Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/e1c399-3418-4071-85a9-ba1e609fc421/1/g4SpKvZLDrCSSEc4j2eY2sgyR8k.roa
File:                     g4SpKvZLDrCSSEc4j2eY2sgyR8k.roa (raw, json)
Hash identifier:          F6VZpsG6B4dQY8+6I93tdHS61Qfv0yiT02WGdhA/ATs=
Subject key identifier:   83:84:A9:2A:F6:4B:0E:B0:92:48:47:38:8F:67:98:DA:C8:32:47:C9
Certificate issuer:       /CN=25fcc95f190f6fadffa3934131c74cb3a0688d72
Certificate serial:       019C6C6743A9584B2957329C7CAEA7946060
Authority key identifier: 25:FC:C9:5F:19:0F:6F:AD:FF:A3:93:41:31:C7:4C:B3:A0:68:8D:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JfzJXxkPb63_o5NBMcdMs6BojXI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/e1c399-3418-4071-85a9-ba1e609fc421/1/g4SpKvZLDrCSSEc4j2eY2sgyR8k.roa
Signing time:             Tue 17 Feb 2026 16:20:32 +0000
ROA not before:           Tue 17 Feb 2026 16:20:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198803
IP address blocks:        2001:67c:129c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/e1c399-3418-4071-85a9-ba1e609fc421/1/JfzJXxkPb63_o5NBMcdMs6BojXI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/e1c399-3418-4071-85a9-ba1e609fc421/1/JfzJXxkPb63_o5NBMcdMs6BojXI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JfzJXxkPb63_o5NBMcdMs6BojXI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 16:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6c:67:43:a9:58:4b:29:57:32:9c:7c:ae:a7:94:60:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25fcc95f190f6fadffa3934131c74cb3a0688d72
        Validity
            Not Before: Feb 17 16:20:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8384a92af64b0eb0924847388f6798dac83247c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:af:f5:fd:a4:8e:fb:bb:47:c6:8a:c4:a2:4a:
                    e1:bd:54:ed:5e:57:35:c6:3c:d5:4d:36:8e:43:27:
                    38:90:bf:b0:8a:e9:ed:a9:cd:01:3c:be:fe:82:4b:
                    67:a0:bb:8e:ca:ff:0f:a9:bb:a2:26:9d:82:3b:6b:
                    f2:33:ae:03:61:ea:b8:3e:ec:d5:2e:fd:60:cb:82:
                    ec:e5:87:9f:50:85:a2:d3:f8:88:db:6f:7b:ac:79:
                    2c:41:ee:04:af:e3:65:34:8f:94:2e:42:6c:00:9c:
                    aa:56:28:aa:60:86:69:dc:e2:a6:24:02:70:91:32:
                    10:2f:68:15:a2:ae:94:6e:d6:c7:bf:a1:e1:12:7b:
                    58:40:50:07:e9:09:7c:0b:9b:de:95:63:66:50:1d:
                    4c:8c:6e:79:dd:6a:12:35:42:a1:24:97:85:60:f1:
                    e7:c8:7b:7c:12:23:d2:52:5e:a6:46:ea:15:cb:39:
                    b3:7e:ad:89:e1:d8:3e:97:cf:a8:d3:00:51:31:7b:
                    36:f7:14:71:68:d3:ed:c0:09:1d:5e:6d:5c:df:6f:
                    f2:44:86:52:c9:56:21:8c:d9:33:e4:43:37:64:9b:
                    7d:ce:5d:95:bb:26:34:28:9c:5e:fd:e0:10:a1:17:
                    5b:95:59:ec:16:34:64:f4:b3:38:60:35:c0:41:92:
                    c6:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:84:A9:2A:F6:4B:0E:B0:92:48:47:38:8F:67:98:DA:C8:32:47:C9
            X509v3 Authority Key Identifier:
                keyid:25:FC:C9:5F:19:0F:6F:AD:FF:A3:93:41:31:C7:4C:B3:A0:68:8D:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JfzJXxkPb63_o5NBMcdMs6BojXI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e1c399-3418-4071-85a9-ba1e609fc421/1/g4SpKvZLDrCSSEc4j2eY2sgyR8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e1c399-3418-4071-85a9-ba1e609fc421/1/JfzJXxkPb63_o5NBMcdMs6BojXI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:129c::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:c9:93:c0:74:3d:d0:30:19:ce:a6:e8:62:79:cf:dc:db:56:
         f2:ac:97:63:71:7b:25:1e:f2:3c:0b:c0:ed:b6:80:00:9d:da:
         ff:c1:ed:9c:9d:4f:10:23:f1:28:58:9b:d7:50:fd:d2:88:2e:
         ea:28:e4:81:a6:68:ce:27:92:14:fd:2a:02:1b:51:f4:c6:e5:
         88:91:0f:66:46:38:f0:72:4e:b1:c9:f0:31:f4:91:ce:74:98:
         8f:30:0b:df:35:15:05:5f:15:0f:79:33:17:76:37:cf:c0:9f:
         19:9b:35:b6:bb:c6:19:54:3a:46:fd:cf:5b:e8:aa:a5:54:ae:
         f6:81:5d:5f:3f:b6:2b:ea:4c:3a:a8:c8:cc:c7:5b:e1:17:94:
         cc:e0:3d:fb:91:f3:da:70:14:23:da:42:ed:c6:62:32:d7:b1:
         a4:70:03:ff:49:30:21:ee:81:95:a6:d9:95:69:3c:7c:68:5e:
         e9:c7:54:16:55:76:e5:fa:af:63:c1:8b:c3:77:a2:45:dc:83:
         94:7f:39:27:30:a4:0a:a0:35:94:28:a1:df:ee:5b:7c:a8:72:
         f2:13:f5:d5:e8:f1:8e:66:69:94:20:5e:8f:04:0b:98:f5:24:
         09:45:71:c6:74:84:38:ad:2f:b4:8d:9b:af:2a:f6:67:23:ec:
         11:38:59:f2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZxsZ0OpWEspVzKcfK6nlGBgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZmNjOTVmMTkwZjZmYWRmZmEzOTM0MTMxYzc0Y2IzYTA2
ODhkNzIwHhcNMjYwMjE3MTYyMDMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mzg0YTkyYWY2NGIwZWIwOTI0ODQ3Mzg4ZjY3OThkYWM4MzI0N2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6/1/aSO+7tHxorEokrhvVTtXlc1
xjzVTTaOQyc4kL+wiuntqc0BPL7+gktnoLuOyv8PqbuiJp2CO2vyM64DYeq4PuzV
Lv1gy4Ls5YefUIWi0/iI2297rHksQe4Er+NlNI+ULkJsAJyqViiqYIZp3OKmJAJw
kTIQL2gVoq6UbtbHv6HhEntYQFAH6Ql8C5velWNmUB1MjG553WoSNUKhJJeFYPHn
yHt8EiPSUl6mRuoVyzmzfq2J4dg+l8+o0wBRMXs29xRxaNPtwAkdXm1c32/yRIZS
yVYhjNkz5EM3ZJt9zl2VuyY0KJxe/eAQoRdblVnsFjRk9LM4YDXAQZLGgQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIOEqSr2Sw6wkkhHOI9nmNrIMkfJMB8GA1UdIwQY
MBaAFCX8yV8ZD2+t/6OTQTHHTLOgaI1yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmZ6Slh4a1BiNjNfbzVOQk1jZE1zNkJvalhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9lMWMzOTktMzQxOC00MDcxLTg1YTkt
YmExZTYwOWZjNDIxLzEvZzRTcEt2WkxEckNTU0VjNGoyZVkyc2d5UjhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9lMWMzOTktMzQxOC00MDcxLTg1YTktYmExZTYwOWZjNDIx
LzEvSmZ6Slh4a1BiNjNfbzVOQk1jZE1zNkJvalhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBKc
MA0GCSqGSIb3DQEBCwUAA4IBAQClyZPAdD3QMBnOpuhiec/c21byrJdjcXslHvI8
C8DttoAAndr/we2cnU8QI/EoWJvXUP3SiC7qKOSBpmjOJ5IU/SoCG1H0xuWIkQ9m
Rjjwck6xyfAx9JHOdJiPMAvfNRUFXxUPeTMXdjfPwJ8ZmzW2u8YZVDpG/c9b6Kql
VK72gV1fP7Yr6kw6qMjMx1vhF5TM4D37kfPacBQj2kLtxmIy17GkcAP/STAh7oGV
ptmVaTx8aF7px1QWVXbl+q9jwYvDd6JF3IOUfzknMKQKoDWUKKHf7lt8qHLyE/XV
6PGOZmmUIF6PBAuY9SQJRXHGdIQ4rS+0jZuvKvZnI+wROFny
-----END CERTIFICATE-----