Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/cn5s2B89TenTg8TZ857ognMMlAA.roa
File:                     cn5s2B89TenTg8TZ857ognMMlAA.roa (raw, json)
Hash identifier:          wUmnZRz2SMT6wxHgQtSrqJwqrjnw6hSXkRMz9LqAT54=
Subject key identifier:   72:7E:6C:D8:1F:3D:4D:E9:D3:83:C4:D9:F3:9E:E8:82:73:0C:94:00
Certificate issuer:       /CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Certificate serial:       019C85B2B4A850CE7F753F4F184146B209E5
Authority key identifier: DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/cn5s2B89TenTg8TZ857ognMMlAA.roa
Signing time:             Sun 22 Feb 2026 14:13:27 +0000
ROA not before:           Sun 22 Feb 2026 14:13:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212701
IP address blocks:        138.124.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:85:b2:b4:a8:50:ce:7f:75:3f:4f:18:41:46:b2:09:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
        Validity
            Not Before: Feb 22 14:13:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=727e6cd81f3d4de9d383c4d9f39ee882730c9400
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e5:14:de:2f:67:79:55:ca:b4:d6:5c:bb:c8:
                    98:67:fd:2b:a7:ea:f9:52:cf:76:46:c0:5e:76:ce:
                    40:d2:63:39:9e:2d:10:6f:2b:f6:30:3c:f9:7d:b0:
                    ea:cd:54:83:1e:ad:82:29:98:95:e5:53:1b:f3:99:
                    d7:8b:f6:43:39:68:7e:e3:6b:79:82:d7:79:de:b2:
                    d6:e2:27:76:94:8f:78:db:3c:39:75:71:68:21:a7:
                    c1:f9:75:5b:88:7f:cd:bc:a4:35:9d:27:ae:91:86:
                    ba:24:d9:b8:23:84:4b:86:97:b5:9d:62:22:74:70:
                    10:d6:5c:98:73:ed:26:53:a3:d9:5f:79:52:52:71:
                    ea:cb:f9:37:f7:45:79:9d:93:02:0a:b2:68:03:8b:
                    3c:24:aa:ac:3c:4c:24:44:81:3e:91:66:a5:a8:cd:
                    29:7f:e9:05:99:5b:39:89:43:79:3f:f4:30:81:de:
                    d9:f9:98:43:fa:be:53:83:bb:58:93:ca:9e:47:b1:
                    28:39:08:9b:4b:58:9f:bc:03:fb:0f:65:11:a4:0e:
                    84:2b:bf:14:34:95:4b:c3:be:d3:1d:85:18:1b:6a:
                    c5:f8:03:63:3a:03:a3:47:22:58:44:8d:fd:6d:4d:
                    f1:6c:77:33:6b:15:b5:46:6a:d5:94:43:ff:ce:53:
                    f7:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:7E:6C:D8:1F:3D:4D:E9:D3:83:C4:D9:F3:9E:E8:82:73:0C:94:00
            X509v3 Authority Key Identifier:
                keyid:DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/cn5s2B89TenTg8TZ857ognMMlAA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.124.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:3e:b8:63:6a:a6:10:c0:1f:14:a9:61:37:2e:1b:6c:07:e1:
         9e:be:1e:73:86:d5:59:20:81:49:08:05:bb:cc:75:0e:b8:ab:
         9a:10:fb:b4:3b:07:22:a8:d6:1c:1a:16:5d:4e:25:27:d6:fb:
         2e:f9:6f:6d:b1:d9:6c:49:54:16:68:55:4f:13:89:bb:57:ab:
         12:e6:a3:88:15:65:86:37:19:60:28:85:da:ef:ce:3a:ee:6e:
         ee:b1:7b:f9:90:09:23:c8:6c:95:ac:bd:eb:84:e5:ef:68:56:
         41:4d:92:1f:2a:df:a5:46:7f:15:2d:7d:9e:b2:d9:54:67:90:
         fd:e8:02:98:4a:4d:e7:b6:cf:a9:45:01:a3:5c:18:7e:4e:6f:
         7c:0e:47:75:37:ad:a6:69:3f:d8:62:e4:9b:54:26:b7:66:59:
         25:91:2b:f7:d4:7a:07:59:bb:ee:29:f7:fb:98:3e:33:16:ed:
         f0:6d:80:18:5b:9b:82:8d:e5:52:0b:4a:fd:b9:17:ba:67:74:
         85:7c:eb:b9:da:e6:b2:73:ea:fd:24:4e:e3:f0:f2:f5:07:af:
         05:98:8f:7b:9c:6b:e4:56:8f:e7:b2:b1:60:09:69:6f:f0:f1:
         b0:54:70:a6:1a:1c:59:d8:c2:80:f6:6d:7a:7e:ad:7b:2d:14:
         f1:54:9c:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyFsrSoUM5/dT9PGEFGsgnlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhOGYwNWUzODQzNTE3Y2YwOTcxYzJiZjljZGRkZGQ2Mjcx
N2U1MmMwHhcNMjYwMjIyMTQxMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjdlNmNkODFmM2Q0ZGU5ZDM4M2M0ZDlmMzllZTg4MjczMGM5NDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAruUU3i9neVXKtNZcu8iYZ/0rp+r5
Us92RsBeds5A0mM5ni0Qbyv2MDz5fbDqzVSDHq2CKZiV5VMb85nXi/ZDOWh+42t5
gtd53rLW4id2lI942zw5dXFoIafB+XVbiH/NvKQ1nSeukYa6JNm4I4RLhpe1nWIi
dHAQ1lyYc+0mU6PZX3lSUnHqy/k390V5nZMCCrJoA4s8JKqsPEwkRIE+kWalqM0p
f+kFmVs5iUN5P/Qwgd7Z+ZhD+r5Tg7tYk8qeR7EoOQibS1ifvAP7D2URpA6EK78U
NJVLw77THYUYG2rF+ANjOgOjRyJYRI39bU3xbHczaxW1RmrVlEP/zlP37QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHJ+bNgfPU3p04PE2fOe6IJzDJQAMB8GA1UdIwQY
MBaAFNqPBeOENRfPCXHCv5zd3dYnF+UsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgt
ZTAxZTk0MTI0Njc0LzEvY241czJCODlUZW5UZzhUWjg1N29nbk1NbEFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgtZTAxZTk0MTI0Njc0
LzEvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAinznMA0G
CSqGSIb3DQEBCwUAA4IBAQCKPrhjaqYQwB8UqWE3LhtsB+Gevh5zhtVZIIFJCAW7
zHUOuKuaEPu0OwciqNYcGhZdTiUn1vsu+W9tsdlsSVQWaFVPE4m7V6sS5qOIFWWG
NxlgKIXa78467m7usXv5kAkjyGyVrL3rhOXvaFZBTZIfKt+lRn8VLX2estlUZ5D9
6AKYSk3nts+pRQGjXBh+Tm98Dkd1N62maT/YYuSbVCa3ZlklkSv31HoHWbvuKff7
mD4zFu3wbYAYW5uCjeVSC0r9uRe6Z3SFfOu52uayc+r9JE7j8PL1B68FmI97nGvk
Vo/nsrFgCWlv8PGwVHCmGhxZ2MKA9m16fq17LRTxVJyn
-----END CERTIFICATE-----