Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/thj7o1aypMnMA4ArmDP29ne0Qrs.roa
File:                     thj7o1aypMnMA4ArmDP29ne0Qrs.roa (raw, json)
Hash identifier:          p1Tyu3GhBNAM6VQcZ8/KqZ+QVAReZGUEnoLBz/Y2j0I=
Subject key identifier:   B6:18:FB:A3:56:B2:A4:C9:CC:03:80:2B:98:33:F6:F6:77:B4:42:BB
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       019C47B2E853DF70E5DE453292DD52B93A21
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/thj7o1aypMnMA4ArmDP29ne0Qrs.roa
Signing time:             Tue 10 Feb 2026 13:17:13 +0000
ROA not before:           Tue 10 Feb 2026 13:17:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212494
IP address blocks:        128.127.146.0/24 maxlen: 24
                          128.127.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:47:b2:e8:53:df:70:e5:de:45:32:92:dd:52:b9:3a:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Feb 10 13:17:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b618fba356b2a4c9cc03802b9833f6f677b442bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:76:3f:c8:fd:0b:c6:64:ba:da:bc:7f:54:f9:
                    18:6c:8b:a4:c7:44:0a:08:e7:f7:77:12:f3:c9:9e:
                    18:3f:ad:12:14:65:20:a8:03:70:11:95:85:5b:90:
                    0f:64:09:41:20:f0:a8:84:a3:10:16:d8:cd:ec:a3:
                    7f:62:24:f2:46:35:97:1e:b6:21:d8:51:e3:70:a7:
                    ed:3a:9e:31:71:ef:89:22:7d:f1:2c:66:d2:3f:33:
                    d5:11:fa:e3:97:f2:d9:35:91:b6:9e:2f:72:84:38:
                    82:03:ec:64:52:da:69:04:96:11:ba:12:ba:23:38:
                    b5:84:f9:2e:24:60:05:7b:53:a1:60:4e:a1:37:81:
                    bb:b6:ca:89:37:6e:2e:7f:f2:62:ae:1b:22:9a:28:
                    1e:58:b1:47:f0:54:92:f1:63:b4:9c:c0:bb:39:3e:
                    4d:92:a7:a8:26:9e:22:f4:24:3a:4a:76:91:e0:c6:
                    1f:7d:b1:51:0f:cc:5e:62:d9:19:bc:b0:33:c6:91:
                    fa:6d:ff:ac:46:f7:85:0b:7f:a0:de:bf:ba:2d:66:
                    75:c7:0e:5c:99:b5:14:1d:29:64:2c:02:d4:c1:26:
                    38:cd:60:42:57:d5:31:08:a0:12:40:9b:fc:51:74:
                    bc:fc:52:9b:ea:27:43:82:6e:24:d6:96:2b:3a:6a:
                    9b:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:18:FB:A3:56:B2:A4:C9:CC:03:80:2B:98:33:F6:F6:77:B4:42:BB
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/thj7o1aypMnMA4ArmDP29ne0Qrs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.127.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bb:cc:74:ed:5f:ab:d4:55:e9:c5:77:44:17:01:9b:d4:28:fd:
         9f:e1:04:ef:89:be:78:f5:47:a4:fe:6d:f1:15:a1:75:d4:f6:
         9a:9b:5b:68:15:4e:2a:55:e8:e7:fa:54:33:d5:1c:05:c8:ac:
         33:53:ff:20:18:8c:48:bb:5a:35:bf:3b:b3:ed:bc:4e:55:f1:
         82:a6:2b:99:f4:2b:6b:ee:a0:ae:77:c4:ca:57:b6:eb:fa:d9:
         96:bc:58:00:5e:23:53:55:c9:1c:d4:1b:95:db:3a:07:ff:f0:
         a1:00:dd:31:9f:8d:ed:f5:35:bc:cf:aa:2b:52:79:93:03:bc:
         bd:3d:0f:ce:7e:97:31:e4:8b:27:f0:e4:6a:7a:7e:2e:59:2d:
         bd:30:0a:cf:b1:13:c4:ea:53:0c:43:27:18:dd:82:e0:72:a4:
         9a:6b:aa:93:ad:b2:66:e9:4c:48:1c:80:29:9f:8d:b1:d2:36:
         68:a8:c5:5a:9b:06:d3:dd:ca:ff:c9:25:29:21:11:0e:7c:4e:
         f2:a0:69:19:8a:8f:c9:2a:78:2e:bd:24:3a:81:7b:0b:1c:c0:
         fc:9f:0f:aa:69:18:13:47:9a:d2:cc:d8:83:54:7f:09:06:8f:
         7e:93:f3:54:ff:f7:b5:36:77:cf:3c:3c:79:bc:95:30:27:58:
         8d:7e:23:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxHsuhT33Dl3kUykt1SuTohMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjYwMjEwMTMxNzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjE4ZmJhMzU2YjJhNGM5Y2MwMzgwMmI5ODMzZjZmNjc3YjQ0MmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXY/yP0LxmS62rx/VPkYbIukx0QK
COf3dxLzyZ4YP60SFGUgqANwEZWFW5APZAlBIPCohKMQFtjN7KN/YiTyRjWXHrYh
2FHjcKftOp4xce+JIn3xLGbSPzPVEfrjl/LZNZG2ni9yhDiCA+xkUtppBJYRuhK6
Izi1hPkuJGAFe1OhYE6hN4G7tsqJN24uf/JirhsimigeWLFH8FSS8WO0nMC7OT5N
kqeoJp4i9CQ6SnaR4MYffbFRD8xeYtkZvLAzxpH6bf+sRveFC3+g3r+6LWZ1xw5c
mbUUHSlkLALUwSY4zWBCV9UxCKASQJv8UXS8/FKb6idDgm4k1pYrOmqbNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLYY+6NWsqTJzAOAK5gz9vZ3tEK7MB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvdGhqN28xYXlwTW5NQTRBcm1EUDI5bmUwUXJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBgH+SMA0G
CSqGSIb3DQEBCwUAA4IBAQC7zHTtX6vUVenFd0QXAZvUKP2f4QTvib549Uek/m3x
FaF11Paam1toFU4qVejn+lQz1RwFyKwzU/8gGIxIu1o1vzuz7bxOVfGCpiuZ9Ctr
7qCud8TKV7br+tmWvFgAXiNTVckc1BuV2zoH//ChAN0xn43t9TW8z6orUnmTA7y9
PQ/Ofpcx5Isn8ORqen4uWS29MArPsRPE6lMMQycY3YLgcqSaa6qTrbJm6UxIHIAp
n42x0jZoqMVamwbT3cr/ySUpIREOfE7yoGkZio/JKnguvSQ6gXsLHMD8nw+qaRgT
R5rSzNiDVH8JBo9+k/NU//e1NnfPPDx5vJUwJ1iNfiNJ
-----END CERTIFICATE-----