Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xCdS-1lcP-8_jTatIatUmQzUG18.roa
File:                     xCdS-1lcP-8_jTatIatUmQzUG18.roa (raw, json)
Hash identifier:          RF0lO0Uf7Gm95yu6ZCy5M90X4wN+ELQT6PN4sUvOk3M=
Subject key identifier:   C4:27:52:FB:59:5C:3F:EF:3F:8D:36:AD:21:AB:54:99:0C:D4:1B:5F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019C658E09CB2A1B3634D3AA73C26C16ED18
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xCdS-1lcP-8_jTatIatUmQzUG18.roa
Signing time:             Mon 16 Feb 2026 08:25:33 +0000
ROA not before:           Mon 16 Feb 2026 08:25:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205886
IP address blocks:        82.152.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:65:8e:09:cb:2a:1b:36:34:d3:aa:73:c2:6c:16:ed:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Feb 16 08:25:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c42752fb595c3fef3f8d36ad21ab54990cd41b5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:79:d1:6a:b5:6b:b6:10:9a:60:af:7e:00:51:
                    db:ab:47:35:38:a0:3e:08:14:e9:be:3f:ec:bf:a4:
                    b6:4f:1d:f3:f7:b0:f9:26:e4:54:af:a3:61:e8:11:
                    76:ef:0e:ac:9a:c2:66:0c:d6:15:08:15:f8:a0:83:
                    37:38:cb:22:4e:41:80:65:df:19:e9:9e:c3:d1:48:
                    0e:ba:45:82:c5:af:50:89:dc:20:18:36:8a:f9:0f:
                    8f:7e:1e:8a:0c:40:0a:8a:56:30:ba:b0:ab:bd:f0:
                    31:42:09:95:a9:71:ee:c9:c7:b4:14:0f:27:66:bd:
                    d5:b7:2d:36:ca:96:11:32:e6:a7:87:3f:89:6d:6e:
                    8b:5a:21:55:a8:be:d7:4d:4d:a6:33:d7:b0:c9:98:
                    bb:d4:23:d7:5a:89:83:b0:d0:f1:10:9e:3b:be:be:
                    e5:1f:34:c4:d6:29:98:ee:c9:ef:f7:e2:30:73:fb:
                    29:1d:60:9c:95:b4:19:6b:19:98:57:01:fd:d7:1d:
                    2f:94:bc:6f:15:8f:74:1d:b4:31:a6:e4:f0:9d:42:
                    24:f9:28:f5:46:56:df:fa:af:a8:01:f3:74:a4:d1:
                    35:b6:53:aa:48:d7:fa:ad:68:06:af:a9:b7:0e:12:
                    46:21:de:af:99:c2:fe:87:8c:1e:8f:6f:bc:39:d7:
                    82:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:27:52:FB:59:5C:3F:EF:3F:8D:36:AD:21:AB:54:99:0C:D4:1B:5F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xCdS-1lcP-8_jTatIatUmQzUG18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:16:83:37:57:7a:c6:e1:c0:fd:ae:cd:cd:8a:8f:ab:c5:f8:
         af:7a:6c:95:66:ad:65:7a:a5:f6:4e:68:d0:de:28:97:19:53:
         2e:a5:bb:fb:ef:af:00:84:66:e3:20:3a:8c:ed:3d:45:06:b6:
         86:f2:2d:9c:cc:32:59:2a:ed:48:09:98:1f:2b:90:9a:84:de:
         29:07:30:03:be:82:49:89:8c:67:1e:b4:77:8b:54:bd:a5:da:
         8c:f6:5c:39:bf:46:e4:7b:03:78:1c:e0:b3:21:81:d2:69:ac:
         50:6d:a6:f0:ac:ad:66:14:37:3f:34:5e:6c:38:23:f4:b4:b1:
         68:81:be:fd:ff:90:8e:d4:81:c2:6f:d6:8d:be:a6:b9:02:b1:
         e2:69:98:8d:05:f7:c3:b4:42:b8:4d:68:7a:27:09:a0:72:53:
         6d:d2:51:91:ea:40:f6:bb:79:1d:4f:93:b2:25:88:6c:fb:c7:
         54:2e:0b:15:df:64:e6:b5:46:88:a9:91:77:13:cb:4f:c2:64:
         58:a2:1d:b5:48:82:06:ce:36:34:3b:97:5d:2b:57:f4:13:15:
         94:41:d3:86:34:b3:f8:18:05:18:f0:f1:93:ca:f5:d2:7b:da:
         e8:c4:81:97:7b:0d:28:b5:57:8d:3a:05:27:e6:1e:8c:5d:ec:
         d4:ef:a2:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxljgnLKhs2NNOqc8JsFu0YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMjE2MDgyNTMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDI3NTJmYjU5NWMzZmVmM2Y4ZDM2YWQyMWFiNTQ5OTBjZDQxYjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnnRarVrthCaYK9+AFHbq0c1OKA+
CBTpvj/sv6S2Tx3z97D5JuRUr6Nh6BF27w6smsJmDNYVCBX4oIM3OMsiTkGAZd8Z
6Z7D0UgOukWCxa9QidwgGDaK+Q+Pfh6KDEAKilYwurCrvfAxQgmVqXHuyce0FA8n
Zr3Vty02ypYRMuanhz+JbW6LWiFVqL7XTU2mM9ewyZi71CPXWomDsNDxEJ47vr7l
HzTE1imY7snv9+Iwc/spHWCclbQZaxmYVwH91x0vlLxvFY90HbQxpuTwnUIk+Sj1
Rlbf+q+oAfN0pNE1tlOqSNf6rWgGr6m3DhJGId6vmcL+h4wej2+8OdeC+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMQnUvtZXD/vP402rSGrVJkM1BtfMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveENkUy0xbGNQLThfalRhdElhdFVtUXpVRzE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUph6MA0G
CSqGSIb3DQEBCwUAA4IBAQByFoM3V3rG4cD9rs3Nio+rxfivemyVZq1leqX2TmjQ
3iiXGVMupbv7768AhGbjIDqM7T1FBraG8i2czDJZKu1ICZgfK5CahN4pBzADvoJJ
iYxnHrR3i1S9pdqM9lw5v0bkewN4HOCzIYHSaaxQbabwrK1mFDc/NF5sOCP0tLFo
gb79/5CO1IHCb9aNvqa5ArHiaZiNBffDtEK4TWh6JwmgclNt0lGR6kD2u3kdT5Oy
JYhs+8dULgsV32TmtUaIqZF3E8tPwmRYoh21SIIGzjY0O5ddK1f0ExWUQdOGNLP4
GAUY8PGTyvXSe9roxIGXew0otVeNOgUn5h6MXezU76Kv
-----END CERTIFICATE-----