Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/x7sCJ34Ztr98gIfsfgWJnnEyU4U.roa
File:                     x7sCJ34Ztr98gIfsfgWJnnEyU4U.roa (raw, json)
Hash identifier:          EQOvnK3Oa0O5kiMJfZT9bEcq7pBtLSg9vEZYTLmrVPI=
Subject key identifier:   C7:BB:02:27:7E:19:B6:BF:7C:80:87:EC:7E:05:89:9E:71:32:53:85
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       019C53935FB7CF3E3EA1C414A1777C281146
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/x7sCJ34Ztr98gIfsfgWJnnEyU4U.roa
Signing time:             Thu 12 Feb 2026 20:38:13 +0000
ROA not before:           Thu 12 Feb 2026 20:38:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203636
IP address blocks:        188.191.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:53:93:5f:b7:cf:3e:3e:a1:c4:14:a1:77:7c:28:11:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Feb 12 20:38:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c7bb02277e19b6bf7c8087ec7e05899e71325385
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:8c:1f:d6:a6:44:c2:5d:a1:ea:b4:fd:48:96:
                    a9:2a:0a:e3:23:84:ca:84:ad:d7:9e:8c:d9:25:8e:
                    38:1b:8a:3a:79:15:b2:b1:24:df:5e:2e:7b:29:f8:
                    93:8f:ab:74:d0:4b:ef:90:e4:3e:eb:ab:24:6e:9f:
                    20:f9:bd:b0:85:31:3d:ca:bf:1b:24:e1:1d:e5:f1:
                    a1:f4:ef:7b:21:df:d0:70:09:fc:32:a2:08:60:14:
                    64:8d:ef:93:54:6d:b5:fa:2c:de:22:dd:9e:49:2c:
                    9b:3d:22:46:03:94:26:bb:5f:38:a4:6b:48:da:1d:
                    f4:de:f0:73:2b:ed:2a:d3:04:9f:11:a9:8d:21:dc:
                    e9:39:24:ba:68:8f:ae:4f:b9:6a:27:78:c4:5c:87:
                    2e:ff:03:0b:12:37:d6:60:b8:ea:ab:00:81:58:ab:
                    a3:ec:45:2c:f8:6a:7d:a3:db:d9:c7:22:94:17:5d:
                    00:45:3d:c8:94:5c:88:6e:77:f4:db:6f:20:6b:7a:
                    5e:ff:04:48:22:2b:92:e9:94:e1:4a:5b:4e:e1:1b:
                    8c:a3:7e:55:f3:74:08:d3:5d:d7:14:ca:08:fc:12:
                    82:c7:9f:d7:47:07:08:5a:d9:89:f8:18:ec:fb:53:
                    6f:89:84:32:d2:f4:e9:ae:43:15:c8:24:6c:46:68:
                    54:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:BB:02:27:7E:19:B6:BF:7C:80:87:EC:7E:05:89:9E:71:32:53:85
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/x7sCJ34Ztr98gIfsfgWJnnEyU4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.191.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:ef:c4:ff:b7:16:72:3b:b6:72:a7:a2:ad:77:6b:5a:60:62:
         f8:3d:d4:0b:ba:47:7b:b6:7d:54:68:e0:b7:df:29:54:55:78:
         bf:c5:55:30:93:bd:f9:9f:0a:3e:ee:3d:d3:09:05:01:5f:8c:
         e7:cc:94:aa:60:28:ef:19:30:dc:5a:8d:5d:19:fd:d7:c2:51:
         92:34:3d:72:64:9a:8e:ec:52:21:6c:26:04:73:7e:86:00:9a:
         9c:88:63:6a:9b:27:38:96:4e:c0:c9:3b:8b:65:4e:1f:e0:76:
         c3:4d:33:2a:c7:00:4f:9a:b5:3e:f1:34:56:93:fb:58:48:2f:
         e1:dc:ea:f5:47:34:b2:09:c0:7d:1e:6e:56:48:9a:a6:df:21:
         9a:3c:ea:cf:65:ed:fe:8e:96:d4:15:38:3f:3c:d9:4f:10:55:
         bf:2d:be:63:fa:62:7d:b4:25:38:24:cb:f1:fa:a6:9f:5b:14:
         93:43:4f:5e:c6:45:29:21:ab:70:aa:2d:3d:a5:25:f8:72:33:
         88:3c:87:59:be:c4:b9:c1:f1:10:83:0f:4f:c0:fc:c5:a9:0a:
         a7:c7:cb:a5:64:36:cf:df:10:56:ca:70:1e:f5:fd:bb:32:df:
         e6:c6:70:91:48:e1:d2:80:8b:8b:d2:65:7c:fe:17:ec:60:21:
         d2:d5:23:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxTk1+3zz4+ocQUoXd8KBFGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjYwMjEyMjAzODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2JiMDIyNzdlMTliNmJmN2M4MDg3ZWM3ZTA1ODk5ZTcxMzI1Mzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsowf1qZEwl2h6rT9SJapKgrjI4TK
hK3XnozZJY44G4o6eRWysSTfXi57KfiTj6t00EvvkOQ+66skbp8g+b2whTE9yr8b
JOEd5fGh9O97Id/QcAn8MqIIYBRkje+TVG21+izeIt2eSSybPSJGA5Qmu184pGtI
2h303vBzK+0q0wSfEamNIdzpOSS6aI+uT7lqJ3jEXIcu/wMLEjfWYLjqqwCBWKuj
7EUs+Gp9o9vZxyKUF10ART3IlFyIbnf0228ga3pe/wRIIiuS6ZThSltO4RuMo35V
83QI013XFMoI/BKCx5/XRwcIWtmJ+Bjs+1NviYQy0vTprkMVyCRsRmhUUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMe7Aid+Gba/fICH7H4FiZ5xMlOFMB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEveDdzQ0ozNFp0cjk4Z0lmc2ZnV0pubkV5VTRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvL9hMA0G
CSqGSIb3DQEBCwUAA4IBAQAI78T/txZyO7Zyp6Ktd2taYGL4PdQLukd7tn1UaOC3
3ylUVXi/xVUwk735nwo+7j3TCQUBX4znzJSqYCjvGTDcWo1dGf3XwlGSND1yZJqO
7FIhbCYEc36GAJqciGNqmyc4lk7AyTuLZU4f4HbDTTMqxwBPmrU+8TRWk/tYSC/h
3Or1RzSyCcB9Hm5WSJqm3yGaPOrPZe3+jpbUFTg/PNlPEFW/Lb5j+mJ9tCU4JMvx
+qafWxSTQ09exkUpIatwqi09pSX4cjOIPIdZvsS5wfEQgw9PwPzFqQqnx8ulZDbP
3xBWynAe9f27Mt/mxnCRSOHSgIuL0mV8/hfsYCHS1SON
-----END CERTIFICATE-----