Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/GPRfESHnJoYihBJpqJc_FhS2f7A.roa
File:                     GPRfESHnJoYihBJpqJc_FhS2f7A.roa (raw, json)
Hash identifier:          f74kDm/ciChN475AFpRBwLQVMtBu2YfVb+Xl0bwIzkE=
Subject key identifier:   18:F4:5F:11:21:E7:26:86:22:84:12:69:A8:97:3F:16:14:B6:7F:B0
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019C7098E186BF001058B7734C02595C4234
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/GPRfESHnJoYihBJpqJc_FhS2f7A.roa
Signing time:             Wed 18 Feb 2026 11:53:13 +0000
ROA not before:           Wed 18 Feb 2026 11:53:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208068
IP address blocks:        2a14:67c3:400::/44 maxlen: 44
                          2a14:67c3:410::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:70:98:e1:86:bf:00:10:58:b7:73:4c:02:59:5c:42:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Feb 18 11:53:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=18f45f1121e7268622841269a8973f1614b67fb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:87:37:2d:2c:e1:73:27:b5:99:6b:a2:f2:d0:
                    1b:f8:06:2d:23:96:fd:c3:bd:dd:31:d6:1a:c6:d5:
                    24:11:a5:22:05:47:a5:3c:3a:8e:be:0a:a8:f5:d6:
                    71:c0:b9:4e:be:4d:05:b9:25:08:bf:d2:1e:35:1c:
                    04:63:83:55:47:56:35:28:15:b8:02:c0:ce:99:00:
                    02:d7:98:40:ae:9a:8d:77:f1:e5:5b:dd:38:17:ee:
                    9c:69:f9:cb:12:d6:fc:67:70:6a:2d:57:41:c5:39:
                    0f:ec:de:8d:f9:45:93:23:f6:5f:82:38:cd:cb:d4:
                    87:7e:ea:87:c3:53:2f:a2:44:05:4a:51:83:5d:59:
                    51:0d:f5:52:6b:72:f8:ca:93:52:ee:9a:cf:71:fc:
                    0c:84:fc:82:4f:45:f1:67:ce:39:e9:a1:f4:be:3c:
                    1b:e7:77:40:af:ac:cf:d1:11:da:a8:5e:60:c6:07:
                    30:5a:93:83:36:52:76:b8:95:80:c7:5f:50:45:3b:
                    ac:40:94:85:d5:e7:b1:52:6b:dd:b8:5c:d1:43:cc:
                    89:8b:7b:fb:2b:f2:3a:40:9b:a8:ab:65:9a:fb:81:
                    c1:0b:ef:59:90:ec:38:91:19:f5:29:35:8d:c1:6f:
                    26:76:95:f2:79:ca:c7:ea:c9:da:04:38:5e:af:e8:
                    38:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:F4:5F:11:21:E7:26:86:22:84:12:69:A8:97:3F:16:14:B6:7F:B0
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/GPRfESHnJoYihBJpqJc_FhS2f7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c3:400::/43

    Signature Algorithm: sha256WithRSAEncryption
         50:66:b0:32:8f:83:16:f4:e8:73:01:50:c4:0b:05:11:76:42:
         7e:b9:2b:ed:4d:75:ac:3d:9c:04:aa:c3:a3:c1:25:4c:65:40:
         61:3e:26:cd:42:0e:7d:2d:34:74:58:33:3e:d2:8e:31:3b:05:
         81:bd:b1:a0:33:6e:51:18:7f:ef:bb:18:0c:69:b0:ba:de:22:
         02:d8:6b:d1:70:e0:60:9c:7c:48:1e:f1:07:a8:b3:fc:d1:d7:
         56:92:c8:cb:56:bb:7e:f5:1d:18:1e:8e:93:d7:d1:25:fd:93:
         99:bf:6f:1a:82:30:0d:a3:a3:12:c4:42:7f:6c:8a:4d:14:d5:
         21:1f:3d:38:93:63:63:dc:30:53:9c:ac:48:f1:a4:7c:4f:f3:
         16:33:12:4d:ec:e5:6f:98:22:dd:4d:ca:ec:36:77:ec:23:1d:
         31:af:1b:4b:17:5f:b6:23:fd:08:c2:0c:36:46:65:6a:14:6b:
         d0:92:62:e9:ea:ff:b6:19:30:57:5e:e2:e2:9e:d0:f9:22:97:
         76:2a:3d:5b:08:10:61:6d:3d:a1:4d:e3:f6:3b:bf:00:e5:b3:
         78:36:58:32:1b:2c:51:5e:11:11:3d:4a:e1:d1:04:00:89:e6:
         a4:3a:5c:d5:50:98:3d:ae:98:a5:14:d8:e1:f5:20:30:42:08:
         cb:46:04:69
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZxwmOGGvwAQWLdzTAJZXEI0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwMjE4MTE1MzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGY0NWYxMTIxZTcyNjg2MjI4NDEyNjlhODk3M2YxNjE0YjY3ZmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIc3LSzhcye1mWui8tAb+AYtI5b9
w73dMdYaxtUkEaUiBUelPDqOvgqo9dZxwLlOvk0FuSUIv9IeNRwEY4NVR1Y1KBW4
AsDOmQAC15hArpqNd/HlW904F+6cafnLEtb8Z3BqLVdBxTkP7N6N+UWTI/ZfgjjN
y9SHfuqHw1MvokQFSlGDXVlRDfVSa3L4ypNS7prPcfwMhPyCT0XxZ8456aH0vjwb
53dAr6zP0RHaqF5gxgcwWpODNlJ2uJWAx19QRTusQJSF1eexUmvduFzRQ8yJi3v7
K/I6QJuoq2Wa+4HBC+9ZkOw4kRn1KTWNwW8mdpXyecrH6snaBDher+g46wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBj0XxEh5yaGIoQSaaiXPxYUtn+wMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvR1BSZkVTSG5Kb1lpaEJKcHFKY19GaFMyZjdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcFKhRnwwQA
MA0GCSqGSIb3DQEBCwUAA4IBAQBQZrAyj4MW9OhzAVDECwURdkJ+uSvtTXWsPZwE
qsOjwSVMZUBhPibNQg59LTR0WDM+0o4xOwWBvbGgM25RGH/vuxgMabC63iIC2GvR
cOBgnHxIHvEHqLP80ddWksjLVrt+9R0YHo6T19El/ZOZv28agjANo6MSxEJ/bIpN
FNUhHz04k2Nj3DBTnKxI8aR8T/MWMxJN7OVvmCLdTcrsNnfsIx0xrxtLF1+2I/0I
wgw2RmVqFGvQkmLp6v+2GTBXXuLintD5Ipd2Kj1bCBBhbT2hTeP2O78A5bN4Nlgy
GyxRXhERPUrh0QQAieakOlzVUJg9rpilFNjh9SAwQgjLRgRp
-----END CERTIFICATE-----