Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/5ed525-3f37-4c70-a2ec-a4151b5e2fcf/1/gKrLEMKKBPn76EAbd2e67fa8nlA.roa
File:                     gKrLEMKKBPn76EAbd2e67fa8nlA.roa (raw, json)
Hash identifier:          2MR02OlNV98WA7eo7V/sklDPjIr74dUCdC13yh8HK9k=
Subject key identifier:   80:AA:CB:10:C2:8A:04:F9:FB:E8:40:1B:77:67:BA:ED:F6:BC:9E:50
Certificate issuer:       /CN=3c177b528043a85953fc250f991d9d8020e2810d
Certificate serial:       019C90B9CAA201C7A8D3EF5B8AE57430EB39
Authority key identifier: 3C:17:7B:52:80:43:A8:59:53:FC:25:0F:99:1D:9D:80:20:E2:81:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PBd7UoBDqFlT_CUPmR2dgCDigQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/5ed525-3f37-4c70-a2ec-a4151b5e2fcf/1/gKrLEMKKBPn76EAbd2e67fa8nlA.roa
Signing time:             Tue 24 Feb 2026 17:37:00 +0000
ROA not before:           Tue 24 Feb 2026 17:37:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202572
IP address blocks:        185.254.64.0/24 maxlen: 24
                          2a0a:2303::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/5ed525-3f37-4c70-a2ec-a4151b5e2fcf/1/PBd7UoBDqFlT_CUPmR2dgCDigQ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/5ed525-3f37-4c70-a2ec-a4151b5e2fcf/1/PBd7UoBDqFlT_CUPmR2dgCDigQ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PBd7UoBDqFlT_CUPmR2dgCDigQ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:90:b9:ca:a2:01:c7:a8:d3:ef:5b:8a:e5:74:30:eb:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c177b528043a85953fc250f991d9d8020e2810d
        Validity
            Not Before: Feb 24 17:37:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=80aacb10c28a04f9fbe8401b7767baedf6bc9e50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:2f:e6:cc:74:2e:92:40:6f:30:14:7c:b0:6c:
                    7e:94:3d:ee:d8:d7:95:d0:b3:10:9d:36:92:7a:5d:
                    f3:19:28:d5:66:c4:76:11:6c:86:cd:91:d2:89:58:
                    7d:2a:cf:ec:54:8c:77:48:53:b3:2d:48:4f:72:e1:
                    b2:68:0e:9f:39:dd:51:46:20:25:e2:d6:3f:cf:15:
                    11:3b:98:8e:af:bb:0b:08:d1:48:1b:27:d8:3d:e2:
                    78:a8:41:05:b1:cf:b5:00:ba:de:ff:f4:b4:ac:cd:
                    e7:4c:b0:1a:3a:66:54:56:da:18:bb:41:31:6e:3f:
                    91:a1:66:f3:74:76:38:6a:34:b4:0c:5b:59:49:2e:
                    68:44:ea:9b:d5:c3:bf:8b:f6:49:07:00:44:fb:e5:
                    a9:8d:07:d5:a0:9a:d8:fd:e6:e4:b4:e9:5a:02:7a:
                    ec:6f:fa:8b:43:f5:41:9d:31:59:e8:06:85:91:7a:
                    2d:2e:f4:2e:d1:35:3a:83:00:40:13:46:24:85:a5:
                    b4:59:e3:23:94:9c:e0:04:1d:a3:b0:92:a9:fe:25:
                    23:92:0b:2e:f2:ae:36:9f:0b:dd:7e:ce:79:ab:61:
                    5e:2f:02:fa:88:a8:03:36:8a:ba:0c:b2:78:bd:28:
                    90:82:17:03:b0:01:35:de:2a:01:0d:28:ad:53:e0:
                    c7:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:AA:CB:10:C2:8A:04:F9:FB:E8:40:1B:77:67:BA:ED:F6:BC:9E:50
            X509v3 Authority Key Identifier:
                keyid:3C:17:7B:52:80:43:A8:59:53:FC:25:0F:99:1D:9D:80:20:E2:81:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PBd7UoBDqFlT_CUPmR2dgCDigQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5ed525-3f37-4c70-a2ec-a4151b5e2fcf/1/gKrLEMKKBPn76EAbd2e67fa8nlA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5ed525-3f37-4c70-a2ec-a4151b5e2fcf/1/PBd7UoBDqFlT_CUPmR2dgCDigQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.64.0/24
                IPv6:
                  2a0a:2303::/32

    Signature Algorithm: sha256WithRSAEncryption
         05:60:af:ff:3e:0a:25:aa:32:37:c7:36:5d:dc:54:cd:e8:44:
         5e:17:2f:85:4b:a2:04:0d:27:63:06:ea:1c:3b:d7:32:7b:fe:
         6b:c2:0a:a6:bf:e7:43:59:17:1e:1b:6d:47:df:f1:b9:f0:32:
         38:91:54:fa:1b:6f:69:c2:2b:0d:0c:c8:08:34:6e:64:8a:36:
         8d:fc:76:94:ea:a9:5d:5c:9a:83:ab:8c:c1:e0:35:5a:4d:af:
         d6:33:e8:22:d7:12:8b:50:25:4f:86:9c:6a:5c:de:a0:67:c1:
         0b:e7:86:a5:6b:98:2b:ae:21:c5:1d:85:c2:fa:7e:da:17:c3:
         0f:4c:a4:80:72:ee:10:c8:6c:06:23:88:ed:b2:76:22:9c:e6:
         ab:89:8c:e5:31:f8:c3:71:63:fe:4a:9a:c9:d6:57:2a:04:51:
         a0:e2:6f:97:17:01:e7:04:ed:fa:03:c3:19:9e:da:5d:d1:71:
         3a:1f:d6:5d:eb:c3:52:53:45:d1:7d:47:7b:52:67:5e:1b:ad:
         24:b2:c6:57:35:28:9b:86:fb:f7:13:f9:56:0a:48:b1:2b:09:
         20:c4:fa:2a:e7:1a:5a:00:17:a2:78:ff:2c:78:f9:17:77:6a:
         07:ba:fd:f8:ca:c7:d0:0b:e6:d0:c7:20:e8:11:fd:44:7f:79:
         79:59:cf:9d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZyQucqiAceo0+9biuV0MOs5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjMTc3YjUyODA0M2E4NTk1M2ZjMjUwZjk5MWQ5ZDgwMjBl
MjgxMGQwHhcNMjYwMjI0MTczNzAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGFhY2IxMGMyOGEwNGY5ZmJlODQwMWI3NzY3YmFlZGY2YmM5ZTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtC/mzHQukkBvMBR8sGx+lD3u2NeV
0LMQnTaSel3zGSjVZsR2EWyGzZHSiVh9Ks/sVIx3SFOzLUhPcuGyaA6fOd1RRiAl
4tY/zxURO5iOr7sLCNFIGyfYPeJ4qEEFsc+1ALre//S0rM3nTLAaOmZUVtoYu0Ex
bj+RoWbzdHY4ajS0DFtZSS5oROqb1cO/i/ZJBwBE++WpjQfVoJrY/ebktOlaAnrs
b/qLQ/VBnTFZ6AaFkXotLvQu0TU6gwBAE0YkhaW0WeMjlJzgBB2jsJKp/iUjkgsu
8q42nwvdfs55q2FeLwL6iKgDNoq6DLJ4vSiQghcDsAE13ioBDSitU+DHpwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFICqyxDCigT5++hAG3dnuu32vJ5QMB8GA1UdIwQY
MBaAFDwXe1KAQ6hZU/wlD5kdnYAg4oENMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEJkN1VvQkRxRmxUX0NVUG1SMmRnQ0RpZ1EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC81ZWQ1MjUtM2YzNy00YzcwLWEyZWMt
YTQxNTFiNWUyZmNmLzEvZ0tyTEVNS0tCUG43NkVBYmQyZTY3ZmE4bmxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC81ZWQ1MjUtM2YzNy00YzcwLWEyZWMtYTQxNTFiNWUyZmNm
LzEvUEJkN1VvQkRxRmxUX0NVUG1SMmRnQ0RpZ1EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuf5AMA0E
AgACMAcDBQAqCiMDMA0GCSqGSIb3DQEBCwUAA4IBAQAFYK//PgolqjI3xzZd3FTN
6EReFy+FS6IEDSdjBuocO9cye/5rwgqmv+dDWRceG21H3/G58DI4kVT6G29pwisN
DMgING5kijaN/HaU6qldXJqDq4zB4DVaTa/WM+gi1xKLUCVPhpxqXN6gZ8EL54al
a5grriHFHYXC+n7aF8MPTKSAcu4QyGwGI4jtsnYinOariYzlMfjDcWP+SprJ1lcq
BFGg4m+XFwHnBO36A8MZntpd0XE6H9Zd68NSU0XRfUd7UmdeG60kssZXNSibhvv3
E/lWCkixKwkgxPoq5xpaABeieP8sePkXd2oHuv34ysfQC+bQxyDoEf1Ef3l5Wc+d
-----END CERTIFICATE-----