Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/9YMsNSl9uqbLQlhpMDCKts3pRbc.roa
File:                     9YMsNSl9uqbLQlhpMDCKts3pRbc.roa (raw, json)
Hash identifier:          WgiyYz+dNNGuW/Et9LEhQWTMq/N/0yU1nPwcWEo5s64=
Subject key identifier:   F5:83:2C:35:29:7D:BA:A6:CB:42:58:69:30:30:8A:B6:CD:E9:45:B7
Certificate issuer:       /CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Certificate serial:       019C7FCA4156A1C854640CF7D16C17B529F1
Authority key identifier: 12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/9YMsNSl9uqbLQlhpMDCKts3pRbc.roa
Signing time:             Sat 21 Feb 2026 10:41:27 +0000
ROA not before:           Sat 21 Feb 2026 10:41:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200842
IP address blocks:        2a14:6781:2400::/38 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7f:ca:41:56:a1:c8:54:64:0c:f7:d1:6c:17:b5:29:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
        Validity
            Not Before: Feb 21 10:41:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f5832c35297dbaa6cb42586930308ab6cde945b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:d8:4c:da:6a:44:66:5d:05:9a:32:72:d0:2e:
                    c1:d6:ae:0b:f5:57:41:80:fa:08:08:7e:03:91:30:
                    72:b2:f6:14:40:c9:c7:c0:18:1a:3a:aa:08:bd:08:
                    c3:fd:dc:d5:c2:d7:aa:1c:71:d6:95:9b:0d:ed:2b:
                    f0:50:00:a4:7d:25:df:f9:09:9d:a5:ac:ab:d5:d0:
                    60:c5:39:f9:0a:1d:37:27:ca:e8:27:14:3f:5d:41:
                    ad:45:f2:43:f2:f7:7a:1f:22:3d:75:b9:4f:aa:46:
                    9e:5d:4d:59:7f:e8:18:9b:90:be:98:5f:89:0b:f0:
                    8e:08:d8:1b:2c:6d:1f:65:de:6a:7a:0e:5c:bf:e1:
                    db:2b:5e:ec:52:93:02:95:26:68:74:7f:73:8a:93:
                    0a:5e:1d:ee:48:36:b6:b4:6e:61:f0:8c:12:69:2f:
                    e8:c7:66:23:a5:7b:dd:9e:bc:aa:b4:45:f1:a3:55:
                    b2:03:36:a6:51:64:f8:59:9b:9e:96:c8:fc:b4:98:
                    49:e6:c9:33:86:cb:8d:6e:36:1a:4a:92:c5:56:a0:
                    97:a0:92:1d:f1:8c:70:f2:10:ac:f2:3f:5d:8b:a6:
                    85:58:6f:ac:d9:af:60:ee:92:f3:e6:0d:4f:a8:8c:
                    02:e3:a6:69:2a:ed:ac:83:bd:4b:02:39:a9:d1:36:
                    22:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:83:2C:35:29:7D:BA:A6:CB:42:58:69:30:30:8A:B6:CD:E9:45:B7
            X509v3 Authority Key Identifier:
                keyid:12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/9YMsNSl9uqbLQlhpMDCKts3pRbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6781:2400::/38

    Signature Algorithm: sha256WithRSAEncryption
         07:05:a1:a0:d3:f3:e0:e8:6a:fc:6e:a1:33:44:bb:10:34:2f:
         07:00:77:48:82:1e:33:ea:09:24:a8:0b:a6:ff:cb:a9:3e:a4:
         60:f3:19:a0:2b:e5:64:3d:2e:80:8c:ee:79:64:fe:79:e5:32:
         38:cd:79:12:a3:7b:26:95:b7:e2:de:90:34:47:46:f3:f4:50:
         33:ba:53:85:04:9d:cf:95:88:c2:bf:df:0c:27:1f:38:fc:ff:
         a9:06:48:80:32:c3:77:3e:37:f2:22:75:e4:0e:fe:a6:c8:73:
         a5:f5:81:c0:57:4d:8e:0a:a8:9c:49:2f:e8:88:70:8e:62:0c:
         21:23:33:2b:f8:00:4d:e1:44:ad:b1:dd:42:c5:97:50:b7:d0:
         0b:8b:d4:e7:f3:a2:6d:e7:f0:01:18:66:bc:a0:36:cb:4f:9e:
         51:9f:e9:a1:5c:76:66:93:5c:a6:0e:b2:59:29:76:8d:2f:eb:
         9e:21:74:c8:ca:e7:7c:73:bc:22:9a:4f:a3:eb:dd:f2:c5:56:
         0c:1a:8a:4b:2b:94:4e:29:d5:10:1a:2a:1f:a3:27:16:b5:3e:
         ee:cb:a3:70:97:96:a5:cc:a0:bb:82:ec:f2:b8:01:1d:76:49:
         3c:c7:44:ca:b4:82:c2:61:ba:01:4e:37:50:b8:85:3c:b3:ea:
         c8:58:75:94
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZx/ykFWochUZAz30WwXtSnxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYmUyOWM5NTY4OTRjNDljNmQ0YmUwZWQ5ODg4MmI5MGQx
YmM3N2YwHhcNMjYwMjIxMTA0MTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTgzMmMzNTI5N2RiYWE2Y2I0MjU4NjkzMDMwOGFiNmNkZTk0NWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1dhM2mpEZl0FmjJy0C7B1q4L9VdB
gPoICH4DkTBysvYUQMnHwBgaOqoIvQjD/dzVwteqHHHWlZsN7SvwUACkfSXf+Qmd
payr1dBgxTn5Ch03J8roJxQ/XUGtRfJD8vd6HyI9dblPqkaeXU1Zf+gYm5C+mF+J
C/COCNgbLG0fZd5qeg5cv+HbK17sUpMClSZodH9zipMKXh3uSDa2tG5h8IwSaS/o
x2YjpXvdnryqtEXxo1WyAzamUWT4WZuelsj8tJhJ5skzhsuNbjYaSpLFVqCXoJId
8Yxw8hCs8j9di6aFWG+s2a9g7pLz5g1PqIwC46ZpKu2sg71LAjmp0TYirQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPWDLDUpfbqmy0JYaTAwirbN6UW3MB8GA1UdIwQY
MBaAFBK+KclWiUxJxtS+DtmIgrkNG8d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjIt
YWE2ZWQ0ZGFmYjNiLzEvOVlNc05TbDl1cWJMUWxocE1EQ0t0czNwUmJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjItYWE2ZWQ0ZGFmYjNi
LzEvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKhRngSQw
DQYJKoZIhvcNAQELBQADggEBAAcFoaDT8+DoavxuoTNEuxA0LwcAd0iCHjPqCSSo
C6b/y6k+pGDzGaAr5WQ9LoCM7nlk/nnlMjjNeRKjeyaVt+LekDRHRvP0UDO6U4UE
nc+ViMK/3wwnHzj8/6kGSIAyw3c+N/IideQO/qbIc6X1gcBXTY4KqJxJL+iIcI5i
DCEjMyv4AE3hRK2x3ULFl1C30AuL1Ofzom3n8AEYZrygNstPnlGf6aFcdmaTXKYO
slkpdo0v654hdMjK53xzvCKaT6Pr3fLFVgwaiksrlE4p1RAaKh+jJxa1Pu7Lo3CX
lqXMoLuC7PK4AR12STzHRMq0gsJhugFON1C4hTyz6shYdZQ=
-----END CERTIFICATE-----