Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/5f3e21-6b41-4964-bfda-cbbfda92419d/1/pMSYP5P8y8eLfNyDEeXV3zc-nps.roa
File:                     pMSYP5P8y8eLfNyDEeXV3zc-nps.roa (raw, json)
Hash identifier:          enJ6YCYyQ+/wl2mffuOqzFyRpZKc2xjCWdqck8SgcXI=
Subject key identifier:   A4:C4:98:3F:93:FC:CB:C7:8B:7C:DC:83:11:E5:D5:DF:37:3E:9E:9B
Certificate issuer:       /CN=e15b90ffdfa0ab285485e78446b871998b24dcc0
Certificate serial:       019C815A557DAC76500A028CE7F8BB662B37
Authority key identifier: E1:5B:90:FF:DF:A0:AB:28:54:85:E7:84:46:B8:71:99:8B:24:DC:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4VuQ_9-gqyhUheeERrhxmYsk3MA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/5f3e21-6b41-4964-bfda-cbbfda92419d/1/pMSYP5P8y8eLfNyDEeXV3zc-nps.roa
Signing time:             Sat 21 Feb 2026 17:58:26 +0000
ROA not before:           Sat 21 Feb 2026 17:58:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213507
IP address blocks:        2a13:9ac0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/5f3e21-6b41-4964-bfda-cbbfda92419d/1/4VuQ_9-gqyhUheeERrhxmYsk3MA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/5f3e21-6b41-4964-bfda-cbbfda92419d/1/4VuQ_9-gqyhUheeERrhxmYsk3MA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4VuQ_9-gqyhUheeERrhxmYsk3MA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:81:5a:55:7d:ac:76:50:0a:02:8c:e7:f8:bb:66:2b:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e15b90ffdfa0ab285485e78446b871998b24dcc0
        Validity
            Not Before: Feb 21 17:58:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a4c4983f93fccbc78b7cdc8311e5d5df373e9e9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:86:e0:7d:cd:db:2d:86:94:fa:2b:33:1b:41:
                    76:3c:8c:38:8f:57:69:9f:08:b2:7b:ab:30:b5:82:
                    ba:6f:65:b0:d1:6e:e2:9e:41:cc:41:8b:44:e3:dd:
                    5f:0a:1f:db:aa:8e:4e:d6:2b:cb:4f:39:9d:95:9d:
                    bd:a5:dd:e1:9b:b7:6e:21:46:a1:c2:09:5b:38:4e:
                    ef:53:dc:2b:44:f7:86:33:bb:42:26:aa:df:b8:c5:
                    01:bd:d4:f6:ac:af:75:cc:48:d2:3a:93:bb:0c:45:
                    8b:01:44:ff:83:14:3b:50:6c:65:36:69:9d:e9:c9:
                    20:91:90:35:b2:cf:3a:73:c3:05:2a:5c:29:24:77:
                    88:17:d1:fe:38:bc:0e:22:bf:a8:4f:41:b9:ce:88:
                    6a:21:4d:d4:97:e0:18:00:bb:e9:c4:1f:68:41:db:
                    91:54:8b:38:37:86:12:d8:e0:52:30:bb:ab:3f:22:
                    18:55:47:99:4e:fb:0b:72:69:98:98:c8:35:28:3f:
                    b8:f3:2a:62:49:3d:2d:82:e2:f8:03:80:ee:3d:1e:
                    68:39:21:b2:13:5a:ad:6e:8f:e8:d5:07:f0:a1:b3:
                    be:0e:da:da:c4:30:0e:71:1e:4e:c2:1d:e1:fe:72:
                    87:57:0a:25:86:20:31:a2:d4:37:56:b1:05:94:05:
                    c9:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:C4:98:3F:93:FC:CB:C7:8B:7C:DC:83:11:E5:D5:DF:37:3E:9E:9B
            X509v3 Authority Key Identifier:
                keyid:E1:5B:90:FF:DF:A0:AB:28:54:85:E7:84:46:B8:71:99:8B:24:DC:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4VuQ_9-gqyhUheeERrhxmYsk3MA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/5f3e21-6b41-4964-bfda-cbbfda92419d/1/pMSYP5P8y8eLfNyDEeXV3zc-nps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/5f3e21-6b41-4964-bfda-cbbfda92419d/1/4VuQ_9-gqyhUheeERrhxmYsk3MA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         17:cb:d9:ae:4e:96:9b:10:6d:eb:73:fb:32:b3:24:d2:40:99:
         0d:8a:2f:5d:ba:7a:26:9d:50:82:01:da:03:a8:ea:ff:db:cd:
         27:85:00:57:15:8b:63:a1:c6:d8:12:c4:64:90:68:0a:c8:6e:
         22:1d:e3:0b:f6:b1:f5:73:3e:1a:43:04:46:d6:e3:94:be:ae:
         6b:43:41:5f:13:ca:68:c4:d0:cd:90:e8:85:6e:9f:46:71:c7:
         d0:46:b0:50:c7:5d:d7:74:44:9f:a8:25:dd:ed:07:c1:db:9e:
         f6:74:da:1f:21:08:07:fe:67:59:de:f8:55:ca:a7:2d:7e:3a:
         59:eb:35:c0:c2:13:fa:b9:13:c3:e9:d4:3c:8f:05:cf:ad:11:
         88:4a:91:8d:d9:0e:44:79:e9:a1:ee:b1:b0:fa:c2:d0:92:f2:
         f2:65:d3:02:82:29:09:c7:4c:83:e0:df:d5:48:fc:51:98:35:
         9e:c1:3f:b3:71:0b:5c:f0:9b:35:bb:d3:51:74:b0:be:19:d0:
         47:62:24:fd:70:15:19:ce:5d:88:7f:50:0d:2e:09:82:45:14:
         6d:10:8d:d9:bf:86:41:12:bd:94:58:24:85:12:63:c7:61:47:
         6c:35:3a:ac:fd:0a:eb:3e:b1:1e:e1:9a:71:02:39:cc:ba:cd:
         9d:4c:95:af
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZyBWlV9rHZQCgKM5/i7Zis3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNWI5MGZmZGZhMGFiMjg1NDg1ZTc4NDQ2Yjg3MTk5OGIy
NGRjYzAwHhcNMjYwMjIxMTc1ODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGM0OTgzZjkzZmNjYmM3OGI3Y2RjODMxMWU1ZDVkZjM3M2U5ZTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvobgfc3bLYaU+iszG0F2PIw4j1dp
nwiye6swtYK6b2Ww0W7inkHMQYtE491fCh/bqo5O1ivLTzmdlZ29pd3hm7duIUah
wglbOE7vU9wrRPeGM7tCJqrfuMUBvdT2rK91zEjSOpO7DEWLAUT/gxQ7UGxlNmmd
6ckgkZA1ss86c8MFKlwpJHeIF9H+OLwOIr+oT0G5zohqIU3Ul+AYALvpxB9oQduR
VIs4N4YS2OBSMLurPyIYVUeZTvsLcmmYmMg1KD+48ypiST0tguL4A4DuPR5oOSGy
E1qtbo/o1QfwobO+DtraxDAOcR5Owh3h/nKHVwolhiAxotQ3VrEFlAXJXQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKTEmD+T/MvHi3zcgxHl1d83Pp6bMB8GA1UdIwQY
MBaAFOFbkP/foKsoVIXnhEa4cZmLJNzAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFZ1UV85LWdxeWhVaGVlRVJyaHhtWXNrM01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS81ZjNlMjEtNmI0MS00OTY0LWJmZGEt
Y2JiZmRhOTI0MTlkLzEvcE1TWVA1UDh5OGVMZk55REVlWFYzemMtbnBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS81ZjNlMjEtNmI0MS00OTY0LWJmZGEtY2JiZmRhOTI0MTlk
LzEvNFZ1UV85LWdxeWhVaGVlRVJyaHhtWXNrM01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhOawDAN
BgkqhkiG9w0BAQsFAAOCAQEAF8vZrk6WmxBt63P7MrMk0kCZDYovXbp6Jp1QggHa
A6jq/9vNJ4UAVxWLY6HG2BLEZJBoCshuIh3jC/ax9XM+GkMERtbjlL6ua0NBXxPK
aMTQzZDohW6fRnHH0EawUMdd13REn6gl3e0Hwdue9nTaHyEIB/5nWd74VcqnLX46
Wes1wMIT+rkTw+nUPI8Fz60RiEqRjdkORHnpoe6xsPrC0JLy8mXTAoIpCcdMg+Df
1Uj8UZg1nsE/s3ELXPCbNbvTUXSwvhnQR2Ik/XAVGc5diH9QDS4JgkUUbRCN2b+G
QRK9lFgkhRJjx2FHbDU6rP0K6z6xHuGacQI5zLrNnUyVrw==
-----END CERTIFICATE-----