Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/gUDL04QU8GhnSaEL7dTSiWyjCUQ.roa
File:                     gUDL04QU8GhnSaEL7dTSiWyjCUQ.roa (raw, json)
Hash identifier:          Kujjykfz1vQtpIlcZ/que3JRFfc54ymJ7JSlpzN7aXk=
Subject key identifier:   81:40:CB:D3:84:14:F0:68:67:49:A1:0B:ED:D4:D2:89:6C:A3:09:44
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019C84D3529202BD9893BF04FA60E2C095DB
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/gUDL04QU8GhnSaEL7dTSiWyjCUQ.roa
Signing time:             Sun 22 Feb 2026 10:09:27 +0000
ROA not before:           Sun 22 Feb 2026 10:09:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201002
IP address blocks:        212.192.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:84:d3:52:92:02:bd:98:93:bf:04:fa:60:e2:c0:95:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Feb 22 10:09:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8140cbd38414f0686749a10bedd4d2896ca30944
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:86:73:16:2d:8a:81:bd:dc:01:81:79:f7:25:
                    b4:01:c7:17:c2:46:81:11:ca:f5:15:f2:b6:5f:d0:
                    a9:0f:5d:2e:31:53:fe:61:b8:2c:e7:6f:ea:9d:ab:
                    ea:4e:52:9f:62:8c:0a:a8:a7:74:26:ab:2f:35:54:
                    42:16:78:5f:30:76:bd:1c:7e:d3:e5:87:b1:10:bc:
                    e0:d3:74:fd:08:f6:1f:f5:67:3a:1e:18:c6:b5:14:
                    0b:a3:ca:e1:6f:a2:b8:ee:04:41:03:50:17:04:e3:
                    ba:e6:c0:af:fd:67:3d:c8:c6:08:f4:72:55:0d:98:
                    06:d3:f2:6c:01:e7:5c:13:67:52:38:13:3c:62:86:
                    37:f5:13:e2:f3:b7:4a:0f:02:ae:83:df:14:49:63:
                    42:6e:1b:fd:ee:5b:32:ec:4b:08:88:80:e7:a0:cd:
                    1d:31:4f:86:97:51:f3:5b:60:bf:9b:b9:85:98:5b:
                    db:0d:e0:65:cc:5f:b7:8f:2b:2e:eb:4a:90:41:1c:
                    71:87:1a:a6:27:1b:b3:06:e1:3f:14:13:4f:8d:8f:
                    a9:4c:27:fb:e9:0b:59:ad:ab:0c:a7:4c:e9:cf:98:
                    de:16:1d:29:b5:27:84:23:13:ca:fb:7c:8f:88:e1:
                    31:45:fc:9b:e6:d6:7c:94:57:7c:6c:fb:54:94:25:
                    5b:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:40:CB:D3:84:14:F0:68:67:49:A1:0B:ED:D4:D2:89:6C:A3:09:44
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/gUDL04QU8GhnSaEL7dTSiWyjCUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.192.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:2b:5d:9f:aa:14:a8:3f:06:b8:88:9e:fb:1e:99:a9:0a:eb:
         77:84:10:73:0c:d8:17:56:df:be:5f:12:c3:87:9c:ff:61:3a:
         c8:e9:0d:b3:7e:66:5b:88:d1:e1:de:a9:49:c3:0a:88:cb:fa:
         4e:4e:6a:72:73:5c:06:00:bf:14:c5:fa:a9:21:93:49:43:ab:
         c8:e4:47:50:85:3f:d0:d6:ac:f4:4d:c6:b0:e7:4d:0a:ba:af:
         43:11:96:6a:05:55:01:4b:93:a5:8f:8d:e3:d9:97:c6:ff:d9:
         f1:c3:53:93:7d:71:a4:c3:e2:cc:0d:e1:07:4b:70:09:f4:e8:
         57:fa:a1:9e:9a:24:70:3a:e0:e9:61:05:03:a9:12:bd:9d:8d:
         21:9d:5a:b7:05:fc:e6:25:c0:1b:58:c4:c7:84:68:cf:dd:a4:
         cb:ab:f0:7e:e7:99:c6:e9:be:5c:fb:1c:63:89:a8:c8:1e:4f:
         a6:e4:b4:35:fe:82:13:a8:c9:2a:ef:fe:91:b7:28:cd:3f:46:
         70:ad:34:13:68:0c:42:38:93:55:2b:52:8a:c1:e8:4d:e3:73:
         3d:49:d9:c5:1f:08:7c:d6:b0:d2:a3:42:ce:97:ae:8a:e8:58:
         3d:4a:20:23:bd:6d:38:d9:0c:e5:5a:31:33:8d:d7:d4:82:a1:
         0f:d6:92:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyE01KSAr2Yk78E+mDiwJXbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwMjIyMTAwOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTQwY2JkMzg0MTRmMDY4Njc0OWExMGJlZGQ0ZDI4OTZjYTMwOTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzIZzFi2Kgb3cAYF59yW0AccXwkaB
Ecr1FfK2X9CpD10uMVP+Ybgs52/qnavqTlKfYowKqKd0JqsvNVRCFnhfMHa9HH7T
5YexELzg03T9CPYf9Wc6HhjGtRQLo8rhb6K47gRBA1AXBOO65sCv/Wc9yMYI9HJV
DZgG0/JsAedcE2dSOBM8YoY39RPi87dKDwKug98USWNCbhv97lsy7EsIiIDnoM0d
MU+Gl1HzW2C/m7mFmFvbDeBlzF+3jysu60qQQRxxhxqmJxuzBuE/FBNPjY+pTCf7
6QtZrasMp0zpz5jeFh0ptSeEIxPK+3yPiOExRfyb5tZ8lFd8bPtUlCVbrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIFAy9OEFPBoZ0mhC+3U0olsowlEMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvZ1VETDA0UVU4R2huU2FFTDdkVFNpV3lqQ1VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MDVMA0G
CSqGSIb3DQEBCwUAA4IBAQAQK12fqhSoPwa4iJ77HpmpCut3hBBzDNgXVt++XxLD
h5z/YTrI6Q2zfmZbiNHh3qlJwwqIy/pOTmpyc1wGAL8UxfqpIZNJQ6vI5EdQhT/Q
1qz0Tcaw500Kuq9DEZZqBVUBS5Olj43j2ZfG/9nxw1OTfXGkw+LMDeEHS3AJ9OhX
+qGemiRwOuDpYQUDqRK9nY0hnVq3BfzmJcAbWMTHhGjP3aTLq/B+55nG6b5c+xxj
iajIHk+m5LQ1/oITqMkq7/6RtyjNP0ZwrTQTaAxCOJNVK1KKwehN43M9SdnFHwh8
1rDSo0LOl66K6Fg9SiAjvW042QzlWjEzjdfUgqEP1pLT
-----END CERTIFICATE-----