Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/ipercfJU5O8E0XasUBHV6tWGchQ.roa
File:                     ipercfJU5O8E0XasUBHV6tWGchQ.roa (raw, json)
Hash identifier:          HApdigE0Ka0edSDTXKLYJ8nXJSrgF6YaO6XyN4xCAg0=
Subject key identifier:   8A:97:AB:71:F2:54:E4:EF:04:D1:76:AC:50:11:D5:EA:D5:86:72:14
Certificate issuer:       /CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
Certificate serial:       019C7DC40FCC56FFBACB5FB02C8B34911CBA
Authority key identifier: 8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/ipercfJU5O8E0XasUBHV6tWGchQ.roa
Signing time:             Sat 21 Feb 2026 01:15:26 +0000
ROA not before:           Sat 21 Feb 2026 01:15:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1054
IP address blocks:        91.217.160.0/24 maxlen: 24
                          2a06:5040:2000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7d:c4:0f:cc:56:ff:ba:cb:5f:b0:2c:8b:34:91:1c:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
        Validity
            Not Before: Feb 21 01:15:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8a97ab71f254e4ef04d176ac5011d5ead5867214
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:cd:a4:8b:85:4a:d4:6e:4f:cb:85:f8:cd:8b:
                    de:6f:ab:68:03:21:85:f6:98:23:63:97:77:f9:db:
                    f7:9e:88:7f:03:73:5b:22:41:8a:01:13:24:04:4d:
                    25:62:de:52:75:88:a4:f0:93:d8:a6:ce:10:67:02:
                    94:7f:db:1f:cc:f2:98:76:7a:17:58:80:c9:a4:6b:
                    2b:44:bd:43:9a:45:2f:ec:2b:ce:0c:d9:d1:cf:14:
                    0f:53:63:70:c5:fd:13:2b:82:ec:5f:f6:f1:fe:88:
                    6c:32:23:ef:ae:b2:ad:f4:08:76:b0:94:74:2b:d2:
                    5b:89:ae:ab:fd:eb:c4:62:9c:68:0c:9c:91:f2:c3:
                    51:fe:5c:bd:c5:4d:bf:58:b3:5c:dc:01:a1:30:fb:
                    c3:8b:48:cc:83:7e:98:3d:1b:64:11:bf:97:a0:77:
                    a9:38:e3:77:6e:52:d3:08:73:e7:b0:a7:12:dd:a3:
                    b8:c2:b7:f7:40:16:0c:67:43:fd:da:dd:36:04:23:
                    86:00:1b:c0:9f:94:b6:01:92:f1:83:0c:9d:66:fb:
                    94:55:c5:4f:f7:7c:42:98:9a:b4:23:77:ca:d4:25:
                    1e:08:a0:c7:a1:de:18:14:5a:12:7a:56:7e:89:b3:
                    62:7f:fd:dd:7c:31:88:e3:fc:05:fe:de:81:7c:17:
                    a3:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:97:AB:71:F2:54:E4:EF:04:D1:76:AC:50:11:D5:EA:D5:86:72:14
            X509v3 Authority Key Identifier:
                keyid:8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/ipercfJU5O8E0XasUBHV6tWGchQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.160.0/24
                IPv6:
                  2a06:5040:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         83:45:82:ae:35:30:4b:cb:a6:f4:ce:46:a8:6f:df:45:86:ee:
         53:ea:5c:36:42:39:95:32:0f:60:1f:02:a4:49:d8:32:03:8f:
         45:b8:71:65:bb:be:34:9e:fa:ce:40:b8:65:e0:da:e9:06:b3:
         9a:70:d5:d6:36:83:ca:5c:c3:09:7b:8a:6c:f0:10:66:f2:1c:
         3e:ee:2d:41:77:9c:14:bd:11:9e:b7:89:bc:93:bb:48:0c:89:
         eb:6a:07:65:e7:c8:14:09:5c:e7:e8:ce:40:42:ae:50:41:7c:
         79:d8:27:50:a9:d8:21:6d:d9:08:53:04:17:5b:68:05:9c:41:
         92:64:1b:ea:a2:0a:8b:a5:17:c1:4d:c9:bc:a1:73:27:22:30:
         f5:88:ec:6e:0c:fd:69:0d:dc:3f:6e:4a:da:44:2e:5d:28:e9:
         36:61:c8:41:41:09:a7:60:36:78:04:77:59:01:27:35:53:ec:
         1b:64:36:7f:d4:7e:af:8b:8d:54:c6:af:f3:49:e7:87:f6:bc:
         b1:dc:09:da:4d:5d:62:70:0e:b8:f5:22:11:6a:c2:86:5c:79:
         c5:ae:8a:98:37:f1:5b:f1:a9:47:e5:5a:85:de:f7:c4:35:4c:
         a3:53:65:02:9f:54:39:d0:0a:2a:f3:8b:39:50:98:8a:a5:6f:
         61:83:ca:4d
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZx9xA/MVv+6y1+wLIs0kRy6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMzcxODMzNDFhMmFiNmRmM2M1OWVjODI3ZWQ3MTIwMGI1
YTYyNDQwHhcNMjYwMjIxMDExNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTk3YWI3MWYyNTRlNGVmMDRkMTc2YWM1MDExZDVlYWQ1ODY3MjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA982ki4VK1G5Py4X4zYveb6toAyGF
9pgjY5d3+dv3noh/A3NbIkGKARMkBE0lYt5SdYik8JPYps4QZwKUf9sfzPKYdnoX
WIDJpGsrRL1DmkUv7CvODNnRzxQPU2Nwxf0TK4LsX/bx/ohsMiPvrrKt9Ah2sJR0
K9Jbia6r/evEYpxoDJyR8sNR/ly9xU2/WLNc3AGhMPvDi0jMg36YPRtkEb+XoHep
OON3blLTCHPnsKcS3aO4wrf3QBYMZ0P92t02BCOGABvAn5S2AZLxgwydZvuUVcVP
93xCmJq0I3fK1CUeCKDHod4YFFoSelZ+ibNif/3dfDGI4/wF/t6BfBejswIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFIqXq3HyVOTvBNF2rFAR1erVhnIUMB8GA1UdIwQY
MBaAFIs3GDNBoqtt88WeyCftcSALWmJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUt
MDg1MmNiMzUzMjkzLzEvaXBlcmNmSlU1TzhFMFhhc1VCSFY2dFdHY2hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUtMDg1MmNiMzUzMjkz
LzEvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAW9mgMA4E
AgACMAgDBgQqBlBAIDANBgkqhkiG9w0BAQsFAAOCAQEAg0WCrjUwS8um9M5GqG/f
RYbuU+pcNkI5lTIPYB8CpEnYMgOPRbhxZbu+NJ76zkC4ZeDa6QazmnDV1jaDylzD
CXuKbPAQZvIcPu4tQXecFL0RnreJvJO7SAyJ62oHZefIFAlc5+jOQEKuUEF8edgn
UKnYIW3ZCFMEF1toBZxBkmQb6qIKi6UXwU3JvKFzJyIw9Yjsbgz9aQ3cP25K2kQu
XSjpNmHIQUEJp2A2eAR3WQEnNVPsG2Q2f9R+r4uNVMav80nnh/a8sdwJ2k1dYnAO
uPUiEWrChlx5xa6KmDfxW/GpR+Vahd73xDVMo1NlAp9UOdAKKvOLOVCYiqVvYYPK
TQ==
-----END CERTIFICATE-----