Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/tXrrUP_TFy0LZMX_c9DSBUiK_1g.roa
File:                     tXrrUP_TFy0LZMX_c9DSBUiK_1g.roa (raw, json)
Hash identifier:          IqdNMmp5ttOJAyhkpsC/dBhKLWgRCKvww/+kSgvGp08=
Subject key identifier:   B5:7A:EB:50:FF:D3:17:2D:0B:64:C5:FF:73:D0:D2:05:48:8A:FF:58
Certificate issuer:       /CN=3ba5b1c09aa31f6713c61b32e558109e47966d42
Certificate serial:       019C5727D0D5FCE0CDF3D9CA36244711F1D0
Authority key identifier: 3B:A5:B1:C0:9A:A3:1F:67:13:C6:1B:32:E5:58:10:9E:47:96:6D:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O6WxwJqjH2cTxhsy5VgQnkeWbUI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/tXrrUP_TFy0LZMX_c9DSBUiK_1g.roa
Signing time:             Fri 13 Feb 2026 13:19:13 +0000
ROA not before:           Fri 13 Feb 2026 13:19:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25400
IP address blocks:        2001:2020::/31 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/O6WxwJqjH2cTxhsy5VgQnkeWbUI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/O6WxwJqjH2cTxhsy5VgQnkeWbUI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O6WxwJqjH2cTxhsy5VgQnkeWbUI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:57:27:d0:d5:fc:e0:cd:f3:d9:ca:36:24:47:11:f1:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ba5b1c09aa31f6713c61b32e558109e47966d42
        Validity
            Not Before: Feb 13 13:19:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b57aeb50ffd3172d0b64c5ff73d0d205488aff58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:0c:70:3c:15:4f:1a:08:d0:e0:39:8e:90:93:
                    d4:55:0c:b3:82:df:49:e4:81:eb:95:da:a8:15:5c:
                    ea:1d:85:63:d7:c0:2a:34:d5:ca:80:25:93:47:ac:
                    e1:77:81:96:3b:a7:6a:21:c4:9f:b8:0a:79:c6:43:
                    b0:3c:29:2f:31:0e:2f:6c:ab:fe:26:ad:4d:60:2d:
                    97:89:2f:72:b4:92:75:2a:e4:35:bf:8b:39:d7:7a:
                    a7:3a:67:7c:d0:d7:6e:4b:40:14:16:94:f2:41:90:
                    17:90:23:ad:28:9a:51:95:b4:7e:3b:67:12:21:50:
                    22:40:5d:01:0a:96:99:31:5f:1e:64:38:bc:27:f9:
                    2d:62:e9:e0:e2:6e:2e:26:2a:5f:83:5a:47:f8:d9:
                    b9:c4:9e:95:45:a9:9d:fa:b8:eb:b1:ec:01:e1:0b:
                    5f:2a:57:9a:8d:16:21:97:0a:8a:2f:83:2a:af:50:
                    e1:38:94:04:41:76:88:77:c6:07:49:ce:97:69:4f:
                    60:f2:76:d0:0b:87:a7:af:ef:34:c1:52:23:33:ee:
                    1b:ee:15:0a:e2:05:ac:2c:da:6d:c3:95:64:43:6e:
                    23:70:03:51:d5:82:da:13:8c:c4:27:6d:a5:17:f9:
                    9b:3b:96:8d:14:52:ea:89:0c:c7:91:b6:62:5d:79:
                    e2:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:7A:EB:50:FF:D3:17:2D:0B:64:C5:FF:73:D0:D2:05:48:8A:FF:58
            X509v3 Authority Key Identifier:
                keyid:3B:A5:B1:C0:9A:A3:1F:67:13:C6:1B:32:E5:58:10:9E:47:96:6D:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O6WxwJqjH2cTxhsy5VgQnkeWbUI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/tXrrUP_TFy0LZMX_c9DSBUiK_1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/O6WxwJqjH2cTxhsy5VgQnkeWbUI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:2020::/31

    Signature Algorithm: sha256WithRSAEncryption
         6d:bd:c5:e9:11:c3:df:b3:fb:3d:56:fb:b2:34:fe:7d:f8:94:
         5f:86:f8:e9:bf:53:6f:08:ef:d3:cd:59:68:34:cf:47:e7:4e:
         a1:12:54:25:03:91:a9:d6:31:ca:69:01:3b:33:39:c6:56:6a:
         0c:0b:8c:a0:c2:86:65:65:8e:d7:ae:db:cb:7c:52:da:55:2b:
         fa:a8:d3:88:7e:62:3f:ce:f9:be:3a:05:30:7d:ce:17:f1:c6:
         bb:87:dc:a4:f0:90:e0:b8:78:a3:77:44:67:b7:31:4f:26:bb:
         48:00:74:f7:e1:af:f3:cd:81:3c:97:d6:04:e6:ec:39:1d:b1:
         67:1b:ad:de:38:a8:b8:b2:85:6d:f7:55:84:bf:6f:80:7b:2f:
         6d:8c:a6:c6:6d:ac:b1:82:53:7c:26:1b:18:0a:74:2b:0c:9e:
         06:b3:12:6e:0f:89:85:b4:37:8f:d8:8c:23:fc:ee:9e:ed:92:
         1c:f1:97:5d:74:e4:fb:ab:91:42:46:e5:68:09:64:ca:21:53:
         23:eb:39:da:5f:fa:28:7d:92:84:8a:e1:d7:43:6d:a1:ab:53:
         83:29:e7:31:3d:e0:1f:bc:cf:61:22:41:d9:b9:4e:f5:26:ea:
         11:a1:5e:ac:1f:0a:64:58:dc:dc:96:fa:a1:5a:aa:04:81:92:
         f4:76:3f:c0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZxXJ9DV/ODN89nKNiRHEfHQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiYTViMWMwOWFhMzFmNjcxM2M2MWIzMmU1NTgxMDllNDc5
NjZkNDIwHhcNMjYwMjEzMTMxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTdhZWI1MGZmZDMxNzJkMGI2NGM1ZmY3M2QwZDIwNTQ4OGFmZjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAxwPBVPGgjQ4DmOkJPUVQyzgt9J
5IHrldqoFVzqHYVj18AqNNXKgCWTR6zhd4GWO6dqIcSfuAp5xkOwPCkvMQ4vbKv+
Jq1NYC2XiS9ytJJ1KuQ1v4s513qnOmd80NduS0AUFpTyQZAXkCOtKJpRlbR+O2cS
IVAiQF0BCpaZMV8eZDi8J/ktYung4m4uJipfg1pH+Nm5xJ6VRamd+rjrsewB4Qtf
KleajRYhlwqKL4Mqr1DhOJQEQXaId8YHSc6XaU9g8nbQC4enr+80wVIjM+4b7hUK
4gWsLNptw5VkQ24jcANR1YLaE4zEJ22lF/mbO5aNFFLqiQzHkbZiXXniwQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLV661D/0xctC2TF/3PQ0gVIiv9YMB8GA1UdIwQY
MBaAFDulscCaox9nE8YbMuVYEJ5Hlm1CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzZXeHdKcWpIMmNUeGhzeTVWZ1Fua2VXYlVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8xM2JkNzctZDI5Ny00Njg5LWJlZTQt
NDY2ZTljYWI3ODY0LzEvdFhyclVQX1RGeTBMWk1YX2M5RFNCVWlLXzFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8xM2JkNzctZDI5Ny00Njg5LWJlZTQtNDY2ZTljYWI3ODY0
LzEvTzZXeHdKcWpIMmNUeGhzeTVWZ1Fua2VXYlVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBIAEgIDAN
BgkqhkiG9w0BAQsFAAOCAQEAbb3F6RHD37P7PVb7sjT+ffiUX4b46b9Tbwjv081Z
aDTPR+dOoRJUJQORqdYxymkBOzM5xlZqDAuMoMKGZWWO167by3xS2lUr+qjTiH5i
P875vjoFMH3OF/HGu4fcpPCQ4Lh4o3dEZ7cxTya7SAB09+Gv882BPJfWBObsOR2x
Zxut3jiouLKFbfdVhL9vgHsvbYymxm2ssYJTfCYbGAp0KwyeBrMSbg+JhbQ3j9iM
I/zunu2SHPGXXXTk+6uRQkblaAlkyiFTI+s52l/6KH2ShIrh10NtoatTgynnMT3g
H7zPYSJB2blO9SbqEaFerB8KZFjc3Jb6oVqqBIGS9HY/wA==
-----END CERTIFICATE-----