Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/36fFRH4YUOLzCfa4FpCOqwCaGnY.roa
File:                     36fFRH4YUOLzCfa4FpCOqwCaGnY.roa (raw, json)
Hash identifier:          w2yC99pJq/G0WFmIu7IRCBEE47mJ+HQkIbalFcg4HKA=
Subject key identifier:   DF:A7:C5:44:7E:18:50:E2:F3:09:F6:B8:16:90:8E:AB:00:9A:1A:76
Certificate issuer:       /CN=17067977efd14bc89fb0daba03bb0f600fbb0184
Certificate serial:       019C562CF59331016D2C3029D8E38E53BBCC
Authority key identifier: 17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/36fFRH4YUOLzCfa4FpCOqwCaGnY.roa
Signing time:             Fri 13 Feb 2026 08:45:12 +0000
ROA not before:           Fri 13 Feb 2026 08:45:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63199
IP address blocks:        86.110.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:56:2c:f5:93:31:01:6d:2c:30:29:d8:e3:8e:53:bb:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17067977efd14bc89fb0daba03bb0f600fbb0184
        Validity
            Not Before: Feb 13 08:45:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dfa7c5447e1850e2f309f6b816908eab009a1a76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:8b:39:aa:27:61:39:e8:86:22:26:69:b2:1a:
                    b4:4e:90:49:78:29:df:9c:81:ed:94:02:01:a1:e9:
                    c9:a7:c7:c0:29:fd:73:9a:da:a1:5b:c8:e0:82:92:
                    fb:8e:a8:a2:81:a3:20:bb:6d:be:f1:00:23:be:63:
                    fe:18:1c:cd:6e:35:47:13:95:3c:7e:10:8a:b9:b1:
                    43:b3:ce:21:40:1e:a2:4b:52:82:20:ae:21:b0:37:
                    5b:40:87:a6:13:ad:bc:dd:83:a1:f7:e0:d3:3d:84:
                    5a:40:e3:29:dd:77:15:55:bf:9a:26:e4:60:69:cd:
                    b0:0f:70:e5:33:53:1f:11:b5:49:68:c3:af:e2:43:
                    3f:60:5c:f5:cf:ff:95:85:3e:3c:3a:ca:48:26:ca:
                    a6:31:ff:bb:b0:17:9a:b0:55:c8:79:f4:74:45:9f:
                    3a:87:6e:aa:a7:22:ba:50:a3:78:d0:c9:a2:4a:c7:
                    e8:3d:54:f0:54:a0:a4:0a:eb:17:6f:6a:14:b1:56:
                    c4:7a:6a:5e:87:61:f2:3a:ab:49:af:00:5e:84:76:
                    fb:c7:52:76:01:39:55:23:fa:31:ad:6c:1e:d2:2c:
                    8b:e3:96:14:bf:20:61:81:18:2e:65:66:28:b4:9e:
                    c1:84:cc:ed:e9:4d:f3:d8:3c:19:f4:f8:ff:15:b7:
                    ab:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:A7:C5:44:7E:18:50:E2:F3:09:F6:B8:16:90:8E:AB:00:9A:1A:76
            X509v3 Authority Key Identifier:
                keyid:17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/36fFRH4YUOLzCfa4FpCOqwCaGnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:d5:b1:c9:23:25:6b:11:6f:70:13:dc:29:56:af:b8:a6:71:
         9d:dd:b0:f5:ba:f2:b3:e5:a2:5f:5a:d2:b5:2c:5b:3d:0b:9e:
         8d:e1:c3:80:9d:92:9a:69:88:d8:47:6e:2d:26:12:c0:79:48:
         c7:f8:8f:81:ac:12:6a:9e:ca:b0:c6:c0:66:57:f5:97:5c:51:
         81:4a:a5:93:57:74:e7:e4:18:5d:f0:28:21:6a:a4:c5:38:1c:
         ba:94:ef:62:38:f2:09:e8:2e:fc:5b:6d:1e:b6:95:83:77:7c:
         ee:56:da:e1:86:55:8c:ad:a6:ff:bc:fe:97:ae:2a:5b:1c:b0:
         23:eb:e0:90:33:5a:3c:d4:50:50:3f:17:0b:f8:a2:73:33:c8:
         fe:c0:d6:fe:cf:5d:23:51:58:76:1c:2a:cf:82:a4:da:4d:5e:
         b1:a2:00:48:99:bd:7a:12:31:d6:0b:b7:43:82:ac:60:8b:cb:
         95:07:1c:b6:32:89:c9:24:91:ef:d8:5d:2a:9d:76:de:5b:8a:
         e3:40:51:fb:25:e7:03:36:06:c4:ae:56:e5:93:46:6d:97:7c:
         86:8f:30:a6:2f:31:97:02:b3:77:60:73:24:a8:fa:b9:8d:f0:
         1d:90:14:4b:21:4b:4c:78:9d:8e:c8:f2:c1:1a:f2:4a:34:34:
         88:75:3a:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxWLPWTMQFtLDAp2OOOU7vMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MDY3OTc3ZWZkMTRiYzg5ZmIwZGFiYTAzYmIwZjYwMGZi
YjAxODQwHhcNMjYwMjEzMDg0NTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmE3YzU0NDdlMTg1MGUyZjMwOWY2YjgxNjkwOGVhYjAwOWExYTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYs5qidhOeiGIiZpshq0TpBJeCnf
nIHtlAIBoenJp8fAKf1zmtqhW8jggpL7jqiigaMgu22+8QAjvmP+GBzNbjVHE5U8
fhCKubFDs84hQB6iS1KCIK4hsDdbQIemE6283YOh9+DTPYRaQOMp3XcVVb+aJuRg
ac2wD3DlM1MfEbVJaMOv4kM/YFz1z/+VhT48OspIJsqmMf+7sBeasFXIefR0RZ86
h26qpyK6UKN40MmiSsfoPVTwVKCkCusXb2oUsVbEempeh2HyOqtJrwBehHb7x1J2
ATlVI/oxrWwe0iyL45YUvyBhgRguZWYotJ7BhMzt6U3z2DwZ9Pj/FberawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN+nxUR+GFDi8wn2uBaQjqsAmhp2MB8GA1UdIwQY
MBaAFBcGeXfv0UvIn7DaugO7D2APuwGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvMzZmRlJINFlVT0x6Q2ZhNEZwQ09xd0NhR25ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm4hMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ1bHJIyVrEW9wE9wpVq+4pnGd3bD1uvKz5aJfWtK1
LFs9C56N4cOAnZKaaYjYR24tJhLAeUjH+I+BrBJqnsqwxsBmV/WXXFGBSqWTV3Tn
5Bhd8CghaqTFOBy6lO9iOPIJ6C78W20etpWDd3zuVtrhhlWMrab/vP6XripbHLAj
6+CQM1o81FBQPxcL+KJzM8j+wNb+z10jUVh2HCrPgqTaTV6xogBImb16EjHWC7dD
gqxgi8uVBxy2MonJJJHv2F0qnXbeW4rjQFH7JecDNgbErlblk0Ztl3yGjzCmLzGX
ArN3YHMkqPq5jfAdkBRLIUtMeJ2OyPLBGvJKNDSIdTq+
-----END CERTIFICATE-----