Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/eXbNac4tVpk9l9MidopZhW70kHo.roa
File:                     eXbNac4tVpk9l9MidopZhW70kHo.roa (raw, json)
Hash identifier:          AXt2hwXWJDrq5t8ZmKJqNMYfpGr6LoOFQyn2AOL1kQQ=
Subject key identifier:   79:76:CD:69:CE:2D:56:99:3D:97:D3:22:76:8A:59:85:6E:F4:90:7A
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019C54013C033599A257674B9734CD1CE9B3
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/eXbNac4tVpk9l9MidopZhW70kHo.roa
Signing time:             Thu 12 Feb 2026 22:38:12 +0000
ROA not before:           Thu 12 Feb 2026 22:38:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211577
IP address blocks:        2a06:9801:5c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:54:01:3c:03:35:99:a2:57:67:4b:97:34:cd:1c:e9:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Feb 12 22:38:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7976cd69ce2d56993d97d322768a59856ef4907a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:87:00:9e:d5:d1:39:29:f8:72:7e:a8:ae:b0:
                    97:82:e8:87:29:a3:d2:39:6b:b7:ac:27:dd:07:54:
                    10:97:b1:a6:9c:a4:a9:93:30:56:3a:b9:f8:e7:d6:
                    d1:08:a4:60:1d:72:c9:2b:f3:d2:95:4f:eb:e0:87:
                    1a:e4:bd:87:e1:31:6e:44:af:68:a3:1b:e8:ed:59:
                    ec:87:db:c6:17:cf:1d:d3:4d:af:9b:8c:fa:31:aa:
                    5b:08:b3:eb:c9:3c:32:6c:5b:5c:b1:3f:f7:96:22:
                    b7:8e:79:1d:8a:94:49:e8:71:05:fa:31:d5:95:b8:
                    53:26:bc:81:a3:46:c8:98:0b:a7:ca:5b:1e:eb:34:
                    47:e7:5f:cd:a4:1e:b6:d5:f9:a2:85:39:a6:80:04:
                    99:91:93:97:11:2c:7e:02:c0:6c:4d:36:47:d6:f5:
                    fa:79:81:e0:d8:df:3b:54:b7:32:6d:86:8c:91:7f:
                    b6:2b:aa:45:65:cc:1a:2c:eb:ea:62:b3:76:e9:00:
                    3d:2f:2f:87:a0:8e:82:e0:73:4e:b5:28:a8:0f:86:
                    72:ea:cc:8f:46:fe:1d:7d:82:cb:cf:da:82:10:94:
                    52:ad:26:6b:3e:3a:2d:f8:ea:24:c5:43:74:77:49:
                    72:d9:c5:6c:90:6a:38:33:53:2e:01:d3:28:18:ed:
                    1c:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:76:CD:69:CE:2D:56:99:3D:97:D3:22:76:8A:59:85:6E:F4:90:7A
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/eXbNac4tVpk9l9MidopZhW70kHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:5c::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:30:56:06:8d:d9:fa:de:03:81:6b:50:1b:06:c0:fa:8a:fe:
         ed:5e:da:9d:da:e5:ec:94:2a:e1:46:81:9a:33:3a:02:b0:53:
         08:af:55:a6:6d:3d:00:76:82:d0:39:49:0f:7c:88:6e:c6:d0:
         1f:cd:8c:70:30:69:4f:81:fc:71:48:77:f4:80:3c:fa:35:53:
         50:05:1c:6c:b0:9a:65:38:1a:d1:fa:87:67:d8:bb:63:e6:a0:
         40:5a:f5:18:de:dc:7b:16:f5:d3:6a:b8:1e:e1:88:47:26:05:
         03:0d:c3:19:db:e3:bc:9f:e3:73:07:eb:18:6d:73:80:39:cd:
         15:d6:d0:4f:e8:68:e1:fc:76:cd:9e:bf:06:5c:9b:08:d8:d4:
         d6:7d:23:d0:c7:fb:bd:d8:c1:ad:79:8c:78:cb:39:8b:7a:2c:
         ec:af:15:fb:cf:bc:da:27:47:5b:0b:53:b6:40:12:30:6c:a2:
         e1:9a:df:0a:b7:7d:38:67:af:22:39:58:3f:46:80:b7:b2:32:
         79:d1:8b:48:80:76:a9:09:c9:0c:6e:a8:53:de:0d:53:25:cd:
         ca:f6:d0:1b:2d:1b:b8:92:88:98:fd:e9:4a:a4:ae:02:eb:bf:
         4c:c5:ef:b1:58:71:ad:60:84:ae:e2:39:fe:ed:17:6d:97:e2:
         e0:c3:b5:4a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZxUATwDNZmiV2dLlzTNHOmzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMjEyMjIzODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTc2Y2Q2OWNlMmQ1Njk5M2Q5N2QzMjI3NjhhNTk4NTZlZjQ5MDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYcAntXROSn4cn6orrCXguiHKaPS
OWu3rCfdB1QQl7GmnKSpkzBWOrn459bRCKRgHXLJK/PSlU/r4Ica5L2H4TFuRK9o
oxvo7Vnsh9vGF88d002vm4z6MapbCLPryTwybFtcsT/3liK3jnkdipRJ6HEF+jHV
lbhTJryBo0bImAunylse6zRH51/NpB621fmihTmmgASZkZOXESx+AsBsTTZH1vX6
eYHg2N87VLcybYaMkX+2K6pFZcwaLOvqYrN26QA9Ly+HoI6C4HNOtSioD4Zy6syP
Rv4dfYLLz9qCEJRSrSZrPjot+OokxUN0d0ly2cVskGo4M1MuAdMoGO0cvQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHl2zWnOLVaZPZfTInaKWYVu9JB6MB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvZVhiTmFjNHRWcGs5bDlNaWRvcFpoVzcwa0hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQBc
MA0GCSqGSIb3DQEBCwUAA4IBAQBqMFYGjdn63gOBa1AbBsD6iv7tXtqd2uXslCrh
RoGaMzoCsFMIr1WmbT0AdoLQOUkPfIhuxtAfzYxwMGlPgfxxSHf0gDz6NVNQBRxs
sJplOBrR+odn2Ltj5qBAWvUY3tx7FvXTarge4YhHJgUDDcMZ2+O8n+NzB+sYbXOA
Oc0V1tBP6Gjh/HbNnr8GXJsI2NTWfSPQx/u92MGteYx4yzmLeizsrxX7z7zaJ0db
C1O2QBIwbKLhmt8Kt304Z68iOVg/RoC3sjJ50YtIgHapCckMbqhT3g1TJc3K9tAb
LRu4koiY/elKpK4C679Mxe+xWHGtYISu4jn+7Rdtl+Lgw7VK
-----END CERTIFICATE-----