Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/fYhnGLcy2_Ou27KADH18mycTzz4.roa
File:                     fYhnGLcy2_Ou27KADH18mycTzz4.roa (raw, json)
Hash identifier:          sP66OdJ/+I0oQxB3kcnMaYSOI2OOAjekthsNq69mxkE=
Subject key identifier:   7D:88:67:18:B7:32:DB:F3:AE:DB:B2:80:0C:7D:7C:9B:27:13:CF:3E
Certificate issuer:       /CN=f00bdcc444173f5994de34a3bf63f3ad9764c6d1
Certificate serial:       019C6AFD53A7F62D33E5C20989D7F3061939
Authority key identifier: F0:0B:DC:C4:44:17:3F:59:94:DE:34:A3:BF:63:F3:AD:97:64:C6:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8AvcxEQXP1mU3jSjv2PzrZdkxtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/fYhnGLcy2_Ou27KADH18mycTzz4.roa
Signing time:             Tue 17 Feb 2026 09:45:12 +0000
ROA not before:           Tue 17 Feb 2026 09:45:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214891
IP address blocks:        2a10:ab80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/8AvcxEQXP1mU3jSjv2PzrZdkxtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/8AvcxEQXP1mU3jSjv2PzrZdkxtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8AvcxEQXP1mU3jSjv2PzrZdkxtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 20:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6a:fd:53:a7:f6:2d:33:e5:c2:09:89:d7:f3:06:19:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f00bdcc444173f5994de34a3bf63f3ad9764c6d1
        Validity
            Not Before: Feb 17 09:45:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7d886718b732dbf3aedbb2800c7d7c9b2713cf3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:fd:96:33:4c:8d:c9:0f:34:56:ee:99:1b:7c:
                    dd:e7:43:49:1c:15:7b:d4:bc:cb:43:0e:1c:f4:da:
                    fb:fa:f6:ca:ba:5a:47:79:69:01:1a:f0:26:31:58:
                    f5:2c:78:eb:af:06:28:81:0f:71:4d:58:43:a8:c6:
                    bd:61:0a:5a:16:a9:78:54:80:91:e5:57:7b:8b:40:
                    3a:f0:97:53:9f:18:bd:c4:19:dd:a7:b9:57:fc:4e:
                    71:97:d6:22:ea:c4:2f:22:b0:ca:7e:d4:f2:f6:87:
                    47:39:c6:b2:fa:f9:b8:52:5f:7b:13:25:ed:0f:9f:
                    f1:4b:de:37:32:87:68:4f:79:89:f3:67:f3:57:7c:
                    86:b4:d9:75:34:09:b2:9f:47:50:df:73:99:86:e6:
                    21:b6:9f:2a:b0:7b:e2:0a:25:e6:4c:10:58:99:2c:
                    02:81:27:ae:32:cd:0e:5b:5a:6f:e9:35:5a:89:06:
                    4d:3d:f7:02:38:5b:2c:c3:ba:14:25:a7:ea:3a:9c:
                    d2:43:5e:d8:71:c8:b9:a5:2f:34:56:79:72:cf:f6:
                    50:8b:b6:d9:ab:9a:c3:ca:20:48:a1:05:f3:02:cc:
                    f8:3d:89:70:4a:58:d8:0e:2e:82:de:99:df:20:cd:
                    ef:82:c2:6b:e8:c9:3d:89:0e:90:04:e8:ae:3d:cf:
                    67:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:88:67:18:B7:32:DB:F3:AE:DB:B2:80:0C:7D:7C:9B:27:13:CF:3E
            X509v3 Authority Key Identifier:
                keyid:F0:0B:DC:C4:44:17:3F:59:94:DE:34:A3:BF:63:F3:AD:97:64:C6:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8AvcxEQXP1mU3jSjv2PzrZdkxtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/fYhnGLcy2_Ou27KADH18mycTzz4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/8AvcxEQXP1mU3jSjv2PzrZdkxtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ab80::/29

    Signature Algorithm: sha256WithRSAEncryption
         02:1d:4e:7b:62:8f:e9:eb:50:69:a2:52:e3:c1:c9:da:64:55:
         4e:0e:d4:ac:10:b5:4c:ad:7b:bd:34:a8:80:f4:f8:84:0f:c1:
         b0:1c:32:8c:e0:9f:91:05:4d:de:2a:95:58:84:90:82:d9:f3:
         8f:51:9f:bf:ce:8e:48:dd:7d:82:5f:26:11:f4:ad:f0:a9:42:
         f0:56:85:2f:21:2d:4e:02:8c:17:f2:44:27:b2:8a:6f:15:91:
         71:8d:cd:18:e1:7a:08:37:89:22:d6:a6:16:0c:02:84:8c:90:
         55:0e:bc:f8:02:ba:59:50:57:eb:78:60:ac:5f:fd:ad:f7:a4:
         7f:ac:da:6b:06:fb:ba:cb:48:a8:94:dd:1d:f2:a0:3b:3a:b3:
         cc:81:c5:08:ae:67:e9:4f:7c:50:a1:e1:bd:db:1c:f5:32:7d:
         35:c6:7b:95:e1:a4:dd:77:13:fe:8b:32:0a:57:50:40:41:76:
         39:33:69:be:6a:05:05:96:7a:41:52:4a:38:08:45:b6:bd:64:
         28:e2:86:37:88:8d:e7:3a:63:21:d1:c4:7c:34:1d:b3:6f:04:
         d2:93:d9:64:b7:41:0f:92:8e:bc:9e:02:b6:e4:34:91:b0:c8:
         13:93:01:64:c9:b4:c4:7a:6a:aa:e9:7f:31:ec:3a:a1:73:6e:
         31:56:c4:fb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZxq/VOn9i0z5cIJidfzBhk5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMGJkY2M0NDQxNzNmNTk5NGRlMzRhM2JmNjNmM2FkOTc2
NGM2ZDEwHhcNMjYwMjE3MDk0NTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDg4NjcxOGI3MzJkYmYzYWVkYmIyODAwYzdkN2M5YjI3MTNjZjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/2WM0yNyQ80Vu6ZG3zd50NJHBV7
1LzLQw4c9Nr7+vbKulpHeWkBGvAmMVj1LHjrrwYogQ9xTVhDqMa9YQpaFql4VICR
5Vd7i0A68JdTnxi9xBndp7lX/E5xl9Yi6sQvIrDKftTy9odHOcay+vm4Ul97EyXt
D5/xS943ModoT3mJ82fzV3yGtNl1NAmyn0dQ33OZhuYhtp8qsHviCiXmTBBYmSwC
gSeuMs0OW1pv6TVaiQZNPfcCOFssw7oUJafqOpzSQ17Ycci5pS80Vnlyz/ZQi7bZ
q5rDyiBIoQXzAsz4PYlwSljYDi6C3pnfIM3vgsJr6Mk9iQ6QBOiuPc9niQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFH2IZxi3MtvzrtuygAx9fJsnE88+MB8GA1UdIwQY
MBaAFPAL3MREFz9ZlN40o79j862XZMbRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEF2Y3hFUVhQMW1VM2pTanYyUHpyWmRreHRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9kNjJkZTEtMTE3My00ODhkLWFmMTYt
Y2ZhNWE0Yjg5ODZiLzEvZllobkdMY3kyX091MjdLQURIMThteWNUeno0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9kNjJkZTEtMTE3My00ODhkLWFmMTYtY2ZhNWE0Yjg5ODZi
LzEvOEF2Y3hFUVhQMW1VM2pTanYyUHpyWmRreHRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhCrgDAN
BgkqhkiG9w0BAQsFAAOCAQEAAh1Oe2KP6etQaaJS48HJ2mRVTg7UrBC1TK17vTSo
gPT4hA/BsBwyjOCfkQVN3iqVWISQgtnzj1Gfv86OSN19gl8mEfSt8KlC8FaFLyEt
TgKMF/JEJ7KKbxWRcY3NGOF6CDeJItamFgwChIyQVQ68+AK6WVBX63hgrF/9rfek
f6zaawb7ustIqJTdHfKgOzqzzIHFCK5n6U98UKHhvdsc9TJ9NcZ7leGk3XcT/osy
CldQQEF2OTNpvmoFBZZ6QVJKOAhFtr1kKOKGN4iN5zpjIdHEfDQds28E0pPZZLdB
D5KOvJ4CtuQ0kbDIE5MBZMm0xHpqqul/Mew6oXNuMVbE+w==
-----END CERTIFICATE-----