Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/mSzzMA6L5QbhcWeV8GJlOnBN0cM.roa
File:                     mSzzMA6L5QbhcWeV8GJlOnBN0cM.roa (raw, json)
Hash identifier:          KFpvmdmXJzfhj/vqjMViv2cspmTTL885sm48c0BNhjc=
Subject key identifier:   99:2C:F3:30:0E:8B:E5:06:E1:71:67:95:F0:62:65:3A:70:4D:D1:C3
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       019C8F4A2511029A49C3114E7E91199654A2
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/mSzzMA6L5QbhcWeV8GJlOnBN0cM.roa
Signing time:             Tue 24 Feb 2026 10:55:26 +0000
ROA not before:           Tue 24 Feb 2026 10:55:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212027
IP address blocks:        62.171.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 25 Feb 2026 07:20:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8f:4a:25:11:02:9a:49:c3:11:4e:7e:91:19:96:54:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Feb 24 10:55:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=992cf3300e8be506e1716795f062653a704dd1c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f4:a4:31:93:9b:70:a8:0b:79:dc:20:6e:e3:
                    78:a4:f7:50:84:d9:be:53:26:dd:06:3a:4f:1e:44:
                    1f:fa:8b:26:57:3a:54:01:15:4d:58:02:d0:bb:8c:
                    f0:0a:6a:4b:cc:17:de:b8:74:a9:9d:bc:47:b4:de:
                    79:8d:7b:19:77:d0:82:ff:1b:ed:02:2b:96:54:da:
                    df:b9:ad:3c:04:68:81:16:c3:c6:66:13:dd:1c:e0:
                    65:08:b2:99:de:9b:ec:71:9c:96:e7:02:8c:0b:90:
                    ef:09:ae:ae:97:28:42:63:5e:42:d8:c8:fe:e2:59:
                    7c:84:88:cf:82:86:a2:d2:1a:98:18:af:a6:2d:64:
                    9c:84:19:74:59:84:92:e1:54:f6:87:18:11:0d:1c:
                    9d:32:db:99:01:4d:f7:b9:53:cf:64:72:80:09:2e:
                    3f:37:48:69:2d:6d:88:06:62:92:e3:42:03:08:75:
                    26:39:e7:fd:f7:99:fa:81:9a:88:80:80:ef:7c:d8:
                    bd:6c:5f:08:d1:00:fb:45:1d:a8:c1:8d:9f:df:cc:
                    1e:63:3c:5b:bc:01:52:88:58:3d:0f:3d:71:6a:31:
                    b6:15:6e:8d:f0:17:47:3c:85:30:b4:33:12:74:92:
                    95:74:10:09:d2:99:83:71:5a:f0:70:df:72:0d:e2:
                    ac:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:2C:F3:30:0E:8B:E5:06:E1:71:67:95:F0:62:65:3A:70:4D:D1:C3
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/mSzzMA6L5QbhcWeV8GJlOnBN0cM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.171.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:6c:cb:54:c9:e4:26:31:7e:08:81:c4:93:0f:90:71:50:eb:
         8b:5d:58:ac:b7:72:66:55:88:c2:53:be:5d:4d:96:45:e2:26:
         fa:9f:ca:9d:47:87:0b:41:ec:e8:26:25:a2:b2:8c:e4:36:23:
         9e:44:aa:9c:a7:d5:9c:6c:b5:28:c3:50:51:5b:22:86:35:13:
         5e:3d:cb:11:f4:8f:96:96:bb:fc:de:ea:cf:de:1c:f3:f1:ed:
         f6:0d:0e:0c:70:e2:c7:26:f8:7d:7e:84:cf:d3:a5:57:2f:30:
         9e:e0:84:02:9b:b1:39:3b:44:71:9c:2a:cd:ab:d0:94:d8:e3:
         39:ef:cd:d1:48:71:8b:2b:1c:72:11:5c:15:15:4d:65:e9:ef:
         21:52:ca:a2:c5:36:11:5e:f9:c3:cd:d0:da:cc:82:57:3e:86:
         e7:76:f3:39:38:16:0d:60:e9:90:5c:09:86:f6:14:7f:96:8a:
         17:ab:e7:a9:fa:8c:47:02:14:f2:10:c5:84:2e:de:70:bc:89:
         73:72:dd:2e:83:84:17:50:50:56:9b:7a:48:4a:c9:a2:84:5e:
         c5:13:ef:7c:e5:72:8f:e4:bc:1a:1a:0f:fb:01:35:73:5e:c1:
         12:6d:0d:dc:64:07:91:36:24:a6:77:95:05:c8:1e:1c:20:38:
         38:7d:94:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyPSiURAppJwxFOfpEZllSiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjYwMjI0MTA1NTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTJjZjMzMDBlOGJlNTA2ZTE3MTY3OTVmMDYyNjUzYTcwNGRkMWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvSkMZObcKgLedwgbuN4pPdQhNm+
UybdBjpPHkQf+osmVzpUARVNWALQu4zwCmpLzBfeuHSpnbxHtN55jXsZd9CC/xvt
AiuWVNrfua08BGiBFsPGZhPdHOBlCLKZ3pvscZyW5wKMC5DvCa6ulyhCY15C2Mj+
4ll8hIjPgoai0hqYGK+mLWSchBl0WYSS4VT2hxgRDRydMtuZAU33uVPPZHKACS4/
N0hpLW2IBmKS40IDCHUmOef995n6gZqIgIDvfNi9bF8I0QD7RR2owY2f38weYzxb
vAFSiFg9Dz1xajG2FW6N8BdHPIUwtDMSdJKVdBAJ0pmDcVrwcN9yDeKs3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJks8zAOi+UG4XFnlfBiZTpwTdHDMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvbVN6ek1BNkw1UWJoY1dlVjhHSmxPbkJOMGNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPqv7MA0G
CSqGSIb3DQEBCwUAA4IBAQAvbMtUyeQmMX4IgcSTD5BxUOuLXVist3JmVYjCU75d
TZZF4ib6n8qdR4cLQezoJiWisozkNiOeRKqcp9WcbLUow1BRWyKGNRNePcsR9I+W
lrv83urP3hzz8e32DQ4McOLHJvh9foTP06VXLzCe4IQCm7E5O0RxnCrNq9CU2OM5
783RSHGLKxxyEVwVFU1l6e8hUsqixTYRXvnDzdDazIJXPobndvM5OBYNYOmQXAmG
9hR/looXq+ep+oxHAhTyEMWELt5wvIlzct0ug4QXUFBWm3pISsmihF7FE+985XKP
5LwaGg/7ATVzXsESbQ3cZAeRNiSmd5UFyB4cIDg4fZT2
-----END CERTIFICATE-----