Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/sJd9Jf0Fw8nxwT0QhzY-OVEz0P8.roa
File:                     sJd9Jf0Fw8nxwT0QhzY-OVEz0P8.roa (raw, json)
Hash identifier:          EX5nuzNjqu6k9LkF1Iwbosgh4M8FdT4+AbuHazGddLA=
Subject key identifier:   B0:97:7D:25:FD:05:C3:C9:F1:C1:3D:10:87:36:3E:39:51:33:D0:FF
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019C8523E41D6ABBE1BCDFAFF8D2BF9D5106
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/sJd9Jf0Fw8nxwT0QhzY-OVEz0P8.roa
Signing time:             Sun 22 Feb 2026 11:37:27 +0000
ROA not before:           Sun 22 Feb 2026 11:37:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        87.229.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:85:23:e4:1d:6a:bb:e1:bc:df:af:f8:d2:bf:9d:51:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Feb 22 11:37:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b0977d25fd05c3c9f1c13d1087363e395133d0ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:48:93:f6:00:cc:e8:e1:ad:b0:e2:32:9d:4a:
                    d4:4b:5b:93:1f:f2:c0:ef:86:ba:0c:b7:8f:a7:a0:
                    44:e5:1f:34:db:6c:1b:e3:fb:a8:57:51:80:1d:20:
                    4b:cf:48:04:60:4a:78:2a:72:02:c3:1c:09:28:03:
                    a2:bf:aa:c5:ee:be:f1:36:8e:96:d4:42:19:52:9a:
                    e7:32:0e:b6:d6:13:f8:c2:ee:84:00:33:48:a9:37:
                    dc:00:e4:9e:c9:28:c2:98:8b:34:e5:f7:f0:09:41:
                    c2:0b:3b:22:fa:8e:ad:43:8a:fc:37:60:e8:ef:1f:
                    80:ac:a9:62:ca:ea:b9:d6:8f:80:c0:69:36:2e:67:
                    7a:72:90:09:65:95:42:8e:07:0d:85:7d:ab:20:e5:
                    c8:5c:35:5c:2a:66:0f:58:88:86:fb:83:84:4c:c4:
                    4b:b1:29:e6:9a:59:c8:1e:55:a1:d1:e2:14:b2:cf:
                    2d:09:c4:2d:8e:66:7a:25:0c:1a:c0:9e:8d:21:fc:
                    c7:93:25:41:07:a2:23:73:ce:3b:e3:34:33:e9:24:
                    3c:ed:d8:06:34:54:77:f6:02:de:a1:b8:96:ea:f9:
                    03:2e:58:9c:ab:08:07:1a:08:10:45:c8:6d:1e:cc:
                    7b:d8:d8:b3:17:1b:27:ec:e4:24:fa:40:28:e2:24:
                    88:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:97:7D:25:FD:05:C3:C9:F1:C1:3D:10:87:36:3E:39:51:33:D0:FF
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/sJd9Jf0Fw8nxwT0QhzY-OVEz0P8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.229.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:86:e7:e3:28:0d:35:77:4d:f0:6b:10:32:e7:c0:c2:17:21:
         84:d5:c8:19:dd:01:2c:2e:69:08:a3:f0:06:38:3a:05:eb:0e:
         e3:06:37:bb:cc:aa:c4:13:f2:c9:64:7d:89:39:24:8a:2d:fa:
         84:cf:2a:01:9e:21:9a:64:06:6c:6f:01:92:c5:56:12:9a:07:
         33:c3:b6:1e:38:76:7b:b0:46:f7:1e:d5:5e:bf:1c:14:85:00:
         73:b0:2c:bb:b0:b6:67:3f:25:68:d1:8a:0f:97:40:13:93:94:
         4b:74:e7:ff:de:e8:b9:d0:98:8d:5c:5e:27:ea:4c:e7:30:73:
         ff:d0:6f:de:d3:08:1a:5b:cd:45:17:34:bf:d9:bc:a6:68:cb:
         23:34:b2:d4:d8:ce:22:ab:8b:42:77:34:88:ca:5b:77:c2:16:
         af:29:9a:18:11:87:b4:8e:72:24:cf:bb:e1:56:45:4e:c9:15:
         4e:c4:f2:98:7a:50:46:e7:47:7d:c4:e8:ff:be:7d:a8:02:7c:
         8e:69:c7:d1:7e:b0:50:ad:56:a2:9e:8e:33:1e:54:40:eb:b7:
         c6:a5:6a:6b:a3:79:a2:69:85:cc:f5:64:63:52:82:57:76:06:
         58:39:16:cb:75:bd:8c:c8:09:17:9e:e2:eb:de:9b:46:7b:dd:
         42:bf:2b:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyFI+QdarvhvN+v+NK/nVEGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjYwMjIyMTEzNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDk3N2QyNWZkMDVjM2M5ZjFjMTNkMTA4NzM2M2UzOTUxMzNkMGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0iT9gDM6OGtsOIynUrUS1uTH/LA
74a6DLePp6BE5R8022wb4/uoV1GAHSBLz0gEYEp4KnICwxwJKAOiv6rF7r7xNo6W
1EIZUprnMg621hP4wu6EADNIqTfcAOSeySjCmIs05ffwCUHCCzsi+o6tQ4r8N2Do
7x+ArKliyuq51o+AwGk2Lmd6cpAJZZVCjgcNhX2rIOXIXDVcKmYPWIiG+4OETMRL
sSnmmlnIHlWh0eIUss8tCcQtjmZ6JQwawJ6NIfzHkyVBB6Ijc8474zQz6SQ87dgG
NFR39gLeobiW6vkDLlicqwgHGggQRchtHsx72NizFxsn7OQk+kAo4iSIWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLCXfSX9BcPJ8cE9EIc2PjlRM9D/MB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvc0pkOUpmMEZ3OG54d1QwUWh6WS1PVkV6MFA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+UXMA0G
CSqGSIb3DQEBCwUAA4IBAQBlhufjKA01d03waxAy58DCFyGE1cgZ3QEsLmkIo/AG
ODoF6w7jBje7zKrEE/LJZH2JOSSKLfqEzyoBniGaZAZsbwGSxVYSmgczw7YeOHZ7
sEb3HtVevxwUhQBzsCy7sLZnPyVo0YoPl0ATk5RLdOf/3ui50JiNXF4n6kznMHP/
0G/e0wgaW81FFzS/2bymaMsjNLLU2M4iq4tCdzSIylt3whavKZoYEYe0jnIkz7vh
VkVOyRVOxPKYelBG50d9xOj/vn2oAnyOacfRfrBQrVaino4zHlRA67fGpWpro3mi
aYXM9WRjUoJXdgZYORbLdb2MyAkXnuLr3ptGe91Cvyui
-----END CERTIFICATE-----