Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/I_3jehdl5ph6naOcsERKtRM4rOg.roa
File:                     I_3jehdl5ph6naOcsERKtRM4rOg.roa (raw, json)
Hash identifier:          67rWYEzucKkbcxuazVYk/T4DnXTcgL86L7mCqKUkfKQ=
Subject key identifier:   23:FD:E3:7A:17:65:E6:98:7A:9D:A3:9C:B0:44:4A:B5:13:38:AC:E8
Certificate issuer:       /CN=e8a851ddae5a64cc38825395be9a507da95ab7cf
Certificate serial:       019C521857A14BF7CD8B2C1E9EAFD1764F6E
Authority key identifier: E8:A8:51:DD:AE:5A:64:CC:38:82:53:95:BE:9A:50:7D:A9:5A:B7:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/I_3jehdl5ph6naOcsERKtRM4rOg.roa
Signing time:             Thu 12 Feb 2026 13:44:12 +0000
ROA not before:           Thu 12 Feb 2026 13:44:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215050
IP address blocks:        141.226.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 19:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:52:18:57:a1:4b:f7:cd:8b:2c:1e:9e:af:d1:76:4f:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8a851ddae5a64cc38825395be9a507da95ab7cf
        Validity
            Not Before: Feb 12 13:44:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=23fde37a1765e6987a9da39cb0444ab51338ace8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:61:53:d7:57:d2:19:9a:d6:3f:34:6e:56:14:
                    ee:9d:9e:4f:d6:bd:e4:3b:71:96:8c:c3:a8:f3:55:
                    0e:66:5c:dc:3c:a3:9d:b3:a9:20:e1:01:8e:43:a3:
                    08:70:29:1e:44:a1:75:2d:59:42:73:2d:b0:a6:88:
                    72:f1:89:2f:0b:65:c6:17:7a:f3:9e:e5:5f:78:47:
                    14:1d:07:c2:d2:2f:d2:fc:d6:15:a0:00:72:c5:28:
                    cd:4c:3b:57:75:00:96:99:25:e2:c9:bc:9c:c9:d0:
                    af:d3:ee:12:aa:cd:31:54:89:0a:79:b8:36:8d:36:
                    74:77:af:29:cf:5a:bf:a8:17:78:32:da:80:11:e6:
                    37:39:2f:60:43:25:09:1c:8f:0a:7a:c1:83:10:8a:
                    37:b9:ff:b9:f8:80:d5:74:1d:85:52:bf:7a:f3:68:
                    64:ec:d1:92:d8:86:68:a9:4b:95:e1:f5:5a:3c:f4:
                    6d:ec:4d:35:46:b1:c7:92:a8:2a:19:db:8d:2b:61:
                    e4:17:e9:41:d7:17:ee:17:22:e9:e0:02:c2:d2:18:
                    8b:ec:19:94:ea:95:00:8c:8a:d7:63:ab:88:2e:60:
                    a6:d8:7e:9a:e5:56:72:c4:cb:9c:04:05:f6:71:e5:
                    20:1f:ba:e7:7f:ae:ed:64:3d:bd:61:1f:af:48:a1:
                    a9:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:FD:E3:7A:17:65:E6:98:7A:9D:A3:9C:B0:44:4A:B5:13:38:AC:E8
            X509v3 Authority Key Identifier:
                keyid:E8:A8:51:DD:AE:5A:64:CC:38:82:53:95:BE:9A:50:7D:A9:5A:B7:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/I_3jehdl5ph6naOcsERKtRM4rOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.226.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:37:6a:e5:00:94:65:e1:8c:3a:5a:18:16:e0:3d:c3:e2:67:
         f9:b5:c8:9f:6f:93:94:e6:19:6a:58:0d:f7:47:17:2e:50:45:
         6e:ee:41:60:5b:a7:65:60:8e:88:1b:4c:f5:4f:58:a3:5f:63:
         d4:50:6e:b4:a5:79:d2:26:3f:e6:46:1c:22:cb:1f:12:f3:9a:
         5a:b1:91:55:38:7f:d4:6a:9f:85:be:cc:8f:ff:53:93:8c:87:
         58:37:0a:8f:a3:fe:52:42:87:35:3a:84:68:ae:1b:40:cd:42:
         31:cf:b1:e6:db:d1:f5:82:d4:e1:c3:5a:23:03:57:e9:b5:0e:
         54:2a:f8:90:25:5e:58:80:7e:65:d4:63:ae:b4:59:96:62:07:
         97:e0:14:35:f5:05:f3:a0:dd:20:17:b7:f0:a5:ea:6f:32:1a:
         db:58:de:ea:46:3d:0e:4a:be:4b:41:db:2d:30:27:73:5f:72:
         75:de:51:85:31:95:05:22:2c:5b:49:60:de:5c:87:ba:b4:fd:
         b2:c1:99:88:6b:9b:d6:64:b1:01:80:5e:12:10:97:7b:0c:f9:
         04:ac:6e:4b:36:04:45:27:1d:f2:eb:d4:eb:87:13:2f:69:8c:
         9f:0b:1c:6b:dd:97:35:2a:c1:b1:fd:be:fe:c5:8f:c7:5b:9b:
         df:63:64:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxSGFehS/fNiywenq/Rdk9uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YTg1MWRkYWU1YTY0Y2MzODgyNTM5NWJlOWE1MDdkYTk1
YWI3Y2YwHhcNMjYwMjEyMTM0NDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2ZkZTM3YTE3NjVlNjk4N2E5ZGEzOWNiMDQ0NGFiNTEzMzhhY2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2FT11fSGZrWPzRuVhTunZ5P1r3k
O3GWjMOo81UOZlzcPKOds6kg4QGOQ6MIcCkeRKF1LVlCcy2wpohy8YkvC2XGF3rz
nuVfeEcUHQfC0i/S/NYVoAByxSjNTDtXdQCWmSXiybycydCv0+4Sqs0xVIkKebg2
jTZ0d68pz1q/qBd4MtqAEeY3OS9gQyUJHI8KesGDEIo3uf+5+IDVdB2FUr9682hk
7NGS2IZoqUuV4fVaPPRt7E01RrHHkqgqGduNK2HkF+lB1xfuFyLp4ALC0hiL7BmU
6pUAjIrXY6uILmCm2H6a5VZyxMucBAX2ceUgH7rnf67tZD29YR+vSKGpcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCP943oXZeaYep2jnLBESrUTOKzoMB8GA1UdIwQY
MBaAFOioUd2uWmTMOIJTlb6aUH2pWrfPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNktoUjNhNWFaTXc0Z2xPVnZwcFFmYWxhdDg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8zNjM4ZDctM2VjMy00NTk1LWE2MzEt
MTEwYzg3OGRjZDI5LzEvSV8zamVoZGw1cGg2bmFPY3NFUkt0Uk00ck9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8zNjM4ZDctM2VjMy00NTk1LWE2MzEtMTEwYzg3OGRjZDI5
LzEvNktoUjNhNWFaTXc0Z2xPVnZwcFFmYWxhdDg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjeJ7MA0G
CSqGSIb3DQEBCwUAA4IBAQA6N2rlAJRl4Yw6WhgW4D3D4mf5tcifb5OU5hlqWA33
RxcuUEVu7kFgW6dlYI6IG0z1T1ijX2PUUG60pXnSJj/mRhwiyx8S85pasZFVOH/U
ap+FvsyP/1OTjIdYNwqPo/5SQoc1OoRorhtAzUIxz7Hm29H1gtThw1ojA1fptQ5U
KviQJV5YgH5l1GOutFmWYgeX4BQ19QXzoN0gF7fwpepvMhrbWN7qRj0OSr5LQdst
MCdzX3J13lGFMZUFIixbSWDeXIe6tP2ywZmIa5vWZLEBgF4SEJd7DPkErG5LNgRF
Jx3y69TrhxMvaYyfCxxr3Zc1KsGx/b7+xY/HW5vfY2QG
-----END CERTIFICATE-----