Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/Z0BON6E806_VujIu13j4rp4udFU.roa
File:                     Z0BON6E806_VujIu13j4rp4udFU.roa (raw, json)
Hash identifier:          Dg0DZ41kSt9T8YvEtYfHhtMj9H1Pn0HsQ9ZBprqVWR8=
Subject key identifier:   67:40:4E:37:A1:3C:D3:AF:D5:BA:32:2E:D7:78:F8:AE:9E:2E:74:55
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       019C716F1B8DB0161B6D5CFAD02B33F5D161
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/Z0BON6E806_VujIu13j4rp4udFU.roa
Signing time:             Wed 18 Feb 2026 15:47:12 +0000
ROA not before:           Wed 18 Feb 2026 15:47:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        62.171.248.0/24 maxlen: 24
                          213.18.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Feb 2026 18:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:71:6f:1b:8d:b0:16:1b:6d:5c:fa:d0:2b:33:f5:d1:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Feb 18 15:47:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=67404e37a13cd3afd5ba322ed778f8ae9e2e7455
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:dc:7c:5f:ea:14:20:fd:8a:35:21:8e:b7:8b:
                    4a:66:f8:6f:f3:16:84:ee:46:65:d9:cb:46:e8:aa:
                    f6:2b:64:fe:6a:57:48:b9:92:c0:26:43:6a:59:00:
                    75:a5:7a:0e:13:93:db:cd:01:3d:00:7e:db:a3:bc:
                    2d:33:5d:e2:b2:1f:7e:ab:78:11:d4:d2:4b:59:ae:
                    06:7c:31:58:2a:e0:4e:87:bd:8b:0e:42:72:1a:e2:
                    58:22:a3:0d:e3:7d:2b:94:8d:57:6b:f6:a3:92:f7:
                    bb:c3:18:fd:e5:97:82:5e:6a:35:0d:1a:b5:9a:60:
                    d4:71:76:60:d0:2e:26:b7:ad:fa:36:0c:48:49:f7:
                    3e:34:29:c4:cc:a1:59:36:5f:ae:8c:cc:d0:89:16:
                    23:49:ce:e5:50:c9:05:a1:5a:32:72:9a:fd:47:c1:
                    d6:4e:23:25:71:8c:06:17:fd:9f:b2:61:15:39:aa:
                    ce:0c:73:ee:44:14:71:32:9d:26:a7:c4:3b:da:6d:
                    c0:f0:64:d9:49:e4:13:9b:08:3f:15:74:00:30:3a:
                    1f:08:ae:5f:1a:96:a1:35:b0:0a:78:6c:70:36:50:
                    b9:7f:79:77:f6:d8:16:2c:ed:8d:cc:4a:64:11:39:
                    59:3b:e8:7e:80:fa:b1:8d:53:54:a4:28:19:53:7d:
                    f0:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:40:4E:37:A1:3C:D3:AF:D5:BA:32:2E:D7:78:F8:AE:9E:2E:74:55
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/Z0BON6E806_VujIu13j4rp4udFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.171.248.0/24
                  213.18.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:d6:ae:7a:d3:45:5e:ce:0a:ea:ee:17:7e:8f:a0:fc:c5:c1:
         9b:15:ad:a7:8b:6a:1a:b1:b2:75:5f:18:e5:09:18:bc:ab:08:
         8e:28:92:17:3f:96:48:33:76:72:1e:9d:f3:10:95:6e:47:8f:
         5d:7b:0d:6b:3a:0a:fa:2e:a4:be:54:21:47:f8:e4:54:8c:51:
         4f:ae:d9:a7:5f:d2:8a:45:29:46:40:6d:1b:eb:66:51:1e:0d:
         60:0f:e1:f1:c4:44:05:54:92:0b:92:3f:79:e0:33:0b:e7:3e:
         53:2d:15:60:01:6b:78:cb:61:1f:b9:c4:54:b3:60:3b:1d:97:
         fb:95:91:3a:e5:d0:23:39:00:48:3a:08:c2:fc:36:83:6e:46:
         c5:18:62:45:b8:ec:8a:a7:e5:e9:37:51:34:c7:4f:d7:1d:6b:
         9b:8e:e9:35:d8:5b:b4:ff:69:4f:ee:b1:a2:1c:13:d4:f1:22:
         5b:5a:0b:e3:81:99:68:32:95:c2:b1:c7:88:e7:79:44:d7:a3:
         95:c4:78:52:ec:5c:a9:64:bd:f8:f8:8c:dc:b1:5b:2e:a1:e4:
         23:33:e6:ae:c1:db:ac:e3:9f:75:15:5f:bc:e4:11:ba:d6:ea:
         a8:4d:85:eb:91:fe:9c:39:0c:df:0f:85:c4:8e:0c:7e:a9:e3:
         b8:7c:40:50
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxxbxuNsBYbbVz60Csz9dFhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjYwMjE4MTU0NzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzQwNGUzN2ExM2NkM2FmZDViYTMyMmVkNzc4ZjhhZTllMmU3NDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9x8X+oUIP2KNSGOt4tKZvhv8xaE
7kZl2ctG6Kr2K2T+aldIuZLAJkNqWQB1pXoOE5PbzQE9AH7bo7wtM13ish9+q3gR
1NJLWa4GfDFYKuBOh72LDkJyGuJYIqMN430rlI1Xa/ajkve7wxj95ZeCXmo1DRq1
mmDUcXZg0C4mt636NgxISfc+NCnEzKFZNl+ujMzQiRYjSc7lUMkFoVoycpr9R8HW
TiMlcYwGF/2fsmEVOarODHPuRBRxMp0mp8Q72m3A8GTZSeQTmwg/FXQAMDofCK5f
GpahNbAKeGxwNlC5f3l39tgWLO2NzEpkETlZO+h+gPqxjVNUpCgZU33wDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGdATjehPNOv1boyLtd4+K6eLnRVMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvWjBCT042RTgwNl9WdWpJdTEzajRycDR1ZEZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPqv4AwQA
1RL1MA0GCSqGSIb3DQEBCwUAA4IBAQCc1q5600Vezgrq7hd+j6D8xcGbFa2ni2oa
sbJ1XxjlCRi8qwiOKJIXP5ZIM3ZyHp3zEJVuR49dew1rOgr6LqS+VCFH+ORUjFFP
rtmnX9KKRSlGQG0b62ZRHg1gD+HxxEQFVJILkj954DML5z5TLRVgAWt4y2EfucRU
s2A7HZf7lZE65dAjOQBIOgjC/DaDbkbFGGJFuOyKp+XpN1E0x0/XHWubjuk12Fu0
/2lP7rGiHBPU8SJbWgvjgZloMpXCsceI53lE16OVxHhS7FypZL34+IzcsVsuoeQj
M+auwdus4591FV+85BG61uqoTYXrkf6cOQzfD4XEjgx+qeO4fEBQ
-----END CERTIFICATE-----