Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/xrrpKTguwBuBpNxObUH0v5EKvzk.roa
File:                     xrrpKTguwBuBpNxObUH0v5EKvzk.roa (raw, json)
Hash identifier:          S/YgOzBoVEPEAhyuGlYfUvqZQOfq2qr9sbyLK1h//oc=
Subject key identifier:   C6:BA:E9:29:38:2E:C0:1B:81:A4:DC:4E:6D:41:F4:BF:91:0A:BF:39
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019C88E7F0A001FD2156D871543010570317
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/xrrpKTguwBuBpNxObUH0v5EKvzk.roa
Signing time:             Mon 23 Feb 2026 05:10:27 +0000
ROA not before:           Mon 23 Feb 2026 05:10:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211780
IP address blocks:        5.231.26.0/24 maxlen: 24
                          5.231.115.0/24 maxlen: 24
                          2a02:2fc0:20::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:88:e7:f0:a0:01:fd:21:56:d8:71:54:30:10:57:03:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Feb 23 05:10:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c6bae929382ec01b81a4dc4e6d41f4bf910abf39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:6c:fc:11:0c:0b:10:92:6a:70:c6:25:86:48:
                    fe:70:aa:3e:74:2e:03:18:0c:7e:c0:f5:8a:d1:c9:
                    0f:68:5f:20:4d:40:1a:33:a3:58:c1:60:38:73:35:
                    8d:29:5a:12:56:da:77:ee:04:6d:d8:11:54:a4:d7:
                    4e:c0:c8:b5:15:1b:09:cf:5b:fd:4d:7a:fb:6c:73:
                    62:6b:4f:1d:73:f7:8c:5d:bf:b7:a7:3e:77:1a:1f:
                    0e:10:94:bf:de:d4:ba:99:00:e4:5b:ed:5b:02:d6:
                    08:24:a1:7e:c9:52:39:98:95:a7:66:9e:51:51:82:
                    c8:61:7f:5f:56:97:c2:10:ab:47:49:6f:c1:8b:c1:
                    fc:d5:5a:f2:16:d6:29:c2:89:d0:34:a8:7d:17:e3:
                    cd:f3:3e:4f:41:aa:71:58:62:23:19:97:4e:43:1c:
                    40:d6:12:3a:cc:a4:4e:6e:0f:4e:22:31:da:75:15:
                    61:a7:95:d6:cf:a4:ca:52:41:15:0e:3f:bc:b6:b0:
                    3d:d6:0e:9a:0b:f9:f5:5c:ac:6e:04:5e:69:7f:94:
                    66:bb:c3:b9:cc:aa:7c:6b:1d:72:4c:d7:8d:c8:40:
                    1e:de:cc:31:e8:dc:f3:3d:37:79:ce:4c:1d:e6:b9:
                    83:f2:cb:ad:0d:03:06:87:6b:42:f6:dc:73:59:44:
                    09:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:BA:E9:29:38:2E:C0:1B:81:A4:DC:4E:6D:41:F4:BF:91:0A:BF:39
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/xrrpKTguwBuBpNxObUH0v5EKvzk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.231.26.0/24
                  5.231.115.0/24
                IPv6:
                  2a02:2fc0:20::/48

    Signature Algorithm: sha256WithRSAEncryption
         8f:11:3f:d8:07:13:f5:38:b8:13:69:32:32:d8:b7:36:54:d0:
         3a:43:15:53:0f:da:8b:fa:51:38:48:8e:3a:51:7c:f1:ab:4d:
         44:58:fc:ff:70:4e:3e:06:00:c7:87:1e:f5:90:b9:91:7e:63:
         e6:c0:2f:2c:00:f5:14:49:a5:7d:f6:06:f4:2a:0a:23:50:21:
         ce:af:76:56:2b:22:70:9b:3a:ef:35:0a:fd:b1:2e:87:f6:3b:
         4f:68:3b:59:67:f7:57:4c:d2:16:d5:5d:c9:3c:5b:ed:ef:59:
         fa:93:c7:10:23:a6:e1:cd:a5:61:ff:90:0d:35:2c:2e:f2:83:
         87:e3:e7:4f:ad:38:db:18:f3:f9:5d:05:ce:db:40:a8:01:00:
         9e:54:b6:df:29:2b:70:e0:fd:d2:01:42:f0:ce:b1:e6:bd:96:
         3d:81:bc:43:f9:0f:0a:c0:c4:03:cb:69:39:7c:ac:ff:a0:37:
         54:77:2c:10:e5:d7:94:20:0b:f2:23:6c:f8:dd:e4:bd:88:3c:
         52:39:a0:a0:00:0e:b4:42:8e:c0:47:c4:c1:90:4a:8c:ca:7c:
         f6:da:ef:b4:a2:b0:9c:ad:d1:90:40:59:c5:67:a4:c7:ec:07:
         0c:8c:3b:c1:0f:b2:ca:ac:81:82:ff:e9:1c:d4:da:e5:1d:79:
         45:ed:40:41
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZyI5/CgAf0hVthxVDAQVwMXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwMjIzMDUxMDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmJhZTkyOTM4MmVjMDFiODFhNGRjNGU2ZDQxZjRiZjkxMGFiZjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2z8EQwLEJJqcMYlhkj+cKo+dC4D
GAx+wPWK0ckPaF8gTUAaM6NYwWA4czWNKVoSVtp37gRt2BFUpNdOwMi1FRsJz1v9
TXr7bHNia08dc/eMXb+3pz53Gh8OEJS/3tS6mQDkW+1bAtYIJKF+yVI5mJWnZp5R
UYLIYX9fVpfCEKtHSW/Bi8H81VryFtYpwonQNKh9F+PN8z5PQapxWGIjGZdOQxxA
1hI6zKRObg9OIjHadRVhp5XWz6TKUkEVDj+8trA91g6aC/n1XKxuBF5pf5Rmu8O5
zKp8ax1yTNeNyEAe3swx6NzzPTd5zkwd5rmD8sutDQMGh2tC9txzWUQJpwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFMa66Sk4LsAbgaTcTm1B9L+RCr85MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEveHJycEtUZ3V3QnVCcE54T2JVSDB2NUVLdnprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQABecaAwQA
BedzMA8EAgACMAkDBwAqAi/AACAwDQYJKoZIhvcNAQELBQADggEBAI8RP9gHE/U4
uBNpMjLYtzZU0DpDFVMP2ov6UThIjjpRfPGrTURY/P9wTj4GAMeHHvWQuZF+Y+bA
LywA9RRJpX32BvQqCiNQIc6vdlYrInCbOu81Cv2xLof2O09oO1ln91dM0hbVXck8
W+3vWfqTxxAjpuHNpWH/kA01LC7yg4fj50+tONsY8/ldBc7bQKgBAJ5Utt8pK3Dg
/dIBQvDOsea9lj2BvEP5DwrAxAPLaTl8rP+gN1R3LBDl15QgC/IjbPjd5L2IPFI5
oKAADrRCjsBHxMGQSozKfPba77SisJyt0ZBAWcVnpMfsBwyMO8EPssqsgYL/6RzU
2uUdeUXtQEE=
-----END CERTIFICATE-----