Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/f6fda3-3eac-44cb-8f73-810477156ee0/1/ZBLmjHEnNj5CsLTBhAUiBj1hV0A.roa
File:                     ZBLmjHEnNj5CsLTBhAUiBj1hV0A.roa (raw, json)
Hash identifier:          3EA6s7k8+iqt8vTemGLaBh1ZR5wfpLsxKHoZaTRSwXw=
Subject key identifier:   64:12:E6:8C:71:27:36:3E:42:B0:B4:C1:84:05:22:06:3D:61:57:40
Certificate issuer:       /CN=b7f35c5eeea021f60aff338ed62852e4c03c579a
Certificate serial:       019C7B994013121D299F7C8315CF57FBB0A5
Authority key identifier: B7:F3:5C:5E:EE:A0:21:F6:0A:FF:33:8E:D6:28:52:E4:C0:3C:57:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t_NcXu6gIfYK_zOO1ihS5MA8V5o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/f6fda3-3eac-44cb-8f73-810477156ee0/1/ZBLmjHEnNj5CsLTBhAUiBj1hV0A.roa
Signing time:             Fri 20 Feb 2026 15:09:26 +0000
ROA not before:           Fri 20 Feb 2026 15:09:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201212
IP address blocks:        2001:67c:226c::/48 maxlen: 48
                          2001:67c:2480::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/f6fda3-3eac-44cb-8f73-810477156ee0/1/t_NcXu6gIfYK_zOO1ihS5MA8V5o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/f6fda3-3eac-44cb-8f73-810477156ee0/1/t_NcXu6gIfYK_zOO1ihS5MA8V5o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t_NcXu6gIfYK_zOO1ihS5MA8V5o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7b:99:40:13:12:1d:29:9f:7c:83:15:cf:57:fb:b0:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7f35c5eeea021f60aff338ed62852e4c03c579a
        Validity
            Not Before: Feb 20 15:09:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6412e68c7127363e42b0b4c1840522063d615740
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:62:de:0f:46:80:b0:cd:ab:34:04:f4:3e:82:
                    18:c4:40:f4:d9:39:f0:d3:72:bf:5f:dd:ae:3d:ff:
                    4c:03:d7:e3:7e:33:06:5e:2d:f1:f9:50:ef:34:ec:
                    3f:7f:ae:85:9a:2a:5c:40:f2:fa:e3:1b:62:a9:c3:
                    91:1b:18:73:81:78:1e:e9:81:4d:f8:ce:e2:d3:1d:
                    1a:e9:3b:fd:06:dc:ea:0f:fa:e5:bc:d3:2c:d4:30:
                    d6:db:c7:c9:7c:c9:a0:47:d7:a4:06:b2:22:13:63:
                    d3:8e:5a:93:cf:76:45:68:60:23:62:58:bc:86:7b:
                    6b:4e:e2:d7:6d:d6:3e:4c:e0:b3:d6:b2:9b:40:d4:
                    be:96:9e:0d:79:66:46:9f:ce:25:dd:23:26:d4:f8:
                    49:3d:92:6b:e2:d9:36:75:92:a4:79:d1:86:c9:e9:
                    b5:ab:3a:8d:df:db:06:df:bf:20:01:c0:9d:15:2d:
                    73:10:91:0b:bb:d7:0a:ba:41:99:3c:bc:13:a1:0d:
                    fb:01:c4:b9:ad:02:79:43:b0:5d:b1:70:a4:9a:32:
                    85:fe:3f:bb:66:23:69:e6:06:3f:11:04:a7:25:3e:
                    fd:4f:bb:5a:04:c9:ff:10:57:a3:de:54:2e:8f:be:
                    f2:2f:31:e9:24:29:d0:1c:f4:94:20:0d:fa:d6:2d:
                    42:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:12:E6:8C:71:27:36:3E:42:B0:B4:C1:84:05:22:06:3D:61:57:40
            X509v3 Authority Key Identifier:
                keyid:B7:F3:5C:5E:EE:A0:21:F6:0A:FF:33:8E:D6:28:52:E4:C0:3C:57:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t_NcXu6gIfYK_zOO1ihS5MA8V5o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/f6fda3-3eac-44cb-8f73-810477156ee0/1/ZBLmjHEnNj5CsLTBhAUiBj1hV0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/f6fda3-3eac-44cb-8f73-810477156ee0/1/t_NcXu6gIfYK_zOO1ihS5MA8V5o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:226c::/48
                  2001:67c:2480::/48

    Signature Algorithm: sha256WithRSAEncryption
         9f:a9:36:69:1a:9b:12:01:79:f1:16:8a:b3:ea:e4:8f:a3:2b:
         53:02:d1:74:ff:47:27:62:8d:84:37:9a:d3:f0:ee:26:56:ea:
         bc:60:ca:d1:33:15:00:2f:0d:21:c3:53:e7:d1:60:3d:92:e9:
         6b:40:f1:ad:fc:21:df:7d:df:67:96:a0:98:77:01:65:da:a8:
         25:53:8e:4a:99:2a:e7:33:3c:f6:9e:5d:b0:e9:74:95:17:85:
         dd:e4:10:99:14:26:8e:9e:95:dc:48:46:41:d0:2f:73:00:a6:
         96:64:97:bf:23:72:5b:aa:99:0b:16:1a:95:e5:ee:5f:eb:3e:
         f2:95:b2:68:92:62:14:57:49:87:a2:b3:ff:e3:95:ad:d1:6a:
         68:46:41:62:18:89:94:fd:2c:3d:e9:cc:c7:36:74:a9:3e:ca:
         2c:43:44:0e:54:10:a7:fd:09:d3:21:27:fb:01:56:af:14:cf:
         76:62:18:23:8b:0a:53:e6:83:f0:b9:00:f4:33:b1:98:6a:4c:
         f0:61:98:2a:7e:82:c5:e7:17:3b:dd:a5:9f:80:36:25:dc:6f:
         9f:7c:60:03:cc:19:a4:34:e9:cf:e4:1f:c4:c3:76:80:61:a2:
         dd:71:bc:da:57:0f:db:c7:81:ea:5b:2a:39:64:26:ff:9f:2f:
         89:79:4e:99
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZx7mUATEh0pn3yDFc9X+7ClMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3ZjM1YzVlZWVhMDIxZjYwYWZmMzM4ZWQ2Mjg1MmU0YzAz
YzU3OWEwHhcNMjYwMjIwMTUwOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDEyZTY4YzcxMjczNjNlNDJiMGI0YzE4NDA1MjIwNjNkNjE1NzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGLeD0aAsM2rNAT0PoIYxED02Tnw
03K/X92uPf9MA9fjfjMGXi3x+VDvNOw/f66FmipcQPL64xtiqcORGxhzgXge6YFN
+M7i0x0a6Tv9BtzqD/rlvNMs1DDW28fJfMmgR9ekBrIiE2PTjlqTz3ZFaGAjYli8
hntrTuLXbdY+TOCz1rKbQNS+lp4NeWZGn84l3SMm1PhJPZJr4tk2dZKkedGGyem1
qzqN39sG378gAcCdFS1zEJELu9cKukGZPLwToQ37AcS5rQJ5Q7BdsXCkmjKF/j+7
ZiNp5gY/EQSnJT79T7taBMn/EFej3lQuj77yLzHpJCnQHPSUIA361i1CywIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGQS5oxxJzY+QrC0wYQFIgY9YVdAMB8GA1UdIwQY
MBaAFLfzXF7uoCH2Cv8zjtYoUuTAPFeaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdF9OY1h1NmdJZllLX3pPTzFpaFM1TUE4VjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni9mNmZkYTMtM2VhYy00NGNiLThmNzMt
ODEwNDc3MTU2ZWUwLzEvWkJMbWpIRW5OajVDc0xUQmhBVWlCajFoVjBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni9mNmZkYTMtM2VhYy00NGNiLThmNzMtODEwNDc3MTU2ZWUw
LzEvdF9OY1h1NmdJZllLX3pPTzFpaFM1TUE4VjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGfCJs
AwcAIAEGfCSAMA0GCSqGSIb3DQEBCwUAA4IBAQCfqTZpGpsSAXnxFoqz6uSPoytT
AtF0/0cnYo2EN5rT8O4mVuq8YMrRMxUALw0hw1Pn0WA9kulrQPGt/CHffd9nlqCY
dwFl2qglU45KmSrnMzz2nl2w6XSVF4Xd5BCZFCaOnpXcSEZB0C9zAKaWZJe/I3Jb
qpkLFhqV5e5f6z7ylbJokmIUV0mHorP/45Wt0WpoRkFiGImU/Sw96czHNnSpPsos
Q0QOVBCn/QnTISf7AVavFM92YhgjiwpT5oPwuQD0M7GYakzwYZgqfoLF5xc73aWf
gDYl3G+ffGADzBmkNOnP5B/Ew3aAYaLdcbzaVw/bx4HqWyo5ZCb/ny+JeU6Z
-----END CERTIFICATE-----