Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/icij8tzbCB1q5s1zQochnbGKB_k.roa
File:                     icij8tzbCB1q5s1zQochnbGKB_k.roa (raw, json)
Hash identifier:          5ILc/a0dy416laIUvkxzERmHvyyFM6HRRoVjgXd6PRU=
Subject key identifier:   89:C8:A3:F2:DC:DB:08:1D:6A:E6:CD:73:42:87:21:9D:B1:8A:07:F9
Certificate issuer:       /CN=c65a1da1cb1c920ae2f9b748270fded8737a9184
Certificate serial:       019C666B49050A7A1010EB1FAA8454DEFD00
Authority key identifier: C6:5A:1D:A1:CB:1C:92:0A:E2:F9:B7:48:27:0F:DE:D8:73:7A:91:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xlodocsckgri-bdIJw_e2HN6kYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/icij8tzbCB1q5s1zQochnbGKB_k.roa
Signing time:             Mon 16 Feb 2026 12:27:13 +0000
ROA not before:           Mon 16 Feb 2026 12:27:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     52208
IP address blocks:        2a0f:4043::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/xlodocsckgri-bdIJw_e2HN6kYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/xlodocsckgri-bdIJw_e2HN6kYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xlodocsckgri-bdIJw_e2HN6kYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:66:6b:49:05:0a:7a:10:10:eb:1f:aa:84:54:de:fd:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c65a1da1cb1c920ae2f9b748270fded8737a9184
        Validity
            Not Before: Feb 16 12:27:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=89c8a3f2dcdb081d6ae6cd734287219db18a07f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ab:4e:e3:b2:2c:21:54:70:c4:df:2d:07:44:
                    44:24:8d:5d:04:24:0b:cf:2a:6a:f1:02:bf:5f:4c:
                    3d:5a:01:bc:6e:b7:9f:b9:e8:94:4a:8d:bd:74:91:
                    18:16:cf:34:d0:5a:18:b8:8b:cf:41:be:68:f9:8c:
                    a7:72:e6:d5:fa:d0:be:71:49:bc:69:ac:ca:02:14:
                    f5:63:f1:c0:75:e7:9a:3b:bf:d0:58:30:d7:eb:b8:
                    1e:f2:73:ba:b2:81:98:ff:14:80:93:37:1c:00:f0:
                    7d:b8:3a:a7:25:3a:c0:36:48:6a:fd:4a:3f:18:57:
                    c1:26:2f:c6:df:90:bb:cc:cc:8b:86:93:b4:57:33:
                    fc:be:4f:07:36:84:ea:ab:ae:e7:9f:99:ba:db:2b:
                    ff:6e:3b:6d:76:5d:e4:a9:ed:42:3b:e4:96:64:3d:
                    93:88:15:72:d2:67:a7:f2:35:0d:b7:a8:1d:56:f7:
                    5a:c2:da:06:81:ad:53:20:1d:0a:b8:d4:f2:30:34:
                    ac:51:32:9d:f5:53:a6:9c:12:bf:21:9f:11:40:51:
                    48:69:7e:29:fd:60:2e:f2:8d:ab:3a:30:8d:4e:b3:
                    7b:31:65:c9:43:47:5a:62:38:89:5f:98:7c:6f:80:
                    7a:c2:10:ed:e3:e6:fd:81:8c:12:11:d5:c4:58:20:
                    c0:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:C8:A3:F2:DC:DB:08:1D:6A:E6:CD:73:42:87:21:9D:B1:8A:07:F9
            X509v3 Authority Key Identifier:
                keyid:C6:5A:1D:A1:CB:1C:92:0A:E2:F9:B7:48:27:0F:DE:D8:73:7A:91:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xlodocsckgri-bdIJw_e2HN6kYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/icij8tzbCB1q5s1zQochnbGKB_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/xlodocsckgri-bdIJw_e2HN6kYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:4043::/32

    Signature Algorithm: sha256WithRSAEncryption
         83:0e:37:35:f8:43:64:f2:60:85:97:d9:82:b4:8e:43:39:c7:
         24:8e:c7:02:92:de:a9:79:2f:b2:ee:45:d8:c1:38:d7:63:ad:
         48:6a:d8:72:b6:a7:ab:62:c0:3d:ef:31:47:d4:c4:0d:cb:66:
         c2:76:f4:e9:0a:e5:50:7b:8b:3d:6f:49:0c:68:06:99:c0:2e:
         ed:aa:c0:82:af:76:76:c9:ef:8a:43:f6:a7:66:c3:55:bc:54:
         82:f5:fa:77:ef:30:f8:20:c7:48:13:b3:b8:6a:9d:d6:e2:84:
         78:d1:84:68:7f:9c:0a:3f:c6:1f:85:25:f3:2a:4a:bd:5d:13:
         07:c5:91:7d:4b:41:b5:94:85:60:fd:3b:bc:92:55:dc:81:f8:
         c8:27:6e:41:95:30:62:79:8b:bf:82:17:f2:f4:ce:35:8e:c4:
         90:bc:af:08:b1:8f:3e:20:37:98:dc:3a:d9:6d:0c:86:ad:0e:
         39:76:d7:88:02:a0:75:a5:a2:03:5a:b2:ac:2b:8b:bc:de:8a:
         28:65:92:05:0f:71:50:b4:7f:56:b3:d0:6f:02:04:0e:23:7c:
         9c:32:26:f6:5a:33:e9:c4:27:20:cd:cf:5e:53:65:9f:97:ac:
         ec:b5:94:d6:77:55:bb:a4:ba:99:96:b7:3b:c7:e9:48:a8:ee:
         57:9f:ed:c5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZxma0kFCnoQEOsfqoRU3v0AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NWExZGExY2IxYzkyMGFlMmY5Yjc0ODI3MGZkZWQ4NzM3
YTkxODQwHhcNMjYwMjE2MTIyNzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWM4YTNmMmRjZGIwODFkNmFlNmNkNzM0Mjg3MjE5ZGIxOGEwN2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtatO47IsIVRwxN8tB0REJI1dBCQL
zypq8QK/X0w9WgG8brefueiUSo29dJEYFs800FoYuIvPQb5o+YyncubV+tC+cUm8
aazKAhT1Y/HAdeeaO7/QWDDX67ge8nO6soGY/xSAkzccAPB9uDqnJTrANkhq/Uo/
GFfBJi/G35C7zMyLhpO0VzP8vk8HNoTqq67nn5m62yv/bjttdl3kqe1CO+SWZD2T
iBVy0men8jUNt6gdVvdawtoGga1TIB0KuNTyMDSsUTKd9VOmnBK/IZ8RQFFIaX4p
/WAu8o2rOjCNTrN7MWXJQ0daYjiJX5h8b4B6whDt4+b9gYwSEdXEWCDAsQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFInIo/Lc2wgdaubNc0KHIZ2xigf5MB8GA1UdIwQY
MBaAFMZaHaHLHJIK4vm3SCcP3thzepGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGxvZG9jc2NrZ3JpLWJkSUp3X2UySE42a1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS80ZjU0YjQtMDA5Zi00NmNlLTlhYzAt
MzZiYWM4ZDkxZTJlLzEvaWNpajh0emJDQjFxNXMxelFvY2huYkdLQl9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS80ZjU0YjQtMDA5Zi00NmNlLTlhYzAtMzZiYWM4ZDkxZTJl
LzEveGxvZG9jc2NrZ3JpLWJkSUp3X2UySE42a1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg9AQzAN
BgkqhkiG9w0BAQsFAAOCAQEAgw43NfhDZPJghZfZgrSOQznHJI7HApLeqXkvsu5F
2ME412OtSGrYcranq2LAPe8xR9TEDctmwnb06QrlUHuLPW9JDGgGmcAu7arAgq92
dsnvikP2p2bDVbxUgvX6d+8w+CDHSBOzuGqd1uKEeNGEaH+cCj/GH4Ul8ypKvV0T
B8WRfUtBtZSFYP07vJJV3IH4yCduQZUwYnmLv4IX8vTONY7EkLyvCLGPPiA3mNw6
2W0Mhq0OOXbXiAKgdaWiA1qyrCuLvN6KKGWSBQ9xULR/VrPQbwIEDiN8nDIm9loz
6cQnIM3PXlNln5es7LWU1ndVu6S6mZa3O8fpSKjuV5/txQ==
-----END CERTIFICATE-----