Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/vmE4ZM8n6Ec1K0ZrkhA9G3IWuBY.roa
File:                     vmE4ZM8n6Ec1K0ZrkhA9G3IWuBY.roa (raw, json)
Hash identifier:          EOo/qfCC7cpAQtcDeIpaM/h0007qDHuvIwTlA0fHulA=
Subject key identifier:   BE:61:38:64:CF:27:E8:47:35:2B:46:6B:92:10:3D:1B:72:16:B8:16
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019C7FADE105FD1B052C2FDBA437C833B6A3
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/vmE4ZM8n6Ec1K0ZrkhA9G3IWuBY.roa
Signing time:             Sat 21 Feb 2026 10:10:27 +0000
ROA not before:           Sat 21 Feb 2026 10:10:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2914
IP address blocks:        170.62.112.0/22 maxlen: 24
                          170.62.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 04:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7f:ad:e1:05:fd:1b:05:2c:2f:db:a4:37:c8:33:b6:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Feb 21 10:10:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=be613864cf27e847352b466b92103d1b7216b816
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:f7:30:2b:5e:96:34:56:c7:43:0f:f5:67:ba:
                    51:fc:3c:1a:42:39:15:94:bb:72:45:60:78:39:c1:
                    f1:fa:2c:58:c1:bc:f0:e2:30:90:1c:e1:9d:38:f2:
                    05:c1:30:a5:38:95:80:9d:2b:d9:c1:09:80:5e:20:
                    7c:13:53:7f:1e:08:b7:dd:35:e4:f7:c3:35:bd:e2:
                    5b:9c:a3:ac:4b:6e:4f:f0:38:0b:ec:89:f6:a5:91:
                    ac:fb:43:ba:b0:94:90:ad:da:9a:22:f7:c3:7a:3f:
                    b4:35:e4:07:86:43:79:c8:ac:7b:7f:a6:31:53:39:
                    59:ef:a4:63:97:54:d8:3a:ea:cd:f2:8d:d4:fd:9c:
                    a4:c7:b8:ee:c7:6c:df:dd:92:1c:ab:f4:4e:93:a7:
                    32:16:07:d7:3f:68:eb:c9:ac:89:19:42:21:a2:bb:
                    5e:00:e5:e9:5a:33:a7:6c:8b:81:6a:67:9e:53:03:
                    c5:16:74:b3:59:62:51:16:19:2d:3f:fd:5e:09:67:
                    0a:97:ed:28:b4:49:42:c4:13:06:47:27:68:05:69:
                    89:85:8d:39:61:85:25:99:5f:65:b3:16:ec:39:6c:
                    72:0a:df:44:6f:1c:88:62:aa:aa:7c:81:f8:14:1e:
                    f1:3d:06:40:6c:c5:6f:55:28:32:cf:fe:52:44:3d:
                    95:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:61:38:64:CF:27:E8:47:35:2B:46:6B:92:10:3D:1B:72:16:B8:16
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/vmE4ZM8n6Ec1K0ZrkhA9G3IWuBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.62.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         ad:c6:77:33:9a:93:0f:df:ef:d2:f0:cf:cd:a8:05:fd:b9:92:
         65:09:19:b4:68:9a:49:fe:fc:3e:69:4d:61:34:1e:50:c9:64:
         05:40:e7:16:d4:8d:45:32:c7:f9:36:f5:a2:8d:43:2c:0b:67:
         90:6e:39:5c:f9:1c:05:e5:c1:77:e7:f8:d7:ec:22:73:46:0e:
         39:c4:af:05:b8:1f:2b:b9:d4:64:24:34:11:68:9d:26:a9:ba:
         98:be:8b:cd:8d:51:09:9d:b1:d8:49:bc:12:7d:52:20:7a:72:
         13:f4:ff:f9:1e:b7:38:77:10:62:94:e7:cd:e6:11:31:5a:9a:
         6c:29:95:0e:b7:de:d5:3f:51:34:eb:72:ba:da:d4:3a:2e:de:
         32:d1:95:ef:d5:7d:31:da:11:0c:17:fc:75:6e:7c:13:d8:39:
         20:0e:2f:d8:45:7e:47:28:0b:00:43:a4:d9:08:33:83:72:ba:
         5d:04:86:58:85:ff:67:ca:2f:c5:6e:b5:95:66:6a:1a:36:ff:
         b6:4c:07:8e:fa:9b:cf:5d:87:05:38:31:47:99:83:9b:d0:ed:
         b5:78:8f:67:93:16:be:cb:bb:bb:df:99:fe:9e:60:2f:49:59:
         4c:0f:59:5c:19:51:d4:50:d2:8e:f8:e7:42:3f:91:97:59:37:
         b7:ad:8f:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx/reEF/RsFLC/bpDfIM7ajMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMjIxMTAxMDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTYxMzg2NGNmMjdlODQ3MzUyYjQ2NmI5MjEwM2QxYjcyMTZiODE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4/cwK16WNFbHQw/1Z7pR/DwaQjkV
lLtyRWB4OcHx+ixYwbzw4jCQHOGdOPIFwTClOJWAnSvZwQmAXiB8E1N/Hgi33TXk
98M1veJbnKOsS25P8DgL7In2pZGs+0O6sJSQrdqaIvfDej+0NeQHhkN5yKx7f6Yx
UzlZ76Rjl1TYOurN8o3U/Zykx7jux2zf3ZIcq/ROk6cyFgfXP2jryayJGUIhorte
AOXpWjOnbIuBameeUwPFFnSzWWJRFhktP/1eCWcKl+0otElCxBMGRydoBWmJhY05
YYUlmV9lsxbsOWxyCt9EbxyIYqqqfIH4FB7xPQZAbMVvVSgyz/5SRD2V5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL5hOGTPJ+hHNStGa5IQPRtyFrgWMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvdm1FNFpNOG42RWMxSzBacmtoQTlHM0lXdUJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDqj5wMA0G
CSqGSIb3DQEBCwUAA4IBAQCtxnczmpMP3+/S8M/NqAX9uZJlCRm0aJpJ/vw+aU1h
NB5QyWQFQOcW1I1FMsf5NvWijUMsC2eQbjlc+RwF5cF35/jX7CJzRg45xK8FuB8r
udRkJDQRaJ0mqbqYvovNjVEJnbHYSbwSfVIgenIT9P/5Hrc4dxBilOfN5hExWpps
KZUOt97VP1E063K62tQ6Lt4y0ZXv1X0x2hEMF/x1bnwT2DkgDi/YRX5HKAsAQ6TZ
CDODcrpdBIZYhf9nyi/FbrWVZmoaNv+2TAeO+pvPXYcFODFHmYOb0O21eI9nkxa+
y7u735n+nmAvSVlMD1lcGVHUUNKO+OdCP5GXWTe3rY8m
-----END CERTIFICATE-----