Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/fyQVOXy16Gt7_ifnytbj200NH-Y.roa
File:                     fyQVOXy16Gt7_ifnytbj200NH-Y.roa (raw, json)
Hash identifier:          UyCkvhjGfT8atrl4wqMna6uOndaEBkveUoY6zrFvO4c=
Subject key identifier:   7F:24:15:39:7C:B5:E8:6B:7B:FE:27:E7:CA:D6:E3:DB:4D:0D:1F:E6
Certificate issuer:       /CN=5659b0ba8407be11cfc911bd31ed140cd1c6046c
Certificate serial:       019C7D1706C3BBF153C818B9132D453D4D4B
Authority key identifier: 56:59:B0:BA:84:07:BE:11:CF:C9:11:BD:31:ED:14:0C:D1:C6:04:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/fyQVOXy16Gt7_ifnytbj200NH-Y.roa
Signing time:             Fri 20 Feb 2026 22:06:26 +0000
ROA not before:           Fri 20 Feb 2026 22:06:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215110
IP address blocks:        2a10:fa82:7000::/36 maxlen: 36
                          2a10:fa82:f302::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7d:17:06:c3:bb:f1:53:c8:18:b9:13:2d:45:3d:4d:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5659b0ba8407be11cfc911bd31ed140cd1c6046c
        Validity
            Not Before: Feb 20 22:06:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7f2415397cb5e86b7bfe27e7cad6e3db4d0d1fe6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c1:80:08:e6:e4:29:23:45:bf:81:3d:17:a2:
                    b9:9d:2c:8b:66:92:37:a0:a4:f0:04:d1:67:3a:4f:
                    c4:6f:63:d7:7f:c8:fb:32:1a:81:f7:bc:50:62:cc:
                    ad:8e:5a:77:8c:44:17:13:64:f4:1e:b9:86:bf:cb:
                    7f:7d:98:e1:98:05:2c:a2:01:cc:c1:99:74:7e:e2:
                    34:53:e1:6f:df:3b:10:85:16:86:b0:4a:31:a6:18:
                    39:4f:94:96:e1:b6:4d:e2:a7:ad:fb:86:69:3c:6f:
                    b1:6d:0e:f3:60:c1:86:fd:22:de:8a:63:81:c8:ab:
                    0d:39:d5:d7:34:58:aa:56:fb:70:64:c4:7b:08:40:
                    6a:32:48:90:98:c2:3c:ff:dd:f3:71:3a:52:db:93:
                    a9:76:29:88:7a:b3:a4:f2:2a:9b:52:e3:b7:f3:cd:
                    c1:1a:52:75:4f:bc:12:c0:9b:a1:e4:26:2e:eb:1a:
                    a4:4e:62:42:c4:c5:db:14:84:33:02:b3:1b:fd:85:
                    45:b4:47:a6:d5:2f:66:85:83:94:d9:ec:0f:14:0c:
                    c9:75:95:84:51:ac:69:74:9d:4b:e5:ad:8d:77:d6:
                    b1:db:c4:c3:90:f8:24:20:55:85:09:36:18:9e:49:
                    01:2f:ac:2f:1d:be:88:25:54:46:71:56:06:63:6c:
                    28:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:24:15:39:7C:B5:E8:6B:7B:FE:27:E7:CA:D6:E3:DB:4D:0D:1F:E6
            X509v3 Authority Key Identifier:
                keyid:56:59:B0:BA:84:07:BE:11:CF:C9:11:BD:31:ED:14:0C:D1:C6:04:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/fyQVOXy16Gt7_ifnytbj200NH-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:fa82:7000::/36
                  2a10:fa82:f302::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:fb:56:c5:5e:3a:f6:a8:8d:f5:61:a9:7f:dd:77:e5:d6:a5:
         0c:c9:64:c6:87:32:e8:a3:6d:17:d4:c6:24:49:ae:b2:24:69:
         4a:b0:95:ea:d9:f0:c4:1b:0c:27:28:b4:85:70:0c:a1:b0:70:
         e3:ad:7f:fd:ab:40:ce:f9:0c:78:5c:7f:a4:6e:64:93:f3:44:
         d7:32:6a:25:48:03:6c:6d:2b:7b:8b:41:78:65:fa:d2:3a:e1:
         fd:75:09:39:03:cd:f1:e8:b9:c2:0b:40:88:0d:e3:53:fc:d0:
         d9:12:46:04:ed:8e:23:0c:4f:69:1b:31:3f:bc:3f:ce:20:1f:
         31:0d:a4:d6:f8:d4:48:60:ae:34:00:93:ac:8f:7f:f7:89:e7:
         71:c1:78:86:2c:f0:41:1a:67:cd:96:a6:4b:1b:92:bb:90:a3:
         ed:2e:21:ad:c5:0c:49:d5:fb:89:49:d5:70:ed:9b:f7:88:ad:
         23:71:3a:4f:0a:e8:2a:c0:d9:2c:4f:bb:9c:d9:68:7e:07:9a:
         b7:b7:5a:78:bb:22:99:40:83:d6:ed:43:1b:33:17:cb:94:c1:
         96:a1:d4:73:37:d9:4a:f6:f5:5c:63:e9:e9:14:2e:7e:ce:5f:
         af:c5:ed:80:90:69:44:73:e9:11:87:be:bc:05:90:48:52:67:
         2e:c3:0f:91
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZx9FwbDu/FTyBi5Ey1FPU1LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2NTliMGJhODQwN2JlMTFjZmM5MTFiZDMxZWQxNDBjZDFj
NjA0NmMwHhcNMjYwMjIwMjIwNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjI0MTUzOTdjYjVlODZiN2JmZTI3ZTdjYWQ2ZTNkYjRkMGQxZmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8GACObkKSNFv4E9F6K5nSyLZpI3
oKTwBNFnOk/Eb2PXf8j7MhqB97xQYsytjlp3jEQXE2T0HrmGv8t/fZjhmAUsogHM
wZl0fuI0U+Fv3zsQhRaGsEoxphg5T5SW4bZN4qet+4ZpPG+xbQ7zYMGG/SLeimOB
yKsNOdXXNFiqVvtwZMR7CEBqMkiQmMI8/93zcTpS25OpdimIerOk8iqbUuO3883B
GlJ1T7wSwJuh5CYu6xqkTmJCxMXbFIQzArMb/YVFtEem1S9mhYOU2ewPFAzJdZWE
UaxpdJ1L5a2Nd9ax28TDkPgkIFWFCTYYnkkBL6wvHb6IJVRGcVYGY2woJwIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFH8kFTl8tehre/4n58rW49tNDR/mMB8GA1UdIwQY
MBaAFFZZsLqEB74Rz8kRvTHtFAzRxgRsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmxtd3VvUUh2aEhQeVJHOU1lMFVETkhHQkd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9kZDhlMzEtMDBiNS00MjEyLTllMDEt
MjM5NGM2NjAwMDIyLzEvZnlRVk9YeTE2R3Q3X2lmbnl0YmoyMDBOSC1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9kZDhlMzEtMDBiNS00MjEyLTllMDEtMjM5NGM2NjAwMDIy
LzEvVmxtd3VvUUh2aEhQeVJHOU1lMFVETkhHQkd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYEKhD6gnAD
BwAqEPqC8wIwDQYJKoZIhvcNAQELBQADggEBACf7VsVeOvaojfVhqX/dd+XWpQzJ
ZMaHMuijbRfUxiRJrrIkaUqwlerZ8MQbDCcotIVwDKGwcOOtf/2rQM75DHhcf6Ru
ZJPzRNcyaiVIA2xtK3uLQXhl+tI64f11CTkDzfHoucILQIgN41P80NkSRgTtjiMM
T2kbMT+8P84gHzENpNb41EhgrjQAk6yPf/eJ53HBeIYs8EEaZ82WpksbkruQo+0u
Ia3FDEnV+4lJ1XDtm/eIrSNxOk8K6CrA2SxPu5zZaH4Hmre3Wni7IplAg9btQxsz
F8uUwZah1HM32Ur29Vxj6ekULn7OX6/F7YCQaURz6RGHvrwFkEhSZy7DD5E=
-----END CERTIFICATE-----