Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/fMdIJEmiqWNtp94ut6rupnRwzTU.roa
File:                     fMdIJEmiqWNtp94ut6rupnRwzTU.roa (raw, json)
Hash identifier:          wYuArCVrDBLw8aFTNvd/BThBfn1RhIVj1+XDwpQL6MA=
Subject key identifier:   7C:C7:48:24:49:A2:A9:63:6D:A7:DE:2E:B7:AA:EE:A6:74:70:CD:35
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019C543BD447C989DE3D6B676B2C67840C2C
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/fMdIJEmiqWNtp94ut6rupnRwzTU.roa
Signing time:             Thu 12 Feb 2026 23:42:12 +0000
ROA not before:           Thu 12 Feb 2026 23:42:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203704
IP address blocks:        2a06:9801:81::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 04:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:54:3b:d4:47:c9:89:de:3d:6b:67:6b:2c:67:84:0c:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Feb 12 23:42:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7cc7482449a2a9636da7de2eb7aaeea67470cd35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:55:d0:87:7f:a0:8c:17:d5:68:30:21:87:b8:
                    d8:ca:09:e0:80:7b:6d:8e:c1:b0:3b:a3:f2:85:18:
                    f2:2f:b7:42:16:fa:fb:ec:98:4a:fe:b5:14:dc:52:
                    19:8c:d0:cb:14:fe:15:65:51:6b:f6:09:11:d1:b3:
                    89:d3:96:73:e3:40:e6:b5:38:17:1f:1d:5f:bc:86:
                    0f:f3:f7:c9:73:a0:db:37:02:c3:6a:5c:b0:f2:cb:
                    ef:fd:16:0a:52:66:e6:e1:c6:ce:15:0f:87:c1:07:
                    af:6f:18:4f:0c:7e:5b:d8:2f:f6:53:e2:ae:b5:de:
                    f6:b7:b6:7d:74:fb:02:4d:8d:21:d1:e7:c1:55:e6:
                    57:98:f9:96:3e:5f:ab:f1:af:14:6b:f3:27:fe:60:
                    af:9c:0a:e1:12:5e:ba:9a:d2:43:7c:75:b9:48:c6:
                    99:1f:6a:0d:a8:7b:48:b1:79:84:3a:83:4d:09:e6:
                    b6:3f:15:b5:e1:1d:05:d3:1b:51:c1:01:94:14:4d:
                    76:c7:d4:13:b8:3e:4c:2e:97:bc:04:ea:07:2b:28:
                    3e:fc:b5:8c:d7:f9:eb:6e:27:f9:63:1f:0e:df:b4:
                    a4:57:e2:ce:23:61:da:7b:60:fe:2b:69:92:60:15:
                    5c:43:26:d1:72:f9:74:c4:c7:e8:3e:4a:9c:77:08:
                    f2:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:C7:48:24:49:A2:A9:63:6D:A7:DE:2E:B7:AA:EE:A6:74:70:CD:35
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/fMdIJEmiqWNtp94ut6rupnRwzTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:81::/48

    Signature Algorithm: sha256WithRSAEncryption
         46:20:62:50:4d:40:ce:f8:c0:81:41:d5:81:af:d2:eb:e2:29:
         2b:e7:ab:de:94:60:77:0e:2c:bc:3c:ea:b6:2a:33:90:76:d5:
         5a:8b:47:e9:23:90:c4:b1:bc:4a:48:2f:e9:f3:e4:99:29:7c:
         cd:a7:44:2f:95:3d:b0:09:40:f2:e6:73:d3:de:db:f9:ea:78:
         80:d0:87:da:de:66:46:e7:f1:cd:53:72:8d:6b:99:80:d7:6a:
         f3:81:d2:b6:f3:b0:ab:c6:b5:73:5a:12:8c:96:16:a8:88:4a:
         da:e2:91:ae:87:df:cb:3c:07:7f:ab:7b:9d:93:f5:64:c2:4c:
         9d:43:ad:30:f3:87:74:3d:02:86:f8:bd:bd:18:b1:19:b7:93:
         19:a6:a4:92:f8:b3:24:99:e6:d9:d6:0d:3f:2e:08:2a:fd:e3:
         32:3c:cf:22:1c:08:c9:67:e7:c4:51:8e:d1:0a:08:c6:ab:fa:
         00:2e:fa:e5:1f:eb:22:f4:db:a1:eb:4a:d4:8d:7a:21:68:fb:
         56:53:ea:d6:9f:33:eb:3e:a6:eb:2b:a8:4a:19:d8:11:1b:fa:
         af:4d:b1:04:bc:ed:01:e6:04:a9:76:6c:29:5a:95:65:71:91:
         ad:2f:8d:8e:b7:24:93:41:57:a0:bc:11:ac:ae:6c:85:fc:ab:
         4d:79:be:74
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZxUO9RHyYnePWtnayxnhAwsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMjEyMjM0MjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2M3NDgyNDQ5YTJhOTYzNmRhN2RlMmViN2FhZWVhNjc0NzBjZDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1XQh3+gjBfVaDAhh7jYygnggHtt
jsGwO6PyhRjyL7dCFvr77JhK/rUU3FIZjNDLFP4VZVFr9gkR0bOJ05Zz40DmtTgX
Hx1fvIYP8/fJc6DbNwLDalyw8svv/RYKUmbm4cbOFQ+HwQevbxhPDH5b2C/2U+Ku
td72t7Z9dPsCTY0h0efBVeZXmPmWPl+r8a8Ua/Mn/mCvnArhEl66mtJDfHW5SMaZ
H2oNqHtIsXmEOoNNCea2PxW14R0F0xtRwQGUFE12x9QTuD5MLpe8BOoHKyg+/LWM
1/nrbif5Yx8O37SkV+LOI2Hae2D+K2mSYBVcQybRcvl0xMfoPkqcdwjyAQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHzHSCRJoqljbafeLreq7qZ0cM01MB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvZk1kSUpFbWlxV050cDk0dXQ2cnVwblJ3elRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQCB
MA0GCSqGSIb3DQEBCwUAA4IBAQBGIGJQTUDO+MCBQdWBr9Lr4ikr56velGB3Diy8
POq2KjOQdtVai0fpI5DEsbxKSC/p8+SZKXzNp0QvlT2wCUDy5nPT3tv56niA0Ifa
3mZG5/HNU3KNa5mA12rzgdK287CrxrVzWhKMlhaoiEra4pGuh9/LPAd/q3udk/Vk
wkydQ60w84d0PQKG+L29GLEZt5MZpqSS+LMkmebZ1g0/Lggq/eMyPM8iHAjJZ+fE
UY7RCgjGq/oALvrlH+si9Nuh60rUjXohaPtWU+rWnzPrPqbrK6hKGdgRG/qvTbEE
vO0B5gSpdmwpWpVlcZGtL42OtySTQVegvBGsrmyF/KtNeb50
-----END CERTIFICATE-----