Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/H-VLcLjySEvCPdXFtIamTTKKAmY.roa
File:                     H-VLcLjySEvCPdXFtIamTTKKAmY.roa (raw, json)
Hash identifier:          Pu4WAc0AHR3VQp7EwlL95Ks6Sl9Ot8C0yUhL/DK+kcs=
Subject key identifier:   1F:E5:4B:70:B8:F2:48:4B:C2:3D:D5:C5:B4:86:A6:4D:32:8A:02:66
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019C386CB07FFCDD39724065AF72876D61AA
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/H-VLcLjySEvCPdXFtIamTTKKAmY.roa
Signing time:             Sat 07 Feb 2026 14:06:13 +0000
ROA not before:           Sat 07 Feb 2026 14:06:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210464
IP address blocks:        2a0d:d940:200d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 21:36:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:38:6c:b0:7f:fc:dd:39:72:40:65:af:72:87:6d:61:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Feb  7 14:06:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1fe54b70b8f2484bc23dd5c5b486a64d328a0266
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:04:75:3a:e8:94:2f:8b:fa:e2:bb:51:d7:2e:
                    76:7a:a1:b5:fd:4f:07:00:d6:f6:bc:d6:d5:a8:72:
                    34:21:91:52:67:7a:2d:29:ce:9b:16:38:ae:2a:eb:
                    40:84:2d:17:83:b5:68:33:6c:3b:56:6c:eb:1f:6d:
                    f2:f6:65:fa:b8:fd:47:7f:db:61:d2:44:ae:aa:00:
                    11:48:40:74:4d:1f:d2:79:3b:66:72:b6:63:7d:e7:
                    73:1c:88:c2:51:8f:0e:99:04:69:a0:f3:84:a1:21:
                    e0:20:21:6c:ee:4a:0b:b1:9f:91:3d:ad:c1:ce:5d:
                    64:8d:f4:35:70:6c:57:bf:1a:fe:b4:27:71:e8:bd:
                    fb:ef:0a:e4:19:58:0c:49:2e:1a:f8:aa:0c:d1:91:
                    aa:1b:6b:f8:fd:f3:4a:45:30:82:2a:a4:81:07:17:
                    bb:a1:d6:16:71:bb:4d:92:44:92:67:db:18:28:7b:
                    58:c1:cd:f6:cb:57:91:3a:e4:ea:a6:e6:5e:a1:53:
                    5a:52:e3:cc:f6:af:f8:35:b0:53:a8:9d:3e:32:b7:
                    47:d9:0d:97:db:52:ee:a0:f0:2a:fe:9c:e7:71:02:
                    af:39:5f:0f:bd:27:2d:32:18:de:8e:65:c5:3b:cf:
                    1a:df:58:ba:86:72:1a:34:07:e8:9d:48:39:d6:cb:
                    90:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:E5:4B:70:B8:F2:48:4B:C2:3D:D5:C5:B4:86:A6:4D:32:8A:02:66
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/H-VLcLjySEvCPdXFtIamTTKKAmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:200d::/48

    Signature Algorithm: sha256WithRSAEncryption
         cd:14:ea:39:de:39:6e:f6:44:4e:aa:32:e1:4b:cf:00:0d:94:
         cb:ab:2e:50:f7:0d:f7:18:8a:5c:ff:c9:7a:52:91:76:36:0d:
         f9:e5:02:6e:8e:66:03:c4:db:e8:ce:e0:38:21:19:b5:b6:cb:
         6d:04:ed:d9:cc:70:e4:f6:23:c0:ed:80:de:33:76:4d:8d:e3:
         b2:6c:d6:55:b5:c6:11:02:21:85:27:bb:c7:14:de:83:a4:a4:
         2d:b9:2e:fa:ba:14:86:25:9a:6c:8b:55:6e:af:79:3e:0d:4e:
         66:81:e6:40:a0:b1:4d:95:e9:66:cf:c6:12:86:e8:f0:f8:64:
         1b:f3:df:77:05:7b:93:90:11:8b:d2:60:07:26:a1:08:e9:3a:
         6e:69:f6:78:33:15:20:d6:53:1b:d6:89:6d:8d:69:0d:91:b4:
         ca:a2:dd:07:0c:f7:08:1d:28:3d:b8:a4:e6:be:12:05:df:f8:
         81:a1:2d:0a:26:c1:bc:e3:30:e4:63:04:e6:79:66:61:cd:49:
         88:38:9a:93:d9:76:6b:a1:d5:7d:d8:4c:59:53:2e:3e:b2:99:
         2c:23:34:ff:09:f5:b2:2d:e2:af:2f:90:21:48:79:6a:aa:67:
         6f:9d:c0:c6:ec:c0:d4:73:de:e6:e8:bb:e3:dc:34:12:ba:7c:
         ef:94:b9:53
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZw4bLB//N05ckBlr3KHbWGqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwMjA3MTQwNjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmU1NGI3MGI4ZjI0ODRiYzIzZGQ1YzViNDg2YTY0ZDMyOGEwMjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwR1OuiUL4v64rtR1y52eqG1/U8H
ANb2vNbVqHI0IZFSZ3otKc6bFjiuKutAhC0Xg7VoM2w7VmzrH23y9mX6uP1Hf9th
0kSuqgARSEB0TR/SeTtmcrZjfedzHIjCUY8OmQRpoPOEoSHgICFs7koLsZ+RPa3B
zl1kjfQ1cGxXvxr+tCdx6L377wrkGVgMSS4a+KoM0ZGqG2v4/fNKRTCCKqSBBxe7
odYWcbtNkkSSZ9sYKHtYwc32y1eROuTqpuZeoVNaUuPM9q/4NbBTqJ0+MrdH2Q2X
21LuoPAq/pzncQKvOV8PvSctMhjejmXFO88a31i6hnIaNAfonUg51suQJQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB/lS3C48khLwj3VxbSGpk0yigJmMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvSC1WTGNManlTRXZDUGRYRnRJYW1UVEtLQW1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg3ZQCAN
MA0GCSqGSIb3DQEBCwUAA4IBAQDNFOo53jlu9kROqjLhS88ADZTLqy5Q9w33GIpc
/8l6UpF2Ng355QJujmYDxNvozuA4IRm1tsttBO3ZzHDk9iPA7YDeM3ZNjeOybNZV
tcYRAiGFJ7vHFN6DpKQtuS76uhSGJZpsi1Vur3k+DU5mgeZAoLFNlelmz8YShujw
+GQb8993BXuTkBGL0mAHJqEI6TpuafZ4MxUg1lMb1oltjWkNkbTKot0HDPcIHSg9
uKTmvhIF3/iBoS0KJsG84zDkYwTmeWZhzUmIOJqT2XZrodV92ExZUy4+spksIzT/
CfWyLeKvL5AhSHlqqmdvncDG7MDUc97m6Lvj3DQSunzvlLlT
-----END CERTIFICATE-----