Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/5e61d8-d1bf-4f2a-a32e-f5d6b752ae34/1/TeVnupeK_YGYnRPsXm4BzJfTjS8.roa
File:                     TeVnupeK_YGYnRPsXm4BzJfTjS8.roa (raw, json)
Hash identifier:          +to8DEmlcRGaEadfSEWc6hlZ2GarI7KNFF5xKs1DZR0=
Subject key identifier:   4D:E5:67:BA:97:8A:FD:81:98:9D:13:EC:5E:6E:01:CC:97:D3:8D:2F
Certificate issuer:       /CN=b5189d9ea82d5fbb66d6c11f187633476034e0de
Certificate serial:       019C70EEEF8A62CA03F366053B932143412E
Authority key identifier: B5:18:9D:9E:A8:2D:5F:BB:66:D6:C1:1F:18:76:33:47:60:34:E0:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tRidnqgtX7tm1sEfGHYzR2A04N4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/5e61d8-d1bf-4f2a-a32e-f5d6b752ae34/1/TeVnupeK_YGYnRPsXm4BzJfTjS8.roa
Signing time:             Wed 18 Feb 2026 13:27:13 +0000
ROA not before:           Wed 18 Feb 2026 13:27:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201741
IP address blocks:        2a11:5dc0:11::/48 maxlen: 48
                          2a11:5dc0:33::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/5e61d8-d1bf-4f2a-a32e-f5d6b752ae34/1/tRidnqgtX7tm1sEfGHYzR2A04N4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/5e61d8-d1bf-4f2a-a32e-f5d6b752ae34/1/tRidnqgtX7tm1sEfGHYzR2A04N4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tRidnqgtX7tm1sEfGHYzR2A04N4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:70:ee:ef:8a:62:ca:03:f3:66:05:3b:93:21:43:41:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5189d9ea82d5fbb66d6c11f187633476034e0de
        Validity
            Not Before: Feb 18 13:27:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4de567ba978afd81989d13ec5e6e01cc97d38d2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:10:de:a9:5d:69:5a:e9:8e:a4:a5:4b:1f:a6:
                    a9:b4:5b:3c:d7:82:aa:43:54:05:ea:fd:fe:5c:d4:
                    55:cb:8c:c7:b2:5c:f4:9a:d0:2e:52:73:e1:74:cc:
                    47:c2:da:e6:46:1f:3b:8e:88:48:17:7e:53:82:ec:
                    a7:66:36:51:e2:14:ed:7c:df:61:78:4c:e5:83:d5:
                    fe:40:dd:09:de:98:d6:e5:4b:e6:f2:79:b1:53:98:
                    3f:0d:4b:2d:68:e1:b3:41:08:ce:2a:6b:fc:cb:f4:
                    3e:cf:36:f7:0d:34:75:a8:94:e6:e8:8e:df:e0:0a:
                    de:ca:6f:26:fb:67:4d:d8:a1:d9:35:cc:d9:d2:a6:
                    7d:f7:a4:15:09:7a:de:b7:8b:63:71:e8:03:33:60:
                    c0:09:96:ab:18:1c:58:87:d6:2c:46:eb:30:d0:43:
                    50:72:37:e4:8d:7a:dc:36:41:7a:48:c3:b3:0b:0f:
                    73:f3:17:80:87:54:da:58:50:e9:c5:05:2b:c9:ad:
                    1c:e8:8b:25:6a:30:69:d2:84:f3:5a:ed:68:77:01:
                    95:1a:70:82:7a:03:fc:5f:de:0f:f2:53:d9:f0:93:
                    31:e1:33:e2:03:3a:8d:b1:92:f5:f3:fb:62:32:79:
                    ef:70:44:23:26:10:01:c7:5d:aa:13:15:53:8c:79:
                    a6:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:E5:67:BA:97:8A:FD:81:98:9D:13:EC:5E:6E:01:CC:97:D3:8D:2F
            X509v3 Authority Key Identifier:
                keyid:B5:18:9D:9E:A8:2D:5F:BB:66:D6:C1:1F:18:76:33:47:60:34:E0:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tRidnqgtX7tm1sEfGHYzR2A04N4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/5e61d8-d1bf-4f2a-a32e-f5d6b752ae34/1/TeVnupeK_YGYnRPsXm4BzJfTjS8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/5e61d8-d1bf-4f2a-a32e-f5d6b752ae34/1/tRidnqgtX7tm1sEfGHYzR2A04N4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:5dc0:11::/48
                  2a11:5dc0:33::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:32:59:ec:c2:e1:6f:1e:db:d9:2e:55:96:a7:bc:3d:a4:46:
         f3:73:7a:a1:62:2c:9e:09:0b:17:21:e4:9c:a2:6b:e0:c6:47:
         81:99:9f:0b:7f:11:4b:2e:60:bf:17:4c:ff:40:fe:ea:ae:00:
         bd:d8:1b:08:22:e0:33:61:58:07:c2:38:d4:88:ec:46:e5:44:
         79:06:9d:0a:7c:1e:08:00:de:6f:a8:af:c3:b0:b9:c6:da:b4:
         0c:7e:50:44:79:e9:6a:e1:6c:2a:09:47:72:3a:a8:fc:3a:1f:
         f8:8e:b1:61:3d:25:9a:e6:5c:f8:52:28:63:8d:0d:19:8a:4d:
         18:f0:17:42:b1:bc:dd:53:6c:6e:9f:16:f9:ac:ec:83:fa:b6:
         15:ab:67:30:4d:92:d7:5e:d4:3d:b8:15:ed:5d:cc:b9:89:a4:
         ce:74:f4:55:ff:3b:6b:ce:92:d0:bd:f6:f6:6c:1b:aa:5a:c5:
         f0:d7:6c:88:05:99:25:c8:b6:64:6e:08:7c:15:63:b3:c6:4a:
         47:cc:bd:94:cb:d1:07:7d:1e:51:d8:81:90:35:74:1e:d0:64:
         e4:28:a1:b2:92:6a:7a:05:a1:e5:fa:9d:93:70:5a:37:96:31:
         39:02:26:1d:e3:e7:d4:a5:a9:9e:fb:ef:77:ea:93:62:13:42:
         77:f8:53:a1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZxw7u+KYsoD82YFO5MhQ0EuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1MTg5ZDllYTgyZDVmYmI2NmQ2YzExZjE4NzYzMzQ3NjAz
NGUwZGUwHhcNMjYwMjE4MTMyNzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGU1NjdiYTk3OGFmZDgxOTg5ZDEzZWM1ZTZlMDFjYzk3ZDM4ZDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBDeqV1pWumOpKVLH6aptFs814Kq
Q1QF6v3+XNRVy4zHslz0mtAuUnPhdMxHwtrmRh87johIF35TguynZjZR4hTtfN9h
eEzlg9X+QN0J3pjW5Uvm8nmxU5g/DUstaOGzQQjOKmv8y/Q+zzb3DTR1qJTm6I7f
4Areym8m+2dN2KHZNczZ0qZ996QVCXret4tjcegDM2DACZarGBxYh9YsRusw0ENQ
cjfkjXrcNkF6SMOzCw9z8xeAh1TaWFDpxQUrya0c6IslajBp0oTzWu1odwGVGnCC
egP8X94P8lPZ8JMx4TPiAzqNsZL18/tiMnnvcEQjJhABx12qExVTjHmmDQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFE3lZ7qXiv2BmJ0T7F5uAcyX040vMB8GA1UdIwQY
MBaAFLUYnZ6oLV+7ZtbBHxh2M0dgNODeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFJpZG5xZ3RYN3RtMXNFZkdIWXpSMkEwNE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi81ZTYxZDgtZDFiZi00ZjJhLWEzMmUt
ZjVkNmI3NTJhZTM0LzEvVGVWbnVwZUtfWUdZblJQc1htNEJ6SmZUalM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi81ZTYxZDgtZDFiZi00ZjJhLWEzMmUtZjVkNmI3NTJhZTM0
LzEvdFJpZG5xZ3RYN3RtMXNFZkdIWXpSMkEwNE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhFdwAAR
AwcAKhFdwAAzMA0GCSqGSIb3DQEBCwUAA4IBAQA7MlnswuFvHtvZLlWWp7w9pEbz
c3qhYiyeCQsXIeScomvgxkeBmZ8LfxFLLmC/F0z/QP7qrgC92BsIIuAzYVgHwjjU
iOxG5UR5Bp0KfB4IAN5vqK/DsLnG2rQMflBEeelq4WwqCUdyOqj8Oh/4jrFhPSWa
5lz4UihjjQ0Zik0Y8BdCsbzdU2xunxb5rOyD+rYVq2cwTZLXXtQ9uBXtXcy5iaTO
dPRV/ztrzpLQvfb2bBuqWsXw12yIBZklyLZkbgh8FWOzxkpHzL2Uy9EHfR5R2IGQ
NXQe0GTkKKGykmp6BaHl+p2TcFo3ljE5AiYd4+fUpame++936pNiE0J3+FOh
-----END CERTIFICATE-----