Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/8EQw8scn945EBI3nr8f8oaXNu5k.roa
File:                     8EQw8scn945EBI3nr8f8oaXNu5k.roa (raw, json)
Hash identifier:          Pc5eAGErA0CLNaCRm8m5LzZW6f6RQyf0pkKeLb9c9vc=
Subject key identifier:   F0:44:30:F2:C7:27:F7:8E:44:04:8D:E7:AF:C7:FC:A1:A5:CD:BB:99
Certificate issuer:       /CN=63883a79789d9f65815292f18d4980ba9c5ed221
Certificate serial:       019C91B4201BD73A473D577AD31DF35D0B8B
Authority key identifier: 63:88:3A:79:78:9D:9F:65:81:52:92:F1:8D:49:80:BA:9C:5E:D2:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/8EQw8scn945EBI3nr8f8oaXNu5k.roa
Signing time:             Tue 24 Feb 2026 22:10:26 +0000
ROA not before:           Tue 24 Feb 2026 22:10:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        185.162.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:91:b4:20:1b:d7:3a:47:3d:57:7a:d3:1d:f3:5d:0b:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63883a79789d9f65815292f18d4980ba9c5ed221
        Validity
            Not Before: Feb 24 22:10:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f04430f2c727f78e44048de7afc7fca1a5cdbb99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:e4:9a:5b:92:a0:b3:d6:cc:b1:e5:16:00:d3:
                    d2:02:23:59:fd:2d:70:e9:03:51:88:6b:65:41:6b:
                    54:50:08:71:0e:88:75:6d:73:25:26:1e:97:87:7e:
                    a0:20:4e:54:86:c8:7b:ab:1e:ac:14:bc:ef:fb:7a:
                    7b:65:68:f0:ee:27:c5:70:34:af:7f:12:60:bb:03:
                    67:4c:61:16:ab:d4:8f:71:ea:33:1b:98:29:1f:26:
                    e3:be:f2:e3:da:43:71:5d:2b:b7:9a:2d:69:61:2a:
                    75:0a:24:29:46:0d:4b:ec:fb:b8:14:80:71:17:eb:
                    30:e6:64:d5:29:2f:10:37:f9:19:f9:2d:f5:96:b2:
                    38:86:f3:a3:1f:c2:1b:7d:10:d7:c5:52:d1:d9:8b:
                    9d:4d:56:e9:89:e7:aa:3c:98:a2:71:e7:d0:70:44:
                    98:67:9f:0f:95:a7:3f:e0:96:b3:f8:61:81:b1:83:
                    ef:51:be:44:c0:77:4c:ab:75:46:8f:9b:a1:91:52:
                    03:c5:76:b1:80:16:8e:96:31:7e:e6:98:4f:6f:cd:
                    5f:e5:76:f3:b4:36:05:e0:5c:a6:e6:fc:73:b7:79:
                    9d:5d:03:7b:85:01:92:71:b5:7a:d1:63:36:a2:de:
                    51:c1:69:59:0d:a2:4b:99:1a:2c:9e:be:75:89:07:
                    ff:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:44:30:F2:C7:27:F7:8E:44:04:8D:E7:AF:C7:FC:A1:A5:CD:BB:99
            X509v3 Authority Key Identifier:
                keyid:63:88:3A:79:78:9D:9F:65:81:52:92:F1:8D:49:80:BA:9C:5E:D2:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/8EQw8scn945EBI3nr8f8oaXNu5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:08:3f:8b:79:77:26:8d:42:55:38:ea:1c:a1:1d:30:13:17:
         f8:2e:ef:ca:ec:0d:bf:b7:49:11:d1:13:92:e3:e7:88:70:81:
         95:79:97:b1:b0:1d:ba:99:a6:ef:06:5a:74:ea:79:f9:48:a8:
         68:be:7b:65:26:7c:28:49:74:b2:5e:b2:f2:e3:01:d6:81:e3:
         7f:04:22:1e:72:e5:66:73:21:52:65:12:eb:f8:2f:22:83:87:
         92:a1:a7:fb:f6:4b:f2:60:c0:16:d7:07:76:93:6d:ce:d9:80:
         02:cc:5d:45:cc:99:9b:21:d9:84:1b:be:23:bb:cd:64:05:cd:
         d1:d9:d2:bb:8d:2b:2d:98:63:04:e8:13:20:54:e1:38:5e:4e:
         f8:b4:6d:99:69:4a:dd:51:3c:76:fd:44:8a:fa:56:3a:23:0b:
         05:cd:d0:0b:2b:a6:4b:2e:e2:11:87:60:13:87:7d:6a:83:bd:
         54:ed:f7:96:b6:80:4e:dd:9c:f3:52:e9:84:ed:71:75:27:be:
         7a:e2:9a:4a:ad:66:8a:ca:4b:58:73:96:ea:e4:f8:ff:aa:ab:
         22:98:05:1f:41:9c:2c:93:d8:48:ed:b8:d6:78:0b:a6:4b:83:
         99:41:d2:03:19:f0:a6:40:cd:a0:b3:85:09:24:18:d3:0d:39:
         28:50:d6:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyRtCAb1zpHPVd60x3zXQuLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzODgzYTc5Nzg5ZDlmNjU4MTUyOTJmMThkNDk4MGJhOWM1
ZWQyMjEwHhcNMjYwMjI0MjIxMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDQ0MzBmMmM3MjdmNzhlNDQwNDhkZTdhZmM3ZmNhMWE1Y2RiYjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx+SaW5Kgs9bMseUWANPSAiNZ/S1w
6QNRiGtlQWtUUAhxDoh1bXMlJh6Xh36gIE5Uhsh7qx6sFLzv+3p7ZWjw7ifFcDSv
fxJguwNnTGEWq9SPceozG5gpHybjvvLj2kNxXSu3mi1pYSp1CiQpRg1L7Pu4FIBx
F+sw5mTVKS8QN/kZ+S31lrI4hvOjH8IbfRDXxVLR2YudTVbpieeqPJiicefQcESY
Z58Plac/4Jaz+GGBsYPvUb5EwHdMq3VGj5uhkVIDxXaxgBaOljF+5phPb81f5Xbz
tDYF4Fym5vxzt3mdXQN7hQGScbV60WM2ot5RwWlZDaJLmRosnr51iQf/ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPBEMPLHJ/eORASN56/H/KGlzbuZMB8GA1UdIwQY
MBaAFGOIOnl4nZ9lgVKS8Y1JgLqcXtIhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTRnNmVYaWRuMldCVXBMeGpVbUF1cHhlMGlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9jYTAyMjgtNTdlZS00ZjY1LTk2MmYt
MzVkMDU5NWUxMmYwLzEvOEVRdzhzY245NDVFQkkzbnI4ZjhvYVhOdTVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9jYTAyMjgtNTdlZS00ZjY1LTk2MmYtMzVkMDU5NWUxMmYw
LzEvWTRnNmVYaWRuMldCVXBMeGpVbUF1cHhlMGlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaL8MA0G
CSqGSIb3DQEBCwUAA4IBAQBnCD+LeXcmjUJVOOocoR0wExf4Lu/K7A2/t0kR0ROS
4+eIcIGVeZexsB26mabvBlp06nn5SKhovntlJnwoSXSyXrLy4wHWgeN/BCIecuVm
cyFSZRLr+C8ig4eSoaf79kvyYMAW1wd2k23O2YACzF1FzJmbIdmEG74ju81kBc3R
2dK7jSstmGME6BMgVOE4Xk74tG2ZaUrdUTx2/USK+lY6IwsFzdALK6ZLLuIRh2AT
h31qg71U7feWtoBO3ZzzUumE7XF1J7564ppKrWaKyktYc5bq5Pj/qqsimAUfQZws
k9hI7bjWeAumS4OZQdIDGfCmQM2gs4UJJBjTDTkoUNbU
-----END CERTIFICATE-----