Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/WVJLIpO3DGxQvT_FknyFHG6K5EY.roa
File:                     WVJLIpO3DGxQvT_FknyFHG6K5EY.roa (raw, json)
Hash identifier:          1Y5+3f/BGQoQ/2+V8BUpbHLQi4/ExRndnu+FNvhEWPc=
Subject key identifier:   59:52:4B:22:93:B7:0C:6C:50:BD:3F:C5:92:7C:85:1C:6E:8A:E4:46
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019C4A2F3488B447B48860567143DDCA8147
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/WVJLIpO3DGxQvT_FknyFHG6K5EY.roa
Signing time:             Wed 11 Feb 2026 00:52:13 +0000
ROA not before:           Wed 11 Feb 2026 00:52:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201576
IP address blocks:        2a06:9801:5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 13:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4a:2f:34:88:b4:47:b4:88:60:56:71:43:dd:ca:81:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Feb 11 00:52:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=59524b2293b70c6c50bd3fc5927c851c6e8ae446
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:6d:6f:21:c7:e9:75:6c:6b:55:d2:6a:c4:b6:
                    19:20:e8:1e:6f:44:2e:36:51:9a:79:7c:77:63:e2:
                    16:11:55:ab:63:5f:12:46:b5:f9:b5:ae:05:aa:22:
                    d5:60:30:7c:b0:a4:63:6a:e9:ad:d8:a4:84:12:f5:
                    50:aa:46:08:d3:96:1f:e2:47:36:da:60:80:39:d7:
                    2a:d1:7d:0e:73:7b:13:5d:75:79:88:f0:69:a7:82:
                    90:80:aa:54:f3:2d:7e:93:9e:46:bd:81:f6:8d:55:
                    cb:1e:5a:b9:34:7e:74:b6:90:2c:20:a1:a6:79:50:
                    7b:a0:36:b1:9f:ff:82:f7:cc:fd:6e:6a:73:1c:40:
                    d7:ec:2a:20:cf:e0:f9:98:43:e9:c7:4b:25:82:0a:
                    f7:33:06:dc:71:61:14:27:78:54:7d:d6:ae:3b:65:
                    b2:90:31:fc:d6:33:9f:29:3b:9a:86:6d:be:72:e4:
                    a5:10:92:82:23:54:b1:a3:8b:b0:b9:8e:f6:b7:97:
                    5d:f1:de:4c:63:7b:3b:9b:3e:27:65:20:a9:85:f5:
                    68:77:e0:57:15:bf:a8:37:0e:38:43:73:40:c6:95:
                    b2:b0:94:a3:59:b8:86:ab:bc:16:36:fd:1e:f1:ac:
                    fe:63:37:fc:17:42:a6:b5:6b:8f:2b:e7:2f:39:34:
                    29:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:52:4B:22:93:B7:0C:6C:50:BD:3F:C5:92:7C:85:1C:6E:8A:E4:46
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/WVJLIpO3DGxQvT_FknyFHG6K5EY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:47:8f:c7:52:4d:f8:8b:d7:ac:0e:db:eb:3f:cb:e0:e5:bd:
         9b:b7:8d:d5:5b:80:98:f9:d3:a4:17:de:1e:0e:d1:e6:99:e5:
         9f:ab:82:cf:6e:58:8a:65:be:73:02:54:1b:97:4f:ea:19:72:
         62:8a:ee:33:97:e0:f6:76:d1:e5:61:5a:73:ae:4b:32:88:9d:
         a6:b3:eb:ee:68:f4:c5:67:bc:b3:4b:d5:33:d7:32:08:c4:2a:
         d2:6d:a9:4e:ac:75:77:f9:07:d2:9e:ba:db:80:17:6a:9c:19:
         aa:93:94:9c:c0:71:1b:51:8c:6d:54:06:a7:60:d4:a1:11:7d:
         42:e5:88:fd:4a:ff:32:21:91:f7:95:63:f9:ba:f8:61:9f:d2:
         aa:2f:8d:16:4b:93:ea:d8:04:63:79:6e:0b:f8:73:64:d0:f0:
         5b:78:65:28:bf:af:17:54:c4:e1:54:ff:f7:90:21:4d:00:93:
         cc:29:3f:68:23:7c:90:c9:df:74:12:d2:2c:a7:8e:a0:de:61:
         4d:a7:dc:a4:86:ea:f9:e9:92:9a:c8:10:d4:90:a4:9c:76:24:
         15:e0:d5:40:a6:4e:9b:a4:16:72:c5:ae:20:ca:31:eb:88:67:
         54:55:8c:1c:83:36:0d:09:84:ea:b9:a1:45:cf:d6:10:88:79:
         bf:3a:be:f9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZxKLzSItEe0iGBWcUPdyoFHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMjExMDA1MjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTUyNGIyMjkzYjcwYzZjNTBiZDNmYzU5MjdjODUxYzZlOGFlNDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6G1vIcfpdWxrVdJqxLYZIOgeb0Qu
NlGaeXx3Y+IWEVWrY18SRrX5ta4FqiLVYDB8sKRjaumt2KSEEvVQqkYI05Yf4kc2
2mCAOdcq0X0Oc3sTXXV5iPBpp4KQgKpU8y1+k55GvYH2jVXLHlq5NH50tpAsIKGm
eVB7oDaxn/+C98z9bmpzHEDX7Cogz+D5mEPpx0slggr3MwbccWEUJ3hUfdauO2Wy
kDH81jOfKTuahm2+cuSlEJKCI1Sxo4uwuY72t5dd8d5MY3s7mz4nZSCphfVod+BX
Fb+oNw44Q3NAxpWysJSjWbiGq7wWNv0e8az+Yzf8F0KmtWuPK+cvOTQpBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFlSSyKTtwxsUL0/xZJ8hRxuiuRGMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvV1ZKTElwTzNER3hRdlRfRmtueUZIRzZLNUVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQAF
MA0GCSqGSIb3DQEBCwUAA4IBAQBpR4/HUk34i9esDtvrP8vg5b2bt43VW4CY+dOk
F94eDtHmmeWfq4LPbliKZb5zAlQbl0/qGXJiiu4zl+D2dtHlYVpzrksyiJ2ms+vu
aPTFZ7yzS9Uz1zIIxCrSbalOrHV3+QfSnrrbgBdqnBmqk5ScwHEbUYxtVAanYNSh
EX1C5Yj9Sv8yIZH3lWP5uvhhn9KqL40WS5Pq2ARjeW4L+HNk0PBbeGUov68XVMTh
VP/3kCFNAJPMKT9oI3yQyd90EtIsp46g3mFNp9ykhur56ZKayBDUkKScdiQV4NVA
pk6bpBZyxa4gyjHriGdUVYwcgzYNCYTquaFFz9YQiHm/Or75
-----END CERTIFICATE-----