Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/oue8a9_t1ahjTn1af6uKf-kOUZE.roa
File:                     oue8a9_t1ahjTn1af6uKf-kOUZE.roa (raw, json)
Hash identifier:          raBhFzRqJPzKti2WI2+p3v6eaIlrzk2XMRSwx1Gx4js=
Subject key identifier:   A2:E7:BC:6B:DF:ED:D5:A8:63:4E:7D:5A:7F:AB:8A:7F:E9:0E:51:91
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019C7CC1E34AE9099C0070BD447A888010BA
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/oue8a9_t1ahjTn1af6uKf-kOUZE.roa
Signing time:             Fri 20 Feb 2026 20:33:27 +0000
ROA not before:           Fri 20 Feb 2026 20:33:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198831
IP address blocks:        2a0c:7886:100::/48 maxlen: 48
                          2a0e:f600:2c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 17:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7c:c1:e3:4a:e9:09:9c:00:70:bd:44:7a:88:80:10:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Feb 20 20:33:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a2e7bc6bdfedd5a8634e7d5a7fab8a7fe90e5191
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:42:f1:17:57:41:40:75:69:b6:8a:b9:d0:05:
                    43:21:1a:7c:89:cc:aa:97:75:99:09:58:bd:be:41:
                    57:14:23:53:27:70:28:15:d5:ea:f9:d6:fe:da:b3:
                    66:92:b2:78:df:cb:5e:1a:10:6a:55:be:c2:eb:f3:
                    9c:92:3e:49:cd:e5:2b:9e:b4:5e:65:d7:22:f2:63:
                    d0:34:71:9e:1e:2e:6f:29:ba:fb:0a:65:d4:8e:1f:
                    5c:a9:a2:74:bb:7b:55:71:72:bb:bb:cf:e1:0e:42:
                    3e:4c:bb:25:22:cf:c1:be:f4:be:49:35:6e:a7:5d:
                    82:23:8d:b7:19:e5:51:0c:51:16:12:a0:d0:bd:59:
                    92:a7:8c:40:b4:74:d1:fb:88:51:34:d8:70:f2:5e:
                    25:2c:d3:e1:9e:50:ec:d4:f2:96:b2:41:8a:c8:a4:
                    23:5d:22:18:0f:55:99:4e:ea:a5:df:49:0f:58:f4:
                    99:f6:3c:29:fc:f7:d3:e5:34:43:cc:cf:47:f1:b6:
                    8e:f0:79:38:18:cb:03:af:7d:89:20:e0:6e:6a:cf:
                    6d:5d:98:04:f7:87:48:45:84:09:4c:90:00:60:05:
                    0b:06:bb:25:0b:74:51:9a:52:27:bc:a1:70:fa:bc:
                    d3:fe:bd:b4:d0:ef:cb:9a:74:5f:cb:78:16:92:d6:
                    32:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:E7:BC:6B:DF:ED:D5:A8:63:4E:7D:5A:7F:AB:8A:7F:E9:0E:51:91
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/oue8a9_t1ahjTn1af6uKf-kOUZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:7886:100::/48
                  2a0e:f600:2c::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:66:07:e6:c6:fc:e9:aa:fe:00:69:85:8c:14:c5:f6:c0:2c:
         c5:2e:68:7e:8f:f5:cb:9c:e0:1e:e0:28:fc:b2:bd:1c:dc:53:
         50:64:bb:d2:47:31:77:81:94:de:15:06:d2:cd:55:87:58:b3:
         b3:b1:15:db:71:c2:25:e4:55:b8:35:2e:81:11:97:9c:1a:db:
         67:e9:da:4c:d9:03:f9:fb:9a:47:57:05:0e:3a:59:bb:a7:1d:
         3d:c3:99:89:74:3e:b9:88:24:19:38:24:20:89:94:62:f7:25:
         65:b4:8e:08:be:2f:06:10:67:98:e3:82:02:df:ce:1a:b2:8b:
         6f:d1:f2:ba:37:fe:1e:94:e5:d9:63:22:d5:a8:da:49:a6:67:
         af:be:90:1b:c2:af:ee:95:4b:cf:15:99:b4:ba:a3:21:06:8c:
         c4:2f:1e:83:88:3c:f3:35:a7:32:78:47:89:ad:39:0a:ee:c1:
         9d:79:be:27:d9:c5:97:12:44:ec:50:6e:76:c6:f7:c7:d3:c4:
         ac:49:35:02:9c:b7:ef:52:c7:10:d7:43:28:a9:ef:a2:90:17:
         e3:3d:71:e4:72:92:b2:3c:1a:ad:bb:cf:1e:68:f4:7c:05:73:
         20:73:05:33:db:f2:19:56:97:27:38:12:7a:10:df:e6:ac:97:
         49:26:f4:f1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZx8weNK6QmcAHC9RHqIgBC6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMjIwMjAzMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmU3YmM2YmRmZWRkNWE4NjM0ZTdkNWE3ZmFiOGE3ZmU5MGU1MTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkLxF1dBQHVptoq50AVDIRp8icyq
l3WZCVi9vkFXFCNTJ3AoFdXq+db+2rNmkrJ438teGhBqVb7C6/Ockj5JzeUrnrRe
Zdci8mPQNHGeHi5vKbr7CmXUjh9cqaJ0u3tVcXK7u8/hDkI+TLslIs/BvvS+STVu
p12CI423GeVRDFEWEqDQvVmSp4xAtHTR+4hRNNhw8l4lLNPhnlDs1PKWskGKyKQj
XSIYD1WZTuql30kPWPSZ9jwp/PfT5TRDzM9H8baO8Hk4GMsDr32JIOBuas9tXZgE
94dIRYQJTJAAYAULBrslC3RRmlInvKFw+rzT/r200O/LmnRfy3gWktYyfwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKLnvGvf7dWoY059Wn+rin/pDlGRMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvb3VlOGE5X3QxYWhqVG4xYWY2dUtmLWtPVVpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgx4hgEA
AwcAKg72AAAsMA0GCSqGSIb3DQEBCwUAA4IBAQBvZgfmxvzpqv4AaYWMFMX2wCzF
Lmh+j/XLnOAe4Cj8sr0c3FNQZLvSRzF3gZTeFQbSzVWHWLOzsRXbccIl5FW4NS6B
EZecGttn6dpM2QP5+5pHVwUOOlm7px09w5mJdD65iCQZOCQgiZRi9yVltI4Ivi8G
EGeY44IC384asotv0fK6N/4elOXZYyLVqNpJpmevvpAbwq/ulUvPFZm0uqMhBozE
Lx6DiDzzNacyeEeJrTkK7sGdeb4n2cWXEkTsUG52xvfH08SsSTUCnLfvUscQ10Mo
qe+ikBfjPXHkcpKyPBqtu88eaPR8BXMgcwUz2/IZVpcnOBJ6EN/mrJdJJvTx
-----END CERTIFICATE-----