Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/In9fUZ6_laTBK3Ny_2v45J-DRyk.roa
File:                     In9fUZ6_laTBK3Ny_2v45J-DRyk.roa (raw, json)
Hash identifier:          AVqBR/4RXTDFlurKJYXZ2mUzQ6COZ0Mw32Yf6crahoY=
Subject key identifier:   22:7F:5F:51:9E:BF:95:A4:C1:2B:73:72:FF:6B:F8:E4:9F:83:47:29
Certificate issuer:       /CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
Certificate serial:       019C8F6686A48F15771A86F374FF606D795D
Authority key identifier: A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/In9fUZ6_laTBK3Ny_2v45J-DRyk.roa
Signing time:             Tue 24 Feb 2026 11:26:26 +0000
ROA not before:           Tue 24 Feb 2026 11:26:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211893
IP address blocks:        87.248.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8f:66:86:a4:8f:15:77:1a:86:f3:74:ff:60:6d:79:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
        Validity
            Not Before: Feb 24 11:26:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=227f5f519ebf95a4c12b7372ff6bf8e49f834729
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b9:10:5d:fb:eb:b7:fd:06:75:31:56:87:dc:
                    c6:7e:98:d1:43:53:72:2b:37:d5:a3:d0:6f:d4:8a:
                    bb:b6:f8:a5:19:d3:18:6b:dd:29:7e:24:4c:62:a0:
                    a5:87:c0:59:68:15:bf:fc:59:50:99:87:52:de:e2:
                    c2:e9:10:e6:16:49:f2:23:1c:32:b1:22:17:3e:ac:
                    c6:15:34:79:0f:5b:54:57:69:d6:61:11:0c:24:4d:
                    7c:47:d3:1d:83:ab:03:fb:21:47:b2:56:f2:b3:7b:
                    d5:cb:d6:bc:9b:2a:d6:7d:dd:78:86:99:8a:e7:93:
                    62:57:26:6f:15:31:3f:37:31:97:07:ae:13:8d:c9:
                    29:29:a4:4a:af:38:d3:cd:d9:08:10:32:c7:9e:a0:
                    ca:d8:8a:a9:f8:80:6e:4e:38:5d:2d:97:8b:4b:bf:
                    58:8a:ad:9c:73:b4:f8:61:bd:d0:7f:31:38:32:38:
                    6e:e3:b6:15:48:4b:51:f1:df:50:d0:bf:f5:f9:74:
                    57:05:cd:d9:ad:4b:b2:9e:5e:35:aa:3e:4a:06:08:
                    1c:07:c8:de:41:88:90:d5:b4:d9:e3:80:eb:4e:3e:
                    5b:f8:47:30:61:2b:76:ee:ed:f9:bc:3d:ad:7e:bd:
                    b6:47:15:ae:9e:34:44:bf:0a:5e:06:8f:12:e0:c8:
                    9b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:7F:5F:51:9E:BF:95:A4:C1:2B:73:72:FF:6B:F8:E4:9F:83:47:29
            X509v3 Authority Key Identifier:
                keyid:A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/In9fUZ6_laTBK3Ny_2v45J-DRyk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:68:74:4d:5d:4f:57:37:ba:b1:5d:32:a3:53:5f:be:cd:3f:
         30:df:87:9a:4f:91:2b:b4:79:9d:b5:95:13:ac:5f:bf:a5:44:
         2b:a0:6b:b2:db:bc:65:b2:90:ec:43:f4:f9:ef:88:2d:23:41:
         d0:18:fd:86:8c:35:66:e9:bc:ce:cc:9e:ca:75:87:c4:9d:cf:
         63:3b:b2:28:8a:b6:16:ee:4a:f5:54:8f:b8:b0:db:8f:b7:7a:
         c4:8f:fd:e9:e8:67:a6:8d:37:e1:f7:a3:96:f0:4b:1f:49:60:
         b6:b6:4d:d4:3b:38:eb:97:0c:62:d4:e0:79:89:1d:3f:da:db:
         c0:3d:62:7e:78:10:3b:09:07:55:46:e4:c4:13:27:4a:24:5d:
         c3:45:df:bd:43:a5:bc:00:47:80:fa:e7:63:e5:b9:e5:62:e8:
         ec:52:1e:ab:15:ed:9b:fa:8d:df:81:4a:e6:ee:04:98:a4:0c:
         2a:70:3a:43:1f:9a:fe:cc:6f:e2:35:2d:5d:00:9b:40:4a:b7:
         cc:7c:a8:59:5e:f8:ac:41:a6:fb:9e:aa:98:a6:11:fb:40:a8:
         1c:a9:35:71:8c:9a:fc:05:36:86:63:7c:c3:fb:00:44:49:3f:
         f1:ed:07:d5:18:ab:19:4d:53:85:82:35:06:1a:34:88:1e:47:
         02:0d:ea:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyPZoakjxV3GobzdP9gbXldMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MGNlZTc1ODJlOTc1OWJlMDE2YzkzMWFiMzRkOTI4NWQy
ZmM4YjQwHhcNMjYwMjI0MTEyNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjdmNWY1MTllYmY5NWE0YzEyYjczNzJmZjZiZjhlNDlmODM0NzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7kQXfvrt/0GdTFWh9zGfpjRQ1Ny
KzfVo9Bv1Iq7tvilGdMYa90pfiRMYqClh8BZaBW//FlQmYdS3uLC6RDmFknyIxwy
sSIXPqzGFTR5D1tUV2nWYREMJE18R9Mdg6sD+yFHslbys3vVy9a8myrWfd14hpmK
55NiVyZvFTE/NzGXB64TjckpKaRKrzjTzdkIEDLHnqDK2Iqp+IBuTjhdLZeLS79Y
iq2cc7T4Yb3QfzE4Mjhu47YVSEtR8d9Q0L/1+XRXBc3ZrUuynl41qj5KBggcB8je
QYiQ1bTZ44DrTj5b+EcwYSt27u35vD2tfr22RxWunjREvwpeBo8S4MibvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJ/X1Gev5WkwStzcv9r+OSfg0cpMB8GA1UdIwQY
MBaAFKYM7nWC6XWb4BbJMas02ShdL8i0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTct
ZDNiMzhjZTlkYzM0LzEvSW45ZlVaNl9sYVRCSzNOeV8ydjQ1Si1EUnlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTctZDNiMzhjZTlkYzM0
LzEvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/iEMA0G
CSqGSIb3DQEBCwUAA4IBAQCHaHRNXU9XN7qxXTKjU1++zT8w34eaT5ErtHmdtZUT
rF+/pUQroGuy27xlspDsQ/T574gtI0HQGP2GjDVm6bzOzJ7KdYfEnc9jO7IoirYW
7kr1VI+4sNuPt3rEj/3p6GemjTfh96OW8EsfSWC2tk3UOzjrlwxi1OB5iR0/2tvA
PWJ+eBA7CQdVRuTEEydKJF3DRd+9Q6W8AEeA+udj5bnlYujsUh6rFe2b+o3fgUrm
7gSYpAwqcDpDH5r+zG/iNS1dAJtASrfMfKhZXvisQab7nqqYphH7QKgcqTVxjJr8
BTaGY3zD+wBEST/x7QfVGKsZTVOFgjUGGjSIHkcCDepj
-----END CERTIFICATE-----