Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/nF8yI8NNVENhHdHHvHfxB5fTyr0.roa
File:                     nF8yI8NNVENhHdHHvHfxB5fTyr0.roa (raw, json)
Hash identifier:          AfN6nha/IBNGq2xnGy6mK5P8OpY736OmmEpMEcSaRuM=
Subject key identifier:   9C:5F:32:23:C3:4D:54:43:61:1D:D1:C7:BC:77:F1:07:97:D3:CA:BD
Certificate issuer:       /CN=8ef7c09c1a3f73ebe61740ab65e589f91655bded
Certificate serial:       019C8AAC7E7E974270C2DAEC14877478CC46
Authority key identifier: 8E:F7:C0:9C:1A:3F:73:EB:E6:17:40:AB:65:E5:89:F9:16:55:BD:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jvfAnBo_c-vmF0CrZeWJ-RZVve0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/nF8yI8NNVENhHdHHvHfxB5fTyr0.roa
Signing time:             Mon 23 Feb 2026 13:24:46 +0000
ROA not before:           Mon 23 Feb 2026 13:24:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214399
IP address blocks:        195.24.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/jvfAnBo_c-vmF0CrZeWJ-RZVve0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/jvfAnBo_c-vmF0CrZeWJ-RZVve0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jvfAnBo_c-vmF0CrZeWJ-RZVve0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 04:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8a:ac:7e:7e:97:42:70:c2:da:ec:14:87:74:78:cc:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ef7c09c1a3f73ebe61740ab65e589f91655bded
        Validity
            Not Before: Feb 23 13:24:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9c5f3223c34d5443611dd1c7bc77f10797d3cabd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:3d:5d:20:26:ce:37:b1:9d:ed:f9:31:af:20:
                    d3:55:4d:59:f9:3a:db:21:22:20:53:a8:39:39:f8:
                    44:7e:ad:29:63:db:bd:89:1a:ed:b2:74:b8:31:a5:
                    21:0a:a0:5b:40:a9:a6:f1:18:61:31:4d:c5:a3:be:
                    1d:f9:6f:b6:72:28:e4:1a:34:17:f3:3b:59:40:a7:
                    8f:e5:9b:9c:44:65:80:1b:17:7c:91:e1:83:6b:59:
                    ee:10:82:75:1e:af:9b:2b:fd:99:04:0a:3f:5e:1a:
                    16:2e:9d:c0:b9:2d:96:d8:e1:2a:23:3d:4f:97:7a:
                    bf:7b:95:8f:f6:eb:27:5c:6a:a0:f0:78:f4:3b:7b:
                    38:b6:0f:19:07:5c:56:3d:be:f1:a7:94:63:73:b1:
                    79:45:10:4c:73:e3:c2:dd:d5:4c:88:fc:e9:a0:dc:
                    39:13:1c:59:d4:b1:8c:10:10:0c:ac:98:9a:93:99:
                    c1:fd:23:8b:a1:2d:6a:bb:8e:57:55:b7:39:24:b7:
                    2d:a7:ad:88:5c:95:5b:1d:83:d2:41:9f:cb:63:6d:
                    db:d7:73:78:4e:1e:82:0e:7f:55:c2:32:84:a5:4a:
                    2c:97:60:9f:94:36:cb:86:3d:00:1b:9a:c2:93:cf:
                    0c:79:e7:9f:8a:ba:c4:23:c9:76:1f:da:ce:a3:87:
                    4d:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:5F:32:23:C3:4D:54:43:61:1D:D1:C7:BC:77:F1:07:97:D3:CA:BD
            X509v3 Authority Key Identifier:
                keyid:8E:F7:C0:9C:1A:3F:73:EB:E6:17:40:AB:65:E5:89:F9:16:55:BD:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jvfAnBo_c-vmF0CrZeWJ-RZVve0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/nF8yI8NNVENhHdHHvHfxB5fTyr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/jvfAnBo_c-vmF0CrZeWJ-RZVve0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.24.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:75:6e:5c:ba:d7:01:b9:24:4a:a7:09:0b:29:b2:c5:a3:b9:
         66:44:93:8e:0b:ae:fd:15:ff:af:61:46:ab:b3:9f:c0:76:b7:
         2e:70:af:7b:f2:93:6f:39:e1:72:d7:ec:ea:51:cb:d1:65:7e:
         9b:da:40:b9:da:ae:6e:82:e9:bf:d5:b4:51:38:41:7a:0a:8f:
         66:bb:9b:8e:51:d4:7d:b2:02:99:f6:d9:29:9c:ff:7f:d9:61:
         b5:9a:13:68:52:7e:37:a0:e6:6e:7c:a6:52:e2:40:35:04:2f:
         38:12:2e:e1:33:12:28:4a:27:65:82:70:0b:97:10:5d:a2:76:
         64:5f:e2:f1:92:77:86:53:74:33:78:78:90:26:51:46:e2:bf:
         b4:07:b4:fa:7f:4e:a4:4f:24:fc:2d:05:8a:77:10:f9:75:36:
         c7:07:22:47:2d:58:16:2a:33:34:61:ef:9b:31:f3:d9:a8:1e:
         72:50:82:96:81:dd:c7:d1:09:0d:ac:2f:41:86:5b:04:3e:f0:
         1e:7c:6f:70:4e:38:9d:86:c2:48:ee:71:d7:b4:8e:7b:6c:bc:
         52:2e:55:45:ef:5e:1e:cb:f0:ca:4c:4d:53:89:e9:31:c8:dc:
         54:19:a0:fc:25:c6:3c:20:9d:f1:01:b6:0d:6a:45:1c:60:c9:
         0b:9a:2f:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyKrH5+l0JwwtrsFId0eMxGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlZjdjMDljMWEzZjczZWJlNjE3NDBhYjY1ZTU4OWY5MTY1
NWJkZWQwHhcNMjYwMjIzMTMyNDQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzVmMzIyM2MzNGQ1NDQzNjExZGQxYzdiYzc3ZjEwNzk3ZDNjYWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmj1dICbON7Gd7fkxryDTVU1Z+Trb
ISIgU6g5OfhEfq0pY9u9iRrtsnS4MaUhCqBbQKmm8RhhMU3Fo74d+W+2cijkGjQX
8ztZQKeP5ZucRGWAGxd8keGDa1nuEIJ1Hq+bK/2ZBAo/XhoWLp3AuS2W2OEqIz1P
l3q/e5WP9usnXGqg8Hj0O3s4tg8ZB1xWPb7xp5Rjc7F5RRBMc+PC3dVMiPzpoNw5
ExxZ1LGMEBAMrJiak5nB/SOLoS1qu45XVbc5JLctp62IXJVbHYPSQZ/LY23b13N4
Th6CDn9VwjKEpUosl2CflDbLhj0AG5rCk88MeeefirrEI8l2H9rOo4dNRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJxfMiPDTVRDYR3Rx7x38QeX08q9MB8GA1UdIwQY
MBaAFI73wJwaP3Pr5hdAq2XlifkWVb3tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanZmQW5Cb19jLXZtRjBDclplV0otUlpWdmUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS84YzZkODgtNTJjMy00N2U2LTgwMDkt
ZjYyYmU5ZThhNjcxLzEvbkY4eUk4Tk5WRU5oSGRISHZIZnhCNWZUeXIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS84YzZkODgtNTJjMy00N2U2LTgwMDktZjYyYmU5ZThhNjcx
LzEvanZmQW5Cb19jLXZtRjBDclplV0otUlpWdmUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxjsMA0G
CSqGSIb3DQEBCwUAA4IBAQBldW5cutcBuSRKpwkLKbLFo7lmRJOOC679Ff+vYUar
s5/AdrcucK978pNvOeFy1+zqUcvRZX6b2kC52q5ugum/1bRROEF6Co9mu5uOUdR9
sgKZ9tkpnP9/2WG1mhNoUn43oOZufKZS4kA1BC84Ei7hMxIoSidlgnALlxBdonZk
X+LxkneGU3QzeHiQJlFG4r+0B7T6f06kTyT8LQWKdxD5dTbHByJHLVgWKjM0Ye+b
MfPZqB5yUIKWgd3H0QkNrC9BhlsEPvAefG9wTjidhsJI7nHXtI57bLxSLlVF714e
y/DKTE1TiekxyNxUGaD8JcY8IJ3xAbYNakUcYMkLmi9J
-----END CERTIFICATE-----