Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/GLzvmrFZwtHFe9Z1yEG5XD0OvBw.roa
File:                     GLzvmrFZwtHFe9Z1yEG5XD0OvBw.roa (raw, json)
Hash identifier:          QOv5YSca4ZcldTa0HFwimRbho38o3TvS8gmdTUQXDWI=
Subject key identifier:   18:BC:EF:9A:B1:59:C2:D1:C5:7B:D6:75:C8:41:B9:5C:3D:0E:BC:1C
Certificate issuer:       /CN=c65a1da1cb1c920ae2f9b748270fded8737a9184
Certificate serial:       019C532BEAB58AF4B1BCFADB8FB607CE0444
Authority key identifier: C6:5A:1D:A1:CB:1C:92:0A:E2:F9:B7:48:27:0F:DE:D8:73:7A:91:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xlodocsckgri-bdIJw_e2HN6kYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/GLzvmrFZwtHFe9Z1yEG5XD0OvBw.roa
Signing time:             Thu 12 Feb 2026 18:45:12 +0000
ROA not before:           Thu 12 Feb 2026 18:45:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48780
IP address blocks:        2a0f:4040::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/xlodocsckgri-bdIJw_e2HN6kYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/xlodocsckgri-bdIJw_e2HN6kYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xlodocsckgri-bdIJw_e2HN6kYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:53:2b:ea:b5:8a:f4:b1:bc:fa:db:8f:b6:07:ce:04:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c65a1da1cb1c920ae2f9b748270fded8737a9184
        Validity
            Not Before: Feb 12 18:45:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=18bcef9ab159c2d1c57bd675c841b95c3d0ebc1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b4:aa:15:a0:ae:b3:a9:de:03:9e:5a:72:90:
                    b2:fc:67:bc:f0:65:41:d6:66:48:a6:be:95:e4:0f:
                    d9:f6:6c:df:02:47:ad:82:33:52:60:f1:2c:92:13:
                    19:69:20:06:4c:0e:93:ae:ad:25:b6:6b:aa:6a:b6:
                    1e:33:8a:eb:20:07:51:51:33:24:c7:51:1d:e4:d1:
                    d4:0a:c5:29:97:69:27:cd:8a:3d:5b:fa:f2:68:90:
                    16:db:bd:8b:86:be:05:f9:01:36:48:bd:6e:6a:22:
                    99:8a:2a:e7:82:86:c1:88:b1:86:cc:5f:89:ee:78:
                    13:20:a8:0b:83:63:9b:31:a3:37:5a:38:00:cf:9d:
                    bd:95:e1:97:1d:ac:4e:03:dd:c7:36:6b:19:18:f3:
                    a8:f8:04:ec:5e:10:18:35:e8:45:b9:53:5f:1e:81:
                    d1:66:74:de:99:97:08:27:d0:46:f8:c5:9d:86:9a:
                    66:41:43:65:6c:27:96:1e:ec:ca:93:4e:4b:c2:04:
                    7d:82:13:6b:dd:35:8d:e8:90:e7:91:3a:c9:ca:b4:
                    d0:5c:f2:5d:3c:08:2f:28:67:81:9d:ad:60:60:d3:
                    29:32:41:a4:d1:79:4b:c7:9f:10:09:f5:ce:f6:52:
                    fc:7b:eb:fb:b5:90:f2:b7:e9:cb:0c:c0:a5:8f:df:
                    9d:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:BC:EF:9A:B1:59:C2:D1:C5:7B:D6:75:C8:41:B9:5C:3D:0E:BC:1C
            X509v3 Authority Key Identifier:
                keyid:C6:5A:1D:A1:CB:1C:92:0A:E2:F9:B7:48:27:0F:DE:D8:73:7A:91:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xlodocsckgri-bdIJw_e2HN6kYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/GLzvmrFZwtHFe9Z1yEG5XD0OvBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/xlodocsckgri-bdIJw_e2HN6kYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:4040::/32

    Signature Algorithm: sha256WithRSAEncryption
         4d:ff:73:d5:02:5e:6e:e9:da:f6:20:7e:fc:e3:04:1a:7c:14:
         ab:13:58:6b:1f:87:a8:04:6c:0b:48:ca:3d:e9:cb:61:33:67:
         8e:97:cf:fe:ef:fc:08:a4:76:16:26:c9:6a:6d:98:8e:8b:73:
         a1:aa:c3:0e:10:6a:71:8c:12:73:e0:83:77:30:dc:e8:ff:3f:
         34:8d:54:72:93:01:98:5c:6e:f1:12:7e:26:62:83:f8:8a:3c:
         dd:d9:11:fe:27:4a:e3:4d:2a:0c:a9:ff:9a:6e:20:23:60:25:
         90:e4:8e:5f:ca:e0:f3:c7:6a:35:bd:cf:69:0b:d2:ed:56:a6:
         02:27:23:91:9e:68:26:9a:92:83:f3:6a:d9:64:bb:0b:fa:97:
         76:01:aa:21:8b:25:ae:99:77:67:95:0e:6e:4a:41:9a:90:21:
         3f:74:27:df:ef:54:86:66:67:66:7a:a1:27:20:17:ec:e3:f3:
         64:10:67:35:c4:7e:76:fe:7a:f1:69:c5:d2:23:92:17:1a:87:
         40:b2:65:0d:9e:92:f5:8d:bc:d4:a6:b2:6e:f9:9f:d9:91:a6:
         40:a1:2f:0b:b6:6d:d4:e1:f1:0b:9c:d1:2f:b8:e0:77:79:c0:
         d4:a4:8a:3f:88:7e:26:62:55:a0:b5:da:23:a6:f6:01:74:8c:
         23:0d:d6:29
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZxTK+q1ivSxvPrbj7YHzgREMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NWExZGExY2IxYzkyMGFlMmY5Yjc0ODI3MGZkZWQ4NzM3
YTkxODQwHhcNMjYwMjEyMTg0NTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGJjZWY5YWIxNTljMmQxYzU3YmQ2NzVjODQxYjk1YzNkMGViYzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorSqFaCus6neA55acpCy/Ge88GVB
1mZIpr6V5A/Z9mzfAketgjNSYPEskhMZaSAGTA6Trq0ltmuqarYeM4rrIAdRUTMk
x1Ed5NHUCsUpl2knzYo9W/ryaJAW272Lhr4F+QE2SL1uaiKZiirngobBiLGGzF+J
7ngTIKgLg2ObMaM3WjgAz529leGXHaxOA93HNmsZGPOo+ATsXhAYNehFuVNfHoHR
ZnTemZcIJ9BG+MWdhppmQUNlbCeWHuzKk05LwgR9ghNr3TWN6JDnkTrJyrTQXPJd
PAgvKGeBna1gYNMpMkGk0XlLx58QCfXO9lL8e+v7tZDyt+nLDMClj9+d3QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBi875qxWcLRxXvWdchBuVw9DrwcMB8GA1UdIwQY
MBaAFMZaHaHLHJIK4vm3SCcP3thzepGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGxvZG9jc2NrZ3JpLWJkSUp3X2UySE42a1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS80ZjU0YjQtMDA5Zi00NmNlLTlhYzAt
MzZiYWM4ZDkxZTJlLzEvR0x6dm1yRlp3dEhGZTlaMXlFRzVYRDBPdkJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS80ZjU0YjQtMDA5Zi00NmNlLTlhYzAtMzZiYWM4ZDkxZTJl
LzEveGxvZG9jc2NrZ3JpLWJkSUp3X2UySE42a1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg9AQDAN
BgkqhkiG9w0BAQsFAAOCAQEATf9z1QJebuna9iB+/OMEGnwUqxNYax+HqARsC0jK
PenLYTNnjpfP/u/8CKR2FibJam2YjotzoarDDhBqcYwSc+CDdzDc6P8/NI1UcpMB
mFxu8RJ+JmKD+Io83dkR/idK400qDKn/mm4gI2AlkOSOX8rg88dqNb3PaQvS7Vam
AicjkZ5oJpqSg/Nq2WS7C/qXdgGqIYslrpl3Z5UObkpBmpAhP3Qn3+9UhmZnZnqh
JyAX7OPzZBBnNcR+dv568WnF0iOSFxqHQLJlDZ6S9Y281Kaybvmf2ZGmQKEvC7Zt
1OHxC5zRL7jgd3nA1KSKP4h+JmJVoLXaI6b2AXSMIw3WKQ==
-----END CERTIFICATE-----