Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/a14754-a7fb-43cb-a3ae-06d360dc70f3/1/GtDxiNHeYhaopEz7nkSxj4Uwws0.roa
File:                     GtDxiNHeYhaopEz7nkSxj4Uwws0.roa (raw, json)
Hash identifier:          xLrL13cfFz66vUPjaMWCOfLQuaEtZXy6c6DNYKUuXaU=
Subject key identifier:   1A:D0:F1:88:D1:DE:62:16:A8:A4:4C:FB:9E:44:B1:8F:85:30:C2:CD
Certificate issuer:       /CN=861824e9b334b4d50e83c49df9ba19ce25be8193
Certificate serial:       019C7A490C257E519C4DF4FE62ACE2DE6F31
Authority key identifier: 86:18:24:E9:B3:34:B4:D5:0E:83:C4:9D:F9:BA:19:CE:25:BE:81:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hhgk6bM0tNUOg8Sd-boZziW-gZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/a14754-a7fb-43cb-a3ae-06d360dc70f3/1/GtDxiNHeYhaopEz7nkSxj4Uwws0.roa
Signing time:             Fri 20 Feb 2026 09:02:13 +0000
ROA not before:           Fri 20 Feb 2026 09:02:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43926
IP address blocks:        185.5.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/a14754-a7fb-43cb-a3ae-06d360dc70f3/1/hhgk6bM0tNUOg8Sd-boZziW-gZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/a14754-a7fb-43cb-a3ae-06d360dc70f3/1/hhgk6bM0tNUOg8Sd-boZziW-gZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hhgk6bM0tNUOg8Sd-boZziW-gZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 12:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7a:49:0c:25:7e:51:9c:4d:f4:fe:62:ac:e2:de:6f:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=861824e9b334b4d50e83c49df9ba19ce25be8193
        Validity
            Not Before: Feb 20 09:02:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1ad0f188d1de6216a8a44cfb9e44b18f8530c2cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:81:b5:25:97:1e:0b:b1:6d:6a:a8:3d:84:7d:
                    eb:62:45:15:17:45:d0:16:ae:ef:92:92:a9:fc:8c:
                    7a:6b:01:6c:13:63:e0:6e:be:72:86:fa:49:3d:a5:
                    62:74:5a:d8:d4:b2:79:40:15:98:15:77:58:ac:85:
                    cc:ef:bf:ca:7b:ea:e5:d8:e1:d4:7d:ff:12:3e:0e:
                    81:5c:a8:a8:99:a3:eb:f6:70:18:80:82:db:ce:3d:
                    75:3a:01:6b:6f:b3:88:53:f7:90:d0:8a:73:33:78:
                    4d:ee:ec:d5:05:5a:44:fb:75:43:81:94:6d:bb:ad:
                    89:cc:62:9f:6d:79:0a:20:36:28:5b:f5:e3:d6:f3:
                    79:ca:ae:d6:2b:0f:4b:6b:56:e6:56:cb:08:4a:e9:
                    82:37:52:c1:e2:cb:7e:aa:1b:0b:37:18:ae:b8:54:
                    dd:93:a5:7f:4c:d7:a1:c3:ac:85:86:cf:5b:94:88:
                    ef:6f:67:f0:de:82:bb:5c:68:fb:bd:f1:29:77:39:
                    46:ba:02:79:5d:3b:ef:c1:1b:ac:f5:1d:96:bc:04:
                    43:2c:cd:72:2d:3c:6f:2d:4b:87:43:db:29:2a:e0:
                    cd:70:f5:f8:91:4f:66:73:0a:dd:c4:86:56:40:c4:
                    94:55:f6:90:84:2d:f8:1d:51:a6:b6:6a:38:9e:90:
                    3d:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:D0:F1:88:D1:DE:62:16:A8:A4:4C:FB:9E:44:B1:8F:85:30:C2:CD
            X509v3 Authority Key Identifier:
                keyid:86:18:24:E9:B3:34:B4:D5:0E:83:C4:9D:F9:BA:19:CE:25:BE:81:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hhgk6bM0tNUOg8Sd-boZziW-gZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/a14754-a7fb-43cb-a3ae-06d360dc70f3/1/GtDxiNHeYhaopEz7nkSxj4Uwws0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/a14754-a7fb-43cb-a3ae-06d360dc70f3/1/hhgk6bM0tNUOg8Sd-boZziW-gZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.5.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:c0:ca:8e:06:f2:b3:4d:1b:55:85:0a:6c:8f:44:4f:9f:8e:
         e4:13:b6:83:71:08:b1:4d:21:6b:40:14:ad:ec:85:40:2e:52:
         65:da:66:54:9f:46:45:1b:1a:f5:6c:83:ee:d1:a5:63:7d:d3:
         45:ac:a7:51:d5:c8:6d:35:86:e3:97:7b:23:b8:5d:b3:86:77:
         22:60:54:8d:25:ce:4a:71:85:02:67:e1:b6:6e:8b:79:ea:0c:
         19:21:92:3e:11:91:bd:f9:e7:20:2b:44:8f:00:d2:42:3e:35:
         dd:a2:5b:c2:10:17:a1:a8:a6:f1:5d:63:a7:f8:97:0d:34:64:
         5f:59:69:06:4d:db:ad:26:19:f8:54:08:c4:41:1e:fe:72:0a:
         30:bc:2c:69:8c:24:49:99:96:4a:b0:87:af:a5:c5:0e:5c:17:
         58:80:15:6d:1e:14:9e:21:2d:f1:d1:02:51:08:21:c3:ef:f6:
         dd:4a:72:02:38:ec:b5:15:66:9a:88:9f:0a:4e:00:f8:18:f2:
         82:47:f0:11:53:5c:c6:c6:9b:17:b7:de:eb:9d:7f:c3:a6:ed:
         fb:d8:23:b0:84:2c:4c:e4:9e:67:fc:8e:f1:f0:55:3d:92:ef:
         7f:61:9c:a0:24:e2:3f:c3:84:b6:01:f7:5c:b6:f8:fd:5c:f2:
         49:87:fd:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx6SQwlflGcTfT+Yqzi3m8xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2MTgyNGU5YjMzNGI0ZDUwZTgzYzQ5ZGY5YmExOWNlMjVi
ZTgxOTMwHhcNMjYwMjIwMDkwMjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWQwZjE4OGQxZGU2MjE2YThhNDRjZmI5ZTQ0YjE4Zjg1MzBjMmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2YG1JZceC7Ftaqg9hH3rYkUVF0XQ
Fq7vkpKp/Ix6awFsE2Pgbr5yhvpJPaVidFrY1LJ5QBWYFXdYrIXM77/Ke+rl2OHU
ff8SPg6BXKiomaPr9nAYgILbzj11OgFrb7OIU/eQ0IpzM3hN7uzVBVpE+3VDgZRt
u62JzGKfbXkKIDYoW/Xj1vN5yq7WKw9La1bmVssISumCN1LB4st+qhsLNxiuuFTd
k6V/TNehw6yFhs9blIjvb2fw3oK7XGj7vfEpdzlGugJ5XTvvwRus9R2WvARDLM1y
LTxvLUuHQ9spKuDNcPX4kU9mcwrdxIZWQMSUVfaQhC34HVGmtmo4npA9/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBrQ8YjR3mIWqKRM+55EsY+FMMLNMB8GA1UdIwQY
MBaAFIYYJOmzNLTVDoPEnfm6Gc4lvoGTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGhnazZiTTB0TlVPZzhTZC1ib1p6aVctZ1pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC9hMTQ3NTQtYTdmYi00M2NiLWEzYWUt
MDZkMzYwZGM3MGYzLzEvR3REeGlOSGVZaGFvcEV6N25rU3hqNFV3d3MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC9hMTQ3NTQtYTdmYi00M2NiLWEzYWUtMDZkMzYwZGM3MGYz
LzEvaGhnazZiTTB0TlVPZzhTZC1ib1p6aVctZ1pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQXWMA0G
CSqGSIb3DQEBCwUAA4IBAQABwMqOBvKzTRtVhQpsj0RPn47kE7aDcQixTSFrQBSt
7IVALlJl2mZUn0ZFGxr1bIPu0aVjfdNFrKdR1chtNYbjl3sjuF2zhnciYFSNJc5K
cYUCZ+G2bot56gwZIZI+EZG9+ecgK0SPANJCPjXdolvCEBehqKbxXWOn+JcNNGRf
WWkGTdutJhn4VAjEQR7+cgowvCxpjCRJmZZKsIevpcUOXBdYgBVtHhSeIS3x0QJR
CCHD7/bdSnICOOy1FWaaiJ8KTgD4GPKCR/ARU1zGxpsXt97rnX/Dpu372COwhCxM
5J5n/I7x8FU9ku9/YZygJOI/w4S2Afdctvj9XPJJh/2v
-----END CERTIFICATE-----