Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/eWht4CqsRozCLydJERnRuTN-Adw.roa
File:                     eWht4CqsRozCLydJERnRuTN-Adw.roa (raw, json)
Hash identifier:          rBx2jxtcduhOc94/W12cQD59jQKweQjaDhzj2mHD0e8=
Subject key identifier:   79:68:6D:E0:2A:AC:46:8C:C2:2F:27:49:11:19:D1:B9:33:7E:01:DC
Certificate issuer:       /CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
Certificate serial:       019C993E0EFE0C8F1DB1D766948077159A80
Authority key identifier: DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/eWht4CqsRozCLydJERnRuTN-Adw.roa
Signing time:             Thu 26 Feb 2026 09:18:27 +0000
ROA not before:           Thu 26 Feb 2026 09:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     395839
IP address blocks:        185.255.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:99:3e:0e:fe:0c:8f:1d:b1:d7:66:94:80:77:15:9a:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
        Validity
            Not Before: Feb 26 09:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=79686de02aac468cc22f27491119d1b9337e01dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:44:7c:9c:2c:65:3d:4f:f1:e5:42:39:f2:f5:
                    84:0c:b5:bd:21:8b:a4:a5:cd:b2:c2:42:46:79:47:
                    70:da:ea:2e:ee:b1:44:bb:0b:54:a2:5c:5d:70:66:
                    c3:fc:c6:96:2b:c1:4f:77:0b:8b:77:ea:6a:1e:a2:
                    26:3a:03:47:f3:0d:3c:f2:5e:e5:da:01:3f:84:03:
                    5c:71:5a:ca:af:06:87:b2:24:85:9c:53:f3:43:18:
                    3c:5e:64:04:2e:bc:80:37:93:0d:52:48:38:de:4a:
                    e6:90:15:6f:d3:61:a9:d9:57:a3:d3:d8:f6:a0:a7:
                    dc:23:d1:c3:b5:3d:fb:38:a3:88:31:ce:56:cc:11:
                    05:c4:74:9e:77:0f:8f:9e:2d:54:4a:5b:f8:f4:0d:
                    83:d1:ab:11:49:22:c0:e3:2f:58:6e:e4:8d:2d:b9:
                    08:69:a4:7e:88:e1:ef:dc:fb:8d:f4:07:b2:bf:a8:
                    4a:17:b1:2f:db:a4:46:4a:d4:f1:0c:8b:ee:a7:4f:
                    da:53:e7:7a:8d:c2:74:77:d7:cf:7c:1d:84:ac:47:
                    5f:5f:c6:c2:04:48:d6:05:4a:fc:0c:96:39:63:11:
                    fb:63:c2:7e:e5:3a:2c:a8:39:53:bd:99:da:93:85:
                    ab:25:53:41:54:93:13:93:8d:b0:6d:e0:05:b3:d7:
                    b9:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:68:6D:E0:2A:AC:46:8C:C2:2F:27:49:11:19:D1:B9:33:7E:01:DC
            X509v3 Authority Key Identifier:
                keyid:DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/eWht4CqsRozCLydJERnRuTN-Adw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:6d:ae:b7:79:ed:15:f2:30:8f:73:c6:b9:7f:de:26:a2:51:
         48:31:cc:a3:8f:57:0e:aa:7d:62:64:c3:9b:97:19:26:44:bd:
         a3:98:f5:6e:c7:8d:5f:52:c4:a8:bf:bf:12:03:eb:45:0e:f4:
         f9:16:7b:c4:89:d3:29:03:d8:e0:94:b8:14:d6:c4:a0:1e:8c:
         07:55:48:ad:5c:c9:d7:e5:c5:d4:58:dc:f2:a5:1c:39:e2:7f:
         74:64:b3:72:b2:0c:4c:53:5a:2f:d0:b5:a4:00:b8:bd:32:c3:
         16:03:83:fb:f0:27:16:e7:48:73:90:07:af:07:2b:b1:8f:b7:
         b0:a4:c6:0e:d7:ec:fa:6a:5a:2d:d9:b0:8a:00:f2:dc:47:24:
         ce:cb:d0:38:5d:32:45:fe:c1:c9:3f:d4:ef:2c:a2:d4:1d:20:
         35:7e:64:bb:a6:bb:0f:3b:aa:f1:d1:a0:92:6a:9d:06:bf:22:
         3c:87:3b:73:84:3c:24:81:00:b8:a4:b4:5c:bb:c3:fa:0d:05:
         91:f3:2f:9a:da:9c:60:e9:5b:2c:f3:23:84:e8:a1:4a:06:97:
         f9:0a:8e:71:2a:fa:f2:e8:c1:40:84:dc:7b:c8:ea:1e:c8:2d:
         52:cb:80:03:b8:17:26:76:21:c8:0f:3e:cd:17:7d:86:53:04:
         39:0d:31:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyZPg7+DI8dsddmlIB3FZqAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZjI0NzI2ZGYzZTc3ZjZmNGM4ZTA0MzY2MTNiMzUxMTBl
ZWFmMzgwHhcNMjYwMjI2MDkxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTY4NmRlMDJhYWM0NjhjYzIyZjI3NDkxMTE5ZDFiOTMzN2UwMWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkR8nCxlPU/x5UI58vWEDLW9IYuk
pc2ywkJGeUdw2uou7rFEuwtUolxdcGbD/MaWK8FPdwuLd+pqHqImOgNH8w088l7l
2gE/hANccVrKrwaHsiSFnFPzQxg8XmQELryAN5MNUkg43krmkBVv02Gp2Vej09j2
oKfcI9HDtT37OKOIMc5WzBEFxHSedw+Pni1USlv49A2D0asRSSLA4y9YbuSNLbkI
aaR+iOHv3PuN9Aeyv6hKF7Ev26RGStTxDIvup0/aU+d6jcJ0d9fPfB2ErEdfX8bC
BEjWBUr8DJY5YxH7Y8J+5TosqDlTvZnak4WrJVNBVJMTk42wbeAFs9e5ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHlobeAqrEaMwi8nSREZ0bkzfgHcMB8GA1UdIwQY
MBaAFN/yRybfPnf29MjgQ2YTs1EQ7q84MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzct
NjJiYjZkNjNlNTlkLzEvZVdodDRDcXNSb3pDTHlkSkVSblJ1VE4tQWR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzctNjJiYjZkNjNlNTlk
LzEvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf8HMA0G
CSqGSIb3DQEBCwUAA4IBAQBuba63ee0V8jCPc8a5f94molFIMcyjj1cOqn1iZMOb
lxkmRL2jmPVux41fUsSov78SA+tFDvT5FnvEidMpA9jglLgU1sSgHowHVUitXMnX
5cXUWNzypRw54n90ZLNysgxMU1ov0LWkALi9MsMWA4P78CcW50hzkAevByuxj7ew
pMYO1+z6alot2bCKAPLcRyTOy9A4XTJF/sHJP9TvLKLUHSA1fmS7prsPO6rx0aCS
ap0GvyI8hztzhDwkgQC4pLRcu8P6DQWR8y+a2pxg6Vss8yOE6KFKBpf5Co5xKvry
6MFAhNx7yOoeyC1Sy4ADuBcmdiHIDz7NF32GUwQ5DTFY
-----END CERTIFICATE-----