Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/5f3e21-6b41-4964-bfda-cbbfda92419d/1/P2DOHQZk6uadyNsFYKTvp0Yljns.roa
File:                     P2DOHQZk6uadyNsFYKTvp0Yljns.roa (raw, json)
Hash identifier:          drWm8UAEyYp0gk5pD0pZZGlNfBy4kmJrj0xpKvuccbI=
Subject key identifier:   3F:60:CE:1D:06:64:EA:E6:9D:C8:DB:05:60:A4:EF:A7:46:25:8E:7B
Certificate issuer:       /CN=e15b90ffdfa0ab285485e78446b871998b24dcc0
Certificate serial:       019C815CA98F571377EA77F3A922E7EB3F9B
Authority key identifier: E1:5B:90:FF:DF:A0:AB:28:54:85:E7:84:46:B8:71:99:8B:24:DC:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4VuQ_9-gqyhUheeERrhxmYsk3MA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/5f3e21-6b41-4964-bfda-cbbfda92419d/1/P2DOHQZk6uadyNsFYKTvp0Yljns.roa
Signing time:             Sat 21 Feb 2026 18:00:59 +0000
ROA not before:           Sat 21 Feb 2026 18:00:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401163
IP address blocks:        2a13:9ac0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/5f3e21-6b41-4964-bfda-cbbfda92419d/1/4VuQ_9-gqyhUheeERrhxmYsk3MA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/5f3e21-6b41-4964-bfda-cbbfda92419d/1/4VuQ_9-gqyhUheeERrhxmYsk3MA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4VuQ_9-gqyhUheeERrhxmYsk3MA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:81:5c:a9:8f:57:13:77:ea:77:f3:a9:22:e7:eb:3f:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e15b90ffdfa0ab285485e78446b871998b24dcc0
        Validity
            Not Before: Feb 21 18:00:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3f60ce1d0664eae69dc8db0560a4efa746258e7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:39:c2:4e:1f:ce:85:59:74:b0:a0:d9:ee:8e:
                    2a:9e:6f:7f:03:db:4c:cb:3b:ce:94:76:eb:55:f9:
                    30:3b:42:67:76:9c:2e:a9:56:11:c0:52:fa:84:2c:
                    4d:42:96:6c:8e:b4:75:01:e8:b8:9a:c3:e8:ec:c9:
                    15:ae:aa:0f:2f:49:93:73:62:31:60:d9:6c:ac:20:
                    34:37:1c:cf:1f:51:a0:5e:6a:ab:bd:21:81:06:2e:
                    c5:5b:1c:05:f2:95:90:da:4a:75:44:36:a0:d3:04:
                    7f:7b:fe:a9:b8:25:7a:94:2a:fb:2d:56:80:3c:c5:
                    1f:a3:59:53:a2:71:f1:a7:39:73:ab:4f:f1:d3:8b:
                    84:f3:60:85:15:14:9e:95:e2:b5:1d:00:ad:bc:37:
                    c0:f6:4e:89:d6:f2:2a:68:de:68:89:0c:5d:26:76:
                    62:03:fe:e5:7a:43:32:40:29:58:98:83:5e:62:01:
                    4d:27:63:8d:fe:10:bc:db:80:d7:64:99:09:1d:0f:
                    90:25:17:22:3e:7c:2e:d9:e9:c5:0c:be:1d:16:76:
                    67:8c:76:3c:6d:3c:e4:9d:9b:0b:4b:b8:e1:f5:d4:
                    68:fc:25:e2:29:c3:77:a5:29:be:72:80:b4:ff:46:
                    13:ed:27:01:8b:ad:9f:f6:a8:7d:d0:04:ec:11:22:
                    e2:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:60:CE:1D:06:64:EA:E6:9D:C8:DB:05:60:A4:EF:A7:46:25:8E:7B
            X509v3 Authority Key Identifier:
                keyid:E1:5B:90:FF:DF:A0:AB:28:54:85:E7:84:46:B8:71:99:8B:24:DC:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4VuQ_9-gqyhUheeERrhxmYsk3MA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/5f3e21-6b41-4964-bfda-cbbfda92419d/1/P2DOHQZk6uadyNsFYKTvp0Yljns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/5f3e21-6b41-4964-bfda-cbbfda92419d/1/4VuQ_9-gqyhUheeERrhxmYsk3MA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         8c:dc:32:df:f1:4f:f4:26:b5:c8:81:64:70:4e:0a:de:bc:9f:
         0a:2c:41:f2:68:06:d8:7c:e1:48:d8:71:34:71:7f:b3:b9:b3:
         d8:33:2e:e4:9d:4b:ce:0f:be:d3:df:d0:26:9d:ce:41:a7:cc:
         98:8b:dd:5e:b4:34:30:95:48:e8:8f:8a:44:6e:67:53:b6:45:
         49:e1:a4:95:1e:fd:86:71:fe:37:4f:26:c4:5e:1c:fe:fd:8e:
         9e:b0:80:2d:68:6f:13:a8:72:17:fa:a0:01:49:81:51:65:20:
         0d:f3:00:de:82:bc:92:7d:5c:55:9a:17:c0:61:5f:9a:cc:5f:
         5b:61:8f:80:ae:7c:ef:7f:0f:dc:c7:78:57:65:62:40:90:72:
         57:f0:f7:04:51:23:3d:68:a7:f2:8e:cf:d5:46:78:7a:8c:0f:
         6d:72:5b:b0:c4:c8:69:88:93:0f:de:4a:82:ee:15:bc:7c:25:
         42:2a:47:51:51:eb:cb:e4:5c:52:73:42:70:91:ce:ff:b1:99:
         e2:cf:f0:be:d5:a1:a4:62:6e:eb:04:5a:a7:94:36:98:49:fd:
         77:dc:37:7f:73:7b:33:66:f5:d4:9c:e4:db:43:c9:4f:5a:d2:
         a5:63:12:3d:10:41:00:20:17:98:22:51:56:c6:3a:70:da:d2:
         9c:5a:46:fd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZyBXKmPVxN36nfzqSLn6z+bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNWI5MGZmZGZhMGFiMjg1NDg1ZTc4NDQ2Yjg3MTk5OGIy
NGRjYzAwHhcNMjYwMjIxMTgwMDU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjYwY2UxZDA2NjRlYWU2OWRjOGRiMDU2MGE0ZWZhNzQ2MjU4ZTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjnCTh/OhVl0sKDZ7o4qnm9/A9tM
yzvOlHbrVfkwO0JndpwuqVYRwFL6hCxNQpZsjrR1Aei4msPo7MkVrqoPL0mTc2Ix
YNlsrCA0NxzPH1GgXmqrvSGBBi7FWxwF8pWQ2kp1RDag0wR/e/6puCV6lCr7LVaA
PMUfo1lTonHxpzlzq0/x04uE82CFFRSeleK1HQCtvDfA9k6J1vIqaN5oiQxdJnZi
A/7lekMyQClYmINeYgFNJ2ON/hC824DXZJkJHQ+QJRciPnwu2enFDL4dFnZnjHY8
bTzknZsLS7jh9dRo/CXiKcN3pSm+coC0/0YT7ScBi62f9qh90ATsESLiHQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFD9gzh0GZOrmncjbBWCk76dGJY57MB8GA1UdIwQY
MBaAFOFbkP/foKsoVIXnhEa4cZmLJNzAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFZ1UV85LWdxeWhVaGVlRVJyaHhtWXNrM01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS81ZjNlMjEtNmI0MS00OTY0LWJmZGEt
Y2JiZmRhOTI0MTlkLzEvUDJET0hRWms2dWFkeU5zRllLVHZwMFlsam5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS81ZjNlMjEtNmI0MS00OTY0LWJmZGEtY2JiZmRhOTI0MTlk
LzEvNFZ1UV85LWdxeWhVaGVlRVJyaHhtWXNrM01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhOawDAN
BgkqhkiG9w0BAQsFAAOCAQEAjNwy3/FP9Ca1yIFkcE4K3ryfCixB8mgG2HzhSNhx
NHF/s7mz2DMu5J1Lzg++09/QJp3OQafMmIvdXrQ0MJVI6I+KRG5nU7ZFSeGklR79
hnH+N08mxF4c/v2OnrCALWhvE6hyF/qgAUmBUWUgDfMA3oK8kn1cVZoXwGFfmsxf
W2GPgK58738P3Md4V2ViQJByV/D3BFEjPWin8o7P1UZ4eowPbXJbsMTIaYiTD95K
gu4VvHwlQipHUVHry+RcUnNCcJHO/7GZ4s/wvtWhpGJu6wRap5Q2mEn9d9w3f3N7
M2b11Jzk20PJT1rSpWMSPRBBACAXmCJRVsY6cNrSnFpG/Q==
-----END CERTIFICATE-----