Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/mFP33uF3PX5de0GTrDSXj3VjZpI.roa
File:                     mFP33uF3PX5de0GTrDSXj3VjZpI.roa (raw, json)
Hash identifier:          CFmZK9ey8xSTrafeBY50GdfpXWi1FvgYxRAo4AhgjPg=
Subject key identifier:   98:53:F7:DE:E1:77:3D:7E:5D:7B:41:93:AC:34:97:8F:75:63:66:92
Certificate issuer:       /CN=7021d7528be713a4ba2cb4db5e58d64d882eb555
Certificate serial:       019C42A25C71801F09D1C1DACD158C40C0F0
Authority key identifier: 70:21:D7:52:8B:E7:13:A4:BA:2C:B4:DB:5E:58:D6:4D:88:2E:B5:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cCHXUovnE6S6LLTbXljWTYgutVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/mFP33uF3PX5de0GTrDSXj3VjZpI.roa
Signing time:             Mon 09 Feb 2026 13:41:02 +0000
ROA not before:           Mon 09 Feb 2026 13:41:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201357
IP address blocks:        2a0f:bf01::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/cCHXUovnE6S6LLTbXljWTYgutVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/cCHXUovnE6S6LLTbXljWTYgutVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cCHXUovnE6S6LLTbXljWTYgutVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:42:a2:5c:71:80:1f:09:d1:c1:da:cd:15:8c:40:c0:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7021d7528be713a4ba2cb4db5e58d64d882eb555
        Validity
            Not Before: Feb  9 13:41:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9853f7dee1773d7e5d7b4193ac34978f75636692
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:1c:4d:44:58:2a:b2:a5:08:51:a8:fc:9a:0a:
                    f7:b4:c2:aa:d6:2d:12:a0:dd:c2:14:7a:65:15:2e:
                    b5:f2:5b:81:9d:a9:70:dc:58:79:b5:9c:97:36:c3:
                    6e:1a:4c:25:5e:27:2c:d5:12:c7:aa:be:12:06:42:
                    26:77:6e:60:a1:48:53:9c:68:33:f4:5f:c8:f6:84:
                    ab:04:26:3d:9c:6f:5a:41:26:27:f1:72:f4:b3:1c:
                    15:e5:a8:2a:6d:07:a5:ed:28:54:18:0f:c1:1f:c2:
                    7c:6e:ac:42:c1:d5:a0:19:eb:7e:02:9b:52:99:9f:
                    73:ef:bc:57:97:6f:0f:f0:79:de:25:21:a2:cb:67:
                    13:08:1f:66:3a:36:e9:1c:61:0a:5f:11:39:3e:50:
                    7f:b5:6a:62:ab:7b:d0:41:d1:04:27:c5:3e:35:26:
                    5b:6e:84:00:8c:04:04:76:a6:98:c0:e6:8b:c8:e6:
                    d1:9d:1c:ca:ae:93:24:dc:16:7e:64:2f:df:3f:50:
                    6c:6e:64:dc:a6:49:06:42:55:db:c7:22:3e:0d:f1:
                    5d:d2:6e:7a:f9:ac:62:af:07:67:84:b7:35:e1:e8:
                    92:07:a1:4d:ea:7b:77:04:36:7c:13:2d:d3:9b:dd:
                    87:b2:84:82:5d:ae:60:dc:5f:c2:1f:8f:5a:87:ea:
                    c8:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:53:F7:DE:E1:77:3D:7E:5D:7B:41:93:AC:34:97:8F:75:63:66:92
            X509v3 Authority Key Identifier:
                keyid:70:21:D7:52:8B:E7:13:A4:BA:2C:B4:DB:5E:58:D6:4D:88:2E:B5:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cCHXUovnE6S6LLTbXljWTYgutVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/mFP33uF3PX5de0GTrDSXj3VjZpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/cCHXUovnE6S6LLTbXljWTYgutVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:bf01::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:f7:9a:b2:14:11:8c:66:19:22:fe:16:e7:af:fc:a2:7a:4a:
         4e:a1:1a:e9:93:6f:12:de:57:9e:08:f4:ec:c4:91:ab:b2:90:
         01:df:74:94:ed:f6:4e:a3:c2:03:73:bb:00:f5:df:c5:92:62:
         e2:b1:9b:71:da:db:c4:2d:d5:20:67:e6:7f:41:7e:71:b5:da:
         3e:57:ad:5a:d7:08:ff:2a:9a:26:8f:96:09:ef:67:9f:1e:f6:
         8c:b1:91:b5:71:ba:31:20:f8:cb:03:2a:77:cd:db:a7:df:8a:
         3f:3f:0b:23:88:ae:b2:1a:6b:90:f3:60:24:4f:99:b1:56:8c:
         74:0b:30:9d:2f:cc:69:ac:d9:d7:3a:bb:50:1f:b6:3f:f0:92:
         57:8f:ed:e8:7e:1c:b5:63:dd:54:25:79:45:e0:ff:7c:3a:4f:
         4a:76:f9:9f:50:24:40:22:89:46:75:cb:d6:b1:24:43:dc:ab:
         2f:a2:9a:4c:2c:c8:c1:6d:69:98:f4:02:b8:1f:c3:d5:b3:fe:
         65:37:ae:4b:c2:70:f5:66:67:ab:0e:a3:3f:d9:c5:c6:4a:53:
         29:53:1a:a8:92:ca:1a:91:5d:58:1b:a3:33:5a:60:25:66:0e:
         e7:fd:a7:97:1a:66:89:3a:3b:86:ce:99:cd:07:36:75:2f:bd:
         92:9d:2d:a6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZxColxxgB8J0cHazRWMQMDwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMjFkNzUyOGJlNzEzYTRiYTJjYjRkYjVlNThkNjRkODgy
ZWI1NTUwHhcNMjYwMjA5MTM0MTAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODUzZjdkZWUxNzczZDdlNWQ3YjQxOTNhYzM0OTc4Zjc1NjM2NjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRxNRFgqsqUIUaj8mgr3tMKq1i0S
oN3CFHplFS618luBnalw3Fh5tZyXNsNuGkwlXics1RLHqr4SBkImd25goUhTnGgz
9F/I9oSrBCY9nG9aQSYn8XL0sxwV5agqbQel7ShUGA/BH8J8bqxCwdWgGet+AptS
mZ9z77xXl28P8HneJSGiy2cTCB9mOjbpHGEKXxE5PlB/tWpiq3vQQdEEJ8U+NSZb
boQAjAQEdqaYwOaLyObRnRzKrpMk3BZ+ZC/fP1BsbmTcpkkGQlXbxyI+DfFd0m56
+axirwdnhLc14eiSB6FN6nt3BDZ8Ey3Tm92HsoSCXa5g3F/CH49ah+rIgwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJhT997hdz1+XXtBk6w0l491Y2aSMB8GA1UdIwQY
MBaAFHAh11KL5xOkuiy0215Y1k2ILrVVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0NIWFVvdm5FNlM2TExUYlhsaldUWWd1dFZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8wMWIwYzAtMWI4Ny00ZDZmLTllOTAt
OTI4MWYwZDIzZGJmLzEvbUZQMzN1RjNQWDVkZTBHVHJEU1hqM1ZqWnBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8wMWIwYzAtMWI4Ny00ZDZmLTllOTAtOTI4MWYwZDIzZGJm
LzEvY0NIWFVvdm5FNlM2TExUYlhsaldUWWd1dFZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+/AQAA
MA0GCSqGSIb3DQEBCwUAA4IBAQA695qyFBGMZhki/hbnr/yiekpOoRrpk28S3lee
CPTsxJGrspAB33SU7fZOo8IDc7sA9d/FkmLisZtx2tvELdUgZ+Z/QX5xtdo+V61a
1wj/Kpomj5YJ72efHvaMsZG1cboxIPjLAyp3zdun34o/PwsjiK6yGmuQ82AkT5mx
Vox0CzCdL8xprNnXOrtQH7Y/8JJXj+3ofhy1Y91UJXlF4P98Ok9KdvmfUCRAIolG
dcvWsSRD3KsvoppMLMjBbWmY9AK4H8PVs/5lN65LwnD1ZmerDqM/2cXGSlMpUxqo
ksoakV1YG6MzWmAlZg7n/aeXGmaJOjuGzpnNBzZ1L72SnS2m
-----END CERTIFICATE-----