Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/3bb1a5-941e-4a61-943e-faae4baebeff/1/UwQ7sjuo9Z4xTTN4jy0Vg5YZCzs.roa
File:                     UwQ7sjuo9Z4xTTN4jy0Vg5YZCzs.roa (raw, json)
Hash identifier:          6Mr+bWC9I29W/ywa1Cv/2GSNSvhjZ295ZxgyavssNUw=
Subject key identifier:   53:04:3B:B2:3B:A8:F5:9E:31:4D:33:78:8F:2D:15:83:96:19:0B:3B
Certificate issuer:       /CN=454f9d2dbed974538405a79f6ec7e86c4aedd3d1
Certificate serial:       019C568D16B18AE763F05A762BEA3CA403B4
Authority key identifier: 45:4F:9D:2D:BE:D9:74:53:84:05:A7:9F:6E:C7:E8:6C:4A:ED:D3:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RU-dLb7ZdFOEBaefbsfobErt09E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/3bb1a5-941e-4a61-943e-faae4baebeff/1/UwQ7sjuo9Z4xTTN4jy0Vg5YZCzs.roa
Signing time:             Fri 13 Feb 2026 10:30:12 +0000
ROA not before:           Fri 13 Feb 2026 10:30:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        2a0d:9980::/29 maxlen: 29
                          2a0f:5940::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/3bb1a5-941e-4a61-943e-faae4baebeff/1/RU-dLb7ZdFOEBaefbsfobErt09E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/3bb1a5-941e-4a61-943e-faae4baebeff/1/RU-dLb7ZdFOEBaefbsfobErt09E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RU-dLb7ZdFOEBaefbsfobErt09E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 13:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:56:8d:16:b1:8a:e7:63:f0:5a:76:2b:ea:3c:a4:03:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=454f9d2dbed974538405a79f6ec7e86c4aedd3d1
        Validity
            Not Before: Feb 13 10:30:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=53043bb23ba8f59e314d33788f2d158396190b3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:87:3a:c0:fd:cb:91:3e:b6:86:f9:60:b0:5f:
                    39:dd:43:3d:c0:1c:19:4e:6b:04:fc:59:cc:6f:81:
                    33:c4:46:79:4b:4d:61:8b:76:12:67:3e:24:94:9b:
                    5b:36:86:63:d9:5c:12:06:f6:c9:81:29:4b:05:de:
                    26:e8:00:52:61:81:9d:fe:28:6b:b4:a3:0f:c1:db:
                    58:63:d1:4a:88:0e:2e:7a:a6:d4:cd:72:d4:1f:10:
                    5e:02:b1:35:d5:75:02:1d:36:53:0c:a3:3f:57:38:
                    54:2c:a7:67:28:e5:1d:2a:d4:5e:05:63:e3:27:f1:
                    0d:60:ae:dd:25:05:62:83:0f:17:b4:c8:af:95:3a:
                    60:77:0e:7b:cf:c1:f7:20:e1:4d:a2:e5:81:38:d0:
                    42:15:9d:bd:86:8b:68:54:6f:50:de:7c:d2:12:12:
                    a6:8a:56:2c:40:5c:32:ee:ec:4e:57:3c:d0:4b:2e:
                    09:7b:b5:e1:c9:f1:e6:32:4d:a9:99:25:4f:a9:c5:
                    d4:0a:0a:a5:9a:c1:b3:5d:df:ac:ed:df:af:99:8a:
                    ae:1e:51:b2:b5:99:18:ca:4b:00:09:75:05:c4:83:
                    18:63:e4:04:15:0f:a6:45:89:12:7b:76:fa:4d:51:
                    9f:db:d4:3a:3d:e3:4d:b9:08:c1:85:b7:22:a9:3c:
                    2d:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:04:3B:B2:3B:A8:F5:9E:31:4D:33:78:8F:2D:15:83:96:19:0B:3B
            X509v3 Authority Key Identifier:
                keyid:45:4F:9D:2D:BE:D9:74:53:84:05:A7:9F:6E:C7:E8:6C:4A:ED:D3:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RU-dLb7ZdFOEBaefbsfobErt09E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/3bb1a5-941e-4a61-943e-faae4baebeff/1/UwQ7sjuo9Z4xTTN4jy0Vg5YZCzs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/3bb1a5-941e-4a61-943e-faae4baebeff/1/RU-dLb7ZdFOEBaefbsfobErt09E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:9980::/29
                  2a0f:5940::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:34:56:a1:6e:fd:bf:b8:6b:79:e7:1e:ce:2e:bb:db:ce:cf:
         91:1f:52:83:b1:fb:39:6d:7a:f7:9f:55:f8:80:c3:9f:67:68:
         fc:5e:28:29:ae:59:9f:f6:02:bc:8d:6b:7a:a0:96:b0:bc:01:
         f1:cc:ed:9e:bb:94:50:9d:e0:38:f0:87:53:65:96:b6:8d:fc:
         37:60:84:9b:76:36:41:59:d0:8a:2e:31:e8:f6:51:30:ba:af:
         73:09:19:ea:4d:cd:c5:77:3b:43:52:97:58:57:88:89:eb:53:
         06:78:7b:29:21:ec:15:56:e4:4a:34:78:3e:e2:b4:b2:00:bd:
         9e:10:98:2c:d3:56:37:f1:95:6d:2c:7d:26:01:3c:da:89:b7:
         b0:bc:f8:c5:8f:3a:0a:7f:fa:56:8d:14:6a:a0:5c:b5:6b:d2:
         32:bb:28:60:24:06:be:26:20:0a:ca:c0:f0:4c:b9:bb:9e:ab:
         0d:ff:7b:99:93:c9:e3:f7:20:80:2e:c7:02:e1:63:30:f5:70:
         9e:87:59:e6:e9:e0:5c:a0:26:ca:33:ef:44:f8:e4:2b:74:42:
         f2:5f:0b:55:19:d3:8f:2d:fc:a5:2a:c1:9e:4c:33:ac:67:b7:
         be:cb:fa:c5:36:8f:ab:7f:1c:25:3a:bc:f7:98:2b:44:86:47:
         ca:3f:dd:14
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZxWjRaxiudj8Fp2K+o8pAO0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1NGY5ZDJkYmVkOTc0NTM4NDA1YTc5ZjZlYzdlODZjNGFl
ZGQzZDEwHhcNMjYwMjEzMTAzMDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzA0M2JiMjNiYThmNTllMzE0ZDMzNzg4ZjJkMTU4Mzk2MTkwYjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14c6wP3LkT62hvlgsF853UM9wBwZ
TmsE/FnMb4EzxEZ5S01hi3YSZz4klJtbNoZj2VwSBvbJgSlLBd4m6ABSYYGd/ihr
tKMPwdtYY9FKiA4ueqbUzXLUHxBeArE11XUCHTZTDKM/VzhULKdnKOUdKtReBWPj
J/ENYK7dJQVigw8XtMivlTpgdw57z8H3IOFNouWBONBCFZ29hotoVG9Q3nzSEhKm
ilYsQFwy7uxOVzzQSy4Je7XhyfHmMk2pmSVPqcXUCgqlmsGzXd+s7d+vmYquHlGy
tZkYyksACXUFxIMYY+QEFQ+mRYkSe3b6TVGf29Q6PeNNuQjBhbciqTwtmQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFMEO7I7qPWeMU0zeI8tFYOWGQs7MB8GA1UdIwQY
MBaAFEVPnS2+2XRThAWnn27H6GxK7dPRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlUtZExiN1pkRk9FQmFlZmJzZm9iRXJ0MDlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC8zYmIxYTUtOTQxZS00YTYxLTk0M2Ut
ZmFhZTRiYWViZWZmLzEvVXdRN3NqdW85WjR4VFRONGp5MFZnNVlaQ3pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC8zYmIxYTUtOTQxZS00YTYxLTk0M2UtZmFhZTRiYWViZWZm
LzEvUlUtZExiN1pkRk9FQmFlZmJzZm9iRXJ0MDlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKg2ZgAMF
AyoPWUAwDQYJKoZIhvcNAQELBQADggEBAHs0VqFu/b+4a3nnHs4uu9vOz5EfUoOx
+zltevefVfiAw59naPxeKCmuWZ/2AryNa3qglrC8AfHM7Z67lFCd4Djwh1NllraN
/DdghJt2NkFZ0IouMej2UTC6r3MJGepNzcV3O0NSl1hXiInrUwZ4eykh7BVW5Eo0
eD7itLIAvZ4QmCzTVjfxlW0sfSYBPNqJt7C8+MWPOgp/+laNFGqgXLVr0jK7KGAk
Br4mIArKwPBMubueqw3/e5mTyeP3IIAuxwLhYzD1cJ6HWebp4FygJsoz70T45Ct0
QvJfC1UZ048t/KUqwZ5MM6xnt77L+sU2j6t/HCU6vPeYK0SGR8o/3RQ=
-----END CERTIFICATE-----