Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/3d8aac-d398-43ab-9c3e-650992f2a174/1/MWnPy89PH_1TfAr-2f04R8v5sE4.roa
File:                     MWnPy89PH_1TfAr-2f04R8v5sE4.roa (raw, json)
Hash identifier:          lLx6SLjmp2bg19wDs+FyMt7/MMn+v1mjyT18ZnGU1Mk=
Subject key identifier:   31:69:CF:CB:CF:4F:1F:FD:53:7C:0A:FE:D9:FD:38:47:CB:F9:B0:4E
Certificate issuer:       /CN=c65613d5999f3632985ed89a02efaabd1890ba09
Certificate serial:       019C41D485C438A2A459B8465B9CC7F023B6
Authority key identifier: C6:56:13:D5:99:9F:36:32:98:5E:D8:9A:02:EF:AA:BD:18:90:BA:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xlYT1ZmfNjKYXtiaAu-qvRiQugk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/3d8aac-d398-43ab-9c3e-650992f2a174/1/MWnPy89PH_1TfAr-2f04R8v5sE4.roa
Signing time:             Mon 09 Feb 2026 09:56:12 +0000
ROA not before:           Mon 09 Feb 2026 09:56:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215492
IP address blocks:        2a14:8100:10::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/3d8aac-d398-43ab-9c3e-650992f2a174/1/xlYT1ZmfNjKYXtiaAu-qvRiQugk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/3d8aac-d398-43ab-9c3e-650992f2a174/1/xlYT1ZmfNjKYXtiaAu-qvRiQugk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xlYT1ZmfNjKYXtiaAu-qvRiQugk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:41:d4:85:c4:38:a2:a4:59:b8:46:5b:9c:c7:f0:23:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c65613d5999f3632985ed89a02efaabd1890ba09
        Validity
            Not Before: Feb  9 09:56:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3169cfcbcf4f1ffd537c0afed9fd3847cbf9b04e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:6b:be:75:6b:05:3f:60:8d:5f:3b:c8:3d:eb:
                    3c:5a:12:26:b3:a3:fd:20:c3:b5:2b:7a:87:b6:82:
                    a1:59:53:16:f6:54:63:a9:32:4f:cf:b5:fb:61:7d:
                    73:32:fc:df:71:8c:dd:74:ea:9f:8f:45:58:b3:21:
                    a6:6a:a2:d2:cb:5c:01:d1:d2:94:c8:1c:da:cd:3e:
                    63:7e:d7:a7:cb:92:36:0a:94:72:2d:73:17:4b:f6:
                    ed:d8:28:16:2a:49:8c:2e:88:39:03:ee:3d:1d:25:
                    e6:2b:d6:ee:9a:da:a3:8e:0a:e1:52:b7:a7:c8:20:
                    07:2b:26:9c:4b:c3:a0:75:fd:b5:df:52:90:f2:3f:
                    92:29:0c:d9:3d:cf:cf:16:5c:5d:ce:10:d9:dd:fa:
                    b0:01:32:53:4d:a2:0f:cb:e9:c2:5d:a7:32:7f:5c:
                    8b:d0:fd:b2:09:90:35:21:34:25:61:e7:19:80:af:
                    9e:37:c6:25:73:e3:5f:4e:b6:88:fa:a8:1a:56:5a:
                    a3:00:d5:ad:1f:37:b3:de:24:3b:57:38:a9:df:d1:
                    ef:70:69:c2:f3:8f:b5:11:fd:c2:ec:a7:16:6b:62:
                    57:1f:91:d7:d0:42:88:ec:d4:6a:0d:ef:61:72:ef:
                    ad:28:7c:c4:80:e1:0a:e8:73:f1:dc:21:48:08:15:
                    2c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:69:CF:CB:CF:4F:1F:FD:53:7C:0A:FE:D9:FD:38:47:CB:F9:B0:4E
            X509v3 Authority Key Identifier:
                keyid:C6:56:13:D5:99:9F:36:32:98:5E:D8:9A:02:EF:AA:BD:18:90:BA:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xlYT1ZmfNjKYXtiaAu-qvRiQugk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/3d8aac-d398-43ab-9c3e-650992f2a174/1/MWnPy89PH_1TfAr-2f04R8v5sE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/3d8aac-d398-43ab-9c3e-650992f2a174/1/xlYT1ZmfNjKYXtiaAu-qvRiQugk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:8100:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         5d:4f:81:8a:bb:2a:4b:b4:8e:9f:57:f1:57:43:0b:ed:d5:2c:
         4c:e3:45:f8:cc:71:5d:5f:a9:d5:37:b5:73:c1:6c:30:7c:20:
         a3:45:e9:f3:4a:72:ff:ac:0a:b2:11:33:1a:29:73:72:25:a5:
         dd:0f:4f:de:e6:cb:69:34:22:fd:56:e6:54:98:ae:d3:68:bc:
         f0:fd:04:9e:33:79:2a:40:e9:79:b9:15:fe:5f:6e:1f:74:72:
         4b:ee:54:fa:95:bb:eb:87:be:94:01:8c:a5:1c:c7:c0:a7:03:
         86:8e:f0:99:a5:3a:43:d8:a7:61:16:bc:48:a1:97:ee:e6:66:
         a0:27:f2:25:a1:33:e5:bd:06:43:e4:cb:b4:17:f8:91:d1:91:
         3f:c4:25:bb:d2:b6:fe:6a:46:28:6f:46:67:ad:df:0f:32:b8:
         23:d5:c0:38:69:2f:dc:e9:a1:80:39:28:d3:b1:6d:0b:f3:14:
         c4:d5:92:e7:5e:bf:70:13:95:c5:60:78:bc:5c:55:46:ca:0b:
         0e:7d:b8:b7:3b:6a:1d:1e:fb:79:5f:28:b2:a1:3b:b8:0d:ef:
         06:79:d7:1d:e7:48:83:de:54:80:fa:7d:52:48:89:c7:5d:fc:
         f6:fe:40:cc:79:2a:1e:a4:38:a2:b1:8f:38:05:0d:be:af:d5:
         15:f7:21:ea
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZxB1IXEOKKkWbhGW5zH8CO2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NTYxM2Q1OTk5ZjM2MzI5ODVlZDg5YTAyZWZhYWJkMTg5
MGJhMDkwHhcNMjYwMjA5MDk1NjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTY5Y2ZjYmNmNGYxZmZkNTM3YzBhZmVkOWZkMzg0N2NiZjliMDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmu+dWsFP2CNXzvIPes8WhIms6P9
IMO1K3qHtoKhWVMW9lRjqTJPz7X7YX1zMvzfcYzddOqfj0VYsyGmaqLSy1wB0dKU
yBzazT5jfteny5I2CpRyLXMXS/bt2CgWKkmMLog5A+49HSXmK9bumtqjjgrhUren
yCAHKyacS8Ogdf2131KQ8j+SKQzZPc/PFlxdzhDZ3fqwATJTTaIPy+nCXacyf1yL
0P2yCZA1ITQlYecZgK+eN8Ylc+NfTraI+qgaVlqjANWtHzez3iQ7Vzip39HvcGnC
84+1Ef3C7KcWa2JXH5HX0EKI7NRqDe9hcu+tKHzEgOEK6HPx3CFICBUsDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDFpz8vPTx/9U3wK/tn9OEfL+bBOMB8GA1UdIwQY
MBaAFMZWE9WZnzYymF7YmgLvqr0YkLoJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGxZVDFabWZOaktZWHRpYUF1LXF2UmlRdWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8zZDhhYWMtZDM5OC00M2FiLTljM2Ut
NjUwOTkyZjJhMTc0LzEvTVduUHk4OVBIXzFUZkFyLTJmMDRSOHY1c0U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8zZDhhYWMtZDM5OC00M2FiLTljM2UtNjUwOTkyZjJhMTc0
LzEveGxZVDFabWZOaktZWHRpYUF1LXF2UmlRdWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhSBAAAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBdT4GKuypLtI6fV/FXQwvt1SxM40X4zHFdX6nV
N7VzwWwwfCCjRenzSnL/rAqyETMaKXNyJaXdD0/e5stpNCL9VuZUmK7TaLzw/QSe
M3kqQOl5uRX+X24fdHJL7lT6lbvrh76UAYylHMfApwOGjvCZpTpD2KdhFrxIoZfu
5magJ/IloTPlvQZD5Mu0F/iR0ZE/xCW70rb+akYob0Znrd8PMrgj1cA4aS/c6aGA
OSjTsW0L8xTE1ZLnXr9wE5XFYHi8XFVGygsOfbi3O2odHvt5XyiyoTu4De8Gedcd
50iD3lSA+n1SSInHXfz2/kDMeSoepDiisY84BQ2+r9UV9yHq
-----END CERTIFICATE-----