Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/Iz8oQHvYY4N1cu4pgE3299ogM34.roa
File:                     Iz8oQHvYY4N1cu4pgE3299ogM34.roa (raw, json)
Hash identifier:          GTn6Y+DWEw4+IcATVORnDqgcpHWD0i8V9c7BBTnRM3U=
Subject key identifier:   23:3F:28:40:7B:D8:63:83:75:72:EE:29:80:4D:F6:F7:DA:20:33:7E
Certificate issuer:       /CN=00e4f6a77368b7cecfe67220b436576b1e008aec
Certificate serial:       019C8B29A055F84399AC5022D2E7D5F4A295
Authority key identifier: 00:E4:F6:A7:73:68:B7:CE:CF:E6:72:20:B4:36:57:6B:1E:00:8A:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AOT2p3Not87P5nIgtDZXax4Aiuw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/Iz8oQHvYY4N1cu4pgE3299ogM34.roa
Signing time:             Mon 23 Feb 2026 15:41:26 +0000
ROA not before:           Mon 23 Feb 2026 15:41:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210559
IP address blocks:        82.158.122.0/24 maxlen: 24
                          82.158.127.0/24 maxlen: 24
                          146.185.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/AOT2p3Not87P5nIgtDZXax4Aiuw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/AOT2p3Not87P5nIgtDZXax4Aiuw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AOT2p3Not87P5nIgtDZXax4Aiuw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8b:29:a0:55:f8:43:99:ac:50:22:d2:e7:d5:f4:a2:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00e4f6a77368b7cecfe67220b436576b1e008aec
        Validity
            Not Before: Feb 23 15:41:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=233f28407bd863837572ee29804df6f7da20337e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ee:09:40:de:eb:63:f9:f6:22:6d:49:7a:12:
                    51:73:7f:15:e9:fd:34:b3:a9:e8:4b:c1:27:5d:7a:
                    cf:f7:cc:1d:2a:c0:55:ce:e0:5b:28:f0:96:c4:01:
                    2f:32:02:e4:54:50:ed:97:a5:b0:85:05:17:d8:9a:
                    ec:42:17:1e:ca:ae:1e:90:9b:6d:19:9b:61:b0:4a:
                    9b:24:6b:15:72:3e:f2:c0:5a:70:43:4e:43:9c:df:
                    b2:2f:69:28:04:d8:32:ea:6f:15:8a:9b:7b:90:f4:
                    8b:ee:01:a6:54:39:58:ed:77:fc:0c:41:a6:86:db:
                    e0:8f:ec:d7:72:0e:ea:c6:22:80:f8:77:3c:9e:17:
                    be:88:df:2d:e1:ed:fc:11:fe:49:e0:1b:3f:c8:0f:
                    5b:3d:ae:f0:de:d2:4e:be:08:23:9b:03:71:ad:58:
                    6d:34:3a:62:53:0b:e7:7c:b6:6b:4d:3f:ae:17:ca:
                    f1:f9:03:30:87:82:ea:3a:a8:58:a9:8b:5f:a9:9c:
                    4c:07:27:b6:d5:95:a2:5b:20:71:cf:5b:9f:b5:25:
                    6a:f6:e7:9a:65:43:bf:eb:d3:f3:b2:b8:41:e1:c4:
                    f9:a8:f9:5e:6e:bb:5a:ba:8e:08:42:34:e9:6e:78:
                    84:b9:6e:d4:ff:80:2d:4b:cb:f5:03:63:e2:a0:2b:
                    ce:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:3F:28:40:7B:D8:63:83:75:72:EE:29:80:4D:F6:F7:DA:20:33:7E
            X509v3 Authority Key Identifier:
                keyid:00:E4:F6:A7:73:68:B7:CE:CF:E6:72:20:B4:36:57:6B:1E:00:8A:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AOT2p3Not87P5nIgtDZXax4Aiuw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/Iz8oQHvYY4N1cu4pgE3299ogM34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/AOT2p3Not87P5nIgtDZXax4Aiuw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.158.122.0/24
                  82.158.127.0/24
                  146.185.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:09:69:0b:6b:31:61:54:56:b6:36:eb:19:32:13:be:5c:53:
         c0:05:81:58:ef:a7:aa:5b:7b:f4:f6:48:e2:57:a4:23:95:c3:
         bc:e3:6c:d0:df:a9:dc:ae:ec:e0:9c:8b:c9:4c:83:30:aa:8e:
         81:12:af:f9:c9:e5:8d:1f:f6:ea:8b:84:f3:7e:21:af:8d:95:
         d0:24:74:aa:10:c0:69:21:c9:a4:73:44:b1:4b:e6:18:d6:64:
         05:86:1f:93:65:dc:ce:11:13:6f:0b:1c:db:b1:2b:9b:67:f1:
         c8:78:1c:f6:9f:22:d0:fc:e7:45:58:73:7c:27:f5:72:fe:ba:
         a6:1c:87:b5:94:f7:cc:a4:fc:5e:69:56:b4:f5:87:e0:de:7f:
         19:a6:04:f9:f2:7b:8b:db:90:cc:f9:17:76:a9:b2:be:ab:38:
         bb:c5:78:ab:59:3e:cc:d8:c3:44:ce:b8:6c:c7:98:2e:e3:49:
         f9:79:dc:24:af:50:da:4e:87:2d:f6:24:da:f7:b4:06:fd:13:
         ec:ae:04:fc:c7:f2:44:68:98:2b:8d:80:b7:cf:96:4c:d3:be:
         45:e8:ab:cd:7f:1a:64:01:ca:e9:d8:92:0c:a9:93:84:fd:e6:
         21:19:f7:cd:b9:5b:b6:89:a7:2f:18:39:b1:39:da:a5:43:9e:
         ab:64:88:9d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZyLKaBV+EOZrFAi0ufV9KKVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZTRmNmE3NzM2OGI3Y2VjZmU2NzIyMGI0MzY1NzZiMWUw
MDhhZWMwHhcNMjYwMjIzMTU0MTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzNmMjg0MDdiZDg2MzgzNzU3MmVlMjk4MDRkZjZmN2RhMjAzMzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtu4JQN7rY/n2Im1JehJRc38V6f00
s6noS8EnXXrP98wdKsBVzuBbKPCWxAEvMgLkVFDtl6WwhQUX2JrsQhceyq4ekJtt
GZthsEqbJGsVcj7ywFpwQ05DnN+yL2koBNgy6m8Vipt7kPSL7gGmVDlY7Xf8DEGm
htvgj+zXcg7qxiKA+Hc8nhe+iN8t4e38Ef5J4Bs/yA9bPa7w3tJOvggjmwNxrVht
NDpiUwvnfLZrTT+uF8rx+QMwh4LqOqhYqYtfqZxMBye21ZWiWyBxz1uftSVq9uea
ZUO/69PzsrhB4cT5qPlebrtauo4IQjTpbniEuW7U/4AtS8v1A2PioCvOeQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCM/KEB72GODdXLuKYBN9vfaIDN+MB8GA1UdIwQY
MBaAFADk9qdzaLfOz+ZyILQ2V2seAIrsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQU9UMnAzTm90ODdQNW5JZ3REWlhheDRBaXV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS82NTJkYTktYWZjNC00ZTIwLTgyZmMt
YjA3ZDg0MTZhZTRhLzEvSXo4b1FIdllZNE4xY3U0cGdFMzI5OW9nTTM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS82NTJkYTktYWZjNC00ZTIwLTgyZmMtYjA3ZDg0MTZhZTRh
LzEvQU9UMnAzTm90ODdQNW5JZ3REWlhheDRBaXV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUp56AwQA
Up5/AwQAkrnYMA0GCSqGSIb3DQEBCwUAA4IBAQCoCWkLazFhVFa2NusZMhO+XFPA
BYFY76eqW3v09kjiV6QjlcO842zQ36ncruzgnIvJTIMwqo6BEq/5yeWNH/bqi4Tz
fiGvjZXQJHSqEMBpIcmkc0SxS+YY1mQFhh+TZdzOERNvCxzbsSubZ/HIeBz2nyLQ
/OdFWHN8J/Vy/rqmHIe1lPfMpPxeaVa09Yfg3n8ZpgT58nuL25DM+Rd2qbK+qzi7
xXirWT7M2MNEzrhsx5gu40n5edwkr1DaToct9iTa97QG/RPsrgT8x/JEaJgrjYC3
z5ZM075F6KvNfxpkAcrp2JIMqZOE/eYhGffNuVu2iacvGDmxOdqlQ56rZIid
-----END CERTIFICATE-----