Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/_l28hsFaCQvb3KYU9-IEkcRGqHk.roa
File:                     _l28hsFaCQvb3KYU9-IEkcRGqHk.roa (raw, json)
Hash identifier:          UL0HDeECsWmUYCPhplv+lq5HRTW5Rx6G8eHW8bBGUiM=
Subject key identifier:   FE:5D:BC:86:C1:5A:09:0B:DB:DC:A6:14:F7:E2:04:91:C4:46:A8:79
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019C8CCDDAC887C25E9F56C89E0FC93C1929
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/_l28hsFaCQvb3KYU9-IEkcRGqHk.roa
Signing time:             Mon 23 Feb 2026 23:20:26 +0000
ROA not before:           Mon 23 Feb 2026 23:20:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201039
IP address blocks:        2a06:9801:28::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 13:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8c:cd:da:c8:87:c2:5e:9f:56:c8:9e:0f:c9:3c:19:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Feb 23 23:20:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fe5dbc86c15a090bdbdca614f7e20491c446a879
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:76:d4:8f:4a:ed:d3:11:fd:4e:0f:e8:12:43:
                    37:ea:e4:0d:70:1e:41:80:a6:e5:5c:9f:e9:9b:a0:
                    03:b4:fc:fe:70:aa:4a:c7:40:86:1b:1e:44:cc:e2:
                    0d:41:72:04:de:d3:e8:fa:20:9f:65:73:50:00:3b:
                    e4:27:d5:05:71:cc:98:1a:30:9d:6a:f4:7e:94:9e:
                    44:7f:f3:60:e1:74:9f:30:a6:be:a9:12:95:99:02:
                    2d:57:37:fd:1b:b2:69:c2:a1:05:9a:49:a4:51:b0:
                    57:48:4b:5b:ee:ce:02:e8:32:83:52:6b:44:dc:c6:
                    7c:6b:cc:2a:d6:f3:0c:62:e1:d6:ca:e3:57:f1:d0:
                    c7:64:32:51:a0:39:98:8b:31:98:2d:f2:05:5b:6b:
                    e3:87:d0:22:46:8e:14:35:da:72:51:8b:21:7f:aa:
                    cf:e8:d7:60:5b:cb:25:1f:df:94:e8:78:51:df:de:
                    35:19:ae:9a:30:51:a7:c4:5f:4e:20:4f:96:4a:58:
                    1e:fc:04:64:87:e0:2f:95:62:2f:51:0a:d4:c5:13:
                    c3:cb:0f:a9:c4:2f:0b:06:2a:2f:31:5a:2f:36:41:
                    d2:fd:f3:53:22:1b:19:08:67:9a:08:c9:db:ca:46:
                    49:9a:0d:17:93:c9:15:b4:fb:b0:4c:70:c6:55:c7:
                    50:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:5D:BC:86:C1:5A:09:0B:DB:DC:A6:14:F7:E2:04:91:C4:46:A8:79
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/_l28hsFaCQvb3KYU9-IEkcRGqHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:28::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:20:fb:73:67:12:d7:45:cd:f9:77:4b:c4:c3:7f:fc:9d:79:
         e1:94:ea:0a:31:8d:d5:43:6c:67:c0:bc:22:62:c3:dd:1f:6d:
         81:54:d4:49:3f:70:65:96:62:8c:ec:17:fa:b7:84:7c:dd:54:
         44:3f:44:ea:0c:6b:c7:b1:f3:6f:ec:84:19:e1:f5:55:86:2b:
         9c:95:a1:6e:b6:2b:55:10:7d:9b:87:c4:1c:e1:22:18:81:ab:
         e9:43:b3:7e:ad:8e:f3:1e:5c:06:d9:a9:c2:cf:ba:38:62:80:
         99:16:38:04:82:26:b6:1f:9d:58:3e:f0:ce:32:e2:55:c2:09:
         18:87:41:07:72:70:b9:6f:62:3f:d9:07:c5:43:4d:65:57:b3:
         1b:3c:3d:fd:ea:48:a1:b9:cb:da:eb:37:8e:df:ee:da:c7:f4:
         5b:4b:6b:23:51:6d:24:24:90:58:56:5b:79:57:e7:7f:10:00:
         10:f0:4d:bc:91:03:cd:89:d4:50:32:29:d1:c4:ff:5d:10:25:
         99:f0:a7:44:d8:f0:1a:c4:8c:81:1a:0e:11:a3:64:c9:69:5c:
         1c:84:d5:f9:47:b5:57:28:8a:59:ef:4a:28:7f:98:72:53:4e:
         87:9c:4e:ae:37:5c:af:ef:50:25:d0:60:16:03:77:78:08:ea:
         3c:75:75:4b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZyMzdrIh8Jen1bIng/JPBkpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMjIzMjMyMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTVkYmM4NmMxNWEwOTBiZGJkY2E2MTRmN2UyMDQ5MWM0NDZhODc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5HbUj0rt0xH9Tg/oEkM36uQNcB5B
gKblXJ/pm6ADtPz+cKpKx0CGGx5EzOINQXIE3tPo+iCfZXNQADvkJ9UFccyYGjCd
avR+lJ5Ef/Ng4XSfMKa+qRKVmQItVzf9G7JpwqEFmkmkUbBXSEtb7s4C6DKDUmtE
3MZ8a8wq1vMMYuHWyuNX8dDHZDJRoDmYizGYLfIFW2vjh9AiRo4UNdpyUYshf6rP
6NdgW8slH9+U6HhR3941Ga6aMFGnxF9OIE+WSlge/ARkh+AvlWIvUQrUxRPDyw+p
xC8LBiovMVovNkHS/fNTIhsZCGeaCMnbykZJmg0Xk8kVtPuwTHDGVcdQMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP5dvIbBWgkL29ymFPfiBJHERqh5MB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvX2wyOGhzRmFDUXZiM0tZVTktSUVrY1JHcUhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQAo
MA0GCSqGSIb3DQEBCwUAA4IBAQARIPtzZxLXRc35d0vEw3/8nXnhlOoKMY3VQ2xn
wLwiYsPdH22BVNRJP3BllmKM7Bf6t4R83VREP0TqDGvHsfNv7IQZ4fVVhiuclaFu
titVEH2bh8Qc4SIYgavpQ7N+rY7zHlwG2anCz7o4YoCZFjgEgia2H51YPvDOMuJV
wgkYh0EHcnC5b2I/2QfFQ01lV7MbPD396kihucva6zeO3+7ax/RbS2sjUW0kJJBY
Vlt5V+d/EAAQ8E28kQPNidRQMinRxP9dECWZ8KdE2PAaxIyBGg4Ro2TJaVwchNX5
R7VXKIpZ70oof5hyU06HnE6uN1yv71Al0GAWA3d4COo8dXVL
-----END CERTIFICATE-----