Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/gzIiWHGRR93M4EeKSxyFElEnzfQ.roa
File:                     gzIiWHGRR93M4EeKSxyFElEnzfQ.roa (raw, json)
Hash identifier:          P6od455G5jZ5lUgI4sqFMNPmAnYBu1OSIcRyPwUOGuY=
Subject key identifier:   83:32:22:58:71:91:47:DD:CC:E0:47:8A:4B:1C:85:12:51:27:CD:F4
Certificate issuer:       /CN=e58024b729d99f05133ec6d14390c73eb36db99e
Certificate serial:       019C71696B572850FDC68ECE969C9A8EDAEE
Authority key identifier: E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/gzIiWHGRR93M4EeKSxyFElEnzfQ.roa
Signing time:             Wed 18 Feb 2026 15:41:00 +0000
ROA not before:           Wed 18 Feb 2026 15:41:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203591
IP address blocks:        81.2.132.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:71:69:6b:57:28:50:fd:c6:8e:ce:96:9c:9a:8e:da:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e58024b729d99f05133ec6d14390c73eb36db99e
        Validity
            Not Before: Feb 18 15:41:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=83322258719147ddcce0478a4b1c85125127cdf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:47:f9:99:7f:d7:5f:6e:e2:49:33:0f:3b:92:
                    be:8b:fd:a2:74:fe:55:6b:74:7a:94:39:4e:bf:0d:
                    00:f7:aa:2c:fd:c1:9f:d1:76:84:64:b3:37:17:76:
                    db:8f:17:f3:98:8a:e2:c8:f6:f0:7a:ae:1a:2a:21:
                    78:c6:2f:43:9e:1a:61:77:dd:c4:12:30:1d:af:ea:
                    25:43:ab:6e:99:3a:1a:0f:03:cd:8b:d8:a5:7e:c0:
                    e6:0d:e6:75:01:8f:8f:82:64:8a:83:0e:19:6a:3d:
                    af:41:98:dc:b9:e8:3d:32:39:e5:3f:d9:a6:e0:45:
                    f8:a4:ff:18:5d:1f:bb:23:15:7d:0c:c4:c8:e1:68:
                    8c:ed:ab:ce:00:58:47:3d:c0:bd:41:ce:eb:d7:7b:
                    f9:72:71:f9:18:e8:e1:7d:ac:d7:ed:43:c3:d1:2e:
                    09:1a:c4:db:ee:8f:55:bd:3e:42:79:37:43:83:19:
                    aa:9e:cc:56:37:5c:24:49:40:62:f3:a7:c8:21:96:
                    c5:66:10:fe:8b:75:ff:f4:9e:7b:9d:b6:65:9b:39:
                    8c:32:60:80:16:84:70:54:b1:b2:86:68:49:cc:47:
                    e3:4e:d7:a3:83:0c:0f:18:7c:32:01:e3:73:83:de:
                    7b:f9:1a:d2:0d:c4:0b:ef:83:9a:dd:08:33:8a:89:
                    ed:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:32:22:58:71:91:47:DD:CC:E0:47:8A:4B:1C:85:12:51:27:CD:F4
            X509v3 Authority Key Identifier:
                keyid:E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/gzIiWHGRR93M4EeKSxyFElEnzfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.2.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:da:14:26:c8:53:ee:ed:0a:ec:82:59:2b:45:e7:33:6c:47:
         74:53:41:bd:00:32:06:0a:5d:a6:55:53:cc:b4:8c:95:63:fa:
         7b:43:55:64:b2:4f:4e:f5:3d:43:bc:6d:a9:25:a0:7f:ff:3a:
         89:1f:a7:e1:9b:07:5b:9c:10:36:f3:36:30:dc:25:00:5c:71:
         06:bb:9e:d5:1e:1f:b3:f0:91:5c:85:45:05:47:6b:b7:ce:bd:
         fa:07:4b:51:11:80:85:7a:ca:b8:cd:9b:30:71:fb:68:b7:f0:
         bc:3d:30:d8:6b:d3:48:89:1c:66:99:6b:0a:69:e5:c9:b5:9a:
         c7:61:4b:06:b2:87:02:2d:62:ec:25:d7:33:66:98:58:70:ef:
         a4:87:2d:66:18:b0:d8:4b:7a:88:1c:13:02:77:80:ea:30:fe:
         cb:f6:79:97:eb:e8:a2:d0:16:a0:43:6b:e1:c8:90:af:72:90:
         68:46:c5:21:52:4e:ce:f2:1b:67:bd:d2:a3:95:be:7a:95:24:
         84:4c:fb:2f:c5:15:25:a3:38:e6:0e:e7:e7:4b:5c:46:47:66:
         a1:6b:08:7f:10:bc:d7:4a:bc:46:f8:10:14:2a:ed:36:72:ae:
         65:e9:52:18:7d:38:51:b2:fd:1e:60:5c:b6:68:83:dd:f2:8c:
         7f:73:68:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxxaWtXKFD9xo7OlpyajtruMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODAyNGI3MjlkOTlmMDUxMzNlYzZkMTQzOTBjNzNlYjM2
ZGI5OWUwHhcNMjYwMjE4MTU0MTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzMyMjI1ODcxOTE0N2RkY2NlMDQ3OGE0YjFjODUxMjUxMjdjZGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkf5mX/XX27iSTMPO5K+i/2idP5V
a3R6lDlOvw0A96os/cGf0XaEZLM3F3bbjxfzmIriyPbweq4aKiF4xi9Dnhphd93E
EjAdr+olQ6tumToaDwPNi9ilfsDmDeZ1AY+PgmSKgw4Zaj2vQZjcueg9MjnlP9mm
4EX4pP8YXR+7IxV9DMTI4WiM7avOAFhHPcC9Qc7r13v5cnH5GOjhfazX7UPD0S4J
GsTb7o9VvT5CeTdDgxmqnsxWN1wkSUBi86fIIZbFZhD+i3X/9J57nbZlmzmMMmCA
FoRwVLGyhmhJzEfjTtejgwwPGHwyAeNzg957+RrSDcQL74Oa3Qgziont6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIMyIlhxkUfdzOBHikschRJRJ830MB8GA1UdIwQY
MBaAFOWAJLcp2Z8FEz7G0UOQxz6zbbmeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQt
OTU2ZjZiNWM2MTcwLzEvZ3pJaVdIR1JSOTNNNEVlS1N4eUZFbEVuemZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQtOTU2ZjZiNWM2MTcw
LzEvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUQKEMA0G
CSqGSIb3DQEBCwUAA4IBAQAS2hQmyFPu7QrsglkrReczbEd0U0G9ADIGCl2mVVPM
tIyVY/p7Q1Vksk9O9T1DvG2pJaB//zqJH6fhmwdbnBA28zYw3CUAXHEGu57VHh+z
8JFchUUFR2u3zr36B0tREYCFesq4zZswcftot/C8PTDYa9NIiRxmmWsKaeXJtZrH
YUsGsocCLWLsJdczZphYcO+khy1mGLDYS3qIHBMCd4DqMP7L9nmX6+ii0BagQ2vh
yJCvcpBoRsUhUk7O8htnvdKjlb56lSSETPsvxRUlozjmDufnS1xGR2ahawh/ELzX
SrxG+BAUKu02cq5l6VIYfThRsv0eYFy2aIPd8ox/c2g8
-----END CERTIFICATE-----