Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/gJ8qTz8F8Bxee7YRY3fHs5lSfBE.roa
File:                     gJ8qTz8F8Bxee7YRY3fHs5lSfBE.roa (raw, json)
Hash identifier:          ZSsM99NPJ9mDrPjXKAfCF2Vn2curJz1IzgR3LOEpDF4=
Subject key identifier:   80:9F:2A:4F:3F:05:F0:1C:5E:7B:B6:11:63:77:C7:B3:99:52:7C:11
Certificate issuer:       /CN=8a01ab6cd44a7a3ea4002c106a96c427b52c81d5
Certificate serial:       019C93DD1BB464B1250023450CD9857DAA60
Authority key identifier: 8A:01:AB:6C:D4:4A:7A:3E:A4:00:2C:10:6A:96:C4:27:B5:2C:81:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/gJ8qTz8F8Bxee7YRY3fHs5lSfBE.roa
Signing time:             Wed 25 Feb 2026 08:14:27 +0000
ROA not before:           Wed 25 Feb 2026 08:14:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215152
IP address blocks:        212.66.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:93:dd:1b:b4:64:b1:25:00:23:45:0c:d9:85:7d:aa:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a01ab6cd44a7a3ea4002c106a96c427b52c81d5
        Validity
            Not Before: Feb 25 08:14:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=809f2a4f3f05f01c5e7bb6116377c7b399527c11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:24:24:a1:e6:4f:5f:66:83:30:e6:b7:6b:c2:
                    96:21:bf:32:a9:2e:83:36:65:2c:a9:81:e1:b9:35:
                    1e:ae:7f:a4:0f:f2:1e:f9:ee:34:14:02:ca:ee:71:
                    b2:73:f2:18:81:a4:da:13:98:4f:8f:88:e3:98:79:
                    53:93:c0:b9:26:52:bd:d1:51:7f:61:ba:5b:f8:ae:
                    0e:13:01:42:a1:a5:09:4d:85:67:a9:af:65:93:ea:
                    9e:c2:f7:ba:35:21:38:36:89:c2:80:36:0c:1b:bd:
                    82:c9:09:1d:30:f5:94:a1:a8:44:ab:7d:41:0a:89:
                    38:4a:3b:e5:de:03:87:81:47:d1:15:62:10:ac:66:
                    64:bc:08:69:c9:d2:31:6d:76:52:8c:5a:1e:59:eb:
                    47:a5:8b:66:d3:4f:d9:dd:43:38:df:20:d0:89:20:
                    04:01:f5:ba:e7:c6:d0:e5:94:12:cf:51:b6:a6:72:
                    de:a7:6a:62:08:5f:d0:49:11:da:04:4e:7c:e0:83:
                    fa:00:33:38:35:45:86:15:e7:3c:c2:23:7f:89:08:
                    41:b0:fb:a5:fc:35:b0:34:94:47:8d:d0:2f:b8:2e:
                    e3:28:dc:97:20:52:ec:72:d8:99:a8:db:49:d5:f3:
                    a4:66:02:55:24:14:83:39:f6:18:5f:91:5e:da:f6:
                    e6:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:9F:2A:4F:3F:05:F0:1C:5E:7B:B6:11:63:77:C7:B3:99:52:7C:11
            X509v3 Authority Key Identifier:
                keyid:8A:01:AB:6C:D4:4A:7A:3E:A4:00:2C:10:6A:96:C4:27:B5:2C:81:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/gJ8qTz8F8Bxee7YRY3fHs5lSfBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.66.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:f6:2f:7c:97:8b:60:76:87:8b:c9:ec:3b:76:77:4d:13:4c:
         fe:9b:84:fe:51:35:19:7d:7d:ca:6e:a8:24:9b:a8:36:8d:6e:
         70:73:f7:ed:87:5c:92:4e:3b:da:e9:7a:f6:75:94:40:88:e0:
         df:06:5c:a6:63:c2:b0:53:03:3f:ad:88:73:d6:c9:50:d3:df:
         19:86:c5:15:30:98:32:ed:45:ab:13:c0:de:ba:a7:7d:31:74:
         f1:ee:cb:73:6b:cd:12:63:c7:28:b9:79:49:2e:b2:02:52:e4:
         b2:d2:89:b8:f7:b9:e4:9f:ba:29:bb:ec:e0:88:a3:7c:5f:e7:
         35:fc:9d:dd:24:21:c4:37:8d:6f:90:33:14:07:55:1e:9b:05:
         f7:cd:8d:f0:a7:7b:c2:ce:da:18:a0:cf:c3:6d:9d:62:65:cd:
         d2:80:90:b2:12:cc:03:a8:ff:06:d9:00:bd:47:ae:82:d0:60:
         21:38:0b:94:23:f8:6a:62:99:7a:a9:28:7c:9b:c4:1b:a9:03:
         f3:9b:e7:0b:39:1d:be:bd:3b:10:c9:a2:a3:b2:e1:e8:9a:ae:
         09:66:d7:41:0d:1e:59:ce:3f:8b:a7:ec:cc:b4:32:9f:fd:0d:
         f1:42:8d:22:56:14:c0:73:83:f0:a8:c6:99:cf:7c:d5:3c:e6:
         2d:e0:f1:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyT3Ru0ZLElACNFDNmFfapgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMDFhYjZjZDQ0YTdhM2VhNDAwMmMxMDZhOTZjNDI3YjUy
YzgxZDUwHhcNMjYwMjI1MDgxNDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDlmMmE0ZjNmMDVmMDFjNWU3YmI2MTE2Mzc3YzdiMzk5NTI3YzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyiQkoeZPX2aDMOa3a8KWIb8yqS6D
NmUsqYHhuTUern+kD/Ie+e40FALK7nGyc/IYgaTaE5hPj4jjmHlTk8C5JlK90VF/
Ybpb+K4OEwFCoaUJTYVnqa9lk+qewve6NSE4NonCgDYMG72CyQkdMPWUoahEq31B
Cok4Sjvl3gOHgUfRFWIQrGZkvAhpydIxbXZSjFoeWetHpYtm00/Z3UM43yDQiSAE
AfW658bQ5ZQSz1G2pnLep2piCF/QSRHaBE584IP6ADM4NUWGFec8wiN/iQhBsPul
/DWwNJRHjdAvuC7jKNyXIFLsctiZqNtJ1fOkZgJVJBSDOfYYX5Fe2vbm1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFICfKk8/BfAcXnu2EWN3x7OZUnwRMB8GA1UdIwQY
MBaAFIoBq2zUSno+pAAsEGqWxCe1LIHVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWdHcmJOUktlajZrQUN3UWFwYkVKN1VzZ2RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi81ODMyZjQtZTRlMi00OThiLWEwNmEt
OWZlYmY4YzNlMzNmLzEvZ0o4cVR6OEY4QnhlZTdZUlkzZkhzNWxTZkJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi81ODMyZjQtZTRlMi00OThiLWEwNmEtOWZlYmY4YzNlMzNm
LzEvaWdHcmJOUktlajZrQUN3UWFwYkVKN1VzZ2RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EIzMA0G
CSqGSIb3DQEBCwUAA4IBAQCo9i98l4tgdoeLyew7dndNE0z+m4T+UTUZfX3Kbqgk
m6g2jW5wc/fth1ySTjva6Xr2dZRAiODfBlymY8KwUwM/rYhz1slQ098ZhsUVMJgy
7UWrE8Deuqd9MXTx7stza80SY8couXlJLrICUuSy0om497nkn7opu+zgiKN8X+c1
/J3dJCHEN41vkDMUB1UemwX3zY3wp3vCztoYoM/DbZ1iZc3SgJCyEswDqP8G2QC9
R66C0GAhOAuUI/hqYpl6qSh8m8QbqQPzm+cLOR2+vTsQyaKjsuHomq4JZtdBDR5Z
zj+Lp+zMtDKf/Q3xQo0iVhTAc4PwqMaZz3zVPOYt4PF8
-----END CERTIFICATE-----