Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/5BFb1Mc8GCjWXkmwLF7Q3DwVaVg.roa
File:                     5BFb1Mc8GCjWXkmwLF7Q3DwVaVg.roa (raw, json)
Hash identifier:          fJ0xjGZyFgWDmQfiybbX0EbKjYLEGx0MKMxk/2EUdfI=
Subject key identifier:   E4:11:5B:D4:C7:3C:18:28:D6:5E:49:B0:2C:5E:D0:DC:3C:15:69:58
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       019C5E42F7FBA9CC044BE0E53023E79D0A6D
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/5BFb1Mc8GCjWXkmwLF7Q3DwVaVg.roa
Signing time:             Sat 14 Feb 2026 22:26:13 +0000
ROA not before:           Sat 14 Feb 2026 22:26:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201398
IP address blocks:        2a0f:b246::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:5e:42:f7:fb:a9:cc:04:4b:e0:e5:30:23:e7:9d:0a:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb 14 22:26:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e4115bd4c73c1828d65e49b02c5ed0dc3c156958
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:65:44:87:32:65:49:31:aa:d1:f8:e0:78:a2:
                    8f:d7:bf:b6:1b:38:12:36:a7:d6:92:95:06:5c:81:
                    d4:14:5d:0d:69:28:85:5c:f6:e0:7f:9c:f3:99:c1:
                    5c:d2:38:06:eb:56:18:a2:e5:45:72:9d:5d:ee:33:
                    5a:64:4e:7e:df:84:90:67:c9:52:47:6e:e9:0d:bc:
                    ec:c4:16:95:3a:d6:9a:bd:12:91:52:f5:8e:42:fc:
                    fc:6a:12:48:e5:2e:9e:89:a5:28:24:49:53:aa:61:
                    77:8e:15:fc:c1:e2:ab:e9:83:db:ab:5a:ef:fa:3c:
                    53:f7:98:44:d9:43:2d:53:47:27:9d:0e:19:0e:91:
                    02:ca:e3:82:b5:ff:99:44:45:2b:ba:a4:7f:b2:bd:
                    64:e2:e9:b8:4b:99:33:77:3e:dd:ec:2c:14:e6:bc:
                    1c:d0:6b:d4:7a:e8:64:af:e8:16:1a:a8:52:f3:b3:
                    82:15:26:c9:3e:42:c3:1d:22:36:fb:29:49:78:e4:
                    59:5c:da:8a:21:48:80:65:5d:50:2e:4b:58:b9:37:
                    3b:39:4a:c1:dc:7d:a2:e7:d1:1a:6c:d0:f6:b7:2b:
                    cf:8d:62:48:e7:0d:4b:1e:35:8c:fb:50:09:b6:66:
                    94:65:e0:12:48:e3:67:19:30:1a:39:7a:45:39:91:
                    7a:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:11:5B:D4:C7:3C:18:28:D6:5E:49:B0:2C:5E:D0:DC:3C:15:69:58
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/5BFb1Mc8GCjWXkmwLF7Q3DwVaVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b246::/32

    Signature Algorithm: sha256WithRSAEncryption
         76:5f:a6:4b:94:0e:f1:59:56:d5:9c:f5:75:23:38:6a:d3:4c:
         3c:50:d3:66:dc:56:68:ca:f8:6e:96:e3:6c:8e:70:ac:dc:c0:
         c8:51:af:c8:0c:1c:67:d1:ca:53:86:66:0d:9f:46:d0:d6:56:
         2e:ba:92:96:0e:36:34:17:a5:ba:03:14:57:ef:cf:83:45:34:
         bc:f1:ec:14:67:74:d7:4e:4f:48:7a:61:08:6d:07:b7:ef:57:
         34:fe:3d:ff:8e:0d:74:f1:21:7d:4c:00:65:8e:26:41:b3:a5:
         ff:ea:91:20:2a:74:72:3c:29:f5:43:e7:83:ec:ba:02:2a:77:
         e9:15:2b:5d:06:78:d5:ab:35:5b:4c:6a:0b:7f:11:d5:ac:2b:
         f9:88:ce:9e:5a:4a:24:71:ed:c3:33:5c:1f:38:04:72:77:ba:
         79:df:fb:b9:64:08:da:76:8a:67:8e:d8:8f:bd:73:b8:28:92:
         6c:27:23:bd:59:c5:72:01:50:1a:c2:75:19:6e:c6:c6:b7:f3:
         b0:a3:bf:7c:f4:0c:83:9a:e6:c4:98:a3:62:24:91:f2:ce:e6:
         9b:36:28:55:09:81:36:8d:e6:67:d0:f6:83:20:14:04:17:28:
         e1:fc:c3:05:6b:15:8f:cd:95:67:ee:cf:43:94:6c:e9:72:d2:
         46:9a:e0:62
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZxeQvf7qcwES+DlMCPnnQptMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjYwMjE0MjIyNjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDExNWJkNGM3M2MxODI4ZDY1ZTQ5YjAyYzVlZDBkYzNjMTU2OTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyWVEhzJlSTGq0fjgeKKP17+2GzgS
NqfWkpUGXIHUFF0NaSiFXPbgf5zzmcFc0jgG61YYouVFcp1d7jNaZE5+34SQZ8lS
R27pDbzsxBaVOtaavRKRUvWOQvz8ahJI5S6eiaUoJElTqmF3jhX8weKr6YPbq1rv
+jxT95hE2UMtU0cnnQ4ZDpECyuOCtf+ZREUruqR/sr1k4um4S5kzdz7d7CwU5rwc
0GvUeuhkr+gWGqhS87OCFSbJPkLDHSI2+ylJeORZXNqKIUiAZV1QLktYuTc7OUrB
3H2i59EabND2tyvPjWJI5w1LHjWM+1AJtmaUZeASSONnGTAaOXpFOZF6PQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOQRW9THPBgo1l5JsCxe0Nw8FWlYMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvNUJGYjFNYzhHQ2pXWGttd0xGN1EzRHdWYVZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg+yRjAN
BgkqhkiG9w0BAQsFAAOCAQEAdl+mS5QO8VlW1Zz1dSM4atNMPFDTZtxWaMr4bpbj
bI5wrNzAyFGvyAwcZ9HKU4ZmDZ9G0NZWLrqSlg42NBelugMUV+/Pg0U0vPHsFGd0
105PSHphCG0Ht+9XNP49/44NdPEhfUwAZY4mQbOl/+qRICp0cjwp9UPng+y6Aip3
6RUrXQZ41as1W0xqC38R1awr+YjOnlpKJHHtwzNcHzgEcne6ed/7uWQI2naKZ47Y
j71zuCiSbCcjvVnFcgFQGsJ1GW7GxrfzsKO/fPQMg5rmxJijYiSR8s7mmzYoVQmB
No3mZ9D2gyAUBBco4fzDBWsVj82VZ+7PQ5Rs6XLSRprgYg==
-----END CERTIFICATE-----