Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/9ff9c7-d329-45a6-898a-9d959abce526/1/8RN053bCakTRVXui6gfU_pQN-CU.roa
File:                     8RN053bCakTRVXui6gfU_pQN-CU.roa (raw, json)
Hash identifier:          /BriY1IgAGYn1GmZT5ixDLcg1lGG6kDvV6LZLM2uCJQ=
Subject key identifier:   F1:13:74:E7:76:C2:6A:44:D1:55:7B:A2:EA:07:D4:FE:94:0D:F8:25
Certificate issuer:       /CN=9d3ebba9fa2cad286ac91276575745f615e8fa71
Certificate serial:       019C7CC58B23384EE33D16FBC52432806868
Authority key identifier: 9D:3E:BB:A9:FA:2C:AD:28:6A:C9:12:76:57:57:45:F6:15:E8:FA:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nT67qfosrShqyRJ2V1dF9hXo-nE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/9ff9c7-d329-45a6-898a-9d959abce526/1/8RN053bCakTRVXui6gfU_pQN-CU.roa
Signing time:             Fri 20 Feb 2026 20:37:26 +0000
ROA not before:           Fri 20 Feb 2026 20:37:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199996
IP address blocks:        81.30.100.0/24 maxlen: 24
                          185.35.176.0/22 maxlen: 24
                          2a11:eb00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/9ff9c7-d329-45a6-898a-9d959abce526/1/nT67qfosrShqyRJ2V1dF9hXo-nE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/9ff9c7-d329-45a6-898a-9d959abce526/1/nT67qfosrShqyRJ2V1dF9hXo-nE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nT67qfosrShqyRJ2V1dF9hXo-nE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7c:c5:8b:23:38:4e:e3:3d:16:fb:c5:24:32:80:68:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d3ebba9fa2cad286ac91276575745f615e8fa71
        Validity
            Not Before: Feb 20 20:37:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f11374e776c26a44d1557ba2ea07d4fe940df825
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:2e:7b:97:27:9f:9b:aa:fe:e0:48:b2:5c:1d:
                    ba:11:4c:29:31:3d:52:17:89:77:bb:f0:42:89:6f:
                    05:53:9e:1f:38:8b:f9:43:be:dc:44:4c:57:ab:89:
                    9c:2f:a4:58:b5:e9:a8:3f:fa:89:7d:14:74:e8:c0:
                    d9:b1:67:e2:71:3f:62:4b:ab:ff:5e:a3:32:e2:70:
                    49:18:5b:98:14:8d:d4:5a:1b:32:39:02:60:d1:05:
                    76:4f:0c:63:02:40:d3:bb:ed:65:19:b4:94:d8:00:
                    52:6c:de:41:9c:fa:c7:a1:16:1f:64:d3:ba:03:19:
                    c6:87:95:15:c8:40:ec:2c:7f:3c:41:b1:f5:cf:74:
                    75:01:58:48:a3:b5:aa:56:36:8d:f2:cb:f6:01:d6:
                    57:8a:fe:56:db:6a:85:be:dd:75:d3:11:69:c7:71:
                    9e:e5:0a:85:bd:ab:8d:bf:e6:9d:d9:8b:46:7e:3a:
                    bb:1e:38:d5:55:6b:22:f3:31:3e:bc:d8:5e:a7:26:
                    c9:82:3e:55:33:e2:26:3e:23:86:e9:3a:68:76:61:
                    3d:96:02:e1:23:48:55:51:ca:cd:e0:7a:9a:ed:d0:
                    aa:3f:d3:bf:fd:17:e0:1b:da:63:4b:da:ab:7e:47:
                    74:ad:a3:fb:ad:bb:94:fc:df:e7:70:53:4b:c0:4a:
                    bc:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:13:74:E7:76:C2:6A:44:D1:55:7B:A2:EA:07:D4:FE:94:0D:F8:25
            X509v3 Authority Key Identifier:
                keyid:9D:3E:BB:A9:FA:2C:AD:28:6A:C9:12:76:57:57:45:F6:15:E8:FA:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nT67qfosrShqyRJ2V1dF9hXo-nE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/9ff9c7-d329-45a6-898a-9d959abce526/1/8RN053bCakTRVXui6gfU_pQN-CU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/9ff9c7-d329-45a6-898a-9d959abce526/1/nT67qfosrShqyRJ2V1dF9hXo-nE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.30.100.0/24
                  185.35.176.0/22
                IPv6:
                  2a11:eb00::/29

    Signature Algorithm: sha256WithRSAEncryption
         39:df:f2:4f:f8:0e:c2:f3:68:63:9e:65:f8:45:70:38:21:6b:
         11:b1:e9:87:f3:bd:39:cd:bd:fb:9e:f9:3f:21:ef:bb:b3:d8:
         24:dc:aa:4b:74:1a:6e:f3:42:33:b1:d2:88:34:d5:51:a3:92:
         dc:4f:f0:af:9e:d2:9c:b9:07:7e:1d:3c:be:ec:17:b7:47:de:
         81:61:8e:f7:fa:35:0b:20:e1:cb:78:21:10:b2:bd:c1:b0:51:
         47:25:96:f8:21:a4:46:63:67:5d:a3:be:ed:90:dd:0a:4d:12:
         8d:b6:cd:1d:7e:39:d8:78:7a:44:74:26:32:8c:f7:63:5d:cb:
         1d:04:f6:43:c0:17:24:9a:9d:70:70:3b:cf:23:28:73:0e:04:
         1a:b3:01:55:87:68:f5:5e:20:ea:af:ed:6c:82:54:bf:1d:bc:
         b0:51:83:c5:b8:5a:59:1c:6c:f0:47:e6:87:f9:00:65:79:e6:
         b1:96:5c:67:82:99:a1:e9:f9:2a:2e:98:09:3c:a1:27:5c:5e:
         f2:5b:76:91:17:47:f4:62:1f:af:f0:3a:c8:51:26:ba:56:8f:
         e3:aa:7e:9b:45:76:f8:ad:e4:20:4f:6a:6e:c2:9f:9b:f4:d3:
         21:bf:40:3d:7f:b2:11:95:c0:c2:10:8a:6a:99:39:a4:31:f0:
         d7:d8:2c:5e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZx8xYsjOE7jPRb7xSQygGhoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkM2ViYmE5ZmEyY2FkMjg2YWM5MTI3NjU3NTc0NWY2MTVl
OGZhNzEwHhcNMjYwMjIwMjAzNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTEzNzRlNzc2YzI2YTQ0ZDE1NTdiYTJlYTA3ZDRmZTk0MGRmODI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsC57lyefm6r+4EiyXB26EUwpMT1S
F4l3u/BCiW8FU54fOIv5Q77cRExXq4mcL6RYtemoP/qJfRR06MDZsWficT9iS6v/
XqMy4nBJGFuYFI3UWhsyOQJg0QV2TwxjAkDTu+1lGbSU2ABSbN5BnPrHoRYfZNO6
AxnGh5UVyEDsLH88QbH1z3R1AVhIo7WqVjaN8sv2AdZXiv5W22qFvt110xFpx3Ge
5QqFvauNv+ad2YtGfjq7HjjVVWsi8zE+vNhepybJgj5VM+ImPiOG6TpodmE9lgLh
I0hVUcrN4Hqa7dCqP9O//RfgG9pjS9qrfkd0raP7rbuU/N/ncFNLwEq8AQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPETdOd2wmpE0VV7ouoH1P6UDfglMB8GA1UdIwQY
MBaAFJ0+u6n6LK0oaskSdldXRfYV6PpxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblQ2N3Fmb3NyU2hxeVJKMlYxZEY5aFhvLW5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi85ZmY5YzctZDMyOS00NWE2LTg5OGEt
OWQ5NTlhYmNlNTI2LzEvOFJOMDUzYkNha1RSVlh1aTZnZlVfcFFOLUNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi85ZmY5YzctZDMyOS00NWE2LTg5OGEtOWQ5NTlhYmNlNTI2
LzEvblQ2N3Fmb3NyU2hxeVJKMlYxZEY5aFhvLW5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAUR5kAwQC
uSOwMA0EAgACMAcDBQMqEesAMA0GCSqGSIb3DQEBCwUAA4IBAQA53/JP+A7C82hj
nmX4RXA4IWsRsemH8705zb37nvk/Ie+7s9gk3KpLdBpu80IzsdKINNVRo5LcT/Cv
ntKcuQd+HTy+7Be3R96BYY73+jULIOHLeCEQsr3BsFFHJZb4IaRGY2ddo77tkN0K
TRKNts0dfjnYeHpEdCYyjPdjXcsdBPZDwBckmp1wcDvPIyhzDgQaswFVh2j1XiDq
r+1sglS/HbywUYPFuFpZHGzwR+aH+QBleeaxllxngpmh6fkqLpgJPKEnXF7yW3aR
F0f0Yh+v8DrIUSa6Vo/jqn6bRXb4reQgT2puwp+b9NMhv0A9f7IRlcDCEIpqmTmk
MfDX2Cxe
-----END CERTIFICATE-----