Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/4ItCS4CpknYhJnSH_o8-k-QnsNA.roa
File:                     4ItCS4CpknYhJnSH_o8-k-QnsNA.roa (raw, json)
Hash identifier:          UbB2Anq4oy7M8ovVCyTEp9NJkA3MTyGN4S19tvEsX+w=
Subject key identifier:   E0:8B:42:4B:80:A9:92:76:21:26:74:87:FE:8F:3E:93:E4:27:B0:D0
Certificate issuer:       /CN=a7a4e23482268475c1b935637d0002c2fd2993b8
Certificate serial:       019C94D44C19741A61842EDB7CFF26DBCC80
Authority key identifier: A7:A4:E2:34:82:26:84:75:C1:B9:35:63:7D:00:02:C2:FD:29:93:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/4ItCS4CpknYhJnSH_o8-k-QnsNA.roa
Signing time:             Wed 25 Feb 2026 12:44:27 +0000
ROA not before:           Wed 25 Feb 2026 12:44:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        2a14:ae00:d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 14:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:94:d4:4c:19:74:1a:61:84:2e:db:7c:ff:26:db:cc:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7a4e23482268475c1b935637d0002c2fd2993b8
        Validity
            Not Before: Feb 25 12:44:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e08b424b80a9927621267487fe8f3e93e427b0d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:23:dc:9c:ec:7b:f5:41:8c:a1:b1:2c:f3:60:
                    d1:0a:df:0c:44:c5:50:96:37:e2:24:cd:62:67:e1:
                    2e:df:74:e7:5b:10:98:80:97:b1:ee:93:46:b0:4b:
                    e8:1e:85:87:d4:1a:f9:9d:69:6b:f1:e7:cf:9f:64:
                    0c:ac:a0:4d:63:9c:da:1d:e8:f2:b9:b6:9c:68:03:
                    d2:65:8d:11:1a:07:75:89:6b:12:bf:40:61:32:2f:
                    34:db:c5:28:ab:7c:65:23:5e:1f:e7:66:19:6c:1b:
                    85:31:0c:1d:c5:e1:c5:5a:1e:64:15:bd:b1:b7:59:
                    81:a8:5f:2a:cb:92:56:34:2a:d4:16:7b:73:a4:61:
                    55:e9:af:7c:c8:1d:7a:1a:db:d5:ba:b4:1a:fc:a0:
                    46:59:3a:44:fa:cc:1c:99:9d:a8:82:f1:f9:65:4c:
                    a1:4f:b8:6d:64:0f:a1:ee:3e:21:c7:e1:bb:3e:7d:
                    a7:a8:12:dc:bc:a5:ec:b5:c0:11:95:d3:6b:d9:fa:
                    ad:e8:bf:31:c0:bd:fc:00:b5:84:a0:a7:0e:61:ad:
                    35:a2:6c:47:18:62:f0:04:39:a6:d4:6c:aa:f6:07:
                    92:d0:77:f4:54:65:54:84:c1:dc:44:5b:2f:c0:9b:
                    cf:8d:37:c9:98:68:28:9b:e8:14:1e:66:da:c0:45:
                    3e:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:8B:42:4B:80:A9:92:76:21:26:74:87:FE:8F:3E:93:E4:27:B0:D0
            X509v3 Authority Key Identifier:
                keyid:A7:A4:E2:34:82:26:84:75:C1:B9:35:63:7D:00:02:C2:FD:29:93:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/4ItCS4CpknYhJnSH_o8-k-QnsNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:ae00:d::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:6d:c5:6d:ba:2d:8f:e8:1a:34:93:36:1a:24:de:c5:24:e0:
         25:51:d5:86:48:db:ce:eb:48:d7:70:9d:90:91:39:5f:b4:e6:
         77:06:4f:c6:9f:2e:d0:15:c5:2c:16:46:72:50:ec:9b:e6:41:
         26:15:45:e4:8a:9e:b1:b1:e6:1a:a9:ca:32:3c:c8:cf:5d:de:
         29:ea:df:b7:16:22:69:f0:5e:c4:fe:63:5b:0e:2e:14:09:d2:
         96:6c:2a:79:0d:db:9e:41:de:ec:d9:1a:c1:cc:94:18:49:6b:
         c4:e9:6e:95:59:77:c5:42:6d:75:df:c5:29:c1:09:0d:b7:11:
         c0:a0:ef:fa:30:ab:d3:13:26:4e:6c:64:14:52:1a:fb:38:24:
         38:93:ca:58:bf:67:8b:84:d1:41:11:71:dd:8f:a4:ff:34:33:
         35:82:28:f5:79:f6:29:3d:ff:7a:b7:66:21:8b:ca:20:4a:0d:
         68:7c:55:f3:e5:e4:ea:1c:93:79:07:5a:35:e9:b4:d3:59:65:
         ba:4e:cb:17:ea:1e:56:c1:6b:8e:82:70:71:7c:b9:e3:64:7d:
         64:50:44:34:27:85:64:a0:a7:cc:b0:d4:aa:39:d5:b6:40:8d:
         ff:2d:c2:72:dc:7d:f5:c2:0e:82:f5:ef:de:22:de:c4:eb:f1:
         97:66:eb:39
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZyU1EwZdBphhC7bfP8m28yAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3YTRlMjM0ODIyNjg0NzVjMWI5MzU2MzdkMDAwMmMyZmQy
OTkzYjgwHhcNMjYwMjI1MTI0NDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDhiNDI0YjgwYTk5Mjc2MjEyNjc0ODdmZThmM2U5M2U0MjdiMGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAziPcnOx79UGMobEs82DRCt8MRMVQ
ljfiJM1iZ+Eu33TnWxCYgJex7pNGsEvoHoWH1Br5nWlr8efPn2QMrKBNY5zaHejy
ubacaAPSZY0RGgd1iWsSv0BhMi8028Uoq3xlI14f52YZbBuFMQwdxeHFWh5kFb2x
t1mBqF8qy5JWNCrUFntzpGFV6a98yB16GtvVurQa/KBGWTpE+swcmZ2ogvH5ZUyh
T7htZA+h7j4hx+G7Pn2nqBLcvKXstcARldNr2fqt6L8xwL38ALWEoKcOYa01omxH
GGLwBDmm1Gyq9geS0Hf0VGVUhMHcRFsvwJvPjTfJmGgom+gUHmbawEU+9wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOCLQkuAqZJ2ISZ0h/6PPpPkJ7DQMB8GA1UdIwQY
MBaAFKek4jSCJoR1wbk1Y30AAsL9KZO4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDZUaU5JSW1oSFhCdVRWamZRQUN3djBwazdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wN2Y2MjMtMTRmYi00YTgwLTlmNDYt
MjMzMzFiNjQ5MTZjLzEvNEl0Q1M0Q3BrblloSm5TSF9vOC1rLVFuc05BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wN2Y2MjMtMTRmYi00YTgwLTlmNDYtMjMzMzFiNjQ5MTZj
LzEvcDZUaU5JSW1oSFhCdVRWamZRQUN3djBwazdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhSuAAAN
MA0GCSqGSIb3DQEBCwUAA4IBAQBnbcVtui2P6Bo0kzYaJN7FJOAlUdWGSNvO60jX
cJ2QkTlftOZ3Bk/Gny7QFcUsFkZyUOyb5kEmFUXkip6xseYaqcoyPMjPXd4p6t+3
FiJp8F7E/mNbDi4UCdKWbCp5DdueQd7s2RrBzJQYSWvE6W6VWXfFQm1138UpwQkN
txHAoO/6MKvTEyZObGQUUhr7OCQ4k8pYv2eLhNFBEXHdj6T/NDM1gij1efYpPf96
t2Yhi8ogSg1ofFXz5eTqHJN5B1o16bTTWWW6TssX6h5WwWuOgnBxfLnjZH1kUEQ0
J4VkoKfMsNSqOdW2QI3/LcJy3H31wg6C9e/eIt7E6/GXZus5
-----END CERTIFICATE-----