Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/TxA7LZAEQ_1O1wo4B0jrXnmrDhw.roa
File:                     TxA7LZAEQ_1O1wo4B0jrXnmrDhw.roa (raw, json)
Hash identifier:          5o3TCb2lIaRZg6xjEwTN8/Pb07E53fm4tlVwapwpcIc=
Subject key identifier:   4F:10:3B:2D:90:04:43:FD:4E:D7:0A:38:07:48:EB:5E:79:AB:0E:1C
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019C5BE977A2FCD16E76ED75E0CD467D17A6
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/TxA7LZAEQ_1O1wo4B0jrXnmrDhw.roa
Signing time:             Sat 14 Feb 2026 11:29:13 +0000
ROA not before:           Sat 14 Feb 2026 11:29:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214891
IP address blocks:        2a0d:d940:c0::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 04:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:5b:e9:77:a2:fc:d1:6e:76:ed:75:e0:cd:46:7d:17:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Feb 14 11:29:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4f103b2d900443fd4ed70a380748eb5e79ab0e1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:bc:d4:4b:ca:1e:cb:2e:f8:0e:2a:2b:95:ca:
                    3b:f6:7d:0d:85:ac:97:b8:dc:f1:40:bc:87:b9:ec:
                    90:fc:1b:a5:c6:c3:cf:66:17:64:f2:46:29:c7:1b:
                    1c:46:13:a4:00:fb:af:82:49:9a:0e:8e:4b:7a:f3:
                    8d:29:c1:fb:df:dc:da:d5:bb:38:a3:9d:46:23:30:
                    a9:6e:21:b8:58:0a:53:cd:33:52:10:d1:68:4c:f2:
                    3d:f1:2a:a1:a6:39:e4:20:fe:81:23:6a:97:b6:de:
                    af:c0:2e:8d:e2:d6:06:e9:45:e1:88:c8:61:64:d1:
                    81:72:bf:25:7b:d1:0b:0a:31:0e:83:de:47:97:f9:
                    d7:b7:2a:ce:4a:18:67:b2:bb:ec:5a:c1:96:e2:33:
                    63:47:a8:36:0d:b6:b4:26:d6:3b:cf:ac:15:ad:95:
                    9c:aa:a1:55:ea:bf:45:86:ea:1d:c4:a7:9f:85:51:
                    f4:42:bc:81:61:ac:58:c6:91:78:ab:c2:73:9f:12:
                    e5:38:83:2e:6e:18:7c:f4:1e:de:c4:8b:6b:b3:fe:
                    4d:5d:b3:31:45:57:42:83:f5:90:cc:75:f6:dc:82:
                    72:e8:bb:70:cf:a8:de:56:35:66:f7:c1:9e:ef:db:
                    44:9b:4f:60:07:a9:f1:ce:26:34:80:ba:53:76:ac:
                    66:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:10:3B:2D:90:04:43:FD:4E:D7:0A:38:07:48:EB:5E:79:AB:0E:1C
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/TxA7LZAEQ_1O1wo4B0jrXnmrDhw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         c7:b3:cd:d8:19:73:e2:5b:81:8b:0c:2f:43:6d:d5:b7:3a:53:
         38:32:ee:b0:6e:fa:88:fe:6d:b5:7e:72:12:3d:22:78:e4:42:
         10:38:74:72:86:69:b5:7b:94:36:08:c4:40:9b:58:fd:d2:29:
         a6:14:e9:25:21:90:51:c3:35:d1:97:c4:7d:8b:ec:78:ae:15:
         96:f1:37:40:62:47:5d:da:40:dc:2b:31:cb:aa:55:10:8c:4b:
         95:61:2d:4d:d4:6e:77:8b:36:40:2e:fd:aa:97:64:03:04:46:
         22:90:6b:c9:ea:23:28:30:0b:3b:88:fc:f9:d9:28:65:f7:d6:
         6f:b8:28:d7:18:44:ce:eb:50:5d:6b:8e:fd:2d:11:02:41:1f:
         30:5d:46:0e:cc:17:b6:80:7b:19:e2:24:15:d3:f7:76:5b:e7:
         3e:b9:d0:fa:8b:7e:d9:2d:27:24:d8:44:16:e6:d2:0c:86:7f:
         c6:22:7a:12:a1:78:a6:1a:08:55:a9:5f:ff:41:a1:94:f2:5c:
         7a:7c:d6:7f:5c:a0:a7:7d:17:30:bd:41:ab:2d:47:f3:2a:6f:
         45:8c:0e:78:b3:16:81:c8:2c:d2:bf:d7:26:b9:b5:b2:49:85:
         54:d3:8c:dd:75:e2:be:95:bd:07:83:b6:73:f7:98:5b:51:7b:
         91:d3:cc:d5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZxb6Xei/NFudu114M1GfRemMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwMjE0MTEyOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjEwM2IyZDkwMDQ0M2ZkNGVkNzBhMzgwNzQ4ZWI1ZTc5YWIwZTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkrzUS8oeyy74Diorlco79n0NhayX
uNzxQLyHueyQ/BulxsPPZhdk8kYpxxscRhOkAPuvgkmaDo5LevONKcH739za1bs4
o51GIzCpbiG4WApTzTNSENFoTPI98SqhpjnkIP6BI2qXtt6vwC6N4tYG6UXhiMhh
ZNGBcr8le9ELCjEOg95Hl/nXtyrOShhnsrvsWsGW4jNjR6g2Dba0JtY7z6wVrZWc
qqFV6r9FhuodxKefhVH0QryBYaxYxpF4q8JznxLlOIMubhh89B7exItrs/5NXbMx
RVdCg/WQzHX23IJy6Ltwz6jeVjVm98Ge79tEm09gB6nxziY0gLpTdqxmyQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE8QOy2QBEP9TtcKOAdI6155qw4cMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvVHhBN0xaQUVRXzFPMXdvNEIwanJYbm1yRGh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg3ZQADA
MA0GCSqGSIb3DQEBCwUAA4IBAQDHs83YGXPiW4GLDC9DbdW3OlM4Mu6wbvqI/m21
fnISPSJ45EIQOHRyhmm1e5Q2CMRAm1j90immFOklIZBRwzXRl8R9i+x4rhWW8TdA
Ykdd2kDcKzHLqlUQjEuVYS1N1G53izZALv2ql2QDBEYikGvJ6iMoMAs7iPz52Shl
99ZvuCjXGETO61Bda479LRECQR8wXUYOzBe2gHsZ4iQV0/d2W+c+udD6i37ZLSck
2EQW5tIMhn/GInoSoXimGghVqV//QaGU8lx6fNZ/XKCnfRcwvUGrLUfzKm9FjA54
sxaByCzSv9cmubWySYVU04zddeK+lb0Hg7Zz95hbUXuR08zV
-----END CERTIFICATE-----