Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/08d44c-f102-4b70-8db0-72abeefeda4a/1/I4b58F6pDV1d4K644zAI0CbjBYU.roa
File:                     I4b58F6pDV1d4K644zAI0CbjBYU.roa (raw, json)
Hash identifier:          l4P0GIlVnAsTRvDl5mxBDD7sk53ErKxnQAHWWSx1FHs=
Subject key identifier:   23:86:F9:F0:5E:A9:0D:5D:5D:E0:AE:B8:E3:30:08:D0:26:E3:05:85
Certificate issuer:       /CN=708029a674177efd99252275094618c0c9cfbd1d
Certificate serial:       019C6628735BFCAE903B8EAE9C0BAB0FDCF2
Authority key identifier: 70:80:29:A6:74:17:7E:FD:99:25:22:75:09:46:18:C0:C9:CF:BD:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cIAppnQXfv2ZJSJ1CUYYwMnPvR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/08d44c-f102-4b70-8db0-72abeefeda4a/1/I4b58F6pDV1d4K644zAI0CbjBYU.roa
Signing time:             Mon 16 Feb 2026 11:14:12 +0000
ROA not before:           Mon 16 Feb 2026 11:14:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203172
IP address blocks:        185.167.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/08d44c-f102-4b70-8db0-72abeefeda4a/1/cIAppnQXfv2ZJSJ1CUYYwMnPvR0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/08d44c-f102-4b70-8db0-72abeefeda4a/1/cIAppnQXfv2ZJSJ1CUYYwMnPvR0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cIAppnQXfv2ZJSJ1CUYYwMnPvR0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:66:28:73:5b:fc:ae:90:3b:8e:ae:9c:0b:ab:0f:dc:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=708029a674177efd99252275094618c0c9cfbd1d
        Validity
            Not Before: Feb 16 11:14:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2386f9f05ea90d5d5de0aeb8e33008d026e30585
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:46:f6:63:b6:ff:1e:83:fc:aa:5b:92:10:a4:
                    6f:21:fd:55:ef:4f:15:26:94:cd:87:1e:7c:72:d4:
                    8c:55:fe:e8:d5:40:09:d0:7c:bd:a3:2e:3e:d4:54:
                    d5:b8:e4:12:47:0b:3d:f2:1e:21:1a:c4:e2:d6:d7:
                    00:2a:b8:9a:db:b1:1f:8d:2f:23:2f:a1:b4:be:19:
                    6a:6a:99:44:7d:d2:a2:36:a2:79:40:2a:09:ff:55:
                    e0:e1:06:87:6e:3f:70:fd:89:7b:35:2e:c0:97:20:
                    fb:3e:5a:6b:79:96:26:db:c7:41:78:ea:20:19:df:
                    c1:d3:39:ab:c3:c7:46:f8:78:ce:c6:ca:a0:16:ea:
                    e2:71:ee:01:a2:c5:77:4f:b3:47:08:30:54:a7:9b:
                    fb:58:9b:63:56:ad:ca:18:df:79:a4:e6:42:b6:ff:
                    d2:e2:7b:5c:e1:c3:fd:06:f1:9c:cd:84:b5:c6:23:
                    b7:88:08:38:e6:7a:d5:cf:3a:36:04:59:7e:2c:c7:
                    0b:4b:04:d6:6d:3f:1c:d6:00:83:b6:3c:ed:7a:fc:
                    4d:31:95:88:53:1f:6b:d6:93:d6:fb:99:1f:f9:f4:
                    13:f2:7c:3c:f8:cc:1a:08:69:e3:96:2f:93:2f:c3:
                    1c:74:05:97:6f:e0:e8:07:ca:7f:63:a8:e2:f7:12:
                    0b:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:86:F9:F0:5E:A9:0D:5D:5D:E0:AE:B8:E3:30:08:D0:26:E3:05:85
            X509v3 Authority Key Identifier:
                keyid:70:80:29:A6:74:17:7E:FD:99:25:22:75:09:46:18:C0:C9:CF:BD:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cIAppnQXfv2ZJSJ1CUYYwMnPvR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/08d44c-f102-4b70-8db0-72abeefeda4a/1/I4b58F6pDV1d4K644zAI0CbjBYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/08d44c-f102-4b70-8db0-72abeefeda4a/1/cIAppnQXfv2ZJSJ1CUYYwMnPvR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:61:d4:86:e0:b3:e6:cd:85:f9:36:a5:d7:ae:1b:db:58:55:
         5e:61:21:55:a7:76:d7:3f:c6:4d:d5:29:1e:bd:b7:0e:d0:6f:
         6c:00:57:e1:63:33:64:58:65:76:6d:ef:07:ab:a9:58:15:c3:
         df:2d:42:71:ce:f5:58:57:e7:9f:47:f2:d2:0a:a4:4e:d1:36:
         f8:fa:0f:4c:4c:fb:c7:7d:04:2d:2a:d4:cc:98:0b:70:48:38:
         27:6f:9c:57:20:a0:3d:c2:6d:38:1e:b8:35:b8:21:c6:a0:5c:
         42:e3:45:64:5a:88:e4:28:74:9b:04:75:6f:f5:9a:c2:b7:f3:
         99:1d:01:7c:ca:9b:ab:75:4d:04:d4:01:74:1e:dc:4f:df:7f:
         82:10:ef:6a:82:fe:6d:43:58:1f:4c:98:6d:69:2c:15:b0:03:
         e3:97:33:d1:46:ad:5b:98:aa:d3:3a:bc:1d:a3:ef:ad:72:c0:
         18:ab:90:19:d0:6e:a3:10:fa:2a:26:10:44:69:6b:4b:38:58:
         0b:9d:46:cd:27:e5:4e:2f:3e:0b:34:bf:de:97:10:04:c3:59:
         08:cc:de:04:33:a4:e0:c0:59:ac:53:a5:87:fb:b8:d5:7c:88:
         56:34:67:6e:dd:f7:0c:7b:f0:fc:e0:f7:88:5c:ba:8e:2f:7a:
         de:05:7a:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxmKHNb/K6QO46unAurD9zyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwODAyOWE2NzQxNzdlZmQ5OTI1MjI3NTA5NDYxOGMwYzlj
ZmJkMWQwHhcNMjYwMjE2MTExNDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzg2ZjlmMDVlYTkwZDVkNWRlMGFlYjhlMzMwMDhkMDI2ZTMwNTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0b2Y7b/HoP8qluSEKRvIf1V708V
JpTNhx58ctSMVf7o1UAJ0Hy9oy4+1FTVuOQSRws98h4hGsTi1tcAKria27EfjS8j
L6G0vhlqaplEfdKiNqJ5QCoJ/1Xg4QaHbj9w/Yl7NS7AlyD7PlpreZYm28dBeOog
Gd/B0zmrw8dG+HjOxsqgFurice4BosV3T7NHCDBUp5v7WJtjVq3KGN95pOZCtv/S
4ntc4cP9BvGczYS1xiO3iAg45nrVzzo2BFl+LMcLSwTWbT8c1gCDtjztevxNMZWI
Ux9r1pPW+5kf+fQT8nw8+MwaCGnjli+TL8McdAWXb+DoB8p/Y6ji9xILUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCOG+fBeqQ1dXeCuuOMwCNAm4wWFMB8GA1UdIwQY
MBaAFHCAKaZ0F379mSUidQlGGMDJz70dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0lBcHBuUVhmdjJaSlNKMUNVWVl3TW5QdlIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8wOGQ0NGMtZjEwMi00YjcwLThkYjAt
NzJhYmVlZmVkYTRhLzEvSTRiNThGNnBEVjFkNEs2NDR6QUkwQ2JqQllVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8wOGQ0NGMtZjEwMi00YjcwLThkYjAtNzJhYmVlZmVkYTRh
LzEvY0lBcHBuUVhmdjJaSlNKMUNVWVl3TW5QdlIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaf9MA0G
CSqGSIb3DQEBCwUAA4IBAQC3YdSG4LPmzYX5NqXXrhvbWFVeYSFVp3bXP8ZN1Ske
vbcO0G9sAFfhYzNkWGV2be8Hq6lYFcPfLUJxzvVYV+efR/LSCqRO0Tb4+g9MTPvH
fQQtKtTMmAtwSDgnb5xXIKA9wm04Hrg1uCHGoFxC40VkWojkKHSbBHVv9ZrCt/OZ
HQF8ypurdU0E1AF0HtxP33+CEO9qgv5tQ1gfTJhtaSwVsAPjlzPRRq1bmKrTOrwd
o++tcsAYq5AZ0G6jEPoqJhBEaWtLOFgLnUbNJ+VOLz4LNL/elxAEw1kIzN4EM6Tg
wFmsU6WH+7jVfIhWNGdu3fcMe/D84PeIXLqOL3reBXq9
-----END CERTIFICATE-----