Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/MbyV_YhPibyBX57GTcf0FQJ19SE.roa
File:                     MbyV_YhPibyBX57GTcf0FQJ19SE.roa (raw, json)
Hash identifier:          sJJ1aGsegDet0XWEhyWg+pz1Ah6/tKveF3pfMD4m41o=
Subject key identifier:   31:BC:95:FD:88:4F:89:BC:81:5F:9E:C6:4D:C7:F4:15:02:75:F5:21
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       019C9EAE935D3566358EDC91486479FFDD45
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/MbyV_YhPibyBX57GTcf0FQJ19SE.roa
Signing time:             Fri 27 Feb 2026 10:39:27 +0000
ROA not before:           Fri 27 Feb 2026 10:39:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     852
IP address blocks:        168.199.8.0/24 maxlen: 24
                          168.199.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Feb 2026 16:45:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9e:ae:93:5d:35:66:35:8e:dc:91:48:64:79:ff:dd:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: Feb 27 10:39:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=31bc95fd884f89bc815f9ec64dc7f4150275f521
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:4e:4b:2a:98:a6:2a:e0:a6:e1:fc:7e:86:59:
                    bd:b8:5b:ac:86:50:9e:f1:69:bc:16:2b:43:e9:9c:
                    4f:b0:50:c9:53:ed:dd:d2:e2:49:c4:e1:70:ec:bb:
                    49:dd:f8:5d:d7:d3:23:6c:b0:82:33:6c:68:01:81:
                    5d:c7:db:c1:98:65:a5:a5:71:69:10:28:01:8a:1f:
                    35:87:dc:a9:75:ca:89:31:fe:ca:9e:8b:ef:88:ed:
                    16:82:dc:c7:4e:5b:d9:94:93:4a:ca:89:f3:5f:4a:
                    83:dc:42:41:04:f5:9d:eb:0b:4f:8d:01:33:1b:b9:
                    44:2e:1c:cc:cb:7e:75:51:ed:b4:8b:75:59:7a:2f:
                    0f:36:d3:96:e3:d1:16:61:91:b1:e4:ac:d6:6a:50:
                    de:7b:26:de:f1:7d:90:5f:bb:4c:dd:0f:60:2a:b4:
                    78:10:1e:c5:84:8a:fc:4c:1d:32:04:35:a7:19:31:
                    63:e8:92:d7:18:69:6e:0f:d6:62:74:f6:e4:8b:29:
                    ad:c5:f4:21:46:cb:e3:28:90:65:f4:a3:70:7e:e0:
                    1a:5a:84:ea:b1:2f:ca:bc:ad:23:aa:99:f8:a2:81:
                    a6:bf:6e:e0:c9:01:46:35:11:83:0a:2a:a0:73:c7:
                    63:4f:4f:81:c8:fa:ef:ae:b8:ae:cf:17:d1:45:b8:
                    f1:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:BC:95:FD:88:4F:89:BC:81:5F:9E:C6:4D:C7:F4:15:02:75:F5:21
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/MbyV_YhPibyBX57GTcf0FQJ19SE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.199.8.0/24
                  168.199.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:63:31:e3:0a:78:82:fe:d6:2d:2d:c2:5e:79:5c:50:94:b9:
         1a:0f:59:de:b1:ee:90:da:1a:05:3a:15:49:48:d6:4e:29:ae:
         bc:f2:87:5f:69:12:b4:21:32:24:35:b5:c2:1e:58:f7:cb:e9:
         3e:e4:b5:d6:d7:37:22:06:fb:53:a5:97:7e:21:57:67:8e:21:
         9c:12:f9:48:80:dc:05:1f:cc:2a:68:60:44:9c:0d:0b:8f:b8:
         e6:48:85:90:4c:ad:7e:09:8d:2c:7f:c7:c3:35:02:0e:13:d1:
         17:cf:88:d2:a2:3b:18:fb:8a:b3:a2:ec:7f:fa:14:0f:e1:eb:
         68:36:cb:51:b0:6e:cc:e9:5b:65:3d:9b:4c:2c:3d:cb:ef:c3:
         56:4b:92:7d:cd:be:85:d4:4c:ad:d4:90:9f:7e:bc:8c:ac:eb:
         e0:b6:fc:74:8d:23:89:3b:45:27:62:06:25:aa:70:06:e5:61:
         e1:eb:aa:85:70:29:29:e4:3a:35:73:a5:34:5f:39:d0:50:57:
         39:1a:b0:08:cd:1b:4a:d4:ad:14:88:82:2d:1e:f4:4a:ea:80:
         73:bf:cc:53:7d:af:df:3e:14:70:80:51:c6:6c:8a:7e:c8:0f:
         47:6d:b1:cf:c3:8d:62:44:8c:83:c5:58:df:66:fc:d3:3e:b6:
         bb:5c:1f:8b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyerpNdNWY1jtyRSGR5/91FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjYwMjI3MTAzOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWJjOTVmZDg4NGY4OWJjODE1ZjllYzY0ZGM3ZjQxNTAyNzVmNTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmU5LKpimKuCm4fx+hlm9uFushlCe
8Wm8FitD6ZxPsFDJU+3d0uJJxOFw7LtJ3fhd19MjbLCCM2xoAYFdx9vBmGWlpXFp
ECgBih81h9ypdcqJMf7KnovviO0WgtzHTlvZlJNKyonzX0qD3EJBBPWd6wtPjQEz
G7lELhzMy351Ue20i3VZei8PNtOW49EWYZGx5KzWalDeeybe8X2QX7tM3Q9gKrR4
EB7FhIr8TB0yBDWnGTFj6JLXGGluD9ZidPbkiymtxfQhRsvjKJBl9KNwfuAaWoTq
sS/KvK0jqpn4ooGmv27gyQFGNRGDCiqgc8djT0+ByPrvrriuzxfRRbjxWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDG8lf2IT4m8gV+exk3H9BUCdfUhMB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvTWJ5Vl9ZaFBpYnlCWDU3R1RjZjBGUUoxOVNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAqMcIAwQA
qMdyMA0GCSqGSIb3DQEBCwUAA4IBAQBOYzHjCniC/tYtLcJeeVxQlLkaD1nese6Q
2hoFOhVJSNZOKa688odfaRK0ITIkNbXCHlj3y+k+5LXW1zciBvtTpZd+IVdnjiGc
EvlIgNwFH8wqaGBEnA0Lj7jmSIWQTK1+CY0sf8fDNQIOE9EXz4jSojsY+4qzoux/
+hQP4etoNstRsG7M6VtlPZtMLD3L78NWS5J9zb6F1Eyt1JCffryMrOvgtvx0jSOJ
O0UnYgYlqnAG5WHh66qFcCkp5Do1c6U0XznQUFc5GrAIzRtK1K0UiIItHvRK6oBz
v8xTfa/fPhRwgFHGbIp+yA9HbbHPw41iRIyDxVjfZvzTPra7XB+L
-----END CERTIFICATE-----