Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/dmFM-DRk9tl8ImtpgaPJLAX25dA.roa
File:                     dmFM-DRk9tl8ImtpgaPJLAX25dA.roa (raw, json)
Hash identifier:          Y5nslR68OgW8QnrN5r1bUmRmrJiirrKj0Uq5h/YRRC0=
Subject key identifier:   76:61:4C:F8:34:64:F6:D9:7C:22:6B:69:81:A3:C9:2C:05:F6:E5:D0
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019C34BCC8C4105397B3B25FB7848D40B0BD
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/dmFM-DRk9tl8ImtpgaPJLAX25dA.roa
Signing time:             Fri 06 Feb 2026 20:55:13 +0000
ROA not before:           Fri 06 Feb 2026 20:55:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210457
IP address blocks:        2a0d:d940:400::/40 maxlen: 40
                          2a0d:d940:500::/40 maxlen: 40
                          2a0d:d940:90a6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:34:bc:c8:c4:10:53:97:b3:b2:5f:b7:84:8d:40:b0:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Feb  6 20:55:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=76614cf83464f6d97c226b6981a3c92c05f6e5d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a9:7b:2e:8d:1d:c7:1b:bd:62:d2:28:6c:ba:
                    b4:59:ff:2c:c8:2d:a3:d5:36:eb:11:87:3a:f4:3d:
                    a4:77:46:e7:d2:7f:1b:7c:78:25:a7:15:05:03:81:
                    e0:c8:e0:fb:de:d7:6f:85:bd:0c:04:80:76:1d:40:
                    dd:b4:67:5f:1a:eb:79:4a:44:ca:78:2e:de:8f:52:
                    c3:be:81:cd:b1:f9:49:67:e7:81:3f:80:70:83:86:
                    25:6d:17:0f:42:e5:38:63:3c:e4:1b:0b:f4:5a:81:
                    fa:33:a6:be:cd:17:c0:cb:8c:01:56:3f:40:8d:0b:
                    d4:e1:b7:e3:f2:f6:1f:7c:19:a3:f0:97:2a:38:a8:
                    7f:af:53:ef:5e:25:8a:d3:a8:c9:95:ec:e7:38:4e:
                    9d:ec:66:72:2a:ac:75:f5:1f:e6:37:c3:9a:98:64:
                    6b:f7:eb:86:d2:09:69:1d:51:fa:4b:cc:77:ad:25:
                    25:10:8a:51:1c:f9:7e:06:8f:c5:f9:39:c1:75:74:
                    87:09:5d:c6:73:45:c9:4e:b7:02:5a:0b:5a:e7:d9:
                    75:f2:74:ff:b8:ff:8a:f7:62:0b:53:8d:e6:8d:95:
                    bd:57:5c:c2:bb:73:82:3e:e5:f5:da:60:16:63:bd:
                    c2:ed:3c:00:22:bc:49:cc:e2:8d:5b:1e:70:cc:e8:
                    6f:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:61:4C:F8:34:64:F6:D9:7C:22:6B:69:81:A3:C9:2C:05:F6:E5:D0
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/dmFM-DRk9tl8ImtpgaPJLAX25dA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:400::/39
                  2a0d:d940:90a6::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:ad:f0:ac:9f:50:01:0a:54:4d:6f:d9:bd:8b:91:4d:de:40:
         22:51:93:da:61:cc:12:cd:9f:a5:c9:63:51:0d:f3:52:5e:69:
         b4:b5:e1:42:c6:22:e2:c6:ca:b2:ee:04:d8:82:3f:c7:b7:05:
         08:12:e6:56:d2:3d:e2:9e:84:0b:4e:c6:ed:b6:22:ab:14:e1:
         75:b2:51:c1:f3:31:4b:f5:09:75:69:41:df:ed:18:63:96:76:
         ca:65:21:f7:0d:fb:76:74:bb:60:c6:6a:6e:6c:c2:d3:b3:ce:
         32:f9:83:25:bf:32:bd:ec:da:1a:c0:ed:ef:6c:93:d2:28:aa:
         54:4d:46:78:c3:bc:e9:6b:43:02:77:ce:48:c8:61:ce:68:31:
         6e:54:f9:e5:19:02:a6:4a:c0:3b:5a:79:8b:cf:c1:6b:77:b6:
         d2:cf:06:ef:ed:7b:c0:00:4f:85:cb:6a:19:a3:e8:7d:3e:84:
         35:c6:e1:89:7b:ab:26:34:d5:7e:17:d8:dc:ee:97:9a:38:f7:
         70:86:d6:ba:79:50:25:3b:70:69:d0:48:c2:52:68:79:39:db:
         ec:6c:11:20:7f:ec:c6:86:cb:0e:0c:03:2a:2b:e6:25:7e:57:
         38:f9:eb:5c:8f:44:e4:79:e0:62:f0:9c:19:a7:78:27:72:99:
         a8:71:87:77
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZw0vMjEEFOXs7Jft4SNQLC9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwMjA2MjA1NTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjYxNGNmODM0NjRmNmQ5N2MyMjZiNjk4MWEzYzkyYzA1ZjZlNWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAral7Lo0dxxu9YtIobLq0Wf8syC2j
1TbrEYc69D2kd0bn0n8bfHglpxUFA4HgyOD73tdvhb0MBIB2HUDdtGdfGut5SkTK
eC7ej1LDvoHNsflJZ+eBP4Bwg4YlbRcPQuU4YzzkGwv0WoH6M6a+zRfAy4wBVj9A
jQvU4bfj8vYffBmj8JcqOKh/r1PvXiWK06jJleznOE6d7GZyKqx19R/mN8OamGRr
9+uG0glpHVH6S8x3rSUlEIpRHPl+Bo/F+TnBdXSHCV3Gc0XJTrcCWgta59l18nT/
uP+K92ILU43mjZW9V1zCu3OCPuX12mAWY73C7TwAIrxJzOKNWx5wzOhvwwIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFHZhTPg0ZPbZfCJraYGjySwF9uXQMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvZG1GTS1EUms5dGw4SW10cGdhUEpMQVgyNWRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYBKg3ZQAQD
BwAqDdlAkKYwDQYJKoZIhvcNAQELBQADggEBADSt8KyfUAEKVE1v2b2LkU3eQCJR
k9phzBLNn6XJY1EN81JeabS14ULGIuLGyrLuBNiCP8e3BQgS5lbSPeKehAtOxu22
IqsU4XWyUcHzMUv1CXVpQd/tGGOWdsplIfcN+3Z0u2DGam5swtOzzjL5gyW/Mr3s
2hrA7e9sk9IoqlRNRnjDvOlrQwJ3zkjIYc5oMW5U+eUZAqZKwDtaeYvPwWt3ttLP
Bu/te8AAT4XLahmj6H0+hDXG4Yl7qyY01X4X2Nzul5o493CG1rp5UCU7cGnQSMJS
aHk52+xsESB/7MaGyw4MAyor5iV+Vzj561yPROR54GLwnBmneCdymahxh3c=
-----END CERTIFICATE-----