Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/755d7f-87af-4a29-9744-8ed368a9d600/1/dfKf0SUwjmWHGeIDN6xaPuWneS0.roa
File:                     dfKf0SUwjmWHGeIDN6xaPuWneS0.roa (raw, json)
Hash identifier:          KNktDMnqe7pkdReM74aezUUfDskVVEXdt3/JJZM1pKk=
Subject key identifier:   75:F2:9F:D1:25:30:8E:65:87:19:E2:03:37:AC:5A:3E:E5:A7:79:2D
Certificate issuer:       /CN=62d9b5da84610ed220f6d0fd1a888d1f9463f595
Certificate serial:       019C473A0DB22489A03863820FCFE5A385BD
Authority key identifier: 62:D9:B5:DA:84:61:0E:D2:20:F6:D0:FD:1A:88:8D:1F:94:63:F5:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ytm12oRhDtIg9tD9GoiNH5Rj9ZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/755d7f-87af-4a29-9744-8ed368a9d600/1/dfKf0SUwjmWHGeIDN6xaPuWneS0.roa
Signing time:             Tue 10 Feb 2026 11:05:12 +0000
ROA not before:           Tue 10 Feb 2026 11:05:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48942
IP address blocks:        2a14:9480::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/755d7f-87af-4a29-9744-8ed368a9d600/1/Ytm12oRhDtIg9tD9GoiNH5Rj9ZU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/755d7f-87af-4a29-9744-8ed368a9d600/1/Ytm12oRhDtIg9tD9GoiNH5Rj9ZU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ytm12oRhDtIg9tD9GoiNH5Rj9ZU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:47:3a:0d:b2:24:89:a0:38:63:82:0f:cf:e5:a3:85:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62d9b5da84610ed220f6d0fd1a888d1f9463f595
        Validity
            Not Before: Feb 10 11:05:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=75f29fd125308e658719e20337ac5a3ee5a7792d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:fd:97:02:8d:a2:b1:ff:e8:0e:b0:10:67:bd:
                    e6:46:28:e0:fb:e0:7c:d5:a6:74:55:3f:66:4c:27:
                    09:c9:57:69:94:36:da:c1:50:d0:ac:7b:1f:9c:dc:
                    d0:80:e9:19:d5:b3:98:6a:20:63:5e:9b:d5:02:51:
                    c6:7d:c8:60:98:fa:4e:03:29:a8:bf:a8:1f:6a:a3:
                    37:df:f2:f1:61:93:ad:0b:de:b9:bb:bb:d2:4b:22:
                    df:62:3e:bc:1d:cb:0b:0c:76:c8:96:78:9b:85:04:
                    93:f3:b9:04:40:08:d4:48:e3:f9:cc:33:1e:ac:eb:
                    57:7a:7e:f6:29:b8:2e:1e:a7:7a:be:09:85:e4:c7:
                    fc:97:d5:a1:ca:0a:32:d8:7b:30:de:19:ed:e5:00:
                    80:3e:a9:ff:7c:74:38:b6:92:07:2b:6f:2a:8e:b8:
                    69:4d:b7:f1:a6:a6:f4:6a:d0:1f:03:7e:6a:e5:61:
                    fb:74:93:b5:74:53:83:d5:d6:d1:81:c2:6e:1a:ff:
                    2d:c1:a6:59:17:d2:16:16:e7:eb:d1:42:97:87:da:
                    9b:1c:e2:00:0a:1d:66:b8:f5:08:e6:b9:25:de:60:
                    a2:e9:80:b6:da:2e:80:51:bf:49:d6:3e:96:af:f6:
                    83:d4:c3:3d:a7:e6:68:a8:db:87:d3:1f:bc:c2:9f:
                    12:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:F2:9F:D1:25:30:8E:65:87:19:E2:03:37:AC:5A:3E:E5:A7:79:2D
            X509v3 Authority Key Identifier:
                keyid:62:D9:B5:DA:84:61:0E:D2:20:F6:D0:FD:1A:88:8D:1F:94:63:F5:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ytm12oRhDtIg9tD9GoiNH5Rj9ZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/755d7f-87af-4a29-9744-8ed368a9d600/1/dfKf0SUwjmWHGeIDN6xaPuWneS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/755d7f-87af-4a29-9744-8ed368a9d600/1/Ytm12oRhDtIg9tD9GoiNH5Rj9ZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:9480::/29

    Signature Algorithm: sha256WithRSAEncryption
         70:47:1b:b2:02:cf:24:33:44:0c:f4:0d:b1:08:51:e6:3d:c6:
         94:66:cb:f6:e2:fa:08:61:9f:62:21:fc:cb:4f:16:1c:7e:cd:
         20:c7:20:0c:1c:19:5f:26:c3:f3:05:f6:38:f5:a1:8e:dd:63:
         0c:a3:39:49:8b:d9:be:b2:19:e8:dd:96:9e:de:86:71:de:9a:
         3a:ef:c9:28:67:eb:76:13:3c:41:b7:e5:b3:95:57:23:b7:bd:
         aa:0f:a8:0e:71:60:4d:6e:b5:4a:a0:e0:6d:4f:db:1f:cc:1d:
         12:ab:40:a7:5f:a6:47:44:6f:6c:6b:9a:54:92:61:ea:d1:07:
         95:34:dd:d8:f8:27:36:88:98:74:44:84:73:4b:64:40:4c:10:
         a6:a8:4e:67:2e:4c:7c:16:2d:dc:50:24:9e:63:47:31:c5:08:
         93:fa:48:87:45:69:75:79:50:a7:54:11:05:07:70:c0:2b:db:
         bd:67:b5:75:00:36:28:c2:b7:d6:7b:3a:ee:26:27:2e:ef:03:
         d9:eb:c3:80:e3:5b:a5:ad:31:56:21:2f:3b:94:18:29:48:00:
         e4:41:24:39:77:78:c4:ac:cc:3a:68:0f:e1:a9:16:38:51:9b:
         4c:9b:57:8b:17:a1:4e:d6:fc:a3:be:e2:86:ec:bd:d5:b5:02:
         a7:5b:3e:1c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZxHOg2yJImgOGOCD8/lo4W9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZDliNWRhODQ2MTBlZDIyMGY2ZDBmZDFhODg4ZDFmOTQ2
M2Y1OTUwHhcNMjYwMjEwMTEwNTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWYyOWZkMTI1MzA4ZTY1ODcxOWUyMDMzN2FjNWEzZWU1YTc3OTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqf2XAo2isf/oDrAQZ73mRijg++B8
1aZ0VT9mTCcJyVdplDbawVDQrHsfnNzQgOkZ1bOYaiBjXpvVAlHGfchgmPpOAymo
v6gfaqM33/LxYZOtC965u7vSSyLfYj68HcsLDHbIlnibhQST87kEQAjUSOP5zDMe
rOtXen72KbguHqd6vgmF5Mf8l9Whygoy2Hsw3hnt5QCAPqn/fHQ4tpIHK28qjrhp
Tbfxpqb0atAfA35q5WH7dJO1dFOD1dbRgcJuGv8twaZZF9IWFufr0UKXh9qbHOIA
Ch1muPUI5rkl3mCi6YC22i6AUb9J1j6Wr/aD1MM9p+ZoqNuH0x+8wp8SdwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHXyn9ElMI5lhxniAzesWj7lp3ktMB8GA1UdIwQY
MBaAFGLZtdqEYQ7SIPbQ/RqIjR+UY/WVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXRtMTJvUmhEdElnOXREOUdvaU5INVJqOVpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS83NTVkN2YtODdhZi00YTI5LTk3NDQt
OGVkMzY4YTlkNjAwLzEvZGZLZjBTVXdqbVdIR2VJRE42eGFQdVduZVMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS83NTVkN2YtODdhZi00YTI5LTk3NDQtOGVkMzY4YTlkNjAw
LzEvWXRtMTJvUmhEdElnOXREOUdvaU5INVJqOVpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhSUgDAN
BgkqhkiG9w0BAQsFAAOCAQEAcEcbsgLPJDNEDPQNsQhR5j3GlGbL9uL6CGGfYiH8
y08WHH7NIMcgDBwZXybD8wX2OPWhjt1jDKM5SYvZvrIZ6N2Wnt6Gcd6aOu/JKGfr
dhM8Qbfls5VXI7e9qg+oDnFgTW61SqDgbU/bH8wdEqtAp1+mR0RvbGuaVJJh6tEH
lTTd2PgnNoiYdESEc0tkQEwQpqhOZy5MfBYt3FAknmNHMcUIk/pIh0VpdXlQp1QR
BQdwwCvbvWe1dQA2KMK31ns67iYnLu8D2evDgONbpa0xViEvO5QYKUgA5EEkOXd4
xKzMOmgP4akWOFGbTJtXixehTtb8o77ihuy91bUCp1s+HA==
-----END CERTIFICATE-----