Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/cs7SzngkwUdUMM3gIHryL3sDOgg.roa
File:                     cs7SzngkwUdUMM3gIHryL3sDOgg.roa (raw, json)
Hash identifier:          YkCjUTn5qDekABNO14WY1wajzUjCRHbeQLyhFev3+54=
Subject key identifier:   72:CE:D2:CE:78:24:C1:47:54:30:CD:E0:20:7A:F2:2F:7B:03:3A:08
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019C5A5C268AAD56971D1B580AC1CC28F29B
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/cs7SzngkwUdUMM3gIHryL3sDOgg.roa
Signing time:             Sat 14 Feb 2026 04:15:14 +0000
ROA not before:           Sat 14 Feb 2026 04:15:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206766
IP address blocks:        37.202.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 13:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:5a:5c:26:8a:ad:56:97:1d:1b:58:0a:c1:cc:28:f2:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Feb 14 04:15:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=72ced2ce7824c1475430cde0207af22f7b033a08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:dd:dd:96:43:16:75:2b:6b:4b:fd:14:94:52:
                    39:5c:06:6f:9e:6f:34:5c:1b:44:b1:c1:69:55:82:
                    66:b5:f4:5e:6f:26:22:52:3c:7b:0c:05:1e:fc:8a:
                    18:1e:26:2f:00:5d:62:a4:f0:00:ce:d7:d5:6f:89:
                    67:7e:e1:3a:fd:f1:28:d7:72:8b:f9:4c:8d:c0:1e:
                    78:e6:6e:1c:29:4b:42:22:80:7b:95:04:12:e0:58:
                    eb:94:15:c7:bf:74:0c:9e:13:eb:58:3a:21:2a:45:
                    57:9b:09:ed:39:d2:25:2c:7a:f0:a1:4b:3c:ee:86:
                    e5:d6:b2:66:45:f3:20:96:17:bb:0d:8d:43:8a:5d:
                    5f:08:3b:cf:1b:42:1d:59:f7:12:cf:cd:70:d6:22:
                    e9:09:a2:e0:41:97:09:75:cd:27:5c:43:be:43:75:
                    39:c8:39:d7:1b:0e:16:1b:64:88:1b:18:b5:ff:7e:
                    8a:d7:06:56:54:29:c8:fd:6d:c2:b4:51:84:ee:e1:
                    2d:54:14:83:2e:5d:66:ad:69:bf:ed:7b:19:80:5a:
                    61:62:63:42:b6:8a:66:eb:2b:30:09:5d:a2:50:32:
                    de:63:a1:07:80:89:43:2e:e4:10:90:94:2c:38:a7:
                    cb:83:40:70:48:10:21:b2:28:4c:84:c7:69:0d:ff:
                    02:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:CE:D2:CE:78:24:C1:47:54:30:CD:E0:20:7A:F2:2F:7B:03:3A:08
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/cs7SzngkwUdUMM3gIHryL3sDOgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:32:66:63:34:ed:24:e9:24:db:87:08:9a:bd:62:40:f8:29:
         a1:14:f9:de:de:3f:67:24:52:48:07:ca:61:e6:5d:2f:55:19:
         6f:c2:c1:be:94:ad:4e:cf:9c:11:15:2d:f7:54:ba:2e:b6:be:
         38:9b:49:e6:17:9c:3e:10:ec:ab:40:7b:ea:a3:5f:85:b5:f9:
         e2:18:64:31:79:a2:f4:0f:1f:cf:b9:c9:2b:ba:2c:4b:a2:13:
         19:eb:e0:97:69:e9:5d:3b:01:44:ea:87:c4:8f:62:71:c3:04:
         7d:09:44:1d:a5:bf:06:91:63:4a:9d:ea:c9:7b:3c:30:c4:4d:
         f5:39:53:aa:fb:ab:4b:02:08:98:cb:fc:04:7a:3a:5c:d9:80:
         3f:8a:ec:6e:88:9e:e1:50:af:bb:51:a6:03:f9:2c:5d:3d:70:
         c9:b4:81:46:a9:f5:0e:c2:d6:4d:b1:b9:5e:a7:b5:c9:0c:21:
         89:29:e6:77:18:96:eb:dd:ee:d1:d4:52:4d:34:3d:bb:4f:1e:
         8c:b1:1e:83:7c:6e:9a:1d:fb:6a:e4:62:4b:54:59:c4:f4:00:
         e3:cb:bb:53:a1:45:2c:3c:07:e0:03:57:91:ea:f7:22:a4:f8:
         a3:4a:97:dd:a1:0c:9e:89:89:67:14:8f:45:fa:64:6d:1a:a8:
         3a:d1:2d:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxaXCaKrVaXHRtYCsHMKPKbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMjE0MDQxNTE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmNlZDJjZTc4MjRjMTQ3NTQzMGNkZTAyMDdhZjIyZjdiMDMzYTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAod3dlkMWdStrS/0UlFI5XAZvnm80
XBtEscFpVYJmtfRebyYiUjx7DAUe/IoYHiYvAF1ipPAAztfVb4lnfuE6/fEo13KL
+UyNwB545m4cKUtCIoB7lQQS4FjrlBXHv3QMnhPrWDohKkVXmwntOdIlLHrwoUs8
7obl1rJmRfMglhe7DY1Dil1fCDvPG0IdWfcSz81w1iLpCaLgQZcJdc0nXEO+Q3U5
yDnXGw4WG2SIGxi1/36K1wZWVCnI/W3CtFGE7uEtVBSDLl1mrWm/7XsZgFphYmNC
topm6yswCV2iUDLeY6EHgIlDLuQQkJQsOKfLg0BwSBAhsihMhMdpDf8CrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHLO0s54JMFHVDDN4CB68i97AzoIMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvY3M3U3puZ2t3VWRVTU0zZ0lIcnlMM3NET2dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJcrAMA0G
CSqGSIb3DQEBCwUAA4IBAQCQMmZjNO0k6STbhwiavWJA+CmhFPne3j9nJFJIB8ph
5l0vVRlvwsG+lK1Oz5wRFS33VLoutr44m0nmF5w+EOyrQHvqo1+FtfniGGQxeaL0
Dx/PuckruixLohMZ6+CXaeldOwFE6ofEj2JxwwR9CUQdpb8GkWNKnerJezwwxE31
OVOq+6tLAgiYy/wEejpc2YA/iuxuiJ7hUK+7UaYD+SxdPXDJtIFGqfUOwtZNsble
p7XJDCGJKeZ3GJbr3e7R1FJNND27Tx6MsR6DfG6aHftq5GJLVFnE9ADjy7tToUUs
PAfgA1eR6vcipPijSpfdoQyeiYlnFI9F+mRtGqg60S0Z
-----END CERTIFICATE-----