Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/9uvXRK1EdP1i-kRw03804gfRp98.roa
File:                     9uvXRK1EdP1i-kRw03804gfRp98.roa (raw, json)
Hash identifier:          tTXkVRzYXIywkoMhYa5coWBlkglNeZGz3zSJaocctEg=
Subject key identifier:   F6:EB:D7:44:AD:44:74:FD:62:FA:44:70:D3:7F:34:E2:07:D1:A7:DF
Certificate issuer:       /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial:       019C95D679E6948DAB45E7D033FDF7B4E47E
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/9uvXRK1EdP1i-kRw03804gfRp98.roa
Signing time:             Wed 25 Feb 2026 17:26:26 +0000
ROA not before:           Wed 25 Feb 2026 17:26:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207483
IP address blocks:        2a12:2e40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:95:d6:79:e6:94:8d:ab:45:e7:d0:33:fd:f7:b4:e4:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
        Validity
            Not Before: Feb 25 17:26:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f6ebd744ad4474fd62fa4470d37f34e207d1a7df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:9f:45:9a:5b:72:9a:7a:b7:28:31:92:f8:1e:
                    bc:4e:38:41:b6:70:5b:de:01:ae:2a:0c:2e:3a:80:
                    11:63:f6:e7:5f:2b:2d:9a:89:c9:85:92:ce:cb:91:
                    ca:dc:25:b7:aa:24:81:52:16:40:2a:a7:96:7d:5c:
                    67:78:02:66:e0:d9:d3:de:13:5b:80:8b:34:d6:22:
                    84:05:16:f1:95:fb:3b:e8:fb:20:f4:da:f8:b6:66:
                    27:06:e9:8f:62:0d:28:ed:75:e2:a1:53:e1:ce:64:
                    9b:53:35:28:d0:f9:43:66:df:8b:e0:81:ab:73:89:
                    c1:e7:20:1b:7c:69:55:e1:73:13:22:a0:e7:bf:63:
                    f6:29:d2:e9:60:c9:77:21:a1:a5:28:72:bf:09:c1:
                    1b:8d:f0:30:63:6c:29:08:11:1b:07:f0:34:57:f1:
                    57:be:c6:33:b8:5d:e9:25:64:67:e9:56:83:16:92:
                    17:4a:2c:97:e1:2c:23:c0:ac:56:98:32:e3:9c:4f:
                    33:9a:69:3f:63:ce:8f:6f:e7:b6:08:3c:70:02:dd:
                    16:e7:73:ac:ad:9d:8e:40:51:52:22:32:13:b1:fc:
                    38:55:29:92:1a:eb:4e:4a:c4:c7:f0:c3:f2:f0:ba:
                    de:4e:8e:81:69:95:61:8e:73:99:ad:88:ad:a1:a6:
                    a6:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:EB:D7:44:AD:44:74:FD:62:FA:44:70:D3:7F:34:E2:07:D1:A7:DF
            X509v3 Authority Key Identifier:
                keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/9uvXRK1EdP1i-kRw03804gfRp98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:2e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         08:ad:55:3f:bf:33:22:34:96:c9:14:12:b4:e8:98:c2:b2:46:
         e9:42:6f:b6:e2:80:b2:54:59:53:04:c7:4c:3e:6c:97:4b:1f:
         58:3c:3c:4a:ab:6e:76:64:a6:db:a8:93:3d:b7:d3:92:67:5d:
         9a:98:a8:1d:c6:75:e5:6b:8b:64:f2:82:52:f2:4f:8e:c5:af:
         13:22:64:6b:ef:fc:48:98:3e:2e:8b:da:ef:f9:11:b9:f8:a0:
         aa:02:dd:87:e1:0e:e2:52:d3:18:dc:1d:09:4c:3e:2e:3c:cb:
         b9:76:71:44:97:c9:08:7d:84:b6:82:17:6c:77:c5:01:5d:6d:
         97:af:d1:3d:c5:4b:97:f7:74:fa:c5:f2:bb:7f:51:fd:6e:60:
         08:01:60:f2:94:0b:05:3f:00:fd:56:ff:c7:88:0f:1a:9d:95:
         ce:1a:2b:d3:33:98:de:76:ce:ab:8d:16:ee:5a:6e:c7:8c:53:
         fa:35:a7:a4:f4:c5:96:04:d1:d6:b8:53:46:fd:db:15:72:0b:
         20:86:4f:f0:c1:c7:b1:81:72:7e:03:b6:b5:6d:5d:97:40:34:
         56:37:16:95:e5:40:25:b2:68:e8:b6:f7:c1:50:45:3f:77:42:
         66:6e:db:10:c7:fb:bd:da:3c:c1:04:c1:2d:51:1a:10:bd:4f:
         f2:d9:b2:05
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZyV1nnmlI2rRefQM/33tOR+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjYwMjI1MTcyNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmViZDc0NGFkNDQ3NGZkNjJmYTQ0NzBkMzdmMzRlMjA3ZDFhN2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlp9Fmltymnq3KDGS+B68TjhBtnBb
3gGuKgwuOoARY/bnXystmonJhZLOy5HK3CW3qiSBUhZAKqeWfVxneAJm4NnT3hNb
gIs01iKEBRbxlfs76Psg9Nr4tmYnBumPYg0o7XXioVPhzmSbUzUo0PlDZt+L4IGr
c4nB5yAbfGlV4XMTIqDnv2P2KdLpYMl3IaGlKHK/CcEbjfAwY2wpCBEbB/A0V/FX
vsYzuF3pJWRn6VaDFpIXSiyX4SwjwKxWmDLjnE8zmmk/Y86Pb+e2CDxwAt0W53Os
rZ2OQFFSIjITsfw4VSmSGutOSsTH8MPy8LreTo6BaZVhjnOZrYitoaamowIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPbr10StRHT9YvpEcNN/NOIH0affMB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEvOXV2WFJLMUVkUDFpLWtSdzAzODA0Z2ZScDk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhIuQDAN
BgkqhkiG9w0BAQsFAAOCAQEACK1VP78zIjSWyRQStOiYwrJG6UJvtuKAslRZUwTH
TD5sl0sfWDw8SqtudmSm26iTPbfTkmddmpioHcZ15WuLZPKCUvJPjsWvEyJka+/8
SJg+Lova7/kRufigqgLdh+EO4lLTGNwdCUw+LjzLuXZxRJfJCH2EtoIXbHfFAV1t
l6/RPcVLl/d0+sXyu39R/W5gCAFg8pQLBT8A/Vb/x4gPGp2Vzhor0zOY3nbOq40W
7lpux4xT+jWnpPTFlgTR1rhTRv3bFXILIIZP8MHHsYFyfgO2tW1dl0A0VjcWleVA
JbJo6Lb3wVBFP3dCZm7bEMf7vdo8wQTBLVEaEL1P8tmyBQ==
-----END CERTIFICATE-----