Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/8mFpxWeigxgpUFd1OOAixg_kV04.roa
File:                     8mFpxWeigxgpUFd1OOAixg_kV04.roa (raw, json)
Hash identifier:          VQHbA1oCO2AGd0/yfeBIXEaP8Q5Yhxdi7C9Tt3HjKNE=
Subject key identifier:   F2:61:69:C5:67:A2:83:18:29:50:57:75:38:E0:22:C6:0F:E4:57:4E
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       019C9AD57855144BA32EBD2B7AD4A326B0BF
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/8mFpxWeigxgpUFd1OOAixg_kV04.roa
Signing time:             Thu 26 Feb 2026 16:43:27 +0000
ROA not before:           Thu 26 Feb 2026 16:43:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42375
IP address blocks:        2.58.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9a:d5:78:55:14:4b:a3:2e:bd:2b:7a:d4:a3:26:b0:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Feb 26 16:43:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f26169c567a283182950577538e022c60fe4574e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:db:bf:78:8c:67:ef:48:53:25:c0:f8:85:4a:
                    24:d2:f9:62:46:89:18:72:84:6a:2f:f7:89:3c:cc:
                    cc:5b:5a:40:b8:e4:f7:2d:96:83:07:f5:7a:ee:75:
                    c2:9d:92:af:f8:5a:59:8c:13:31:45:c6:05:82:af:
                    3a:27:2e:55:f0:6b:8d:8d:7a:25:ae:89:c7:e4:d8:
                    2f:4f:99:e4:c2:5f:86:7e:92:f4:f9:d7:f6:70:8d:
                    08:c3:df:ea:3f:f9:72:bf:74:8a:c2:ce:d6:59:02:
                    10:5a:ea:6c:aa:9c:d2:69:1f:71:a7:ba:89:46:ee:
                    40:59:62:8d:ac:fd:c6:51:0a:b0:d2:77:8f:a2:46:
                    19:13:bd:f0:84:6d:8e:ad:dd:82:3e:32:9f:d9:40:
                    ed:44:7c:41:1d:8f:8f:e2:9f:a2:9f:3e:a4:e3:5f:
                    d9:04:70:ef:4a:4a:21:a3:ba:0e:31:0c:e3:64:f6:
                    22:36:8e:f0:21:d0:66:ff:25:2b:27:af:fe:62:52:
                    4a:f6:ee:79:0c:26:66:f5:b1:2c:7e:05:f4:f8:b4:
                    3f:48:96:5d:86:c8:a7:d1:0e:5b:a2:48:7a:cc:b0:
                    8c:45:4e:28:12:dd:00:c8:7e:4c:87:b7:0c:32:69:
                    02:52:44:92:5a:a2:a7:02:35:4d:e8:23:b3:0b:6f:
                    9c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:61:69:C5:67:A2:83:18:29:50:57:75:38:E0:22:C6:0F:E4:57:4E
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/8mFpxWeigxgpUFd1OOAixg_kV04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:91:58:90:77:e3:8e:2e:ec:06:9a:3d:f1:8a:06:0d:18:31:
         22:86:ff:8b:2c:cc:75:04:aa:d9:cc:8c:34:92:3f:dc:61:16:
         31:34:9f:1c:63:dd:cb:38:2a:0b:cf:66:b5:3b:34:d0:3e:1a:
         80:dc:3e:9f:79:81:c4:3a:6d:cb:cf:87:36:68:54:9d:ba:d3:
         5d:0d:9c:db:f7:0f:cb:3c:57:91:4f:91:31:0e:23:1c:46:82:
         18:96:49:30:44:dd:e2:f4:3f:dd:da:95:31:8c:ea:81:50:e2:
         f4:b5:07:6e:8e:f5:6f:03:be:8f:30:54:42:cd:79:7c:db:41:
         fb:f1:1f:34:43:0d:d0:a7:35:1f:36:18:aa:82:f6:5b:41:8d:
         4c:42:19:52:27:ec:51:09:76:73:e3:cd:4f:1a:c1:66:7c:57:
         e6:67:42:4e:e4:59:f1:22:67:33:2c:9f:41:9c:d0:c6:86:49:
         71:78:be:ca:c7:8d:de:dc:54:b4:88:c4:4a:43:56:b9:0a:27:
         26:88:fa:b5:2d:84:38:40:96:20:05:b3:a9:4e:33:7d:ad:c6:
         ee:ab:9b:df:86:b4:e9:e0:33:55:f4:1a:d3:9f:55:fb:b2:0c:
         0d:09:1a:fa:64:df:9f:65:05:40:64:c7:2c:f2:a1:9c:41:da:
         55:d5:cc:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZya1XhVFEujLr0retSjJrC/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjYwMjI2MTY0MzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjYxNjljNTY3YTI4MzE4Mjk1MDU3NzUzOGUwMjJjNjBmZTQ1NzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9u/eIxn70hTJcD4hUok0vliRokY
coRqL/eJPMzMW1pAuOT3LZaDB/V67nXCnZKv+FpZjBMxRcYFgq86Jy5V8GuNjXol
ronH5NgvT5nkwl+GfpL0+df2cI0Iw9/qP/lyv3SKws7WWQIQWupsqpzSaR9xp7qJ
Ru5AWWKNrP3GUQqw0nePokYZE73whG2Ord2CPjKf2UDtRHxBHY+P4p+inz6k41/Z
BHDvSkoho7oOMQzjZPYiNo7wIdBm/yUrJ6/+YlJK9u55DCZm9bEsfgX0+LQ/SJZd
hsin0Q5bokh6zLCMRU4oEt0AyH5Mh7cMMmkCUkSSWqKnAjVN6COzC2+cDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJhacVnooMYKVBXdTjgIsYP5FdOMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvOG1GcHhXZWlneGdwVUZkMU9PQWl4Z19rVjA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjphMA0G
CSqGSIb3DQEBCwUAA4IBAQBbkViQd+OOLuwGmj3xigYNGDEihv+LLMx1BKrZzIw0
kj/cYRYxNJ8cY93LOCoLz2a1OzTQPhqA3D6feYHEOm3Lz4c2aFSdutNdDZzb9w/L
PFeRT5ExDiMcRoIYlkkwRN3i9D/d2pUxjOqBUOL0tQdujvVvA76PMFRCzXl820H7
8R80Qw3QpzUfNhiqgvZbQY1MQhlSJ+xRCXZz481PGsFmfFfmZ0JO5FnxImczLJ9B
nNDGhklxeL7Kx43e3FS0iMRKQ1a5CicmiPq1LYQ4QJYgBbOpTjN9rcbuq5vfhrTp
4DNV9BrTn1X7sgwNCRr6ZN+fZQVAZMcs8qGcQdpV1cwd
-----END CERTIFICATE-----