Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/590e6a-c4fb-4e4d-9ff4-717cf7d73587/1/Bhwxfe7-2H1mP_yNUtpEged1-GE.roa
File:                     Bhwxfe7-2H1mP_yNUtpEged1-GE.roa (raw, json)
Hash identifier:          lwwOGYlsDe8otoVO3CpnxZxqzeNrxkyEQ5g4/KYMubI=
Subject key identifier:   06:1C:31:7D:EE:FE:D8:7D:66:3F:FC:8D:52:DA:44:81:E7:75:F8:61
Certificate issuer:       /CN=c15f0608297e9f94371a72d93ad7b11f79c1f83f
Certificate serial:       019C560FA9C72B867A8B73B24806B90C3C71
Authority key identifier: C1:5F:06:08:29:7E:9F:94:37:1A:72:D9:3A:D7:B1:1F:79:C1:F8:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wV8GCCl-n5Q3GnLZOtexH3nB-D8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/590e6a-c4fb-4e4d-9ff4-717cf7d73587/1/Bhwxfe7-2H1mP_yNUtpEged1-GE.roa
Signing time:             Fri 13 Feb 2026 08:13:12 +0000
ROA not before:           Fri 13 Feb 2026 08:13:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57399
IP address blocks:        2a12:79c0:f000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/590e6a-c4fb-4e4d-9ff4-717cf7d73587/1/wV8GCCl-n5Q3GnLZOtexH3nB-D8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/590e6a-c4fb-4e4d-9ff4-717cf7d73587/1/wV8GCCl-n5Q3GnLZOtexH3nB-D8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wV8GCCl-n5Q3GnLZOtexH3nB-D8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:56:0f:a9:c7:2b:86:7a:8b:73:b2:48:06:b9:0c:3c:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c15f0608297e9f94371a72d93ad7b11f79c1f83f
        Validity
            Not Before: Feb 13 08:13:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=061c317deefed87d663ffc8d52da4481e775f861
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:89:9e:c3:df:b8:f2:52:a1:aa:ff:b5:7d:23:
                    1b:1f:21:ce:60:b6:2d:5c:75:23:98:fa:2c:33:49:
                    c4:99:21:86:36:f6:72:54:eb:67:79:6c:3b:98:d7:
                    65:f7:8e:1c:be:9c:65:fa:19:30:00:3d:e1:d1:b0:
                    19:6c:69:d3:84:ed:5c:42:37:ef:99:8f:50:e3:be:
                    b0:85:b8:cc:e8:d4:ae:15:12:80:28:7c:85:3c:84:
                    65:b1:52:75:53:81:d0:d5:af:d7:6e:57:82:0d:fd:
                    61:77:de:72:64:c2:1d:4a:6e:31:0a:94:ce:ad:c7:
                    56:07:ec:62:30:ea:e2:88:c1:f9:11:d7:a6:51:1c:
                    3b:82:bb:ca:62:08:5f:bd:03:0b:bd:65:d7:0b:97:
                    44:88:6f:39:f2:76:2c:73:f5:a5:82:da:2e:bc:78:
                    6c:e0:a3:57:e6:13:64:ea:e3:d0:9b:b9:2d:27:ed:
                    88:f3:6e:c7:75:49:84:e8:e1:8d:c9:7b:72:5a:fc:
                    6e:f8:70:5f:58:9b:9e:af:e8:63:4c:dc:15:04:25:
                    60:43:ef:c4:f9:4d:cf:2a:d4:23:fd:b8:ef:07:35:
                    02:d0:1d:21:8b:68:b4:3c:78:33:2c:32:b6:31:5b:
                    29:17:b8:48:44:c8:5c:97:37:ad:72:d5:0f:7d:c4:
                    13:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:1C:31:7D:EE:FE:D8:7D:66:3F:FC:8D:52:DA:44:81:E7:75:F8:61
            X509v3 Authority Key Identifier:
                keyid:C1:5F:06:08:29:7E:9F:94:37:1A:72:D9:3A:D7:B1:1F:79:C1:F8:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wV8GCCl-n5Q3GnLZOtexH3nB-D8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/590e6a-c4fb-4e4d-9ff4-717cf7d73587/1/Bhwxfe7-2H1mP_yNUtpEged1-GE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/590e6a-c4fb-4e4d-9ff4-717cf7d73587/1/wV8GCCl-n5Q3GnLZOtexH3nB-D8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:79c0:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         7a:e7:7b:44:72:f9:95:60:6a:84:c9:e1:cb:5b:12:ef:ce:7a:
         6b:70:69:89:00:fd:5c:87:ee:b7:e7:50:0e:51:9b:57:52:00:
         18:7a:c1:06:3b:0c:72:16:3a:df:8c:ba:a8:d9:8d:47:d1:67:
         42:fe:4e:4d:c3:e7:6c:bb:1e:e7:20:24:96:1f:71:52:0d:07:
         ce:3d:40:a8:84:57:da:66:80:9f:73:c4:da:28:ba:07:04:81:
         27:72:f4:e1:88:6b:a5:35:2a:fd:88:0d:5d:63:a0:fd:d7:de:
         59:37:0a:54:4f:0f:2e:c2:87:17:e3:82:9d:c3:a8:db:8a:41:
         b2:46:15:96:45:c9:ec:68:23:b1:4d:ea:b6:78:21:74:68:72:
         dc:f5:60:81:e8:89:b1:d1:cc:80:92:43:86:95:d1:0b:b9:fa:
         1f:83:2a:a4:45:a0:01:51:2f:15:d2:9a:ce:63:25:f0:41:06:
         ba:01:a3:01:d7:81:a0:a4:bf:ca:3b:ab:54:74:39:06:06:55:
         15:7d:86:22:4e:41:16:30:77:5e:58:96:96:9d:b2:df:ff:16:
         42:53:44:ed:c5:ae:12:0d:ec:69:ce:fa:92:84:28:8e:aa:38:
         8a:e2:03:34:4d:09:f5:c2:a7:3a:13:6a:69:66:8e:49:7f:ed:
         39:84:cb:ef
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZxWD6nHK4Z6i3OySAa5DDxxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxNWYwNjA4Mjk3ZTlmOTQzNzFhNzJkOTNhZDdiMTFmNzlj
MWY4M2YwHhcNMjYwMjEzMDgxMzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjFjMzE3ZGVlZmVkODdkNjYzZmZjOGQ1MmRhNDQ4MWU3NzVmODYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4mew9+48lKhqv+1fSMbHyHOYLYt
XHUjmPosM0nEmSGGNvZyVOtneWw7mNdl944cvpxl+hkwAD3h0bAZbGnThO1cQjfv
mY9Q476whbjM6NSuFRKAKHyFPIRlsVJ1U4HQ1a/XbleCDf1hd95yZMIdSm4xCpTO
rcdWB+xiMOriiMH5EdemURw7grvKYghfvQMLvWXXC5dEiG858nYsc/WlgtouvHhs
4KNX5hNk6uPQm7ktJ+2I827HdUmE6OGNyXtyWvxu+HBfWJuer+hjTNwVBCVgQ+/E
+U3PKtQj/bjvBzUC0B0hi2i0PHgzLDK2MVspF7hIRMhclzetctUPfcQT3wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAYcMX3u/th9Zj/8jVLaRIHndfhhMB8GA1UdIwQY
MBaAFMFfBggpfp+UNxpy2TrXsR95wfg/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1Y4R0NDbC1uNVEzR25MWk90ZXhIM25CLUQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC81OTBlNmEtYzRmYi00ZTRkLTlmZjQt
NzE3Y2Y3ZDczNTg3LzEvQmh3eGZlNy0ySDFtUF95TlV0cEVnZWQxLUdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC81OTBlNmEtYzRmYi00ZTRkLTlmZjQtNzE3Y2Y3ZDczNTg3
LzEvd1Y4R0NDbC1uNVEzR25MWk90ZXhIM25CLUQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhJ5wPAw
DQYJKoZIhvcNAQELBQADggEBAHrne0Ry+ZVgaoTJ4ctbEu/OemtwaYkA/VyH7rfn
UA5Rm1dSABh6wQY7DHIWOt+MuqjZjUfRZ0L+Tk3D52y7HucgJJYfcVINB849QKiE
V9pmgJ9zxNoougcEgSdy9OGIa6U1Kv2IDV1joP3X3lk3ClRPDy7Chxfjgp3DqNuK
QbJGFZZFyexoI7FN6rZ4IXRoctz1YIHoibHRzICSQ4aV0Qu5+h+DKqRFoAFRLxXS
ms5jJfBBBroBowHXgaCkv8o7q1R0OQYGVRV9hiJOQRYwd15Ylpadst//FkJTRO3F
rhIN7GnO+pKEKI6qOIriAzRNCfXCpzoTamlmjkl/7TmEy+8=
-----END CERTIFICATE-----