Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/1af4a5-0d6c-4776-be5c-be852f644201/1/3emAWx4CwUjXTOlu3eGRcP8exk4.roa
File:                     3emAWx4CwUjXTOlu3eGRcP8exk4.roa (raw, json)
Hash identifier:          7JNrYxT9p1XVXRMuxvNlwu6pjAnS2skjIUjy7zyVGNM=
Subject key identifier:   DD:E9:80:5B:1E:02:C1:48:D7:4C:E9:6E:DD:E1:91:70:FF:1E:C6:4E
Certificate issuer:       /CN=e916dc9db4e49de71b2fd0819dae853aeb053b06
Certificate serial:       019C6C52D1D04AFC00D292D779A2D995B3F7
Authority key identifier: E9:16:DC:9D:B4:E4:9D:E7:1B:2F:D0:81:9D:AE:85:3A:EB:05:3B:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6RbcnbTknecbL9CBna6FOusFOwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/1af4a5-0d6c-4776-be5c-be852f644201/1/3emAWx4CwUjXTOlu3eGRcP8exk4.roa
Signing time:             Tue 17 Feb 2026 15:58:12 +0000
ROA not before:           Tue 17 Feb 2026 15:58:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213633
IP address blocks:        107.161.154.0/24 maxlen: 24
                          199.83.103.0/24 maxlen: 24
                          202.181.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/1af4a5-0d6c-4776-be5c-be852f644201/1/6RbcnbTknecbL9CBna6FOusFOwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/1af4a5-0d6c-4776-be5c-be852f644201/1/6RbcnbTknecbL9CBna6FOusFOwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6RbcnbTknecbL9CBna6FOusFOwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 21:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6c:52:d1:d0:4a:fc:00:d2:92:d7:79:a2:d9:95:b3:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e916dc9db4e49de71b2fd0819dae853aeb053b06
        Validity
            Not Before: Feb 17 15:58:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dde9805b1e02c148d74ce96edde19170ff1ec64e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e6:16:94:3f:82:8b:52:3f:a2:0e:a6:35:2e:
                    f2:a7:be:c8:dd:3f:48:80:9f:7a:b0:da:3b:f1:aa:
                    53:a8:7c:ca:2e:08:a5:23:e0:b1:dc:ef:6d:69:63:
                    24:19:63:f8:19:d2:60:3f:2a:fc:fd:71:11:8b:32:
                    11:3c:21:97:2e:e2:09:3e:8e:b9:11:de:0d:3d:35:
                    f5:a2:60:85:da:e0:f3:82:22:ca:bf:8b:4e:d9:4a:
                    77:69:46:5c:e4:df:af:f9:c7:54:76:8a:20:51:da:
                    0a:bf:31:2b:3d:c0:b5:5f:4e:51:79:2b:67:11:97:
                    bb:49:93:06:3b:bb:09:65:10:a1:77:b5:9a:6a:f8:
                    97:55:d2:7f:3d:96:8d:a0:60:ce:7b:09:42:7e:e0:
                    00:a0:1e:d9:47:c9:09:a8:3e:1c:cf:7a:4f:19:ea:
                    52:81:7d:9e:53:ef:23:29:8b:59:78:f4:3c:39:59:
                    e6:97:28:c0:a0:42:bb:db:af:7e:19:99:39:74:16:
                    fc:89:11:85:06:1e:59:5b:e0:80:65:33:b6:da:6d:
                    25:af:e1:4a:89:cd:f9:a5:94:36:f9:f5:1a:33:16:
                    09:f4:c3:10:1d:61:88:5c:81:05:74:c3:43:63:5e:
                    a7:ff:7b:58:1c:d9:3a:3e:cd:e0:0a:96:a9:9d:f2:
                    58:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:E9:80:5B:1E:02:C1:48:D7:4C:E9:6E:DD:E1:91:70:FF:1E:C6:4E
            X509v3 Authority Key Identifier:
                keyid:E9:16:DC:9D:B4:E4:9D:E7:1B:2F:D0:81:9D:AE:85:3A:EB:05:3B:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6RbcnbTknecbL9CBna6FOusFOwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/1af4a5-0d6c-4776-be5c-be852f644201/1/3emAWx4CwUjXTOlu3eGRcP8exk4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/1af4a5-0d6c-4776-be5c-be852f644201/1/6RbcnbTknecbL9CBna6FOusFOwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.161.154.0/24
                  199.83.103.0/24
                  202.181.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:87:36:2c:df:18:d6:a7:8f:25:e7:af:ac:07:9f:b5:c9:9a:
         c3:dd:c0:09:8f:d4:b3:11:6a:3c:0d:d2:d1:f8:3f:fe:1e:ac:
         00:40:b6:d0:0d:9f:78:13:dd:d8:11:70:7f:54:95:95:72:17:
         dd:10:ce:81:df:8f:5f:c6:82:55:1a:95:c0:38:00:83:17:f6:
         b9:16:9f:a3:2f:8d:df:6d:69:5b:65:04:07:1d:31:43:4b:5b:
         e3:02:a9:a6:b1:44:a0:c1:7e:0d:39:3a:c2:ff:d9:ff:76:0f:
         d0:e7:df:17:83:9c:29:05:6d:de:6f:57:6c:03:cd:04:a6:ba:
         be:36:6b:1d:3b:10:ad:f4:cf:36:51:94:a4:0b:f6:58:60:69:
         25:c9:3e:44:1e:29:b8:9e:84:76:65:18:d6:1e:4d:d8:b1:0d:
         42:11:4c:b9:42:bd:c5:ea:07:90:6a:3c:35:12:d0:a3:1f:da:
         c9:5e:e8:92:97:d0:da:ee:89:d5:c6:70:0a:37:62:0f:10:72:
         5d:7b:71:8e:60:a5:fb:63:8d:76:8e:0d:36:f3:4f:6b:f8:ab:
         ec:3c:5f:64:b7:70:72:d8:4e:d0:5e:b9:7d:13:70:9f:b4:c2:
         48:cf:49:b0:dc:9d:ed:5b:1a:c0:16:87:1a:65:4b:d6:67:55:
         3e:0b:60:69
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZxsUtHQSvwA0pLXeaLZlbP3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MTZkYzlkYjRlNDlkZTcxYjJmZDA4MTlkYWU4NTNhZWIw
NTNiMDYwHhcNMjYwMjE3MTU1ODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGU5ODA1YjFlMDJjMTQ4ZDc0Y2U5NmVkZGUxOTE3MGZmMWVjNjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuYWlD+Ci1I/og6mNS7yp77I3T9I
gJ96sNo78apTqHzKLgilI+Cx3O9taWMkGWP4GdJgPyr8/XERizIRPCGXLuIJPo65
Ed4NPTX1omCF2uDzgiLKv4tO2Up3aUZc5N+v+cdUdoogUdoKvzErPcC1X05ReStn
EZe7SZMGO7sJZRChd7WaaviXVdJ/PZaNoGDOewlCfuAAoB7ZR8kJqD4cz3pPGepS
gX2eU+8jKYtZePQ8OVnmlyjAoEK7269+GZk5dBb8iRGFBh5ZW+CAZTO22m0lr+FK
ic35pZQ2+fUaMxYJ9MMQHWGIXIEFdMNDY16n/3tYHNk6Ps3gCpapnfJYOwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFN3pgFseAsFI10zpbt3hkXD/HsZOMB8GA1UdIwQY
MBaAFOkW3J205J3nGy/QgZ2uhTrrBTsGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlJiY25iVGtuZWNiTDlDQm5hNkZPdXNGT3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS8xYWY0YTUtMGQ2Yy00Nzc2LWJlNWMt
YmU4NTJmNjQ0MjAxLzEvM2VtQVd4NEN3VWpYVE9sdTNlR1JjUDhleGs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS8xYWY0YTUtMGQ2Yy00Nzc2LWJlNWMtYmU4NTJmNjQ0MjAx
LzEvNlJiY25iVGtuZWNiTDlDQm5hNkZPdXNGT3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAa6GaAwQA
x1NnAwQAyrW8MA0GCSqGSIb3DQEBCwUAA4IBAQAkhzYs3xjWp48l56+sB5+1yZrD
3cAJj9SzEWo8DdLR+D/+HqwAQLbQDZ94E93YEXB/VJWVchfdEM6B349fxoJVGpXA
OACDF/a5Fp+jL43fbWlbZQQHHTFDS1vjAqmmsUSgwX4NOTrC/9n/dg/Q598Xg5wp
BW3eb1dsA80Eprq+NmsdOxCt9M82UZSkC/ZYYGklyT5EHim4noR2ZRjWHk3YsQ1C
EUy5Qr3F6geQajw1EtCjH9rJXuiSl9Da7onVxnAKN2IPEHJde3GOYKX7Y412jg02
809r+KvsPF9kt3By2E7QXrl9E3CftMJIz0mw3J3tWxrAFocaZUvWZ1U+C2Bp
-----END CERTIFICATE-----