Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/vSXSp5A3lM38ZHU363V73iY2sOY.roa
File:                     vSXSp5A3lM38ZHU363V73iY2sOY.roa (raw, json)
Hash identifier:          OEc0FstKUDyge4yjj89lJISWQxLtMasQvdcX8uQFwbM=
Subject key identifier:   BD:25:D2:A7:90:37:94:CD:FC:64:75:37:EB:75:7B:DE:26:36:B0:E6
Certificate issuer:       /CN=f00bdcc444173f5994de34a3bf63f3ad9764c6d1
Certificate serial:       019C7AD5C12BA1A65A86BEDF0C72C5F8F466
Authority key identifier: F0:0B:DC:C4:44:17:3F:59:94:DE:34:A3:BF:63:F3:AD:97:64:C6:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8AvcxEQXP1mU3jSjv2PzrZdkxtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/vSXSp5A3lM38ZHU363V73iY2sOY.roa
Signing time:             Fri 20 Feb 2026 11:35:54 +0000
ROA not before:           Fri 20 Feb 2026 11:35:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200775
IP address blocks:        2a10:ab80:3d9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/8AvcxEQXP1mU3jSjv2PzrZdkxtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/8AvcxEQXP1mU3jSjv2PzrZdkxtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8AvcxEQXP1mU3jSjv2PzrZdkxtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7a:d5:c1:2b:a1:a6:5a:86:be:df:0c:72:c5:f8:f4:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f00bdcc444173f5994de34a3bf63f3ad9764c6d1
        Validity
            Not Before: Feb 20 11:35:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bd25d2a7903794cdfc647537eb757bde2636b0e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:4b:bb:26:e4:af:bd:23:06:ce:36:be:2e:34:
                    31:ae:fa:73:2d:ce:48:ee:c6:ce:9e:75:40:b4:20:
                    97:7e:c6:35:52:10:6f:1f:de:42:86:d8:cd:ad:48:
                    18:0b:82:90:db:0a:12:c4:be:5c:ad:26:57:f3:79:
                    57:9e:00:b9:7d:7e:23:31:34:55:d0:d3:91:31:eb:
                    4e:7c:ca:de:fe:1f:97:8e:d6:bd:94:88:b6:f0:d6:
                    64:9a:3e:c5:1b:c0:04:c2:1a:20:71:ea:68:e8:03:
                    3f:f9:de:a0:2b:28:4c:20:09:1c:e6:57:31:f5:f0:
                    6f:a3:d4:91:b5:b0:5d:ef:66:3b:30:51:36:3d:05:
                    87:89:2a:2f:fe:50:a0:10:fd:3f:d5:09:3c:e9:e6:
                    76:46:49:1f:64:4f:2a:ca:61:b5:ff:3b:fa:af:41:
                    91:ad:aa:3f:fd:14:72:1b:a9:13:df:2a:1d:f8:d3:
                    8e:87:48:8a:23:37:d0:25:59:81:d3:5c:04:71:3f:
                    a7:39:9c:1e:a3:06:d0:bf:06:c2:4e:ad:8e:27:dc:
                    85:65:cf:7c:07:db:58:f2:8b:52:7e:aa:98:61:73:
                    28:a7:ff:b2:f0:1d:1f:30:1f:81:ac:a3:16:b6:8c:
                    26:46:34:4b:f5:b4:88:93:c3:71:a9:d5:cd:95:46:
                    50:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:25:D2:A7:90:37:94:CD:FC:64:75:37:EB:75:7B:DE:26:36:B0:E6
            X509v3 Authority Key Identifier:
                keyid:F0:0B:DC:C4:44:17:3F:59:94:DE:34:A3:BF:63:F3:AD:97:64:C6:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8AvcxEQXP1mU3jSjv2PzrZdkxtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/vSXSp5A3lM38ZHU363V73iY2sOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/8AvcxEQXP1mU3jSjv2PzrZdkxtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ab80:3d9::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:cf:d4:94:7e:d3:60:c2:8c:a6:b2:95:07:b2:7d:09:0a:3e:
         f3:2b:f1:04:12:de:ff:81:2d:29:94:6c:f7:fa:bd:1a:87:af:
         93:d4:12:00:98:20:f3:dc:31:0e:8a:5e:86:2c:e5:33:50:f1:
         2d:39:70:68:b3:d2:f4:8b:16:ea:c6:20:2a:34:48:27:05:ce:
         df:84:bc:5e:bd:96:61:10:0f:72:19:0c:64:94:ef:01:ab:2b:
         0f:db:ef:06:ad:6d:34:27:35:3a:36:bd:2f:45:47:cf:22:a9:
         dc:dc:ab:a7:78:53:88:cc:79:95:4b:07:56:5c:d6:bc:2d:c9:
         c7:ab:41:21:0c:a8:1b:53:25:12:e5:40:5d:51:46:cc:66:75:
         d4:c9:6c:63:bb:6d:5d:94:f9:b5:dc:e3:d8:3c:47:0c:e2:de:
         25:07:87:1c:bf:74:05:f7:52:ea:a6:0e:43:fa:b8:b7:8d:01:
         e8:6c:fb:e3:2f:19:0f:ba:f4:3a:d1:9a:b6:e7:a0:d6:3e:8d:
         74:57:4f:72:01:06:20:45:d6:86:7d:f7:e9:fe:42:6a:57:86:
         ce:8e:26:44:2b:7a:bf:4a:ce:67:4a:10:0c:f2:19:dd:dd:69:
         20:dc:14:58:31:05:0e:90:54:e5:7e:d1:58:a8:22:c9:0d:9f:
         8d:cd:a3:94
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZx61cEroaZahr7fDHLF+PRmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMGJkY2M0NDQxNzNmNTk5NGRlMzRhM2JmNjNmM2FkOTc2
NGM2ZDEwHhcNMjYwMjIwMTEzNTU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDI1ZDJhNzkwMzc5NGNkZmM2NDc1MzdlYjc1N2JkZTI2MzZiMGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmEu7JuSvvSMGzja+LjQxrvpzLc5I
7sbOnnVAtCCXfsY1UhBvH95ChtjNrUgYC4KQ2woSxL5crSZX83lXngC5fX4jMTRV
0NORMetOfMre/h+Xjta9lIi28NZkmj7FG8AEwhogcepo6AM/+d6gKyhMIAkc5lcx
9fBvo9SRtbBd72Y7MFE2PQWHiSov/lCgEP0/1Qk86eZ2RkkfZE8qymG1/zv6r0GR
rao//RRyG6kT3yod+NOOh0iKIzfQJVmB01wEcT+nOZweowbQvwbCTq2OJ9yFZc98
B9tY8otSfqqYYXMop/+y8B0fMB+BrKMWtowmRjRL9bSIk8NxqdXNlUZQOQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL0l0qeQN5TN/GR1N+t1e94mNrDmMB8GA1UdIwQY
MBaAFPAL3MREFz9ZlN40o79j862XZMbRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEF2Y3hFUVhQMW1VM2pTanYyUHpyWmRreHRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9kNjJkZTEtMTE3My00ODhkLWFmMTYt
Y2ZhNWE0Yjg5ODZiLzEvdlNYU3A1QTNsTTM4WkhVMzYzVjczaVkyc09ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9kNjJkZTEtMTE3My00ODhkLWFmMTYtY2ZhNWE0Yjg5ODZi
LzEvOEF2Y3hFUVhQMW1VM2pTanYyUHpyWmRreHRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhCrgAPZ
MA0GCSqGSIb3DQEBCwUAA4IBAQBpz9SUftNgwoymspUHsn0JCj7zK/EEEt7/gS0p
lGz3+r0ah6+T1BIAmCDz3DEOil6GLOUzUPEtOXBos9L0ixbqxiAqNEgnBc7fhLxe
vZZhEA9yGQxklO8BqysP2+8GrW00JzU6Nr0vRUfPIqnc3KuneFOIzHmVSwdWXNa8
LcnHq0EhDKgbUyUS5UBdUUbMZnXUyWxju21dlPm13OPYPEcM4t4lB4ccv3QF91Lq
pg5D+ri3jQHobPvjLxkPuvQ60Zq256DWPo10V09yAQYgRdaGfffp/kJqV4bOjiZE
K3q/Ss5nShAM8hnd3Wkg3BRYMQUOkFTlftFYqCLJDZ+NzaOU
-----END CERTIFICATE-----