Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/2c5crmeGZnwaz6XCbuWEnXUdvhI.roa
File:                     2c5crmeGZnwaz6XCbuWEnXUdvhI.roa (raw, json)
Hash identifier:          0TGtdsOR4L9CNlYQc9vZEiqGYU5ODEgf8ht8Ynui1FQ=
Subject key identifier:   D9:CE:5C:AE:67:86:66:7C:1A:CF:A5:C2:6E:E5:84:9D:75:1D:BE:12
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019C527D0F9FD619DB35A67E86853CCB9FC9
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/2c5crmeGZnwaz6XCbuWEnXUdvhI.roa
Signing time:             Thu 12 Feb 2026 15:34:13 +0000
ROA not before:           Thu 12 Feb 2026 15:34:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201316
IP address blocks:        212.135.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 24 Feb 2026 15:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:52:7d:0f:9f:d6:19:db:35:a6:7e:86:85:3c:cb:9f:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Feb 12 15:34:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d9ce5cae6786667c1acfa5c26ee5849d751dbe12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f5:3d:56:5f:3f:22:b0:77:56:64:05:5a:e7:
                    9b:e5:e0:a3:98:da:b3:46:dd:83:95:5f:29:5d:c5:
                    59:0f:ba:4e:4f:62:ee:50:0e:82:9e:13:68:1e:a7:
                    0c:d6:51:4c:7b:72:0d:da:48:cf:3f:fd:c4:21:20:
                    60:c1:5b:fe:a6:c3:90:45:1e:4c:d5:af:15:7d:a7:
                    e3:ef:d5:b7:07:cb:46:8f:40:b1:bb:eb:c1:d1:f1:
                    99:b6:10:0b:3d:36:f0:c6:8d:1c:de:cf:1b:ae:09:
                    09:18:30:dd:dc:a5:46:cf:15:a1:4e:b2:31:0a:ae:
                    0b:f4:be:d7:19:9c:62:55:65:6a:44:71:ca:4c:e1:
                    3e:c3:b6:80:a0:1b:1d:61:6e:91:64:72:71:85:3c:
                    11:b5:b1:a4:a3:2f:51:55:20:41:99:e3:26:8a:b2:
                    25:0f:f7:f4:b8:93:b3:2d:0e:78:92:dd:b4:a0:6c:
                    9a:b3:09:7b:1c:21:23:e7:76:0f:0c:85:88:06:ef:
                    c0:76:9c:c9:35:87:88:0f:41:34:9e:2d:06:81:aa:
                    66:20:2d:b9:78:10:f6:f9:ed:68:69:a9:08:a7:16:
                    ff:1d:68:21:24:78:69:a9:5b:ac:5a:a4:81:bd:2a:
                    ee:da:46:b1:b5:47:c5:49:0e:0e:6d:55:41:9c:b6:
                    fb:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:CE:5C:AE:67:86:66:7C:1A:CF:A5:C2:6E:E5:84:9D:75:1D:BE:12
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/2c5crmeGZnwaz6XCbuWEnXUdvhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.135.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:c4:2a:ae:76:b6:3d:3e:7d:73:da:d4:47:60:24:c8:87:a3:
         d0:64:de:2c:a9:fa:bd:4a:04:a7:3b:a6:5f:59:1d:40:55:e8:
         bf:e9:ad:fe:72:2b:e3:76:42:57:3a:9f:f2:45:ef:15:f4:22:
         25:69:85:ce:5a:d7:2a:74:97:f1:6e:ed:2b:fc:fc:df:6f:97:
         48:23:d8:0c:fd:2e:c3:da:21:e0:d8:75:73:f3:82:70:18:0a:
         d1:3c:8d:7f:3d:be:6f:0e:f7:ba:91:9a:ca:ff:8f:67:b1:6a:
         79:0a:5e:fa:24:62:ae:da:8b:0b:33:61:ba:da:a0:bb:af:5e:
         7e:6e:88:92:52:de:bd:68:df:32:1d:71:2f:ea:c8:dc:bf:e1:
         c5:fe:f1:e5:19:7c:0a:4f:6b:00:23:4b:26:c5:a8:3a:bd:90:
         b1:88:1f:b0:4d:b1:6d:ee:05:0a:da:19:17:e6:b6:5e:a9:0a:
         c8:c7:51:f6:c3:79:cc:10:0f:6e:ed:c5:0b:d6:a6:1e:ec:5a:
         03:43:17:71:c2:6c:51:b5:56:6f:f7:da:58:fa:75:4e:35:d3:
         7c:75:58:84:e8:04:fd:df:94:90:bd:ed:41:07:8c:00:b1:cb:
         4d:32:91:2a:57:9c:d9:ea:1a:ad:a1:d9:e4:8b:d3:81:d4:7a:
         7a:de:5c:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxSfQ+f1hnbNaZ+hoU8y5/JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMjEyMTUzNDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWNlNWNhZTY3ODY2NjdjMWFjZmE1YzI2ZWU1ODQ5ZDc1MWRiZTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfU9Vl8/IrB3VmQFWueb5eCjmNqz
Rt2DlV8pXcVZD7pOT2LuUA6CnhNoHqcM1lFMe3IN2kjPP/3EISBgwVv+psOQRR5M
1a8Vfafj79W3B8tGj0Cxu+vB0fGZthALPTbwxo0c3s8brgkJGDDd3KVGzxWhTrIx
Cq4L9L7XGZxiVWVqRHHKTOE+w7aAoBsdYW6RZHJxhTwRtbGkoy9RVSBBmeMmirIl
D/f0uJOzLQ54kt20oGyaswl7HCEj53YPDIWIBu/AdpzJNYeID0E0ni0GgapmIC25
eBD2+e1oaakIpxb/HWghJHhpqVusWqSBvSru2kaxtUfFSQ4ObVVBnLb7uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNnOXK5nhmZ8Gs+lwm7lhJ11Hb4SMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvMmM1Y3JtZUdabndhejZYQ2J1V0VuWFVkdmhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IegMA0G
CSqGSIb3DQEBCwUAA4IBAQAvxCqudrY9Pn1z2tRHYCTIh6PQZN4sqfq9SgSnO6Zf
WR1AVei/6a3+civjdkJXOp/yRe8V9CIlaYXOWtcqdJfxbu0r/Pzfb5dII9gM/S7D
2iHg2HVz84JwGArRPI1/Pb5vDve6kZrK/49nsWp5Cl76JGKu2osLM2G62qC7r15+
boiSUt69aN8yHXEv6sjcv+HF/vHlGXwKT2sAI0smxag6vZCxiB+wTbFt7gUK2hkX
5rZeqQrIx1H2w3nMEA9u7cUL1qYe7FoDQxdxwmxRtVZv99pY+nVONdN8dViE6AT9
35SQve1BB4wAsctNMpEqV5zZ6hqtodnki9OB1Hp63lyw
-----END CERTIFICATE-----