Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/Cou0xNud2LpwOIH0myCpXc1zcG0.roa
File:                     Cou0xNud2LpwOIH0myCpXc1zcG0.roa (raw, json)
Hash identifier:          uLJae1Pu0MYfy99eJl2gqISm3cbYckcCS0/KY+MuXd4=
Subject key identifier:   0A:8B:B4:C4:DB:9D:D8:BA:70:38:81:F4:9B:20:A9:5D:CD:73:70:6D
Certificate issuer:       /CN=663a24480f04d1318bf1a70dabffa4b27ef32da2
Certificate serial:       019C48438EF0D634397E872650A332DD7BD3
Authority key identifier: 66:3A:24:48:0F:04:D1:31:8B:F1:A7:0D:AB:FF:A4:B2:7E:F3:2D:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZjokSA8E0TGL8acNq_-ksn7zLaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/Cou0xNud2LpwOIH0myCpXc1zcG0.roa
Signing time:             Tue 10 Feb 2026 15:55:12 +0000
ROA not before:           Tue 10 Feb 2026 15:55:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56718
IP address blocks:        2a14:a903::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/ZjokSA8E0TGL8acNq_-ksn7zLaI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/ZjokSA8E0TGL8acNq_-ksn7zLaI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZjokSA8E0TGL8acNq_-ksn7zLaI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 03:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:48:43:8e:f0:d6:34:39:7e:87:26:50:a3:32:dd:7b:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=663a24480f04d1318bf1a70dabffa4b27ef32da2
        Validity
            Not Before: Feb 10 15:55:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0a8bb4c4db9dd8ba703881f49b20a95dcd73706d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:27:3f:1c:25:11:dc:bd:e9:95:ee:8a:b4:81:
                    ba:13:de:67:ab:6a:a8:15:f4:3b:bc:09:8f:18:60:
                    16:56:ab:81:f3:a6:cb:cb:f9:ab:37:61:3f:4d:76:
                    90:eb:5a:b6:8c:97:a8:9f:18:4c:bb:ad:46:e3:bd:
                    82:84:63:cb:d2:a1:22:ae:ff:2c:d4:d2:d5:0e:5e:
                    e0:e5:85:2b:14:66:6f:fa:df:68:bc:42:71:90:40:
                    26:49:b6:39:5e:37:c3:c2:c0:e3:01:d9:c7:89:83:
                    ef:d2:f5:69:cc:d3:0f:98:22:11:6a:c4:a8:8d:70:
                    95:da:14:a1:4d:03:99:5e:e3:ce:9b:c4:7e:e4:74:
                    b9:87:28:3a:06:e6:e1:a6:dc:c4:72:2b:df:64:2d:
                    45:77:05:72:44:53:0e:ac:9a:18:b0:41:e9:61:6d:
                    7c:8f:56:0e:61:6c:bc:27:a3:4d:ee:d8:d9:d3:0a:
                    45:5f:12:5d:c8:ae:0f:ce:85:bc:09:b1:6d:cc:97:
                    a6:2c:d7:1d:f2:c7:64:25:f1:72:90:bc:28:f0:54:
                    b7:b5:45:a8:74:3a:b3:d4:c6:e2:cf:53:09:c6:6c:
                    01:04:f7:64:df:b8:79:b0:83:85:b5:79:fe:f1:78:
                    ac:c1:6f:73:8d:cd:96:e6:f2:71:6c:e9:5f:9f:4f:
                    cd:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:8B:B4:C4:DB:9D:D8:BA:70:38:81:F4:9B:20:A9:5D:CD:73:70:6D
            X509v3 Authority Key Identifier:
                keyid:66:3A:24:48:0F:04:D1:31:8B:F1:A7:0D:AB:FF:A4:B2:7E:F3:2D:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZjokSA8E0TGL8acNq_-ksn7zLaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/Cou0xNud2LpwOIH0myCpXc1zcG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/ZjokSA8E0TGL8acNq_-ksn7zLaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:a903::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:b4:8f:66:9d:5b:56:d9:eb:db:13:d9:ed:63:46:b6:e7:54:
         03:49:1f:19:28:b1:8e:33:29:4e:bd:5d:1c:7c:e8:be:fb:46:
         da:fb:b5:26:f4:0f:20:01:30:33:ea:ce:09:2b:44:82:b9:df:
         39:41:29:7c:3c:a1:a0:26:9f:19:42:93:e5:c7:e5:56:a0:86:
         5b:dc:3d:7e:b0:f9:a6:ed:fe:8b:3b:fb:00:7b:58:34:67:cc:
         53:95:0e:1b:f0:15:73:b1:84:db:5d:c5:00:96:5c:9e:b2:e7:
         d2:98:ce:7a:e9:a9:d4:10:c1:1d:24:46:fc:c7:7c:93:19:11:
         10:c0:c7:c5:4e:17:2a:bc:ca:df:b4:06:70:07:ea:a5:cf:0e:
         f4:cd:d8:b0:ea:9e:27:da:4b:cf:20:f1:93:5d:9e:ba:65:93:
         26:7a:be:2d:be:f4:6e:0b:d1:76:b6:e8:05:ec:50:a8:bd:ae:
         28:59:e6:e2:c1:ae:86:de:09:89:c8:91:d6:52:7b:4c:4c:44:
         16:bf:dd:b8:48:73:6e:84:e0:94:4a:24:e3:23:f1:33:16:64:
         7e:28:ef:66:f0:44:fe:f3:09:8a:68:3a:8e:e1:12:0c:fa:dc:
         d7:f3:43:c6:89:c0:51:30:ac:47:82:c7:31:41:6f:ff:ed:99:
         97:cd:7f:2f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZxIQ47w1jQ5focmUKMy3XvTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2M2EyNDQ4MGYwNGQxMzE4YmYxYTcwZGFiZmZhNGIyN2Vm
MzJkYTIwHhcNMjYwMjEwMTU1NTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYThiYjRjNGRiOWRkOGJhNzAzODgxZjQ5YjIwYTk1ZGNkNzM3MDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Sc/HCUR3L3ple6KtIG6E95nq2qo
FfQ7vAmPGGAWVquB86bLy/mrN2E/TXaQ61q2jJeonxhMu61G472ChGPL0qEirv8s
1NLVDl7g5YUrFGZv+t9ovEJxkEAmSbY5XjfDwsDjAdnHiYPv0vVpzNMPmCIRasSo
jXCV2hShTQOZXuPOm8R+5HS5hyg6BubhptzEcivfZC1FdwVyRFMOrJoYsEHpYW18
j1YOYWy8J6NN7tjZ0wpFXxJdyK4PzoW8CbFtzJemLNcd8sdkJfFykLwo8FS3tUWo
dDqz1Mbiz1MJxmwBBPdk37h5sIOFtXn+8XiswW9zjc2W5vJxbOlfn0/NYwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAqLtMTbndi6cDiB9JsgqV3Nc3BtMB8GA1UdIwQY
MBaAFGY6JEgPBNExi/GnDav/pLJ+8y2iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmpva1NBOEUwVEdMOGFjTnFfLWtzbjd6TGFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi82ZjgwYTgtNmI2YS00ZDk2LWJmNDkt
Nzc1ZjVmNzRkNTgxLzEvQ291MHhOdWQyTHB3T0lIMG15Q3BYYzF6Y0cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi82ZjgwYTgtNmI2YS00ZDk2LWJmNDktNzc1ZjVmNzRkNTgx
LzEvWmpva1NBOEUwVEdMOGFjTnFfLWtzbjd6TGFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhSpAzAN
BgkqhkiG9w0BAQsFAAOCAQEAZLSPZp1bVtnr2xPZ7WNGtudUA0kfGSixjjMpTr1d
HHzovvtG2vu1JvQPIAEwM+rOCStEgrnfOUEpfDyhoCafGUKT5cflVqCGW9w9frD5
pu3+izv7AHtYNGfMU5UOG/AVc7GE213FAJZcnrLn0pjOeump1BDBHSRG/Md8kxkR
EMDHxU4XKrzK37QGcAfqpc8O9M3YsOqeJ9pLzyDxk12eumWTJnq+Lb70bgvRdrbo
BexQqL2uKFnm4sGuht4JiciR1lJ7TExEFr/duEhzboTglEok4yPxMxZkfijvZvBE
/vMJimg6juESDPrc1/NDxonAUTCsR4LHMUFv/+2Zl81/Lw==
-----END CERTIFICATE-----