMDQ5LzEveGlMektNYnNQMmhSMmRpbkdubmgyZmZZZE5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC8yNjlhMDQtNzdiNC00ZWU3LWIxNjQtYzE2Nzg3MjcyMDQ5
LzEvM2hMcm5IWFRXZEpSTjdYdlRoZHZYdXRzUTBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXhoAMA0G
CSqGSIb3DQEBCwUAA4IBAQCEYolWB9NJq0vCKHFnrMiwYmoXF76vwdseStlmWSNT
h1NEMQTNk44aaEF6LvqxeLCjluVLr/33sWsku1lCmj1xihAFLSiogYcTt/rZHrVj
MO6MasC6q1OKnpNcgFTBV81lUCffB8jvf8IHnmRTUpALyc31Fl7iY9yytfKpbMdk
wTvmoRdwZrwN6stxAv8cgk+x7KDWdpzYf5E5xY1JDFWeYfy1duy/LTNHJUchJiYu
Jtdx+kXeqsI2DissL8wT6E5WzYk/Ba7NAmrUeRxMAwBKKMI274uwHpfbpzOPExUK
8pep0vHXlDg2wLLGLbs/B+q6t/xDAH4Lgw1qkfLJS2kP
-----END CERTIFICATE-----