Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/2566c2-be52-4b42-a84c-cc3384ad81a1/1/2xGqMqbFa646EMEXsukXriphVW8.roa
File:                     2xGqMqbFa646EMEXsukXriphVW8.roa (raw, json)
Hash identifier:          odEL2M6BYLsF4njGikEkDGjtP1dJDgPaubWbiCHPAAg=
Subject key identifier:   DB:11:AA:32:A6:C5:6B:AE:3A:10:C1:17:B2:E9:17:AE:2A:61:55:6F
Certificate issuer:       /CN=d13bbc92a2fa90a0a1122b8330346f9a6171d976
Certificate serial:       019C46557069301EBC38C5F3EFD0F1C53256
Authority key identifier: D1:3B:BC:92:A2:FA:90:A0:A1:12:2B:83:30:34:6F:9A:61:71:D9:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Tu8kqL6kKChEiuDMDRvmmFx2XY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/2566c2-be52-4b42-a84c-cc3384ad81a1/1/2xGqMqbFa646EMEXsukXriphVW8.roa
Signing time:             Tue 10 Feb 2026 06:55:30 +0000
ROA not before:           Tue 10 Feb 2026 06:55:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50348
IP address blocks:        109.233.160.0/21 maxlen: 21
                          2a00:4880::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/2566c2-be52-4b42-a84c-cc3384ad81a1/1/0Tu8kqL6kKChEiuDMDRvmmFx2XY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/2566c2-be52-4b42-a84c-cc3384ad81a1/1/0Tu8kqL6kKChEiuDMDRvmmFx2XY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Tu8kqL6kKChEiuDMDRvmmFx2XY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 16:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:46:55:70:69:30:1e:bc:38:c5:f3:ef:d0:f1:c5:32:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d13bbc92a2fa90a0a1122b8330346f9a6171d976
        Validity
            Not Before: Feb 10 06:55:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db11aa32a6c56bae3a10c117b2e917ae2a61556f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a9:73:15:10:d3:7b:37:a6:94:71:03:cc:97:
                    4e:1f:09:02:9f:92:18:02:fe:fd:5b:04:cb:3f:76:
                    b2:96:95:1f:fa:13:b9:99:e9:51:bf:f3:87:51:9f:
                    1a:b5:87:dc:44:41:5e:10:d5:68:c3:f0:cf:4a:52:
                    c7:46:a0:41:df:14:23:ef:68:7a:1f:86:1d:e9:c6:
                    8e:3a:d8:12:4c:4a:f8:84:c7:f9:37:c9:24:35:24:
                    cb:83:d8:fd:4a:2c:8d:c1:b6:b6:e4:a3:a0:8c:2c:
                    24:df:11:50:1c:c5:1d:ed:8e:cc:b5:89:bd:f9:de:
                    9f:0d:56:fa:f9:0f:ac:dc:4b:37:98:41:38:78:32:
                    73:b4:e9:58:35:57:3f:ec:47:d2:93:4f:59:f4:ac:
                    e1:a9:9c:dd:93:c7:61:f7:58:65:0e:5f:e1:3e:18:
                    48:1d:60:82:60:7f:67:f5:ed:c2:9a:17:ab:ab:10:
                    6b:4d:4f:0f:ae:ef:8c:68:a6:28:91:97:f3:b9:34:
                    fc:f6:95:e0:03:ac:3b:d0:43:4f:48:4c:31:a4:c4:
                    10:f5:8f:9e:d0:52:ee:a4:15:0d:b1:b6:92:89:2a:
                    07:7a:68:a2:6a:e7:eb:99:79:01:7f:32:c1:a1:46:
                    e1:5a:94:c0:02:aa:71:ea:1b:e3:43:61:35:3f:9e:
                    8d:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:11:AA:32:A6:C5:6B:AE:3A:10:C1:17:B2:E9:17:AE:2A:61:55:6F
            X509v3 Authority Key Identifier:
                keyid:D1:3B:BC:92:A2:FA:90:A0:A1:12:2B:83:30:34:6F:9A:61:71:D9:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Tu8kqL6kKChEiuDMDRvmmFx2XY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/2566c2-be52-4b42-a84c-cc3384ad81a1/1/2xGqMqbFa646EMEXsukXriphVW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/2566c2-be52-4b42-a84c-cc3384ad81a1/1/0Tu8kqL6kKChEiuDMDRvmmFx2XY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.233.160.0/21
                IPv6:
                  2a00:4880::/32

    Signature Algorithm: sha256WithRSAEncryption
         0a:35:8d:5b:7c:5c:76:94:1f:0d:25:14:2e:3b:92:3d:54:39:
         4a:b0:eb:58:28:6d:3c:0c:c3:d5:ae:ae:a0:0e:fa:e5:d3:d8:
         5d:d5:6b:6f:77:97:66:16:b2:c0:d2:f5:76:ac:ae:59:36:16:
         a2:b1:03:c2:6e:95:90:e7:18:12:4c:19:1c:70:d8:fe:79:d3:
         01:12:06:b2:fd:7e:47:fc:b1:a7:f2:65:c0:cb:52:53:f7:12:
         aa:63:f5:98:c2:28:c0:6f:88:d5:38:db:f4:f0:8d:32:6e:99:
         af:e9:00:44:3c:05:a4:6e:9b:da:fe:bd:67:9a:2c:1b:b9:ae:
         36:55:30:5c:c7:98:00:ef:06:06:cd:43:f2:ca:78:c9:a0:0d:
         fe:05:af:e6:df:ec:de:36:21:89:7c:e8:ae:46:db:76:f0:0c:
         4b:6d:23:fa:e5:63:72:9a:09:c4:9d:d1:67:69:c4:03:a3:d6:
         64:13:e8:74:f5:b4:78:11:86:ad:4a:9e:a2:99:e2:1d:b8:f8:
         ca:f5:86:ba:29:99:a2:08:19:41:29:df:0c:04:bb:a5:fd:a6:
         3d:eb:af:b8:57:43:70:57:99:83:df:5c:95:cc:89:48:e7:e7:
         ed:8d:db:07:8d:f3:a2:0b:cb:db:da:c9:9f:ac:99:74:93:6b:
         69:15:cd:84
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZxGVXBpMB68OMXz79DxxTJWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxM2JiYzkyYTJmYTkwYTBhMTEyMmI4MzMwMzQ2ZjlhNjE3
MWQ5NzYwHhcNMjYwMjEwMDY1NTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjExYWEzMmE2YzU2YmFlM2ExMGMxMTdiMmU5MTdhZTJhNjE1NTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKlzFRDTezemlHEDzJdOHwkCn5IY
Av79WwTLP3aylpUf+hO5melRv/OHUZ8atYfcREFeENVow/DPSlLHRqBB3xQj72h6
H4Yd6caOOtgSTEr4hMf5N8kkNSTLg9j9SiyNwba25KOgjCwk3xFQHMUd7Y7MtYm9
+d6fDVb6+Q+s3Es3mEE4eDJztOlYNVc/7EfSk09Z9KzhqZzdk8dh91hlDl/hPhhI
HWCCYH9n9e3CmherqxBrTU8Pru+MaKYokZfzuTT89pXgA6w70ENPSEwxpMQQ9Y+e
0FLupBUNsbaSiSoHemiiaufrmXkBfzLBoUbhWpTAAqpx6hvjQ2E1P56NkQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNsRqjKmxWuuOhDBF7LpF64qYVVvMB8GA1UdIwQY
MBaAFNE7vJKi+pCgoRIrgzA0b5phcdl2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFR1OGtxTDZrS0NoRWl1RE1EUnZtbUZ4MlhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8yNTY2YzItYmU1Mi00YjQyLWE4NGMt
Y2MzMzg0YWQ4MWExLzEvMnhHcU1xYkZhNjQ2RU1FWHN1a1hyaXBoVlc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8yNTY2YzItYmU1Mi00YjQyLWE4NGMtY2MzMzg0YWQ4MWEx
LzEvMFR1OGtxTDZrS0NoRWl1RE1EUnZtbUZ4MlhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDbemgMA0E
AgACMAcDBQAqAEiAMA0GCSqGSIb3DQEBCwUAA4IBAQAKNY1bfFx2lB8NJRQuO5I9
VDlKsOtYKG08DMPVrq6gDvrl09hd1Wtvd5dmFrLA0vV2rK5ZNhaisQPCbpWQ5xgS
TBkccNj+edMBEgay/X5H/LGn8mXAy1JT9xKqY/WYwijAb4jVONv08I0ybpmv6QBE
PAWkbpva/r1nmiwbua42VTBcx5gA7wYGzUPyynjJoA3+Ba/m3+zeNiGJfOiuRtt2
8AxLbSP65WNymgnEndFnacQDo9ZkE+h09bR4EYatSp6imeIduPjK9Ya6KZmiCBlB
Kd8MBLul/aY966+4V0NwV5mD31yVzIlI5+ftjdsHjfOiC8vb2smfrJl0k2tpFc2E
-----END CERTIFICATE-----