Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/U0-V85hNklnWYB4UKE8-_DQj3cs.roa
File:                     U0-V85hNklnWYB4UKE8-_DQj3cs.roa (raw, json)
Hash identifier:          avhkr2iR2hmlHJRDxsI7aGnmfDx4nKq3sAK/KOYC9LU=
Subject key identifier:   53:4F:95:F3:98:4D:92:59:D6:60:1E:14:28:4F:3E:FC:34:23:DD:CB
Certificate issuer:       /CN=66feef09c450990af34779ce701be6cd54b3d924
Certificate serial:       019C4DD334657E5439DBFADD1344A8B59634
Authority key identifier: 66:FE:EF:09:C4:50:99:0A:F3:47:79:CE:70:1B:E6:CD:54:B3:D9:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/U0-V85hNklnWYB4UKE8-_DQj3cs.roa
Signing time:             Wed 11 Feb 2026 17:50:13 +0000
ROA not before:           Wed 11 Feb 2026 17:50:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61317
IP address blocks:        83.168.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 14:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4d:d3:34:65:7e:54:39:db:fa:dd:13:44:a8:b5:96:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66feef09c450990af34779ce701be6cd54b3d924
        Validity
            Not Before: Feb 11 17:50:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=534f95f3984d9259d6601e14284f3efc3423ddcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:f5:b1:f6:43:fe:b1:4b:ad:07:33:79:e2:5a:
                    76:f5:40:51:5d:07:a6:8f:62:92:ea:80:24:75:cf:
                    ac:1a:f5:90:85:52:e5:09:42:24:d8:77:2b:c8:37:
                    25:3c:39:95:04:9a:dd:b7:5c:79:e2:e4:f1:66:a8:
                    bd:33:31:3d:60:84:61:9b:49:37:86:2d:fe:ee:4a:
                    e9:7d:e6:fa:74:0f:cf:23:f4:be:85:1b:ee:d3:9d:
                    13:1e:46:77:fc:e4:5e:8f:4d:83:8a:0d:87:bc:e9:
                    47:1a:f5:f9:bc:09:ce:23:f2:99:58:27:85:35:75:
                    0a:bc:6b:4d:63:09:b0:f2:a4:0b:17:fd:39:9f:85:
                    e5:03:29:32:a6:a8:bb:0b:2e:38:f8:05:1b:c4:40:
                    d6:7d:b3:1c:46:d0:96:d9:c1:fa:e4:2f:d2:dc:96:
                    64:bd:ee:f9:32:77:8c:d7:0d:38:76:99:65:cc:70:
                    c1:b2:60:8d:ee:2d:5d:b4:7c:a6:5b:c1:e2:36:ff:
                    c3:06:6c:ad:e9:5f:68:c4:4f:a3:de:0a:ba:ad:2b:
                    f0:b3:aa:96:ef:1c:20:30:6a:c8:3e:f4:e3:47:3b:
                    e4:70:3b:93:1c:c9:5b:e0:3b:f5:e8:d0:d1:e3:00:
                    f7:bd:58:54:4f:fc:90:3a:e3:f7:c5:ab:01:a4:39:
                    ce:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:4F:95:F3:98:4D:92:59:D6:60:1E:14:28:4F:3E:FC:34:23:DD:CB
            X509v3 Authority Key Identifier:
                keyid:66:FE:EF:09:C4:50:99:0A:F3:47:79:CE:70:1B:E6:CD:54:B3:D9:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/U0-V85hNklnWYB4UKE8-_DQj3cs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.168.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:36:f9:69:82:22:a6:ec:be:ca:7a:39:77:06:4e:f9:fb:b3:
         01:4a:9b:90:cb:f4:42:2a:42:d6:9d:21:ca:ab:70:21:8d:1d:
         db:7a:e9:b9:41:e5:8b:30:5b:e5:37:40:08:c3:57:99:a5:a7:
         ca:82:92:26:0c:aa:14:eb:2b:d8:2c:36:c4:2a:2b:b8:f3:44:
         28:30:13:c1:05:a2:86:05:1b:55:7e:db:0c:cc:81:a4:d7:9c:
         df:36:88:c3:4b:12:23:42:94:90:2d:30:4e:eb:93:82:ed:35:
         88:67:14:50:88:dc:ad:9b:81:a0:aa:d2:6b:b6:58:e7:13:b5:
         b6:7f:bb:86:5d:f2:9d:19:93:de:b1:d1:2b:c1:be:b4:eb:e4:
         66:43:d6:c1:44:cb:41:e4:85:5e:8f:2e:e5:10:91:32:c6:9a:
         77:58:94:2b:1f:06:bb:27:9d:37:41:5b:66:d8:72:fd:3f:bd:
         31:1f:c9:1d:63:a5:2a:50:ed:0a:5b:ed:ba:04:17:ba:56:7e:
         2c:5a:7f:3f:dd:7f:c9:07:d9:ea:7d:67:25:90:fd:06:08:83:
         31:41:aa:03:f5:f2:f4:87:1d:97:22:2e:67:d6:35:6c:c4:75:
         39:0b:4e:86:49:fb:fb:b4:2a:4a:2d:e6:f9:10:06:b0:cb:ee:
         7b:b4:2f:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxN0zRlflQ52/rdE0SotZY0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZmVlZjA5YzQ1MDk5MGFmMzQ3NzljZTcwMWJlNmNkNTRi
M2Q5MjQwHhcNMjYwMjExMTc1MDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzRmOTVmMzk4NGQ5MjU5ZDY2MDFlMTQyODRmM2VmYzM0MjNkZGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm/Wx9kP+sUutBzN54lp29UBRXQem
j2KS6oAkdc+sGvWQhVLlCUIk2HcryDclPDmVBJrdt1x54uTxZqi9MzE9YIRhm0k3
hi3+7krpfeb6dA/PI/S+hRvu050THkZ3/ORej02Dig2HvOlHGvX5vAnOI/KZWCeF
NXUKvGtNYwmw8qQLF/05n4XlAykypqi7Cy44+AUbxEDWfbMcRtCW2cH65C/S3JZk
ve75MneM1w04dpllzHDBsmCN7i1dtHymW8HiNv/DBmyt6V9oxE+j3gq6rSvws6qW
7xwgMGrIPvTjRzvkcDuTHMlb4Dv16NDR4wD3vVhUT/yQOuP3xasBpDnOEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFNPlfOYTZJZ1mAeFChPPvw0I93LMB8GA1UdIwQY
MBaAFGb+7wnEUJkK80d5znAb5s1Us9kkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnY3dkNjUlFtUXJ6UjNuT2NCdm16VlN6MlNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9hMTU5N2ItNmVmMi00NDMwLWFhNTYt
ODI0NTFmMzNmNGNhLzEvVTAtVjg1aE5rbG5XWUI0VUtFOC1fRFFqM2NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9hMTU5N2ItNmVmMi00NDMwLWFhNTYtODI0NTFmMzNmNGNh
LzEvWnY3dkNjUlFtUXJ6UjNuT2NCdm16VlN6MlNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU6h6MA0G
CSqGSIb3DQEBCwUAA4IBAQAuNvlpgiKm7L7Kejl3Bk75+7MBSpuQy/RCKkLWnSHK
q3AhjR3beum5QeWLMFvlN0AIw1eZpafKgpImDKoU6yvYLDbEKiu480QoMBPBBaKG
BRtVftsMzIGk15zfNojDSxIjQpSQLTBO65OC7TWIZxRQiNytm4GgqtJrtljnE7W2
f7uGXfKdGZPesdErwb606+RmQ9bBRMtB5IVejy7lEJEyxpp3WJQrHwa7J503QVtm
2HL9P70xH8kdY6UqUO0KW+26BBe6Vn4sWn8/3X/JB9nqfWclkP0GCIMxQaoD9fL0
hx2XIi5n1jVsxHU5C06GSfv7tCpKLeb5EAawy+57tC+6
-----END CERTIFICATE-----