Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/H6j2YcxGPuQWqu9OyhiacM_qzkQ.roa
File:                     H6j2YcxGPuQWqu9OyhiacM_qzkQ.roa (raw, json)
Hash identifier:          88ByhngXAJHqcUqkmc3yfcx0+JkOUbJeAF6MreNXpKs=
Subject key identifier:   1F:A8:F6:61:CC:46:3E:E4:16:AA:EF:4E:CA:18:9A:70:CF:EA:CE:44
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019C56601521F15909D253A78E7AF04B8B63
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/H6j2YcxGPuQWqu9OyhiacM_qzkQ.roa
Signing time:             Fri 13 Feb 2026 09:41:03 +0000
ROA not before:           Fri 13 Feb 2026 09:41:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     393406
IP address blocks:        185.199.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Feb 2026 14:13:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:56:60:15:21:f1:59:09:d2:53:a7:8e:7a:f0:4b:8b:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Feb 13 09:41:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1fa8f661cc463ee416aaef4eca189a70cfeace44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e0:d0:8c:01:d8:65:4c:15:d0:c0:96:e9:16:
                    2d:e2:18:24:fe:fd:45:2a:33:28:ee:d8:1b:67:71:
                    24:e4:12:3d:88:d5:35:1b:27:d4:d0:17:49:40:0c:
                    59:e0:4d:d4:32:72:b4:6f:44:57:de:0b:45:d7:49:
                    ea:f8:4c:6c:dc:c9:bd:fe:57:28:bb:bf:f4:1f:f8:
                    39:70:6b:2c:c6:fb:0a:7e:94:9d:68:a7:d1:19:1d:
                    5d:d4:72:e3:26:42:0a:3a:86:c2:ac:48:2d:22:ab:
                    86:c7:f4:00:bc:79:66:68:e7:84:57:8c:b8:53:b5:
                    76:a1:62:fe:48:d1:c8:39:d0:c8:f9:47:40:dc:4b:
                    5a:4b:f9:63:f5:dc:de:e0:3c:e2:d4:0e:f9:d3:7e:
                    e5:f3:e3:a0:0c:a6:5f:d4:46:d5:8d:88:5d:96:e8:
                    f9:a8:3f:d9:36:4d:fc:43:eb:d1:69:3d:df:9a:06:
                    c2:50:bf:c6:26:cb:1c:ec:30:37:bd:76:5a:6e:dd:
                    a6:1f:3f:90:ad:01:fd:ad:5f:d0:b0:56:76:67:56:
                    96:7a:56:65:8e:97:70:63:8f:fa:97:82:34:9d:ea:
                    8b:bf:c2:67:a1:ee:a5:8d:9f:46:bc:63:c3:d5:ad:
                    1c:54:2f:e2:b8:09:67:09:c9:58:d2:7f:59:b5:7f:
                    9c:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:A8:F6:61:CC:46:3E:E4:16:AA:EF:4E:CA:18:9A:70:CF:EA:CE:44
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/H6j2YcxGPuQWqu9OyhiacM_qzkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:e4:8a:c1:bf:66:9e:8c:34:4f:75:01:fa:c2:5a:9f:04:91:
         27:d4:af:30:6d:d9:8e:f0:2d:98:bb:f0:b7:f8:d2:7c:d9:6a:
         74:54:51:9a:d4:41:6c:71:cb:95:04:76:a1:ae:3a:be:26:27:
         56:d0:68:0b:70:9f:72:d2:2c:06:3b:a6:fa:30:cc:f4:20:9f:
         f2:f7:d9:43:f2:fe:c0:17:ef:5e:44:42:9a:8e:ba:d0:d6:04:
         5a:9e:ba:40:8f:6d:cf:52:3e:30:d0:ef:dc:57:14:56:d5:a3:
         df:57:94:27:04:a2:3c:48:b8:39:19:5f:9b:11:fe:31:8b:df:
         88:fc:d9:cb:2e:73:a8:03:96:6d:31:6e:69:67:66:2a:fa:33:
         7d:2c:53:3f:3a:f1:be:17:1a:b7:53:da:b8:94:76:da:c2:8e:
         c8:3d:c2:cd:8d:97:8b:3e:87:9f:ca:74:d1:cb:85:b7:a4:45:
         a5:4b:e7:94:81:77:36:fc:5f:35:12:f2:bb:69:5d:ca:26:37:
         22:f9:f0:fe:33:a8:d2:88:52:ea:8f:39:91:75:00:6f:98:cc:
         01:40:c4:8c:f5:62:c3:10:0f:02:5b:14:10:c5:09:ad:1e:8e:
         15:95:d9:99:ac:cd:f7:ae:9a:a8:f6:9d:6c:8a:d2:33:85:42:
         df:ab:53:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxWYBUh8VkJ0lOnjnrwS4tjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwMjEzMDk0MTAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmE4ZjY2MWNjNDYzZWU0MTZhYWVmNGVjYTE4OWE3MGNmZWFjZTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+DQjAHYZUwV0MCW6RYt4hgk/v1F
KjMo7tgbZ3Ek5BI9iNU1GyfU0BdJQAxZ4E3UMnK0b0RX3gtF10nq+Exs3Mm9/lco
u7/0H/g5cGssxvsKfpSdaKfRGR1d1HLjJkIKOobCrEgtIquGx/QAvHlmaOeEV4y4
U7V2oWL+SNHIOdDI+UdA3EtaS/lj9dze4Dzi1A75037l8+OgDKZf1EbVjYhdluj5
qD/ZNk38Q+vRaT3fmgbCUL/GJssc7DA3vXZabt2mHz+QrQH9rV/QsFZ2Z1aWelZl
jpdwY4/6l4I0neqLv8Jnoe6ljZ9GvGPD1a0cVC/iuAlnCclY0n9ZtX+c6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+o9mHMRj7kFqrvTsoYmnDP6s5EMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvSDZqMlljeEdQdVFXcXU5T3loaWFjTV9xemtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuceeMA0G
CSqGSIb3DQEBCwUAA4IBAQBt5IrBv2aejDRPdQH6wlqfBJEn1K8wbdmO8C2Yu/C3
+NJ82Wp0VFGa1EFsccuVBHahrjq+JidW0GgLcJ9y0iwGO6b6MMz0IJ/y99lD8v7A
F+9eREKajrrQ1gRanrpAj23PUj4w0O/cVxRW1aPfV5QnBKI8SLg5GV+bEf4xi9+I
/NnLLnOoA5ZtMW5pZ2Yq+jN9LFM/OvG+Fxq3U9q4lHbawo7IPcLNjZeLPoefynTR
y4W3pEWlS+eUgXc2/F81EvK7aV3KJjci+fD+M6jSiFLqjzmRdQBvmMwBQMSM9WLD
EA8CWxQQxQmtHo4VldmZrM33rpqo9p1sitIzhULfq1Mx
-----END CERTIFICATE-----