Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/340eb5-7be0-4bc9-bf2d-b473ce7807ca/1/gDuKEs-UqY780xSxv1-xf0kWTFw.roa
File:                     gDuKEs-UqY780xSxv1-xf0kWTFw.roa (raw, json)
Hash identifier:          SaJOGHYO/LblaKrZyPH9uhG8OQHT0aBex0MHrUUtmO8=
Subject key identifier:   80:3B:8A:12:CF:94:A9:8E:FC:D3:14:B1:BF:5F:B1:7F:49:16:4C:5C
Certificate issuer:       /CN=082b303cb49e73e2d2a404583d5f8377ceb02545
Certificate serial:       019C7184935BCA2AF6433CF7F801318663A7
Authority key identifier: 08:2B:30:3C:B4:9E:73:E2:D2:A4:04:58:3D:5F:83:77:CE:B0:25:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CCswPLSec-LSpARYPV-Dd86wJUU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/340eb5-7be0-4bc9-bf2d-b473ce7807ca/1/gDuKEs-UqY780xSxv1-xf0kWTFw.roa
Signing time:             Wed 18 Feb 2026 16:10:39 +0000
ROA not before:           Wed 18 Feb 2026 16:10:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16242
IP address blocks:        193.247.85.0/24 maxlen: 24
                          2a12:5a40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/340eb5-7be0-4bc9-bf2d-b473ce7807ca/1/CCswPLSec-LSpARYPV-Dd86wJUU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/340eb5-7be0-4bc9-bf2d-b473ce7807ca/1/CCswPLSec-LSpARYPV-Dd86wJUU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CCswPLSec-LSpARYPV-Dd86wJUU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:71:84:93:5b:ca:2a:f6:43:3c:f7:f8:01:31:86:63:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=082b303cb49e73e2d2a404583d5f8377ceb02545
        Validity
            Not Before: Feb 18 16:10:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=803b8a12cf94a98efcd314b1bf5fb17f49164c5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:8a:1c:f1:7f:61:02:c4:c7:8c:5a:58:d0:a4:
                    60:e1:01:6c:39:fb:ca:ea:5f:a2:5a:42:24:3a:e1:
                    30:ad:6c:69:fe:41:eb:73:99:65:af:dc:c2:f6:be:
                    72:be:c3:3e:07:1c:89:44:09:39:27:3c:7b:44:b0:
                    98:2a:f7:66:4d:78:81:b3:40:fe:6f:d8:9b:09:84:
                    6a:c1:e2:09:1b:33:3b:87:5c:02:18:45:ab:22:c2:
                    da:e6:e4:1d:15:8c:28:06:6d:cb:26:75:28:41:2c:
                    bd:ff:36:8b:6f:38:79:f1:81:df:3f:42:55:a5:a4:
                    89:70:33:e3:30:ea:91:ff:65:a6:7c:09:a7:08:02:
                    c7:b0:52:51:14:61:42:aa:52:b6:ab:4f:45:c8:11:
                    10:d1:4b:1a:11:74:8f:46:ba:6e:e5:16:16:61:2a:
                    7c:c2:00:dd:b8:df:0a:f8:83:a2:6a:f7:0c:18:d1:
                    c0:ad:9a:d1:e9:85:ee:be:12:22:94:1b:54:8f:8d:
                    b5:bd:e8:37:0f:c9:9b:58:8a:81:bb:19:e5:f8:b3:
                    3a:1c:1c:68:9a:22:d1:1f:aa:bb:3e:ce:1e:46:97:
                    ed:89:0a:72:ea:95:3c:2f:cf:0f:57:58:46:05:78:
                    b8:30:de:da:a7:ac:28:96:7b:9e:89:e5:d4:bd:de:
                    9c:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:3B:8A:12:CF:94:A9:8E:FC:D3:14:B1:BF:5F:B1:7F:49:16:4C:5C
            X509v3 Authority Key Identifier:
                keyid:08:2B:30:3C:B4:9E:73:E2:D2:A4:04:58:3D:5F:83:77:CE:B0:25:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CCswPLSec-LSpARYPV-Dd86wJUU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/340eb5-7be0-4bc9-bf2d-b473ce7807ca/1/gDuKEs-UqY780xSxv1-xf0kWTFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/340eb5-7be0-4bc9-bf2d-b473ce7807ca/1/CCswPLSec-LSpARYPV-Dd86wJUU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.247.85.0/24
                IPv6:
                  2a12:5a40::/29

    Signature Algorithm: sha256WithRSAEncryption
         7a:8b:fc:d8:1f:7c:c7:ae:a0:32:78:1a:b2:b4:ed:c9:8b:49:
         fd:52:4e:38:29:d0:c7:83:5d:e8:ed:55:f5:0e:7b:03:ae:b9:
         97:eb:8d:4a:9f:ce:42:eb:6a:f9:4f:58:b8:90:2c:c7:00:88:
         5d:18:03:e4:93:5a:5b:a8:b9:bc:ad:77:64:b3:1a:0e:af:5f:
         a7:c2:99:28:a3:90:4d:a7:b4:b9:72:6d:f3:a2:33:c0:5e:40:
         b3:ad:40:7e:0b:2c:c3:b9:e2:24:04:a3:96:15:53:9a:a1:a7:
         1b:56:14:90:bc:fd:a2:77:74:b5:8f:45:b8:4b:11:44:72:dd:
         5b:f9:a5:f1:b8:32:9e:e8:6f:f3:75:a1:c5:58:45:f2:f1:d2:
         77:2a:62:0d:3b:a3:83:1e:de:eb:7b:59:b3:fb:f3:65:82:4d:
         9a:3e:e0:2d:68:45:98:a1:c3:c6:7d:b3:8e:35:12:a8:8e:8d:
         84:28:03:0e:8c:f6:68:83:40:0d:23:d0:7c:85:37:a2:48:8e:
         ac:47:2e:f4:23:07:c6:68:6c:25:30:53:16:cc:a3:0d:8f:cb:
         fd:22:f7:3c:f5:26:df:9c:bc:f1:2e:77:1e:0e:28:40:f0:7a:
         de:d3:a6:14:0e:46:56:83:26:b2:42:e9:e1:10:25:ce:e8:9c:
         f8:d4:02:54
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZxxhJNbyir2Qzz3+AExhmOnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MmIzMDNjYjQ5ZTczZTJkMmE0MDQ1ODNkNWY4Mzc3Y2Vi
MDI1NDUwHhcNMjYwMjE4MTYxMDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDNiOGExMmNmOTRhOThlZmNkMzE0YjFiZjVmYjE3ZjQ5MTY0YzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwooc8X9hAsTHjFpY0KRg4QFsOfvK
6l+iWkIkOuEwrWxp/kHrc5llr9zC9r5yvsM+BxyJRAk5Jzx7RLCYKvdmTXiBs0D+
b9ibCYRqweIJGzM7h1wCGEWrIsLa5uQdFYwoBm3LJnUoQSy9/zaLbzh58YHfP0JV
paSJcDPjMOqR/2WmfAmnCALHsFJRFGFCqlK2q09FyBEQ0UsaEXSPRrpu5RYWYSp8
wgDduN8K+IOiavcMGNHArZrR6YXuvhIilBtUj421veg3D8mbWIqBuxnl+LM6HBxo
miLRH6q7Ps4eRpftiQpy6pU8L88PV1hGBXi4MN7ap6wolnueieXUvd6cEwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIA7ihLPlKmO/NMUsb9fsX9JFkxcMB8GA1UdIwQY
MBaAFAgrMDy0nnPi0qQEWD1fg3fOsCVFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0Nzd1BMU2VjLUxTcEFSWVBWLURkODZ3SlVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC8zNDBlYjUtN2JlMC00YmM5LWJmMmQt
YjQ3M2NlNzgwN2NhLzEvZ0R1S0VzLVVxWTc4MHhTeHYxLXhmMGtXVEZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC8zNDBlYjUtN2JlMC00YmM5LWJmMmQtYjQ3M2NlNzgwN2Nh
LzEvQ0Nzd1BMU2VjLUxTcEFSWVBWLURkODZ3SlVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwfdVMA0E
AgACMAcDBQMqElpAMA0GCSqGSIb3DQEBCwUAA4IBAQB6i/zYH3zHrqAyeBqytO3J
i0n9Uk44KdDHg13o7VX1DnsDrrmX641Kn85C62r5T1i4kCzHAIhdGAPkk1pbqLm8
rXdksxoOr1+nwpkoo5BNp7S5cm3zojPAXkCzrUB+CyzDueIkBKOWFVOaoacbVhSQ
vP2id3S1j0W4SxFEct1b+aXxuDKe6G/zdaHFWEXy8dJ3KmINO6ODHt7re1mz+/Nl
gk2aPuAtaEWYocPGfbOONRKojo2EKAMOjPZog0ANI9B8hTeiSI6sRy70IwfGaGwl
MFMWzKMNj8v9Ivc89SbfnLzxLnceDihA8Hre06YUDkZWgyayQunhECXO6Jz41AJU
-----END CERTIFICATE-----