Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/ZSRpEEIVDpKJe62blRh1GKaRk4Y.roa
File:                     ZSRpEEIVDpKJe62blRh1GKaRk4Y.roa (raw, json)
Hash identifier:          xXqd7lQZI8N9FIgWZP6MzEeQoGbuMnjC1AsmJXjnwGM=
Subject key identifier:   65:24:69:10:42:15:0E:92:89:7B:AD:9B:95:18:75:18:A6:91:93:86
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019C690A5E957B195D8F373E836587803F22
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/ZSRpEEIVDpKJe62blRh1GKaRk4Y.roa
Signing time:             Tue 17 Feb 2026 00:40:13 +0000
ROA not before:           Tue 17 Feb 2026 00:40:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201129
IP address blocks:        2a06:9801:56::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:69:0a:5e:95:7b:19:5d:8f:37:3e:83:65:87:80:3f:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Feb 17 00:40:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6524691042150e92897bad9b95187518a6919386
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b3:77:00:47:2f:10:a5:bc:b9:bd:90:ad:db:
                    be:a4:d3:2c:ea:be:79:d3:cb:ef:22:c6:48:df:78:
                    be:bd:08:fb:b3:db:c0:7d:e3:2a:a1:a9:60:a9:3a:
                    85:d0:82:5a:d7:44:fd:42:e6:dc:e8:84:06:d8:ef:
                    84:ce:40:09:bd:cd:d1:bf:ac:34:1a:68:df:71:88:
                    1c:b5:8e:ed:09:cc:5f:86:5c:45:7d:3a:34:e1:5c:
                    a1:d7:9b:35:d0:c7:b0:34:59:76:97:ec:d4:c5:11:
                    c7:3f:c2:56:a8:ff:00:2f:64:e3:40:e8:0c:e2:0c:
                    c9:b7:46:77:31:d5:fd:0a:02:36:94:58:34:72:93:
                    a1:9d:02:1b:50:b4:35:f9:b6:95:c2:95:94:9c:78:
                    19:05:32:e1:c7:5d:ce:52:75:11:f5:dc:e4:ba:4f:
                    e7:f0:68:74:21:8f:a1:ae:95:dc:99:95:4a:84:52:
                    d2:ad:34:7f:fa:19:7c:54:00:37:ca:e8:04:9c:17:
                    f8:f7:3a:7f:2f:96:08:5d:ad:cb:76:6f:c1:73:d1:
                    4d:34:91:30:98:51:1d:b2:5d:e5:75:1e:66:d0:55:
                    df:89:5d:e2:e2:86:ba:29:9e:5a:52:4e:97:97:69:
                    bd:b0:9d:64:99:4f:98:90:a7:1a:87:26:b6:9a:aa:
                    d7:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:24:69:10:42:15:0E:92:89:7B:AD:9B:95:18:75:18:A6:91:93:86
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/ZSRpEEIVDpKJe62blRh1GKaRk4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:56::/48

    Signature Algorithm: sha256WithRSAEncryption
         8a:04:0f:74:cb:f9:70:5e:15:19:b4:c3:2f:52:53:d1:aa:e7:
         96:69:02:c8:9d:d7:d4:db:c0:a4:a9:c5:b2:4c:bb:bf:53:9d:
         f2:3a:e0:e8:cc:da:71:f9:51:68:f5:de:da:ef:09:01:0a:6a:
         6c:66:a2:0a:4c:e0:b7:21:2f:b6:9a:e0:b7:c4:6a:64:3c:ae:
         d5:1e:75:0b:fa:53:f2:ff:76:61:11:b7:32:07:fe:3d:7a:48:
         37:7a:59:9c:f3:4a:6b:b7:76:94:99:0d:78:ba:c8:54:e7:ec:
         6f:1a:28:5b:01:26:02:42:23:c3:97:cb:f6:4f:25:4c:bb:d6:
         81:be:92:20:f8:7c:be:7d:8a:fe:54:63:08:12:ed:40:7a:80:
         d7:13:25:6c:0f:6b:47:7f:f8:0d:f3:78:e1:25:08:82:74:eb:
         ae:9f:dd:b0:09:49:f3:47:f5:ca:4d:58:8e:69:1d:f7:36:12:
         2a:cc:7c:8b:6c:ad:8f:56:87:9c:b6:54:c5:5a:89:fd:87:bf:
         2a:4f:9a:b5:d0:f7:23:bc:2d:23:9c:f6:2d:ee:e2:7a:e7:5b:
         f5:4a:c6:37:f4:32:41:f5:d2:30:7b:d9:c2:88:1d:c0:0a:97:
         80:a2:84:af:53:d0:bd:0c:30:07:13:08:ea:4d:2a:69:74:94:
         75:45:a5:09
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZxpCl6Vexldjzc+g2WHgD8iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMjE3MDA0MDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTI0NjkxMDQyMTUwZTkyODk3YmFkOWI5NTE4NzUxOGE2OTE5Mzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurN3AEcvEKW8ub2Qrdu+pNMs6r55
08vvIsZI33i+vQj7s9vAfeMqoalgqTqF0IJa10T9Qubc6IQG2O+EzkAJvc3Rv6w0
GmjfcYgctY7tCcxfhlxFfTo04Vyh15s10MewNFl2l+zUxRHHP8JWqP8AL2TjQOgM
4gzJt0Z3MdX9CgI2lFg0cpOhnQIbULQ1+baVwpWUnHgZBTLhx13OUnUR9dzkuk/n
8Gh0IY+hrpXcmZVKhFLSrTR/+hl8VAA3yugEnBf49zp/L5YIXa3Ldm/Bc9FNNJEw
mFEdsl3ldR5m0FXfiV3i4oa6KZ5aUk6Xl2m9sJ1kmU+YkKcahya2mqrX7QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGUkaRBCFQ6SiXutm5UYdRimkZOGMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvWlNScEVFSVZEcEtKZTYyYmxSaDFHS2FSazRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQBW
MA0GCSqGSIb3DQEBCwUAA4IBAQCKBA90y/lwXhUZtMMvUlPRqueWaQLIndfU28Ck
qcWyTLu/U53yOuDozNpx+VFo9d7a7wkBCmpsZqIKTOC3IS+2muC3xGpkPK7VHnUL
+lPy/3ZhEbcyB/49ekg3elmc80prt3aUmQ14ushU5+xvGihbASYCQiPDl8v2TyVM
u9aBvpIg+Hy+fYr+VGMIEu1AeoDXEyVsD2tHf/gN83jhJQiCdOuun92wCUnzR/XK
TViOaR33NhIqzHyLbK2PVoectlTFWon9h78qT5q10PcjvC0jnPYt7uJ651v1SsY3
9DJB9dIwe9nCiB3ACpeAooSvU9C9DDAHEwjqTSppdJR1RaUJ
-----END CERTIFICATE-----