Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/J3eNqPjMJYtiv7MKmdf9AZ559us.roa
File:                     J3eNqPjMJYtiv7MKmdf9AZ559us.roa (raw, json)
Hash identifier:          2dm4p+6Z/y2J+Ofe804qqCwWtEYYz/9JBef6I29i1PE=
Subject key identifier:   27:77:8D:A8:F8:CC:25:8B:62:BF:B3:0A:99:D7:FD:01:9E:79:F6:EB
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019C7F9AA8A208DA555DF4A1A13EFFD43A79
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/J3eNqPjMJYtiv7MKmdf9AZ559us.roa
Signing time:             Sat 21 Feb 2026 09:49:28 +0000
ROA not before:           Sat 21 Feb 2026 09:49:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200720
IP address blocks:        2a0c:b641:9e0::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7f:9a:a8:a2:08:da:55:5d:f4:a1:a1:3e:ff:d4:3a:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Feb 21 09:49:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=27778da8f8cc258b62bfb30a99d7fd019e79f6eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:4a:2a:39:11:2b:b6:40:04:22:b5:ae:bf:88:
                    d2:e1:e1:0f:5a:f6:28:51:cd:7b:0b:43:90:66:01:
                    e3:69:e3:b9:cd:55:7d:17:88:e3:44:92:cb:c0:a5:
                    4d:fd:1f:7a:75:47:a0:6a:dc:be:cd:df:56:c2:97:
                    0f:45:48:a7:73:4e:be:51:bf:5d:6a:58:6a:84:93:
                    66:9c:65:1e:68:33:6f:c1:b1:f7:37:9f:13:a5:b5:
                    81:f7:29:e9:a2:2f:cc:0a:83:50:27:d6:8b:6e:75:
                    f4:5e:4b:e4:ff:b0:8a:dc:5e:f8:26:c9:62:87:7a:
                    ef:d0:21:50:58:e8:b3:a2:1f:35:32:a5:35:f0:dd:
                    72:9a:36:52:f8:fa:21:84:d5:4b:0f:1e:73:e7:c5:
                    24:75:d0:11:7b:74:84:8f:dd:19:03:79:d7:05:6a:
                    82:7f:fe:69:89:6a:01:4a:a6:89:01:c6:20:73:9c:
                    89:fd:78:b2:ce:48:22:7f:f8:f4:42:e8:0a:2d:df:
                    52:23:66:7b:a0:48:22:ad:01:9e:96:07:8c:42:34:
                    38:28:a6:82:da:60:74:6b:85:8d:a0:7d:16:02:64:
                    7d:83:95:be:65:dd:32:26:86:ba:41:1b:1e:0e:af:
                    ee:c1:9f:09:b2:66:29:23:cf:6b:09:fe:df:27:96:
                    6d:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:77:8D:A8:F8:CC:25:8B:62:BF:B3:0A:99:D7:FD:01:9E:79:F6:EB
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/J3eNqPjMJYtiv7MKmdf9AZ559us.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:9e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         7e:72:ed:12:dc:15:b3:b1:fb:75:09:03:f7:e7:ac:4c:dd:0b:
         94:67:16:c2:16:7c:20:4b:fd:9a:f2:de:ba:76:79:2d:d8:f0:
         45:01:74:f7:d0:e5:ca:4d:9e:d4:32:e2:41:7a:21:e5:33:45:
         4e:8c:bb:c8:50:14:66:6b:78:ae:e9:23:3c:47:95:f5:a8:55:
         59:f9:7b:15:21:b0:78:cd:6e:34:0b:30:66:78:d0:95:ff:eb:
         5b:5e:15:4e:5c:d0:a9:6a:0a:6d:61:da:8b:92:8d:8b:7d:57:
         db:1c:ce:86:f5:cc:45:9a:25:f9:54:8b:b5:c9:21:d7:04:49:
         18:65:27:4a:d6:ef:75:a9:ef:8f:93:88:46:b1:f2:af:38:17:
         d0:b3:13:e7:77:e9:10:04:f9:4d:77:69:de:5f:9c:4f:12:a7:
         a4:0b:f5:0c:f0:a7:f1:f0:5e:bd:a5:0c:c6:bd:83:a7:39:9d:
         ff:a9:1a:9a:d5:be:8f:bc:d4:77:7f:b6:cd:d0:0d:a7:a8:ed:
         34:8f:1a:b6:59:1a:fe:08:ec:75:92:a7:90:6b:94:5e:06:09:
         db:e7:4a:31:cb:8b:77:2d:d7:54:4b:32:2a:70:aa:ed:1b:3c:
         74:59:27:d9:20:41:51:7b:48:c8:83:32:a2:d8:eb:70:ce:75:
         b7:15:07:fe
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZx/mqiiCNpVXfShoT7/1Dp5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMjIxMDk0OTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzc3OGRhOGY4Y2MyNThiNjJiZmIzMGE5OWQ3ZmQwMTllNzlmNmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0oqORErtkAEIrWuv4jS4eEPWvYo
Uc17C0OQZgHjaeO5zVV9F4jjRJLLwKVN/R96dUegaty+zd9WwpcPRUinc06+Ub9d
alhqhJNmnGUeaDNvwbH3N58TpbWB9ynpoi/MCoNQJ9aLbnX0Xkvk/7CK3F74Jsli
h3rv0CFQWOizoh81MqU18N1ymjZS+PohhNVLDx5z58UkddARe3SEj90ZA3nXBWqC
f/5piWoBSqaJAcYgc5yJ/Xiyzkgif/j0QugKLd9SI2Z7oEgirQGelgeMQjQ4KKaC
2mB0a4WNoH0WAmR9g5W+Zd0yJoa6QRseDq/uwZ8JsmYpI89rCf7fJ5ZtFQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCd3jaj4zCWLYr+zCpnX/QGeefbrMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvSjNlTnFQak1KWXRpdjdNS21kZjlBWjU1OXVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQng
MA0GCSqGSIb3DQEBCwUAA4IBAQB+cu0S3BWzsft1CQP356xM3QuUZxbCFnwgS/2a
8t66dnkt2PBFAXT30OXKTZ7UMuJBeiHlM0VOjLvIUBRma3iu6SM8R5X1qFVZ+XsV
IbB4zW40CzBmeNCV/+tbXhVOXNCpagptYdqLko2LfVfbHM6G9cxFmiX5VIu1ySHX
BEkYZSdK1u91qe+Pk4hGsfKvOBfQsxPnd+kQBPlNd2neX5xPEqekC/UM8Kfx8F69
pQzGvYOnOZ3/qRqa1b6PvNR3f7bN0A2nqO00jxq2WRr+COx1kqeQa5ReBgnb50ox
y4t3LddUSzIqcKrtGzx0WSfZIEFRe0jIgzKi2OtwznW3FQf+
-----END CERTIFICATE-----