Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/jJwVz-Jdedm4kofDDixamlf1mnE.roa
File:                     jJwVz-Jdedm4kofDDixamlf1mnE.roa (raw, json)
Hash identifier:          MEYCS8IqIgHLKEjQoiORKaEcoLqxNfD5TbE+WgHYD1I=
Subject key identifier:   8C:9C:15:CF:E2:5D:79:D9:B8:92:87:C3:0E:2C:5A:9A:57:F5:9A:71
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       019C70467B1A93C1422A4B51E7092C7F648D
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/jJwVz-Jdedm4kofDDixamlf1mnE.roa
Signing time:             Wed 18 Feb 2026 10:23:13 +0000
ROA not before:           Wed 18 Feb 2026 10:23:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212238
IP address blocks:        212.100.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:70:46:7b:1a:93:c1:42:2a:4b:51:e7:09:2c:7f:64:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: Feb 18 10:23:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8c9c15cfe25d79d9b89287c30e2c5a9a57f59a71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:e8:01:9b:74:0e:d4:24:0d:d0:75:90:5f:16:
                    e8:1f:c0:93:93:91:3d:e0:db:ab:15:3f:02:2e:53:
                    c1:3a:5c:02:13:36:85:a7:53:1b:32:2d:f5:62:12:
                    23:b5:f7:87:c4:08:23:25:e8:3a:88:cb:fe:4f:84:
                    02:20:af:98:d8:7f:3a:0e:ca:00:9e:cf:ea:dd:2f:
                    e3:32:7c:eb:39:1f:5b:36:d0:5c:07:89:53:62:9d:
                    82:2b:d2:59:9b:be:e9:c5:be:a2:19:a1:b5:25:b1:
                    44:f7:8a:4e:2c:3c:53:f4:19:e9:21:5a:7f:6d:fa:
                    12:c4:16:0c:22:aa:fe:37:a3:92:ad:a1:e4:2a:8a:
                    ef:ce:70:ab:be:f3:71:47:ea:31:98:7c:bc:bd:31:
                    8b:ea:69:ad:f0:dd:c2:cf:04:7d:b9:d0:28:59:4a:
                    7a:0e:0c:ac:4b:85:44:67:88:43:0b:b9:2b:34:25:
                    4b:76:4d:65:ec:f5:c2:65:fa:de:3b:b6:de:be:bd:
                    1a:8e:ff:f4:a1:99:62:cc:2f:6d:59:a7:1e:fd:cc:
                    3d:3e:d7:bf:d8:a9:63:1a:a5:08:c3:d9:83:b3:9d:
                    cf:77:b7:92:d1:e9:95:0c:07:65:09:c0:ce:c4:42:
                    84:35:45:90:9d:66:47:1a:c8:d6:40:32:bb:f0:1a:
                    d8:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:9C:15:CF:E2:5D:79:D9:B8:92:87:C3:0E:2C:5A:9A:57:F5:9A:71
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/jJwVz-Jdedm4kofDDixamlf1mnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:4d:21:ef:fa:07:09:39:81:fa:10:ba:1c:33:d5:dd:7d:6c:
         0b:19:a9:26:13:a6:fd:e9:7b:b8:99:85:cd:be:c8:f3:ab:ca:
         13:23:3d:63:06:40:16:8b:4e:ac:df:66:ec:34:34:5f:15:31:
         cc:62:b4:fa:09:f0:28:e4:c3:d7:88:81:f2:18:b4:74:a5:81:
         be:60:61:4c:f5:3a:cd:04:34:0e:f9:51:57:dc:51:91:00:ee:
         a4:35:ff:c6:32:bc:8a:74:1f:25:e0:d8:5e:a7:9f:c8:48:26:
         c2:39:5a:a5:a4:2a:35:56:d3:fa:89:08:d1:22:0e:54:c3:b9:
         b7:84:d9:4e:c9:92:44:b9:d3:4a:de:b6:6d:4f:6f:f2:ba:42:
         bf:ec:5c:9a:ef:a2:6b:6a:d0:21:4f:61:ed:16:aa:c8:88:19:
         31:ed:b4:c2:ba:c4:a0:75:21:9c:dd:c9:28:cb:25:52:56:dd:
         88:08:aa:ef:8f:8c:31:0e:7a:27:6a:f7:0c:b1:ca:e9:0a:bc:
         cc:76:5a:34:89:3b:0d:2c:1b:ba:2b:3d:0b:41:97:97:00:19:
         81:36:fe:ea:49:6e:8d:1c:d2:54:48:8c:6a:86:9b:ea:c5:64:
         58:b0:9c:d6:62:a6:e1:3e:76:8a:36:2b:09:d8:ad:c4:97:cb:
         b5:0c:27:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxwRnsak8FCKktR5wksf2SNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjYwMjE4MTAyMzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzljMTVjZmUyNWQ3OWQ5Yjg5Mjg3YzMwZTJjNWE5YTU3ZjU5YTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ugBm3QO1CQN0HWQXxboH8CTk5E9
4NurFT8CLlPBOlwCEzaFp1MbMi31YhIjtfeHxAgjJeg6iMv+T4QCIK+Y2H86DsoA
ns/q3S/jMnzrOR9bNtBcB4lTYp2CK9JZm77pxb6iGaG1JbFE94pOLDxT9BnpIVp/
bfoSxBYMIqr+N6OSraHkKorvznCrvvNxR+oxmHy8vTGL6mmt8N3CzwR9udAoWUp6
DgysS4VEZ4hDC7krNCVLdk1l7PXCZfreO7bevr0ajv/0oZlizC9tWace/cw9Pte/
2KljGqUIw9mDs53Pd7eS0emVDAdlCcDOxEKENUWQnWZHGsjWQDK78BrYlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIycFc/iXXnZuJKHww4sWppX9ZpxMB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvakp3VnotSmRlZG00a29mRERpeGFtbGYxbW5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQtNGFiOWU4YWEzMjYy
LzEvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GSmMA0G
CSqGSIb3DQEBCwUAA4IBAQCFTSHv+gcJOYH6ELocM9XdfWwLGakmE6b96Xu4mYXN
vsjzq8oTIz1jBkAWi06s32bsNDRfFTHMYrT6CfAo5MPXiIHyGLR0pYG+YGFM9TrN
BDQO+VFX3FGRAO6kNf/GMryKdB8l4Nhep5/ISCbCOVqlpCo1VtP6iQjRIg5Uw7m3
hNlOyZJEudNK3rZtT2/yukK/7Fya76JratAhT2HtFqrIiBkx7bTCusSgdSGc3cko
yyVSVt2ICKrvj4wxDnonavcMscrpCrzMdlo0iTsNLBu6Kz0LQZeXABmBNv7qSW6N
HNJUSIxqhpvqxWRYsJzWYqbhPnaKNisJ2K3El8u1DCcj
-----END CERTIFICATE-----