Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/o2l8xzkmVJWqm4ShtsEWZOgOYfs.roa
File:                     o2l8xzkmVJWqm4ShtsEWZOgOYfs.roa (raw, json)
Hash identifier:          LJ04zYKzGbwKYdxO34r5QetPcNFFzW69WM6bxmWsEAg=
Subject key identifier:   A3:69:7C:C7:39:26:54:95:AA:9B:84:A1:B6:C1:16:64:E8:0E:61:FB
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019C9D6D39E7F7A0328A70BCB36AE25A4607
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/o2l8xzkmVJWqm4ShtsEWZOgOYfs.roa
Signing time:             Fri 27 Feb 2026 04:48:27 +0000
ROA not before:           Fri 27 Feb 2026 04:48:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213887
IP address blocks:        2a0d:d940:1e00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 04:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9d:6d:39:e7:f7:a0:32:8a:70:bc:b3:6a:e2:5a:46:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Feb 27 04:48:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a3697cc739265495aa9b84a1b6c11664e80e61fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:10:e5:98:b9:6b:2f:4f:84:c7:12:9f:da:58:
                    aa:15:0d:94:f7:2d:fa:cd:77:cd:4f:f0:67:9d:d1:
                    d9:d7:53:22:80:a9:a1:ad:4b:3d:16:36:bd:4e:7e:
                    86:98:a0:ce:de:ba:70:ea:c8:29:50:54:b0:77:5a:
                    1a:97:99:72:c9:b6:20:12:49:92:a8:86:e1:b2:50:
                    10:03:67:03:85:73:92:24:88:e7:a5:5c:8d:ce:aa:
                    d9:3f:48:c6:06:48:26:c2:36:38:d1:ac:20:14:ea:
                    c9:2b:20:9b:f5:54:c9:94:cd:d6:e1:5a:c7:55:bd:
                    af:f3:55:62:b5:12:39:7f:f9:88:e4:77:cc:ee:92:
                    55:c9:6d:a3:f3:c4:b5:d8:7b:c2:6e:2b:7d:0c:f1:
                    bb:27:fb:40:25:1d:76:1c:44:44:34:32:03:7b:6b:
                    c6:23:eb:d2:82:f5:4f:5f:4b:eb:15:33:73:81:20:
                    ae:98:68:c9:a6:4a:97:2f:45:54:77:94:c9:7d:85:
                    0f:da:26:7f:e9:2d:68:c6:1e:4b:b6:f5:2c:be:30:
                    60:f3:fa:b7:75:84:b4:0a:08:c8:1f:80:10:57:b6:
                    a1:55:db:f5:3e:3f:31:4d:87:27:f1:81:cc:81:1d:
                    9a:06:4f:54:6e:1f:14:ad:77:37:9b:5b:79:52:37:
                    dd:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:69:7C:C7:39:26:54:95:AA:9B:84:A1:B6:C1:16:64:E8:0E:61:FB
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/o2l8xzkmVJWqm4ShtsEWZOgOYfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:1e00::/40

    Signature Algorithm: sha256WithRSAEncryption
         5c:8d:bc:91:99:51:93:c9:99:e3:04:dd:e6:21:60:5f:4d:0c:
         ee:00:40:fd:4b:e4:51:e6:5c:90:45:6c:3e:db:8c:37:cf:6b:
         28:41:0c:d0:01:4d:dd:cf:b6:0d:95:dd:56:70:86:1d:d4:5d:
         c8:e9:a0:a1:15:12:14:e4:32:28:2e:ca:44:cb:ae:54:67:b9:
         a3:9e:63:a0:42:0c:b5:91:fe:f7:0b:ad:bb:1f:4c:b1:46:7d:
         a1:d0:08:af:80:a8:d8:0a:a9:29:f8:b3:5f:b6:f8:54:9e:15:
         d9:19:56:cb:9a:60:13:88:ec:79:8d:74:52:88:25:62:95:cf:
         7a:59:0f:03:d9:bc:69:3a:48:7b:87:8c:f4:3d:95:00:63:26:
         cc:d7:ec:ac:32:b0:7d:2a:c6:2c:76:f2:c8:54:b1:8a:78:b4:
         ba:3e:72:44:84:20:10:a6:85:30:ab:ba:0b:5f:cd:c1:a1:3c:
         a8:50:2d:f5:d1:79:61:a6:d8:cd:57:7a:af:95:26:e7:13:7e:
         ef:e4:77:23:c4:43:3d:62:9d:fd:5a:a2:0e:86:44:e0:f7:01:
         04:4f:c9:c2:5e:b3:23:33:a8:eb:eb:33:c9:e6:e6:e4:86:09:
         31:62:47:8a:42:1f:57:06:21:63:c2:29:fb:f7:36:93:6e:b2:
         7e:81:a0:69
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZydbTnn96AyinC8s2riWkYHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwMjI3MDQ0ODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzY5N2NjNzM5MjY1NDk1YWE5Yjg0YTFiNmMxMTY2NGU4MGU2MWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+RDlmLlrL0+ExxKf2liqFQ2U9y36
zXfNT/BnndHZ11MigKmhrUs9Fja9Tn6GmKDO3rpw6sgpUFSwd1oal5lyybYgEkmS
qIbhslAQA2cDhXOSJIjnpVyNzqrZP0jGBkgmwjY40awgFOrJKyCb9VTJlM3W4VrH
Vb2v81VitRI5f/mI5HfM7pJVyW2j88S12HvCbit9DPG7J/tAJR12HERENDIDe2vG
I+vSgvVPX0vrFTNzgSCumGjJpkqXL0VUd5TJfYUP2iZ/6S1oxh5LtvUsvjBg8/q3
dYS0CgjIH4AQV7ahVdv1Pj8xTYcn8YHMgR2aBk9Ubh8UrXc3m1t5UjfdWwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKNpfMc5JlSVqpuEobbBFmToDmH7MB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvbzJsOHh6a21WSldxbTRTaHRzRVdaT2dPWWZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg3ZQB4w
DQYJKoZIhvcNAQELBQADggEBAFyNvJGZUZPJmeME3eYhYF9NDO4AQP1L5FHmXJBF
bD7bjDfPayhBDNABTd3Ptg2V3VZwhh3UXcjpoKEVEhTkMiguykTLrlRnuaOeY6BC
DLWR/vcLrbsfTLFGfaHQCK+AqNgKqSn4s1+2+FSeFdkZVsuaYBOI7HmNdFKIJWKV
z3pZDwPZvGk6SHuHjPQ9lQBjJszX7KwysH0qxix28shUsYp4tLo+ckSEIBCmhTCr
ugtfzcGhPKhQLfXReWGm2M1Xeq+VJucTfu/kdyPEQz1inf1aog6GROD3AQRPycJe
syMzqOvrM8nm5uSGCTFiR4pCH1cGIWPCKfv3NpNusn6BoGk=
-----END CERTIFICATE-----