Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/yv8FhbcnTRrN9TOc-2PsqWje6m8.roa
File:                     yv8FhbcnTRrN9TOc-2PsqWje6m8.roa (raw, json)
Hash identifier:          P9uulFa6QaPUohj+iTguvv0i6CS/+WyKM74MIfRJ4RY=
Subject key identifier:   CA:FF:05:85:B7:27:4D:1A:CD:F5:33:9C:FB:63:EC:A9:68:DE:EA:6F
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019C2F525320E98141FD269D67F455D5B462
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/yv8FhbcnTRrN9TOc-2PsqWje6m8.roa
Signing time:             Thu 05 Feb 2026 19:40:50 +0000
ROA not before:           Thu 05 Feb 2026 19:40:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203534
IP address blocks:        2a0d:d940:2009::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:2f:52:53:20:e9:81:41:fd:26:9d:67:f4:55:d5:b4:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Feb  5 19:40:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=caff0585b7274d1acdf5339cfb63eca968deea6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:bb:12:88:d7:f1:a5:a0:b3:f3:2a:dc:30:dd:
                    07:c4:21:0e:5a:20:68:5e:e1:5f:9e:b9:40:5c:76:
                    34:7f:34:a5:f7:5c:7c:41:d9:b2:3a:73:8d:95:e8:
                    16:0b:e5:57:41:98:cc:ea:b3:8a:f6:0b:dd:3f:b0:
                    46:7c:85:26:eb:8b:23:76:08:98:92:e2:22:51:f0:
                    c0:80:39:54:69:fd:b1:c0:6b:d8:0a:04:bb:9c:5b:
                    96:67:59:d5:88:07:bb:74:41:c2:80:f2:75:68:8d:
                    5b:86:f0:e3:73:59:88:ff:32:ab:50:7b:59:72:08:
                    54:69:90:48:43:34:28:ec:db:ce:1f:bc:32:a5:e7:
                    4e:95:42:a2:1e:f0:de:fa:ec:27:20:0f:a5:7b:f9:
                    7a:4c:8a:81:2d:46:ff:8b:9a:50:38:70:f4:55:39:
                    5a:76:d3:a4:2b:0b:65:07:be:34:49:84:fd:b1:25:
                    84:93:9c:80:9f:f8:3b:0a:e7:80:c9:06:59:8c:4c:
                    ad:ec:6a:3e:ba:6e:f3:a3:5a:44:dc:a3:13:29:4f:
                    84:63:6e:38:3e:ed:7c:19:04:2d:17:cf:f6:49:1b:
                    f5:ad:1b:4f:b5:07:55:62:fc:4b:91:51:37:6f:2b:
                    a0:05:ec:6e:92:63:23:20:60:f4:5c:d7:38:2a:62:
                    60:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:FF:05:85:B7:27:4D:1A:CD:F5:33:9C:FB:63:EC:A9:68:DE:EA:6F
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/yv8FhbcnTRrN9TOc-2PsqWje6m8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:2009::/48

    Signature Algorithm: sha256WithRSAEncryption
         ba:68:4a:f7:2c:cc:6a:73:fe:f6:b0:bc:4e:6e:b9:31:c7:35:
         5d:4b:e3:f1:6a:e9:4b:68:9f:a9:72:3d:70:7a:8d:aa:b1:1c:
         31:8f:b2:fc:02:8b:dc:a8:b2:72:d1:e2:bd:03:4d:b9:1a:87:
         d3:ac:ec:b8:7d:a6:bb:ea:d4:6e:0f:33:b2:fb:4c:e8:37:af:
         6b:84:51:a0:be:2a:7c:55:ae:6f:e1:5f:a2:c7:79:3f:7f:31:
         6b:44:33:a7:94:1c:79:ac:85:34:2d:7b:a3:37:19:f0:5d:f2:
         eb:08:78:88:a9:35:f4:1f:63:61:27:4f:84:c9:fa:f9:85:ca:
         8a:e2:e8:69:b4:9e:88:b8:54:d3:81:5b:80:44:f9:81:fe:36:
         8b:40:2c:d3:8c:db:7d:99:77:b7:a8:6f:59:b9:cd:11:98:6d:
         bb:67:40:33:18:d4:ad:1b:3b:e3:2f:15:6d:61:61:9a:fd:69:
         15:56:bf:96:ec:02:53:f4:af:6f:5b:cc:4b:a2:f7:8f:4b:48:
         94:06:d3:6d:66:6a:e7:6a:12:bb:97:0b:ba:c2:b2:7a:dc:61:
         44:94:75:55:5a:ae:b3:b6:e2:4c:6d:1a:82:be:cd:a8:71:ca:
         62:a4:38:56:83:c8:38:9a:75:43:17:0b:67:1e:94:22:57:9e:
         7d:7c:ba:08
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZwvUlMg6YFB/SadZ/RV1bRiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwMjA1MTk0MDUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWZmMDU4NWI3Mjc0ZDFhY2RmNTMzOWNmYjYzZWNhOTY4ZGVlYTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6LsSiNfxpaCz8yrcMN0HxCEOWiBo
XuFfnrlAXHY0fzSl91x8QdmyOnONlegWC+VXQZjM6rOK9gvdP7BGfIUm64sjdgiY
kuIiUfDAgDlUaf2xwGvYCgS7nFuWZ1nViAe7dEHCgPJ1aI1bhvDjc1mI/zKrUHtZ
cghUaZBIQzQo7NvOH7wypedOlUKiHvDe+uwnIA+le/l6TIqBLUb/i5pQOHD0VTla
dtOkKwtlB740SYT9sSWEk5yAn/g7CueAyQZZjEyt7Go+um7zo1pE3KMTKU+EY244
Pu18GQQtF8/2SRv1rRtPtQdVYvxLkVE3byugBexukmMjIGD0XNc4KmJggQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMr/BYW3J00azfUznPtj7Klo3upvMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEveXY4RmhiY25UUnJOOVRPYy0yUHNxV2plNm04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg3ZQCAJ
MA0GCSqGSIb3DQEBCwUAA4IBAQC6aEr3LMxqc/72sLxObrkxxzVdS+PxaulLaJ+p
cj1weo2qsRwxj7L8AovcqLJy0eK9A025GofTrOy4faa76tRuDzOy+0zoN69rhFGg
vip8Va5v4V+ix3k/fzFrRDOnlBx5rIU0LXujNxnwXfLrCHiIqTX0H2NhJ0+Eyfr5
hcqK4uhptJ6IuFTTgVuARPmB/jaLQCzTjNt9mXe3qG9Zuc0RmG27Z0AzGNStGzvj
LxVtYWGa/WkVVr+W7AJT9K9vW8xLovePS0iUBtNtZmrnahK7lwu6wrJ63GFElHVV
Wq6ztuJMbRqCvs2occpipDhWg8g4mnVDFwtnHpQiV559fLoI
-----END CERTIFICATE-----