Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/8J5M_8et92Y_EQUQi8RBlA8uFfE.roa
File:                     8J5M_8et92Y_EQUQi8RBlA8uFfE.roa (raw, json)
Hash identifier:          IVFJJthOWGaQJEUlxcg3vS4ZvXmwCHw5FOWb2JdkWU8=
Subject key identifier:   F0:9E:4C:FF:C7:AD:F7:66:3F:11:05:10:8B:C4:41:94:0F:2E:15:F1
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019C5731E3E912AB875568695116EEE32D73
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/8J5M_8et92Y_EQUQi8RBlA8uFfE.roa
Signing time:             Fri 13 Feb 2026 13:30:13 +0000
ROA not before:           Fri 13 Feb 2026 13:30:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58061
IP address blocks:        163.5.26.0/24 maxlen: 24
                          163.5.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:57:31:e3:e9:12:ab:87:55:68:69:51:16:ee:e3:2d:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Feb 13 13:30:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f09e4cffc7adf7663f1105108bc441940f2e15f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:43:84:f0:7f:fb:1f:df:79:87:04:5e:9b:5b:
                    d2:cc:98:5c:0f:8a:72:1c:da:be:8d:64:81:68:0d:
                    67:12:55:08:9b:31:0d:bb:bb:d4:c0:b2:49:0b:a8:
                    08:e4:99:82:5c:44:41:a0:bc:4f:c9:a8:b2:17:76:
                    94:d9:57:15:0b:7b:f6:5b:4a:76:4b:30:86:d0:6c:
                    76:82:35:d2:b5:93:41:8e:58:70:4d:9b:55:22:cb:
                    65:66:c3:40:de:1b:b9:8b:0f:d9:d7:1a:60:4b:08:
                    0a:fb:77:1a:81:7e:1d:f5:0d:a2:f1:b6:59:a8:5a:
                    e5:e2:de:0a:ac:80:fe:7d:cf:53:f6:b0:b5:00:91:
                    4c:d6:87:f1:bd:55:7d:58:54:3e:be:b5:63:bd:21:
                    19:b0:c5:6d:0e:f3:b6:3e:5b:6a:62:17:fd:9a:00:
                    ee:67:0f:b4:53:05:c3:1d:8a:53:09:db:d7:88:0b:
                    f6:2a:5e:5e:40:34:62:b5:2d:bb:c3:6d:60:3d:cd:
                    af:77:6e:e0:92:c0:58:9b:20:76:36:3b:20:ab:5b:
                    5b:75:a7:b8:48:30:42:2e:79:82:d5:96:f3:2e:df:
                    bc:67:eb:c7:f0:7f:15:d5:3b:2d:43:f2:9c:a2:24:
                    94:30:ad:03:f2:f0:1b:f9:21:85:7e:0b:90:ae:ac:
                    f2:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:9E:4C:FF:C7:AD:F7:66:3F:11:05:10:8B:C4:41:94:0F:2E:15:F1
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/8J5M_8et92Y_EQUQi8RBlA8uFfE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.26.0/24
                  163.5.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:c3:65:4d:4e:a4:99:a2:32:94:00:08:ac:07:5b:c3:70:fc:
         df:1c:11:74:3e:e6:f6:24:a7:06:30:cc:23:0c:44:bf:cb:b3:
         10:40:fd:fe:c1:b8:b7:2f:49:bd:eb:ce:13:06:86:20:4d:f1:
         2b:74:d0:5f:dc:26:48:2e:8b:f3:5b:4c:9c:dd:44:60:c5:69:
         d9:5f:51:66:4d:05:0a:bb:f0:b3:22:ea:77:1f:7a:60:85:45:
         f8:9d:d6:f9:b8:2c:c6:3b:4b:a5:ca:43:b4:66:d6:38:20:f2:
         b8:20:32:77:c6:f7:4c:e6:36:22:19:8f:d8:d7:ff:ed:79:da:
         1b:ee:6a:ba:f3:ad:c5:a3:77:5b:3f:47:02:8f:25:99:e3:9b:
         20:f2:d8:eb:f8:fc:bb:64:38:15:8d:6b:d1:0d:9f:cf:d2:38:
         2c:77:69:22:62:42:99:24:96:35:23:ad:0d:6c:83:ac:48:ca:
         b3:8a:58:6d:a1:e6:96:b8:60:85:a9:a5:f5:04:fe:28:0a:bc:
         30:67:97:81:9d:8b:7b:9c:d3:0e:3c:41:a6:12:18:0a:2b:b9:
         8a:62:3f:ad:3a:f3:0e:78:43:0c:fa:2f:83:81:98:8c:a4:4e:
         f2:13:e2:f8:15:d1:30:b4:7b:e8:d7:42:0e:be:0d:10:72:5e:
         cd:8b:8c:8e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxXMePpEquHVWhpURbu4y1zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMjEzMTMzMDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDllNGNmZmM3YWRmNzY2M2YxMTA1MTA4YmM0NDE5NDBmMmUxNWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0OE8H/7H995hwRem1vSzJhcD4py
HNq+jWSBaA1nElUImzENu7vUwLJJC6gI5JmCXERBoLxPyaiyF3aU2VcVC3v2W0p2
SzCG0Gx2gjXStZNBjlhwTZtVIstlZsNA3hu5iw/Z1xpgSwgK+3cagX4d9Q2i8bZZ
qFrl4t4KrID+fc9T9rC1AJFM1ofxvVV9WFQ+vrVjvSEZsMVtDvO2PltqYhf9mgDu
Zw+0UwXDHYpTCdvXiAv2Kl5eQDRitS27w21gPc2vd27gksBYmyB2Njsgq1tbdae4
SDBCLnmC1ZbzLt+8Z+vH8H8V1TstQ/KcoiSUMK0D8vAb+SGFfguQrqzyiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPCeTP/HrfdmPxEFEIvEQZQPLhXxMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvOEo1TV84ZXQ5MllfRVFVUWk4UkJsQTh1RmZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowUaAwQA
owW3MA0GCSqGSIb3DQEBCwUAA4IBAQBBw2VNTqSZojKUAAisB1vDcPzfHBF0Pub2
JKcGMMwjDES/y7MQQP3+wbi3L0m9684TBoYgTfErdNBf3CZILovzW0yc3URgxWnZ
X1FmTQUKu/CzIup3H3pghUX4ndb5uCzGO0ulykO0ZtY4IPK4IDJ3xvdM5jYiGY/Y
1//tedob7mq6863Fo3dbP0cCjyWZ45sg8tjr+Py7ZDgVjWvRDZ/P0jgsd2kiYkKZ
JJY1I60NbIOsSMqzilhtoeaWuGCFqaX1BP4oCrwwZ5eBnYt7nNMOPEGmEhgKK7mK
Yj+tOvMOeEMM+i+DgZiMpE7yE+L4FdEwtHvo10IOvg0Qcl7Ni4yO
-----END CERTIFICATE-----