Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/ff6761-cfa2-4c78-966b-a036d97c4e2b/1/dO3RNAISfOv0O9_8IUROa2pKet4.roa
File:                     dO3RNAISfOv0O9_8IUROa2pKet4.roa (raw, json)
Hash identifier:          C48BcGhKAuvtDpW8RyICY4ut3E1OUd47JnUb0vzluWg=
Subject key identifier:   74:ED:D1:34:02:12:7C:EB:F4:3B:DF:FC:21:44:4E:6B:6A:4A:7A:DE
Certificate issuer:       /CN=0e0adff9e599c49197c6b540a15224eb5aeaf6df
Certificate serial:       019C4CB67AB8907538F476EA1FEF895FF3D8
Authority key identifier: 0E:0A:DF:F9:E5:99:C4:91:97:C6:B5:40:A1:52:24:EB:5A:EA:F6:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dgrf-eWZxJGXxrVAoVIk61rq9t8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/ff6761-cfa2-4c78-966b-a036d97c4e2b/1/dO3RNAISfOv0O9_8IUROa2pKet4.roa
Signing time:             Wed 11 Feb 2026 12:39:12 +0000
ROA not before:           Wed 11 Feb 2026 12:39:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        195.13.37.128/26 maxlen: 26
                          2001:7f8:4f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/ff6761-cfa2-4c78-966b-a036d97c4e2b/1/Dgrf-eWZxJGXxrVAoVIk61rq9t8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/ff6761-cfa2-4c78-966b-a036d97c4e2b/1/Dgrf-eWZxJGXxrVAoVIk61rq9t8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dgrf-eWZxJGXxrVAoVIk61rq9t8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Feb 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4c:b6:7a:b8:90:75:38:f4:76:ea:1f:ef:89:5f:f3:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e0adff9e599c49197c6b540a15224eb5aeaf6df
        Validity
            Not Before: Feb 11 12:39:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=74edd13402127cebf43bdffc21444e6b6a4a7ade
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:48:c6:4b:5c:a7:bc:2a:f9:ad:07:99:0a:fa:
                    ef:a6:fd:aa:27:a0:3d:d0:a9:81:22:8b:96:01:52:
                    70:61:cc:bc:70:48:25:95:39:38:92:f7:62:7b:69:
                    e8:b9:f0:b8:41:d1:78:64:42:98:31:af:f7:97:bc:
                    eb:72:ae:a8:7c:36:f0:c9:42:78:ef:2c:8f:71:42:
                    27:ad:8d:ee:35:13:fe:86:ed:71:30:b8:b3:3c:ae:
                    71:76:37:a4:1e:37:ec:cf:09:58:59:79:03:ea:85:
                    5c:dd:d6:71:4d:6f:4c:0d:78:d0:e8:31:9c:76:cb:
                    e3:9c:a4:b0:9d:cf:97:e6:9c:08:c3:bf:9e:88:c1:
                    e6:da:74:c6:33:ef:42:f0:5d:66:35:72:f9:45:00:
                    34:31:3b:12:f2:d0:15:5c:a2:3d:25:e7:ed:f8:5a:
                    d3:99:9f:8b:e7:16:49:05:ca:bb:68:ee:07:c4:dd:
                    a4:b1:70:14:5a:35:1f:a6:f4:67:62:b1:7a:15:97:
                    05:58:7c:7e:92:f7:e8:a4:ee:8d:65:9f:ed:82:fb:
                    7c:dd:63:53:0e:27:cf:af:8c:0e:40:51:b2:60:6d:
                    3e:41:84:14:3f:2c:48:8c:d4:21:4e:76:69:1a:48:
                    e5:ae:ff:40:55:c4:6f:8c:eb:38:c4:68:06:6a:fc:
                    f6:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:ED:D1:34:02:12:7C:EB:F4:3B:DF:FC:21:44:4E:6B:6A:4A:7A:DE
            X509v3 Authority Key Identifier:
                keyid:0E:0A:DF:F9:E5:99:C4:91:97:C6:B5:40:A1:52:24:EB:5A:EA:F6:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dgrf-eWZxJGXxrVAoVIk61rq9t8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/ff6761-cfa2-4c78-966b-a036d97c4e2b/1/dO3RNAISfOv0O9_8IUROa2pKet4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/ff6761-cfa2-4c78-966b-a036d97c4e2b/1/Dgrf-eWZxJGXxrVAoVIk61rq9t8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.13.37.128/26
                IPv6:
                  2001:7f8:4f::/48

    Signature Algorithm: sha256WithRSAEncryption
         37:23:bf:e0:d4:43:32:e2:ed:7b:d9:dc:e0:8f:a4:f0:8b:ac:
         22:9e:1f:95:05:8d:8f:fb:dd:55:25:85:2f:ce:5b:20:77:86:
         8c:2b:73:83:2d:44:d9:4b:3d:c7:72:2c:87:db:34:35:1f:2b:
         80:72:2a:ca:26:28:03:78:f8:f2:eb:57:cc:09:bc:44:c8:e7:
         36:f8:ca:be:ec:70:3f:a4:7d:f1:d5:67:3d:a1:02:f8:aa:eb:
         b4:20:6e:fd:79:ee:aa:59:9c:6a:52:32:bb:e4:2d:67:cf:08:
         3a:e6:79:0a:24:dc:d3:35:86:7e:89:84:05:0d:c0:d3:90:ca:
         f8:b0:ec:e0:ab:10:36:cb:b2:10:f6:d9:ca:e8:42:20:64:c8:
         a2:72:21:d1:07:5c:f1:97:9c:a6:bb:95:56:ad:76:7f:a9:64:
         1e:2c:96:5d:52:84:04:cb:89:9d:c8:49:b6:75:23:c5:9c:dd:
         d7:8b:37:7b:6d:47:48:b2:a1:ba:3e:94:f9:73:80:30:cc:d4:
         b7:21:4f:cd:0a:d7:74:73:1a:ba:68:8b:eb:ce:8f:55:cd:68:
         3c:f0:ad:3b:ca:74:86:88:2e:c1:1e:a5:01:08:28:6b:fc:17:
         45:cf:e1:01:89:15:2b:b1:30:c6:26:21:26:59:ae:86:c0:30:
         1d:21:6c:a5
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZxMtnq4kHU49HbqH++JX/PYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMGFkZmY5ZTU5OWM0OTE5N2M2YjU0MGExNTIyNGViNWFl
YWY2ZGYwHhcNMjYwMjExMTIzOTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGVkZDEzNDAyMTI3Y2ViZjQzYmRmZmMyMTQ0NGU2YjZhNGE3YWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEjGS1ynvCr5rQeZCvrvpv2qJ6A9
0KmBIouWAVJwYcy8cEgllTk4kvdie2noufC4QdF4ZEKYMa/3l7zrcq6ofDbwyUJ4
7yyPcUInrY3uNRP+hu1xMLizPK5xdjekHjfszwlYWXkD6oVc3dZxTW9MDXjQ6DGc
dsvjnKSwnc+X5pwIw7+eiMHm2nTGM+9C8F1mNXL5RQA0MTsS8tAVXKI9Jeft+FrT
mZ+L5xZJBcq7aO4HxN2ksXAUWjUfpvRnYrF6FZcFWHx+kvfopO6NZZ/tgvt83WNT
DifPr4wOQFGyYG0+QYQUPyxIjNQhTnZpGkjlrv9AVcRvjOs4xGgGavz24wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFHTt0TQCEnzr9Dvf/CFETmtqSnreMB8GA1UdIwQY
MBaAFA4K3/nlmcSRl8a1QKFSJOta6vbfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGdyZi1lV1p4SkdYeHJWQW9WSWs2MXJxOXQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy9mZjY3NjEtY2ZhMi00Yzc4LTk2NmIt
YTAzNmQ5N2M0ZTJiLzEvZE8zUk5BSVNmT3YwTzlfOElVUk9hMnBLZXQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy9mZjY3NjEtY2ZhMi00Yzc4LTk2NmItYTAzNmQ5N2M0ZTJi
LzEvRGdyZi1lV1p4SkdYeHJWQW9WSWs2MXJxOXQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDANBAIAATAHAwUGww0lgDAP
BAIAAjAJAwcAIAEH+ABPMA0GCSqGSIb3DQEBCwUAA4IBAQA3I7/g1EMy4u172dzg
j6Twi6winh+VBY2P+91VJYUvzlsgd4aMK3ODLUTZSz3HciyH2zQ1HyuAcirKJigD
ePjy61fMCbxEyOc2+Mq+7HA/pH3x1Wc9oQL4quu0IG79ee6qWZxqUjK75C1nzwg6
5nkKJNzTNYZ+iYQFDcDTkMr4sOzgqxA2y7IQ9tnK6EIgZMiiciHRB1zxl5ymu5VW
rXZ/qWQeLJZdUoQEy4mdyEm2dSPFnN3Xizd7bUdIsqG6PpT5c4AwzNS3IU/NCtd0
cxq6aIvrzo9VzWg88K07ynSGiC7BHqUBCChr/BdFz+EBiRUrsTDGJiEmWa6GwDAd
IWyl
-----END CERTIFICATE-----