Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/OUxi84rSCt4rIkDW_E2bYjNHR9A.roa
File:                     OUxi84rSCt4rIkDW_E2bYjNHR9A.roa (raw, json)
Hash identifier:          JbDVI82K0g08ZUcKrEB2J9NG8jJj3qhjQN44+K39KOM=
Subject key identifier:   39:4C:62:F3:8A:D2:0A:DE:2B:22:40:D6:FC:4D:9B:62:33:47:47:D0
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       019C78D1AD1328157A2F95E7C721BB173608
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/OUxi84rSCt4rIkDW_E2bYjNHR9A.roa
Signing time:             Fri 20 Feb 2026 02:12:13 +0000
ROA not before:           Fri 20 Feb 2026 02:12:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     984
IP address blocks:        212.100.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:78:d1:ad:13:28:15:7a:2f:95:e7:c7:21:bb:17:36:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: Feb 20 02:12:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=394c62f38ad20ade2b2240d6fc4d9b62334747d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d7:68:84:b3:6a:38:7b:7a:f0:2a:9d:4f:30:
                    c2:7a:b9:31:12:ce:af:51:d9:ed:17:46:aa:4b:b0:
                    1e:ab:e2:b7:fe:75:03:af:74:f3:b1:06:7d:b8:6f:
                    b0:0c:eb:c3:85:e4:9e:a8:cc:46:d6:4e:f8:cc:5f:
                    30:5c:36:99:db:42:bd:77:1e:95:25:20:1f:5a:4e:
                    35:88:ca:9b:ff:f3:08:9f:cd:6b:4a:15:8a:bf:7a:
                    3d:e1:60:25:a4:0d:7d:f5:23:1c:26:6c:e6:0c:68:
                    54:8d:b4:e1:88:51:3a:e6:d7:a5:10:14:f6:5c:88:
                    ad:c0:51:0c:69:d8:fe:45:40:94:d6:91:1a:c0:ac:
                    ff:db:4a:1a:37:d8:f9:21:c1:6a:62:6f:bc:f4:dc:
                    01:45:7d:9d:06:bd:b5:bb:a6:a8:4f:9e:c9:ec:4e:
                    e5:ec:bb:2f:17:69:b2:5a:f1:90:30:67:ad:cd:9a:
                    5d:3f:ee:3f:45:51:4d:e3:ab:55:3a:95:b6:c3:44:
                    c0:b7:86:66:30:a5:d1:7b:e0:cf:44:15:85:8f:a3:
                    bc:9d:07:31:c5:47:88:63:7c:5f:82:e9:23:09:68:
                    b8:62:80:3e:ed:93:82:c8:e5:47:ed:92:7f:64:f7:
                    9c:fb:55:38:f9:5f:11:df:c5:11:a3:7e:23:2f:bb:
                    07:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:4C:62:F3:8A:D2:0A:DE:2B:22:40:D6:FC:4D:9B:62:33:47:47:D0
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/OUxi84rSCt4rIkDW_E2bYjNHR9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:3c:99:21:cc:db:a3:bf:65:b8:99:2a:d4:06:be:2b:bd:97:
         9b:96:b7:67:bf:ff:e3:3c:39:b6:2a:3a:56:81:7a:39:5d:9a:
         e5:ff:4b:ed:e9:36:62:d4:a0:d0:36:0f:d5:10:a7:23:83:e6:
         d8:25:84:4d:55:7e:f1:e1:e0:d5:e2:86:99:f8:4a:30:3c:2d:
         e9:48:5e:ea:bb:7d:c9:d8:02:fb:ce:dd:2c:3b:19:a2:d7:c7:
         77:0f:bb:73:ed:af:02:58:7b:13:de:64:97:2e:d7:39:e8:04:
         67:ca:20:ba:9f:40:3f:45:0c:c3:6d:92:05:61:87:b9:7a:7c:
         d3:cc:93:ea:2d:b3:86:8a:11:7c:fa:da:d5:b6:24:f0:d4:67:
         63:db:97:5a:1b:84:31:8c:33:2d:3f:3f:b8:52:4f:a4:2f:18:
         ea:6e:6c:17:f7:2c:18:77:43:75:1c:fa:85:4a:75:6b:93:24:
         07:cf:1a:9c:4f:dc:c7:5b:c7:d8:61:25:ec:fb:4a:36:06:c3:
         f2:31:f0:04:70:20:f0:d6:19:b6:2e:0f:20:d4:11:31:14:9f:
         07:10:08:92:32:e0:31:c3:fa:0c:bd:0d:8e:76:fc:ad:2e:4a:
         b3:b0:0f:cc:fe:1d:92:2b:f6:1f:8b:5e:e4:ac:0a:49:9e:04:
         c6:ba:49:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx40a0TKBV6L5XnxyG7FzYIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjYwMjIwMDIxMjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTRjNjJmMzhhZDIwYWRlMmIyMjQwZDZmYzRkOWI2MjMzNDc0N2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApddohLNqOHt68CqdTzDCerkxEs6v
UdntF0aqS7Aeq+K3/nUDr3TzsQZ9uG+wDOvDheSeqMxG1k74zF8wXDaZ20K9dx6V
JSAfWk41iMqb//MIn81rShWKv3o94WAlpA199SMcJmzmDGhUjbThiFE65telEBT2
XIitwFEMadj+RUCU1pEawKz/20oaN9j5IcFqYm+89NwBRX2dBr21u6aoT57J7E7l
7LsvF2myWvGQMGetzZpdP+4/RVFN46tVOpW2w0TAt4ZmMKXRe+DPRBWFj6O8nQcx
xUeIY3xfgukjCWi4YoA+7ZOCyOVH7ZJ/ZPec+1U4+V8R38URo34jL7sHJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDlMYvOK0greKyJA1vxNm2IzR0fQMB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvT1V4aTg0clNDdDRySWtEV19FMmJZak5IUjlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQtNGFiOWU4YWEzMjYy
LzEvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GSlMA0G
CSqGSIb3DQEBCwUAA4IBAQBQPJkhzNujv2W4mSrUBr4rvZeblrdnv//jPDm2KjpW
gXo5XZrl/0vt6TZi1KDQNg/VEKcjg+bYJYRNVX7x4eDV4oaZ+EowPC3pSF7qu33J
2AL7zt0sOxmi18d3D7tz7a8CWHsT3mSXLtc56ARnyiC6n0A/RQzDbZIFYYe5enzT
zJPqLbOGihF8+trVtiTw1Gdj25daG4QxjDMtPz+4Uk+kLxjqbmwX9ywYd0N1HPqF
SnVrkyQHzxqcT9zHW8fYYSXs+0o2BsPyMfAEcCDw1hm2Lg8g1BExFJ8HEAiSMuAx
w/oMvQ2OdvytLkqzsA/M/h2SK/Yfi17krApJngTGukl+
-----END CERTIFICATE-----