Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211826.roa
File:                     AS211826.roa (raw, json)
Hash identifier:          7mCFXUMzaSK+OqLPOf0JbnWnMQh6fR2J0/idB7rmmIQ=
Subject key identifier:   EB:5C:42:DA:32:83:69:89:80:EE:03:0D:5E:C6:D1:89:F8:91:43:BD
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7AF9F5B1696EA259792BAE42340A4682430BBFD8
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211826.roa
Signing time:             Thu 19 Feb 2026 17:55:39 +0000
ROA not before:           Thu 19 Feb 2026 17:50:39 +0000
ROA not after:            Thu 18 Feb 2027 17:55:39 +0000
asID:                     211826
IP address blocks:        179.61.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Feb 2026 15:25:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:f9:f5:b1:69:6e:a2:59:79:2b:ae:42:34:0a:46:82:43:0b:bf:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 19 17:50:39 2026 GMT
            Not After : Feb 18 17:55:39 2027 GMT
        Subject: CN=EB5C42DA3283698980EE030D5EC6D189F89143BD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:74:c2:6f:1b:18:3e:0b:3f:7a:e2:ab:a5:fc:
                    0c:f8:cb:d7:52:85:67:c3:e5:18:80:06:40:fd:56:
                    69:f9:d0:9f:a1:15:0b:ef:1a:6e:68:a5:d1:83:48:
                    cb:46:f2:72:22:9f:1d:40:42:0f:d6:ba:df:f6:2c:
                    b3:15:32:0a:47:3d:9a:2c:4c:0f:a3:1d:01:f0:27:
                    7a:70:d7:e5:45:0b:fd:6d:52:b0:06:15:86:e5:10:
                    81:78:dc:56:a6:43:36:65:01:35:2f:19:b2:71:10:
                    7c:ed:1f:5b:f7:9a:3a:2a:83:c6:9b:7d:a2:9e:72:
                    6d:89:57:ee:ed:53:11:93:41:26:28:cc:49:10:05:
                    67:87:f7:ae:1e:19:26:a4:20:95:58:1a:6d:ec:64:
                    28:e0:dc:d5:e5:13:ed:43:ef:5b:29:50:bd:f4:cc:
                    42:61:7d:1e:47:b1:a4:ea:45:e6:cd:20:10:f7:45:
                    76:bb:10:7a:68:38:35:5d:07:f6:c7:dc:d7:ea:3d:
                    27:c9:53:e3:5a:e5:2b:df:5b:3c:a0:6a:54:fc:a7:
                    88:82:94:c5:df:90:bb:69:01:c6:cc:14:99:2d:5e:
                    72:f1:79:71:7b:06:91:0d:09:e4:b3:3f:95:d4:29:
                    43:84:77:64:49:f2:c3:5b:06:fd:95:d4:6a:3b:8b:
                    5a:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:5C:42:DA:32:83:69:89:80:EE:03:0D:5E:C6:D1:89:F8:91:43:BD
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211826.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:da:78:dd:c2:b0:f4:0a:dd:d8:f3:c5:23:54:20:1a:1d:2f:
         c8:56:e4:0b:7a:b5:8f:1f:ee:cb:1a:70:22:fe:d3:f9:c7:4a:
         55:2d:05:4c:24:4e:13:b7:5d:4c:c7:cb:06:b4:d9:c1:46:08:
         5d:c7:8d:fc:ae:e5:64:06:71:66:4d:db:cf:1a:27:3b:22:ff:
         a8:c1:59:70:ed:ba:9d:5b:dd:bc:4b:6d:2c:7e:17:38:b9:8e:
         b3:04:20:e7:17:58:4c:24:f9:e5:bd:6d:63:4d:66:74:36:86:
         d0:07:4c:a7:43:aa:37:ea:bd:41:45:e0:30:60:80:7e:85:21:
         ae:84:23:b7:4b:ac:1c:35:95:0e:08:d8:c0:48:cb:47:29:26:
         5e:99:cd:66:e5:bd:d7:10:51:a9:70:cb:7c:f1:72:a1:50:06:
         f6:d1:eb:44:ac:57:ca:93:be:ab:c1:80:04:e9:00:b1:a2:d6:
         13:36:9e:da:19:cd:fd:af:68:fc:f5:bc:0f:55:be:8e:65:11:
         67:bf:94:be:14:de:b9:74:73:e5:6d:06:d5:28:9a:e3:8c:8c:
         52:c1:fc:87:e9:10:b7:04:8c:bb:59:29:f1:38:9b:39:7b:ed:
         82:76:0c:c2:db:2b:35:90:3f:9d:85:da:2e:a9:68:57:12:d8:
         c2:50:5b:cb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUevn1sWluoll5K65CNApGgkMLv9gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAyMTkxNzUwMzlaFw0yNzAyMTgxNzU1MzlaMDMxMTAvBgNV
BAMTKEVCNUM0MkRBMzI4MzY5ODk4MEVFMDMwRDVFQzZEMTg5Rjg5MTQzQkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8dMJvGxg+Cz964qul/Az4y9dS
hWfD5RiABkD9Vmn50J+hFQvvGm5opdGDSMtG8nIinx1AQg/Wut/2LLMVMgpHPZos
TA+jHQHwJ3pw1+VFC/1tUrAGFYblEIF43FamQzZlATUvGbJxEHztH1v3mjoqg8ab
faKecm2JV+7tUxGTQSYozEkQBWeH964eGSakIJVYGm3sZCjg3NXlE+1D71spUL30
zEJhfR5HsaTqRebNIBD3RXa7EHpoODVdB/bH3NfqPSfJU+Na5SvfWzygalT8p4iC
lMXfkLtpAcbMFJktXnLxeXF7BpENCeSzP5XUKUOEd2RJ8sNbBv2V1Go7i1pfAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU61xC2jKDaYmA7gMNXsbRifiRQ70wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjExODI2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz2x
MA0GCSqGSIb3DQEBCwUAA4IBAQAf2njdwrD0Ct3Y88UjVCAaHS/IVuQLerWPH+7L
GnAi/tP5x0pVLQVMJE4Tt11Mx8sGtNnBRghdx438ruVkBnFmTdvPGic7Iv+owVlw
7bqdW928S20sfhc4uY6zBCDnF1hMJPnlvW1jTWZ0NobQB0ynQ6o36r1BReAwYIB+
hSGuhCO3S6wcNZUOCNjASMtHKSZemc1m5b3XEFGpcMt88XKhUAb20etErFfKk76r
wYAE6QCxotYTNp7aGc39r2j89bwPVb6OZRFnv5S+FN65dHPlbQbVKJrjjIxSwfyH
6RC3BIy7WSnxOJs5e+2CdgzC2ys1kD+dhdouqWhXEtjCUFvL
-----END CERTIFICATE-----