Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/IFlrGlpmIktdxpOhrR8xYveUsbg.roa
File:                     IFlrGlpmIktdxpOhrR8xYveUsbg.roa (raw, json)
Hash identifier:          n6YOE+skPlRQCEnNvMFsjoFLedlTUeiE/VC0h2vyyho=
Subject key identifier:   20:59:6B:1A:5A:66:22:4B:5D:C6:93:A1:AD:1F:31:62:F7:94:B1:B8
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       019C52A72AA85069CADFECC20ABA03794825
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/IFlrGlpmIktdxpOhrR8xYveUsbg.roa
Signing time:             Thu 12 Feb 2026 16:20:12 +0000
ROA not before:           Thu 12 Feb 2026 16:20:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210734
IP address blocks:        77.246.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 21:36:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:52:a7:2a:a8:50:69:ca:df:ec:c2:0a:ba:03:79:48:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Feb 12 16:20:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=20596b1a5a66224b5dc693a1ad1f3162f794b1b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:80:61:b9:df:e7:69:ca:c6:69:1c:b4:91:34:
                    6a:31:c9:a9:d5:da:f4:8c:44:b3:98:e1:d4:7c:6b:
                    28:fa:09:5c:89:73:d4:91:68:04:28:6f:14:25:fd:
                    f5:3e:85:d9:c9:0a:ac:05:65:3a:06:d2:c8:3b:9b:
                    c9:7f:a8:a4:0c:b5:32:99:93:33:89:3a:eb:26:65:
                    5b:b0:74:90:c1:4a:e5:e4:27:22:f2:8c:7b:f7:dc:
                    84:82:5d:2f:bd:ba:4f:b3:03:d7:58:d0:5a:4f:dd:
                    3e:5a:2f:c3:cb:d7:63:17:00:2a:b7:78:01:d4:7a:
                    5c:5a:f5:3c:f7:f1:08:65:ac:89:a0:76:50:0c:a7:
                    aa:ff:c0:e7:ed:b1:2e:8d:30:14:0a:8d:92:05:a9:
                    f0:91:87:2c:b6:4b:50:6b:a6:ed:a1:b5:5a:e0:22:
                    e4:0f:88:6d:c1:82:f6:ef:f2:4e:7d:0d:51:0b:53:
                    75:ed:ce:cb:2f:41:ee:14:31:d4:63:1b:32:f6:48:
                    4d:a4:09:39:fa:6c:14:98:99:db:be:cf:21:48:4b:
                    c5:96:8d:2b:9c:67:2b:02:cc:83:78:53:aa:1e:4c:
                    01:1d:48:ec:c4:cb:e7:13:fc:d3:56:f1:2b:f9:ea:
                    bc:ce:b5:f6:80:52:9c:7e:fd:f3:55:15:72:21:53:
                    50:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:59:6B:1A:5A:66:22:4B:5D:C6:93:A1:AD:1F:31:62:F7:94:B1:B8
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/IFlrGlpmIktdxpOhrR8xYveUsbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:55:e2:0e:03:e3:8d:3b:1c:71:be:5f:62:bc:4f:c7:35:09:
         fe:21:91:37:97:da:ff:fa:5f:fc:0b:20:aa:7b:45:fd:52:8c:
         8c:3e:7a:a3:1c:d6:f0:f3:22:7a:76:4e:c0:f9:3e:d9:66:c3:
         97:c2:e3:32:26:53:f7:7f:f0:19:ad:3c:04:9a:39:aa:f8:a3:
         99:3b:78:d8:c8:6f:be:05:81:43:85:94:62:3e:37:81:04:47:
         71:77:c4:0f:e7:e1:67:1d:79:92:eb:06:97:62:25:60:4f:50:
         b9:dd:46:c9:65:0a:c4:a9:be:54:09:04:f9:f0:50:9d:25:a0:
         f1:a8:52:c6:c7:4a:fd:ae:98:61:18:ce:e2:e9:44:45:9f:9a:
         1b:94:e9:57:45:a7:6c:fc:81:2a:f2:c9:f6:01:1d:61:57:98:
         7d:b5:e6:f9:0a:67:0f:26:3b:15:67:a4:a3:18:08:7c:59:22:
         ac:62:db:49:fe:b5:31:91:b4:37:49:8d:e2:59:b6:ee:53:c9:
         80:4e:6d:70:53:d7:51:24:51:e6:25:3b:27:6d:ee:55:20:f3:
         1a:92:23:34:66:98:f7:df:93:7b:08:76:b4:f2:d4:11:c0:62:
         63:bc:cc:5f:ea:66:ab:75:29:12:14:4e:51:22:65:06:f8:27:
         aa:6f:f3:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxSpyqoUGnK3+zCCroDeUglMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjYwMjEyMTYyMDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDU5NmIxYTVhNjYyMjRiNWRjNjkzYTFhZDFmMzE2MmY3OTRiMWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6oBhud/nacrGaRy0kTRqMcmp1dr0
jESzmOHUfGso+glciXPUkWgEKG8UJf31PoXZyQqsBWU6BtLIO5vJf6ikDLUymZMz
iTrrJmVbsHSQwUrl5Cci8ox799yEgl0vvbpPswPXWNBaT90+Wi/Dy9djFwAqt3gB
1HpcWvU89/EIZayJoHZQDKeq/8Dn7bEujTAUCo2SBanwkYcstktQa6btobVa4CLk
D4htwYL27/JOfQ1RC1N17c7LL0HuFDHUYxsy9khNpAk5+mwUmJnbvs8hSEvFlo0r
nGcrAsyDeFOqHkwBHUjsxMvnE/zTVvEr+eq8zrX2gFKcfv3zVRVyIVNQIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCBZaxpaZiJLXcaToa0fMWL3lLG4MB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvSUZsckdscG1Ja3RkeHBPaHJSOHhZdmVVc2JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATfbfMA0G
CSqGSIb3DQEBCwUAA4IBAQCXVeIOA+ONOxxxvl9ivE/HNQn+IZE3l9r/+l/8CyCq
e0X9UoyMPnqjHNbw8yJ6dk7A+T7ZZsOXwuMyJlP3f/AZrTwEmjmq+KOZO3jYyG++
BYFDhZRiPjeBBEdxd8QP5+FnHXmS6waXYiVgT1C53UbJZQrEqb5UCQT58FCdJaDx
qFLGx0r9rphhGM7i6URFn5oblOlXRads/IEq8sn2AR1hV5h9teb5CmcPJjsVZ6Sj
GAh8WSKsYttJ/rUxkbQ3SY3iWbbuU8mATm1wU9dRJFHmJTsnbe5VIPMakiM0Zpj3
35N7CHa08tQRwGJjvMxf6mardSkSFE5RImUG+Ceqb/Pd
-----END CERTIFICATE-----