Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/e7ddcb-f2ff-4f3b-a3e2-97c36a8a95db/1/bJWk_l38vT1PtN5_kdtuawiF_zU.roa
File:                     bJWk_l38vT1PtN5_kdtuawiF_zU.roa (raw, json)
Hash identifier:          hLoFEgf1cWhhRU39fX4IIxMF7XOZYB58cNvTQBA92n0=
Subject key identifier:   6C:95:A4:FE:5D:FC:BD:3D:4F:B4:DE:7F:91:DB:6E:6B:08:85:FF:35
Certificate issuer:       /CN=7a231101551644ef7f204c94d7c4134665a3c555
Certificate serial:       019C4C2E62F74B7CEA74DFDB40B56FFCD930
Authority key identifier: 7A:23:11:01:55:16:44:EF:7F:20:4C:94:D7:C4:13:46:65:A3:C5:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eiMRAVUWRO9_IEyU18QTRmWjxVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/e7ddcb-f2ff-4f3b-a3e2-97c36a8a95db/1/bJWk_l38vT1PtN5_kdtuawiF_zU.roa
Signing time:             Wed 11 Feb 2026 10:10:34 +0000
ROA not before:           Wed 11 Feb 2026 10:10:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47735
IP address blocks:        185.168.172.0/22 maxlen: 22
                          185.168.173.0/24 maxlen: 24
                          185.168.174.0/24 maxlen: 24
                          185.168.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/e7ddcb-f2ff-4f3b-a3e2-97c36a8a95db/1/eiMRAVUWRO9_IEyU18QTRmWjxVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/e7ddcb-f2ff-4f3b-a3e2-97c36a8a95db/1/eiMRAVUWRO9_IEyU18QTRmWjxVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eiMRAVUWRO9_IEyU18QTRmWjxVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4c:2e:62:f7:4b:7c:ea:74:df:db:40:b5:6f:fc:d9:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a231101551644ef7f204c94d7c4134665a3c555
        Validity
            Not Before: Feb 11 10:10:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6c95a4fe5dfcbd3d4fb4de7f91db6e6b0885ff35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:9e:0c:e6:7d:0f:88:01:f2:02:03:d7:49:d2:
                    0b:fc:57:af:2d:2c:99:21:15:ed:46:9f:cd:2c:f4:
                    b3:3e:66:e0:02:8a:f9:7f:62:ba:dc:5b:e2:3b:44:
                    63:80:a6:f0:cb:72:d5:87:ab:78:fd:c4:ed:e2:7c:
                    66:4f:4f:4b:72:9a:2f:9d:58:8a:81:a5:cf:7f:ad:
                    94:91:08:94:a3:c2:18:bd:42:33:42:a9:8e:c7:17:
                    75:f6:e5:6d:b4:22:39:78:9f:72:93:b7:b8:38:8b:
                    cd:f4:9a:4d:1e:f1:a1:df:99:25:53:c8:10:aa:0c:
                    de:dc:8c:3e:97:e4:67:28:5c:84:2e:4e:85:d2:6d:
                    b2:1d:e3:b0:f8:0e:af:d0:89:04:13:c4:0b:08:1d:
                    b8:7f:3c:42:15:5a:9d:75:2e:fd:aa:bc:28:fd:db:
                    fd:ff:25:eb:da:1b:e5:32:40:25:68:0f:17:b0:a9:
                    27:92:22:b6:71:67:f8:32:a1:b3:b5:e5:fc:d2:26:
                    23:8e:e3:c9:d2:12:25:dd:ef:e9:8d:1d:99:68:b9:
                    a8:46:a3:f5:af:70:b2:11:b9:9c:8f:34:ae:e1:76:
                    c7:be:42:52:73:69:86:53:c3:2b:36:85:0f:1f:94:
                    1b:e0:bb:0d:e5:ae:bc:3b:22:9b:dc:7a:9c:e2:ea:
                    88:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:95:A4:FE:5D:FC:BD:3D:4F:B4:DE:7F:91:DB:6E:6B:08:85:FF:35
            X509v3 Authority Key Identifier:
                keyid:7A:23:11:01:55:16:44:EF:7F:20:4C:94:D7:C4:13:46:65:A3:C5:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eiMRAVUWRO9_IEyU18QTRmWjxVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/e7ddcb-f2ff-4f3b-a3e2-97c36a8a95db/1/bJWk_l38vT1PtN5_kdtuawiF_zU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/e7ddcb-f2ff-4f3b-a3e2-97c36a8a95db/1/eiMRAVUWRO9_IEyU18QTRmWjxVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:51:b9:28:6f:1e:97:fe:99:53:bd:e6:e6:48:a2:72:b7:3b:
         ae:7f:44:9d:fa:21:d3:ac:09:54:ff:6c:9b:ae:18:1b:25:4d:
         ad:66:05:25:d6:ef:9b:bb:d4:33:e8:13:7f:36:c2:79:fd:53:
         01:e4:d9:80:65:a8:12:be:9d:0d:37:46:0c:dd:6c:18:63:8e:
         32:b8:8b:e9:49:aa:10:5f:00:65:ad:24:bf:7b:10:80:2b:55:
         9b:f4:1c:53:3c:0a:48:67:85:e1:11:71:f0:2b:cf:fc:71:8b:
         cf:ac:33:f0:a6:3f:16:03:a2:c9:75:30:24:ff:63:b3:e9:1e:
         97:36:7c:32:f4:42:3d:4f:39:6c:05:70:c0:84:61:2d:33:8e:
         dc:bd:d9:d8:b4:28:0c:e0:d3:1a:04:0f:af:77:6e:93:36:05:
         a5:f2:13:73:bb:c1:4f:c9:20:4a:1d:a2:1e:2b:c7:da:c5:f6:
         c4:29:00:76:20:5d:98:7e:0e:ca:05:e0:97:e3:f5:88:d5:66:
         ce:4f:4b:9c:22:de:50:cc:e3:4a:23:82:80:c0:da:51:05:90:
         4b:10:f2:61:34:61:a5:9a:bd:6b:ff:40:c4:18:5f:70:15:8f:
         da:fe:47:2c:3b:47:4f:12:fe:f6:42:be:86:72:0a:3a:11:e8:
         6d:c2:ef:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxMLmL3S3zqdN/bQLVv/NkwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhMjMxMTAxNTUxNjQ0ZWY3ZjIwNGM5NGQ3YzQxMzQ2NjVh
M2M1NTUwHhcNMjYwMjExMTAxMDM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yzk1YTRmZTVkZmNiZDNkNGZiNGRlN2Y5MWRiNmU2YjA4ODVmZjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmp4M5n0PiAHyAgPXSdIL/FevLSyZ
IRXtRp/NLPSzPmbgAor5f2K63FviO0RjgKbwy3LVh6t4/cTt4nxmT09LcpovnViK
gaXPf62UkQiUo8IYvUIzQqmOxxd19uVttCI5eJ9yk7e4OIvN9JpNHvGh35klU8gQ
qgze3Iw+l+RnKFyELk6F0m2yHeOw+A6v0IkEE8QLCB24fzxCFVqddS79qrwo/dv9
/yXr2hvlMkAlaA8XsKknkiK2cWf4MqGzteX80iYjjuPJ0hIl3e/pjR2ZaLmoRqP1
r3CyEbmcjzSu4XbHvkJSc2mGU8MrNoUPH5Qb4LsN5a68OyKb3Hqc4uqIUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGyVpP5d/L09T7Tef5HbbmsIhf81MB8GA1UdIwQY
MBaAFHojEQFVFkTvfyBMlNfEE0Zlo8VVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWlNUkFWVVdSTzlfSUV5VTE4UVRSbVdqeFZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9lN2RkY2ItZjJmZi00ZjNiLWEzZTIt
OTdjMzZhOGE5NWRiLzEvYkpXa19sMzh2VDFQdE41X2tkdHVhd2lGX3pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9lN2RkY2ItZjJmZi00ZjNiLWEzZTItOTdjMzZhOGE5NWRi
LzEvZWlNUkFWVVdSTzlfSUV5VTE4UVRSbVdqeFZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaisMA0G
CSqGSIb3DQEBCwUAA4IBAQA7Ubkobx6X/plTvebmSKJytzuuf0Sd+iHTrAlU/2yb
rhgbJU2tZgUl1u+bu9Qz6BN/NsJ5/VMB5NmAZagSvp0NN0YM3WwYY44yuIvpSaoQ
XwBlrSS/exCAK1Wb9BxTPApIZ4XhEXHwK8/8cYvPrDPwpj8WA6LJdTAk/2Oz6R6X
Nnwy9EI9TzlsBXDAhGEtM47cvdnYtCgM4NMaBA+vd26TNgWl8hNzu8FPySBKHaIe
K8faxfbEKQB2IF2Yfg7KBeCX4/WI1WbOT0ucIt5QzONKI4KAwNpRBZBLEPJhNGGl
mr1r/0DEGF9wFY/a/kcsO0dPEv72Qr6Gcgo6Eehtwu+c
-----END CERTIFICATE-----