Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/8b400d-1e8e-40da-b1d6-a6541ceb1e43/1/sGGrBlYRqSk23P8-DuJvN6YMvHY.roa
File:                     sGGrBlYRqSk23P8-DuJvN6YMvHY.roa (raw, json)
Hash identifier:          fiYpu/0ovSOIBxpF636vimdbeS+doh5+RZJKDO2YKf8=
Subject key identifier:   B0:61:AB:06:56:11:A9:29:36:DC:FF:3E:0E:E2:6F:37:A6:0C:BC:76
Certificate issuer:       /CN=5232d44d9e08c873db35c02151ca44ae54b4b8af
Certificate serial:       019C7AEA6259C00D09E078EBBAFFF9492E90
Authority key identifier: 52:32:D4:4D:9E:08:C8:73:DB:35:C0:21:51:CA:44:AE:54:B4:B8:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UjLUTZ4IyHPbNcAhUcpErlS0uK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/8b400d-1e8e-40da-b1d6-a6541ceb1e43/1/sGGrBlYRqSk23P8-DuJvN6YMvHY.roa
Signing time:             Fri 20 Feb 2026 11:58:26 +0000
ROA not before:           Fri 20 Feb 2026 11:58:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208989
IP address blocks:        45.12.8.0/22 maxlen: 22
                          2a10:7140::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/8b400d-1e8e-40da-b1d6-a6541ceb1e43/1/UjLUTZ4IyHPbNcAhUcpErlS0uK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/8b400d-1e8e-40da-b1d6-a6541ceb1e43/1/UjLUTZ4IyHPbNcAhUcpErlS0uK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UjLUTZ4IyHPbNcAhUcpErlS0uK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 14:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7a:ea:62:59:c0:0d:09:e0:78:eb:ba:ff:f9:49:2e:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5232d44d9e08c873db35c02151ca44ae54b4b8af
        Validity
            Not Before: Feb 20 11:58:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b061ab065611a92936dcff3e0ee26f37a60cbc76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:b4:c8:ff:10:c3:31:69:13:bd:7f:dc:83:00:
                    05:cc:ef:9a:42:f2:61:7b:56:81:f5:a9:be:31:17:
                    3a:e8:25:8b:0a:20:c1:de:dc:fc:56:83:8a:26:73:
                    e9:80:0b:d9:ca:e5:17:10:f3:43:b7:a3:0b:4b:0f:
                    11:f3:5d:2a:50:b0:11:8b:44:c7:f1:76:0f:c1:60:
                    0c:16:c6:5e:83:14:4c:09:b3:96:80:4a:2c:95:d4:
                    7c:53:05:d4:7e:23:86:3c:d9:32:ed:41:72:e3:bf:
                    67:02:41:5d:6b:c7:30:ae:70:2e:24:ca:dd:c1:b9:
                    29:8f:54:3a:a3:3d:e9:ef:ef:bd:d0:f4:a6:5f:22:
                    0f:62:1d:e7:73:e1:dc:71:e5:79:6f:55:3d:fb:fc:
                    20:f3:1b:97:dd:6d:03:07:62:41:36:0a:15:dc:40:
                    ca:d0:b5:e4:7f:c3:53:2b:76:69:32:5a:99:dc:a8:
                    eb:5a:ff:70:97:8a:c0:f5:52:07:a0:d3:2f:7a:1a:
                    04:2d:46:29:07:ef:97:7b:b5:c7:49:2f:30:f4:7e:
                    7e:62:d9:8f:e2:d2:14:3b:ee:84:53:52:98:f2:b6:
                    4b:95:57:c5:74:15:a1:78:89:bc:ed:0b:3f:b9:e4:
                    f9:9d:ee:c3:d9:f4:2a:45:1d:59:01:dd:98:e9:52:
                    35:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:61:AB:06:56:11:A9:29:36:DC:FF:3E:0E:E2:6F:37:A6:0C:BC:76
            X509v3 Authority Key Identifier:
                keyid:52:32:D4:4D:9E:08:C8:73:DB:35:C0:21:51:CA:44:AE:54:B4:B8:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UjLUTZ4IyHPbNcAhUcpErlS0uK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/8b400d-1e8e-40da-b1d6-a6541ceb1e43/1/sGGrBlYRqSk23P8-DuJvN6YMvHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/8b400d-1e8e-40da-b1d6-a6541ceb1e43/1/UjLUTZ4IyHPbNcAhUcpErlS0uK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.8.0/22
                IPv6:
                  2a10:7140::/29

    Signature Algorithm: sha256WithRSAEncryption
         0b:6a:22:bc:22:21:c0:23:17:df:51:bc:24:dd:f3:54:ed:a9:
         32:c8:cc:a7:b1:2e:4d:59:f5:99:d6:c4:52:b7:51:56:a3:0a:
         bd:22:8b:57:1d:ef:58:bf:8c:9f:6e:f6:0f:e7:a2:94:8a:6c:
         dd:e5:24:96:2d:c5:84:45:07:54:5a:e6:a5:69:2d:3b:0d:7d:
         7e:97:48:be:6a:8c:45:fb:78:41:df:ec:ce:05:f8:57:cf:ed:
         c6:95:e6:6c:8e:2e:8e:95:38:df:79:b7:62:4c:47:9c:fd:75:
         51:a4:06:8c:19:d8:69:b3:d3:5e:bc:e4:4d:5b:9e:6b:82:ea:
         e2:0b:96:26:ee:e7:1e:87:a3:57:ec:62:93:ba:4a:17:d1:d5:
         25:90:f2:eb:53:13:b2:a2:01:c1:02:84:41:cc:c8:75:60:c6:
         f1:22:f7:ef:0f:82:df:bf:e4:05:69:59:f7:fb:6c:54:a3:7b:
         50:f1:b4:9e:37:6d:be:b0:01:92:cc:70:55:ce:f6:cf:ff:04:
         ef:a7:13:7f:5f:87:ec:ae:2c:b2:96:6c:13:d0:94:3c:40:bc:
         0d:9d:e3:49:9b:eb:cc:6c:45:0d:31:6a:9e:63:a4:51:3b:23:
         bf:77:01:db:5d:da:33:72:07:f4:63:14:e0:3e:2d:b4:5e:69:
         1b:07:26:08
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZx66mJZwA0J4Hjruv/5SS6QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMzJkNDRkOWUwOGM4NzNkYjM1YzAyMTUxY2E0NGFlNTRi
NGI4YWYwHhcNMjYwMjIwMTE1ODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDYxYWIwNjU2MTFhOTI5MzZkY2ZmM2UwZWUyNmYzN2E2MGNiYzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk7TI/xDDMWkTvX/cgwAFzO+aQvJh
e1aB9am+MRc66CWLCiDB3tz8VoOKJnPpgAvZyuUXEPNDt6MLSw8R810qULARi0TH
8XYPwWAMFsZegxRMCbOWgEosldR8UwXUfiOGPNky7UFy479nAkFda8cwrnAuJMrd
wbkpj1Q6oz3p7++90PSmXyIPYh3nc+HcceV5b1U9+/wg8xuX3W0DB2JBNgoV3EDK
0LXkf8NTK3ZpMlqZ3KjrWv9wl4rA9VIHoNMvehoELUYpB++Xe7XHSS8w9H5+YtmP
4tIUO+6EU1KY8rZLlVfFdBWheIm87Qs/ueT5ne7D2fQqRR1ZAd2Y6VI1JwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLBhqwZWEakpNtz/Pg7ibzemDLx2MB8GA1UdIwQY
MBaAFFIy1E2eCMhz2zXAIVHKRK5UtLivMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWpMVVRaNEl5SFBiTmNBaFVjcEVybFMwdUs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi84YjQwMGQtMWU4ZS00MGRhLWIxZDYt
YTY1NDFjZWIxZTQzLzEvc0dHckJsWVJxU2syM1A4LUR1SnZONllNdkhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi84YjQwMGQtMWU4ZS00MGRhLWIxZDYtYTY1NDFjZWIxZTQz
LzEvVWpMVVRaNEl5SFBiTmNBaFVjcEVybFMwdUs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLQwIMA0E
AgACMAcDBQMqEHFAMA0GCSqGSIb3DQEBCwUAA4IBAQALaiK8IiHAIxffUbwk3fNU
7akyyMynsS5NWfWZ1sRSt1FWowq9IotXHe9Yv4yfbvYP56KUimzd5SSWLcWERQdU
WualaS07DX1+l0i+aoxF+3hB3+zOBfhXz+3GleZsji6OlTjfebdiTEec/XVRpAaM
Gdhps9NevORNW55rguriC5Ym7uceh6NX7GKTukoX0dUlkPLrUxOyogHBAoRBzMh1
YMbxIvfvD4Lfv+QFaVn3+2xUo3tQ8bSeN22+sAGSzHBVzvbP/wTvpxN/X4fsriyy
lmwT0JQ8QLwNneNJm+vMbEUNMWqeY6RROyO/dwHbXdozcgf0YxTgPi20XmkbByYI
-----END CERTIFICATE-----