Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/wD2e51GHWMpnL-eBr1AdTtsV3d4.roa
File:                     wD2e51GHWMpnL-eBr1AdTtsV3d4.roa (raw, json)
Hash identifier:          E/mfJF/lhpjitoIHVXZNP3GGPWP/a0ENNTWXpYt/i3I=
Subject key identifier:   C0:3D:9E:E7:51:87:58:CA:67:2F:E7:81:AF:50:1D:4E:DB:15:DD:DE
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019C4A301E67007C316A30FA3D5595D57174
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/wD2e51GHWMpnL-eBr1AdTtsV3d4.roa
Signing time:             Wed 11 Feb 2026 00:53:13 +0000
ROA not before:           Wed 11 Feb 2026 00:53:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215030
IP address blocks:        2a06:9801:1a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 13:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4a:30:1e:67:00:7c:31:6a:30:fa:3d:55:95:d5:71:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Feb 11 00:53:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c03d9ee7518758ca672fe781af501d4edb15ddde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b3:e6:95:a4:e0:60:65:12:f3:a8:ba:30:aa:
                    6e:ef:33:0d:46:75:03:3b:35:fa:1f:6d:af:74:04:
                    47:30:2f:88:f9:8f:a8:8d:98:2c:5a:a8:5c:14:72:
                    66:87:d5:ac:42:ed:5e:92:d9:f4:49:c2:69:12:2e:
                    f3:af:bd:71:9b:af:58:cd:48:c8:e0:06:67:fc:11:
                    58:a3:00:c1:bf:ab:c6:ee:1d:72:96:5b:78:ce:62:
                    f1:bc:8d:11:2e:d4:64:f3:cc:57:d4:8e:98:88:92:
                    b1:0a:0c:0c:ea:af:39:2b:73:e2:79:77:9e:9a:6f:
                    af:3b:69:a1:1a:ea:75:ab:c2:ba:27:76:a5:c9:ae:
                    10:e5:3d:6c:dd:bb:7b:ab:5c:b4:70:89:d0:d3:75:
                    05:ee:ba:de:47:96:9e:7e:4b:96:e2:db:30:f8:da:
                    cc:8a:b0:18:8b:08:fa:2b:c0:a9:23:1b:b3:f6:45:
                    54:d8:a7:ab:2f:21:01:2e:46:e4:0d:e2:55:09:5f:
                    98:3d:bf:60:83:3a:53:f9:52:d2:c3:de:a4:bc:81:
                    62:cd:56:d5:e8:c1:f2:7d:97:90:14:b4:90:a7:76:
                    ff:92:3e:3d:a8:85:4c:8b:e7:5c:30:48:64:0f:a2:
                    10:27:b2:db:fd:7d:c4:6c:82:4c:b0:09:dd:ec:07:
                    0d:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:3D:9E:E7:51:87:58:CA:67:2F:E7:81:AF:50:1D:4E:DB:15:DD:DE
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/wD2e51GHWMpnL-eBr1AdTtsV3d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:1a::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:f9:71:2f:3b:bb:47:bd:2b:62:bf:27:7b:d4:45:84:cd:bc:
         3c:d3:ac:16:f6:93:a0:d7:6d:ab:ee:c4:2d:04:2b:d9:43:46:
         39:66:9a:dd:24:f6:8a:40:77:93:8d:ea:71:aa:e5:20:6f:b0:
         a4:81:10:7e:26:6e:7a:73:34:c0:53:a5:54:c0:57:b9:47:a7:
         21:35:53:e6:e6:d7:2d:29:8c:f3:1b:b4:45:c0:20:09:4f:1a:
         e2:fa:0d:bf:a1:d6:c6:d8:ab:0f:e7:c1:fe:38:56:72:6d:89:
         6f:62:b6:e2:44:bc:18:4d:ea:a7:c8:1f:2b:89:df:d5:30:56:
         5c:3c:4f:d5:17:1b:8d:7d:6b:7b:b4:e8:6f:6d:0f:74:fe:a0:
         f4:c8:2b:3a:4f:c3:cc:e0:e9:a2:ee:df:08:22:71:ed:f9:24:
         fd:db:16:1d:09:cd:3c:65:ab:3b:4c:0f:48:ec:98:27:3c:98:
         6e:1f:32:df:39:be:47:e1:83:50:ba:37:ae:12:71:4c:c5:b1:
         3a:04:02:a8:c5:0d:a3:b7:7a:c7:c9:21:4f:5d:7b:8b:e8:58:
         92:d2:38:97:49:54:05:e6:dd:da:a1:1c:ad:ff:61:f0:be:c9:
         d9:cf:82:2d:31:92:dd:42:e8:78:bb:62:7d:27:8d:9c:20:37:
         f8:0c:19:37
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZxKMB5nAHwxajD6PVWV1XF0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMjExMDA1MzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDNkOWVlNzUxODc1OGNhNjcyZmU3ODFhZjUwMWQ0ZWRiMTVkZGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLPmlaTgYGUS86i6MKpu7zMNRnUD
OzX6H22vdARHMC+I+Y+ojZgsWqhcFHJmh9WsQu1ektn0ScJpEi7zr71xm69YzUjI
4AZn/BFYowDBv6vG7h1yllt4zmLxvI0RLtRk88xX1I6YiJKxCgwM6q85K3PieXee
mm+vO2mhGup1q8K6J3alya4Q5T1s3bt7q1y0cInQ03UF7rreR5aefkuW4tsw+NrM
irAYiwj6K8CpIxuz9kVU2KerLyEBLkbkDeJVCV+YPb9ggzpT+VLSw96kvIFizVbV
6MHyfZeQFLSQp3b/kj49qIVMi+dcMEhkD6IQJ7Lb/X3EbIJMsAnd7AcN6QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMA9nudRh1jKZy/nga9QHU7bFd3eMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvd0QyZTUxR0hXTXBuTC1lQnIxQWRUdHNWM2Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQAa
MA0GCSqGSIb3DQEBCwUAA4IBAQCA+XEvO7tHvStivyd71EWEzbw806wW9pOg122r
7sQtBCvZQ0Y5ZprdJPaKQHeTjepxquUgb7CkgRB+Jm56czTAU6VUwFe5R6chNVPm
5tctKYzzG7RFwCAJTxri+g2/odbG2KsP58H+OFZybYlvYrbiRLwYTeqnyB8rid/V
MFZcPE/VFxuNfWt7tOhvbQ90/qD0yCs6T8PM4Omi7t8IInHt+ST92xYdCc08Zas7
TA9I7JgnPJhuHzLfOb5H4YNQujeuEnFMxbE6BAKoxQ2jt3rHySFPXXuL6FiS0jiX
SVQF5t3aoRyt/2HwvsnZz4ItMZLdQuh4u2J9J42cIDf4DBk3
-----END CERTIFICATE-----