Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/40cXY2HA_u8Q6OIAmaFqABVEfKg.roa
File:                     40cXY2HA_u8Q6OIAmaFqABVEfKg.roa (raw, json)
Hash identifier:          +6SvcMoX3v5h0CR5LeAmOldo6gbV2M7QO0fPTin+sN0=
Subject key identifier:   E3:47:17:63:61:C0:FE:EF:10:E8:E2:00:99:A1:6A:00:15:44:7C:A8
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019C4D3D12B68D0C91EFF18B2A4E9C41CA50
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/40cXY2HA_u8Q6OIAmaFqABVEfKg.roa
Signing time:             Wed 11 Feb 2026 15:06:13 +0000
ROA not before:           Wed 11 Feb 2026 15:06:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205536
IP address blocks:        94.183.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Mar 2026 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4d:3d:12:b6:8d:0c:91:ef:f1:8b:2a:4e:9c:41:ca:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Feb 11 15:06:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e347176361c0feef10e8e20099a16a0015447ca8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:3b:19:5a:eb:90:cf:0b:83:b2:2e:0d:ec:c4:
                    aa:a2:d2:94:50:f7:01:2f:d0:f1:31:38:17:d8:34:
                    b2:86:48:dd:23:de:c4:d1:1b:5c:a0:7c:58:cb:f6:
                    d1:c4:de:ce:1e:a0:87:50:40:b3:70:39:e0:16:e4:
                    02:fe:b1:ab:1f:83:e3:c6:29:e8:f2:fb:8a:36:76:
                    46:ad:da:3f:4a:98:d1:c6:1f:3b:3c:2c:e1:61:63:
                    f6:4c:eb:72:20:63:6f:71:96:81:25:16:4c:4d:0a:
                    66:db:fd:65:7b:cc:02:ca:a0:f3:35:07:f6:62:f6:
                    e4:6c:d8:3c:a4:8c:fd:d1:fb:f6:83:1c:6a:b2:30:
                    80:34:c2:fd:0d:cd:27:9a:d4:2f:54:2f:21:ab:39:
                    c0:9a:3d:95:ed:32:b4:ae:93:33:7f:a5:06:44:35:
                    9d:32:dd:a4:9e:88:9a:cf:e5:ad:40:69:46:6e:5d:
                    fa:03:e4:10:38:fc:fa:55:fb:35:45:0e:10:eb:05:
                    13:6c:9b:f3:e7:f4:b7:94:38:f0:3e:18:ac:cb:34:
                    c8:26:c6:2c:c0:23:ef:8c:9c:03:b3:98:c4:09:e0:
                    55:f2:a9:89:0f:89:67:4d:e7:f8:52:9a:7d:27:ff:
                    32:fb:1f:8b:dc:9f:46:77:c9:01:16:cf:79:67:1d:
                    3a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:47:17:63:61:C0:FE:EF:10:E8:E2:00:99:A1:6A:00:15:44:7C:A8
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/40cXY2HA_u8Q6OIAmaFqABVEfKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.183.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:d8:4a:f2:b9:6b:29:4d:ef:d5:f8:f1:36:28:a1:d5:69:11:
         f8:d1:d5:d3:79:e4:f5:9b:0e:c5:c5:7b:16:8d:b7:81:20:b1:
         35:ba:1a:2b:6c:b4:c0:a5:87:50:bf:4f:6f:74:f3:66:84:8f:
         f1:49:29:74:5b:fc:99:aa:c4:e7:59:2e:67:32:38:18:e7:58:
         9a:57:f4:92:bb:47:c2:00:80:48:e6:20:03:e3:8d:9a:4a:93:
         8e:b7:47:26:f1:59:fd:b5:1e:a0:16:51:5a:86:74:ae:56:f8:
         91:1d:f3:29:23:7a:05:d5:81:48:5e:22:c6:e3:f6:3c:dc:9d:
         78:51:56:4f:f3:d2:fe:5b:05:a0:67:57:06:ed:c7:ef:b0:d4:
         56:a6:17:8d:ce:36:ef:43:f8:44:00:20:09:59:9a:11:08:0e:
         68:54:ab:f8:f7:f0:c8:62:e5:21:80:24:48:43:12:3f:a3:53:
         88:09:76:e2:9d:22:65:4a:2a:8b:6d:c4:48:3f:c4:7c:08:9a:
         11:0b:05:bd:0e:9c:5c:ac:a0:9c:7b:a5:ba:02:36:45:60:5e:
         cf:09:14:e6:24:32:22:f9:46:d4:81:83:7d:0f:3f:43:ca:ee:
         b4:f7:60:44:00:1d:b7:8e:a6:5c:ee:18:19:fa:d2:b7:cf:35:
         ec:cb:0e:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxNPRK2jQyR7/GLKk6cQcpQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMjExMTUwNjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzQ3MTc2MzYxYzBmZWVmMTBlOGUyMDA5OWExNmEwMDE1NDQ3Y2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2zsZWuuQzwuDsi4N7MSqotKUUPcB
L9DxMTgX2DSyhkjdI97E0RtcoHxYy/bRxN7OHqCHUECzcDngFuQC/rGrH4Pjxino
8vuKNnZGrdo/SpjRxh87PCzhYWP2TOtyIGNvcZaBJRZMTQpm2/1le8wCyqDzNQf2
YvbkbNg8pIz90fv2gxxqsjCANML9Dc0nmtQvVC8hqznAmj2V7TK0rpMzf6UGRDWd
Mt2knoiaz+WtQGlGbl36A+QQOPz6Vfs1RQ4Q6wUTbJvz5/S3lDjwPhisyzTIJsYs
wCPvjJwDs5jECeBV8qmJD4lnTef4Upp9J/8y+x+L3J9Gd8kBFs95Zx06EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFONHF2NhwP7vEOjiAJmhagAVRHyoMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvNDBjWFkySEFfdThRNk9JQW1hRnFBQlZFZktnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrevMA0G
CSqGSIb3DQEBCwUAA4IBAQAA2EryuWspTe/V+PE2KKHVaRH40dXTeeT1mw7FxXsW
jbeBILE1uhorbLTApYdQv09vdPNmhI/xSSl0W/yZqsTnWS5nMjgY51iaV/SSu0fC
AIBI5iAD442aSpOOt0cm8Vn9tR6gFlFahnSuVviRHfMpI3oF1YFIXiLG4/Y83J14
UVZP89L+WwWgZ1cG7cfvsNRWpheNzjbvQ/hEACAJWZoRCA5oVKv49/DIYuUhgCRI
QxI/o1OICXbinSJlSiqLbcRIP8R8CJoRCwW9DpxcrKCce6W6AjZFYF7PCRTmJDIi
+UbUgYN9Dz9Dyu6092BEAB23jqZc7hgZ+tK3zzXsyw45
-----END CERTIFICATE-----