Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/MfTfgclpn8E2cQz7P67scm9h4cg.roa
File:                     MfTfgclpn8E2cQz7P67scm9h4cg.roa (raw, json)
Hash identifier:          lF5ehYwK2l/cM3nn6cPH8vsdHhz423oq0xHvnyBa9Ps=
Subject key identifier:   31:F4:DF:81:C9:69:9F:C1:36:71:0C:FB:3F:AE:EC:72:6F:61:E1:C8
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019C7152BAA611FEF4E1F74C0AD4996FEF6A
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/MfTfgclpn8E2cQz7P67scm9h4cg.roa
Signing time:             Wed 18 Feb 2026 15:16:13 +0000
ROA not before:           Wed 18 Feb 2026 15:16:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43481
IP address blocks:        2a12:9f00:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Feb 2026 00:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:71:52:ba:a6:11:fe:f4:e1:f7:4c:0a:d4:99:6f:ef:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Feb 18 15:16:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=31f4df81c9699fc136710cfb3faeec726f61e1c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:98:f6:48:d8:9b:42:21:ff:f4:fd:ed:8f:76:
                    12:03:65:fa:d5:9e:fd:30:b5:45:e6:ae:94:fe:9e:
                    db:61:06:68:7b:98:e7:d9:98:9e:4a:2a:b4:bf:a4:
                    9a:e0:88:e6:0d:f8:ea:59:7c:3a:e2:9b:a6:c2:ed:
                    5b:56:94:a1:36:f8:42:2a:1f:f1:4d:ed:bd:d5:c9:
                    c7:8f:13:6f:e4:43:4c:3c:5b:64:65:f0:af:2f:8a:
                    8c:61:8c:ba:cb:2a:4f:54:56:c2:30:7f:74:6c:a6:
                    9b:f6:02:4b:6d:bf:eb:df:39:4f:08:c6:3d:a4:11:
                    5e:3b:b4:86:02:60:9f:a8:01:64:aa:b3:9d:38:a9:
                    f8:39:b6:ce:ba:59:18:db:a3:aa:78:11:f9:74:70:
                    1e:ef:e8:f2:41:cb:04:ae:60:a1:b6:8d:0b:63:dd:
                    2c:d6:7c:0f:f7:2b:d4:9c:30:ea:ba:4b:f9:12:78:
                    ba:b6:fb:be:ee:0d:61:a4:df:52:29:ea:33:97:6d:
                    df:57:93:d5:83:85:fd:c9:48:da:99:cc:38:e1:8c:
                    ce:21:18:0d:f0:24:d2:17:8f:79:df:6e:85:25:30:
                    77:6c:19:db:72:66:40:67:bf:be:29:dc:20:7f:d5:
                    a7:d4:82:8a:29:7f:21:d2:9d:16:15:0b:f8:01:57:
                    a9:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:F4:DF:81:C9:69:9F:C1:36:71:0C:FB:3F:AE:EC:72:6F:61:E1:C8
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/MfTfgclpn8E2cQz7P67scm9h4cg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:9f00:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         b3:51:5b:92:93:0e:df:38:0b:d4:ba:a2:de:70:cb:bd:00:ae:
         ad:38:ea:72:71:d7:c2:53:ac:35:00:53:81:db:4d:8a:f2:5c:
         19:6a:79:3b:90:16:9e:1a:2c:22:7b:83:91:1f:07:14:9d:0e:
         d4:f6:cb:ea:c0:e9:6a:d5:40:c1:d5:49:0d:64:71:ca:08:4b:
         12:78:8c:bd:79:b6:7e:95:01:e1:8f:28:4a:55:b1:75:4b:ac:
         ab:8d:48:2c:f0:d0:37:82:2e:12:2c:c9:46:92:87:7c:73:45:
         56:4d:b5:31:29:0b:40:00:97:4a:8e:40:bb:bf:10:d6:b3:da:
         50:23:21:b9:30:62:0a:37:92:40:c2:af:03:63:ad:0e:f2:44:
         94:4d:fb:aa:7c:1f:fb:26:39:2b:00:f2:b7:ae:13:a6:ed:99:
         e4:a3:11:c0:c7:2e:2d:b3:ab:87:3b:6d:50:b3:7b:fe:95:04:
         2f:d5:4b:9d:b7:62:6f:94:c7:31:7e:9a:17:1c:48:0f:30:81:
         45:60:90:45:63:bc:2b:3e:21:9a:cf:2f:5b:19:23:a7:b9:97:
         9f:1c:0d:d5:8d:a3:d6:77:55:d3:cc:0a:e7:78:fc:80:2f:ac:
         6a:a3:7a:be:81:9d:71:44:19:6e:c5:82:45:9b:f5:07:7d:7b:
         31:ff:d2:89
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZxxUrqmEf704fdMCtSZb+9qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjYwMjE4MTUxNjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWY0ZGY4MWM5Njk5ZmMxMzY3MTBjZmIzZmFlZWM3MjZmNjFlMWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJj2SNibQiH/9P3tj3YSA2X61Z79
MLVF5q6U/p7bYQZoe5jn2ZieSiq0v6Sa4IjmDfjqWXw64pumwu1bVpShNvhCKh/x
Te291cnHjxNv5ENMPFtkZfCvL4qMYYy6yypPVFbCMH90bKab9gJLbb/r3zlPCMY9
pBFeO7SGAmCfqAFkqrOdOKn4ObbOulkY26OqeBH5dHAe7+jyQcsErmChto0LY90s
1nwP9yvUnDDqukv5Eni6tvu+7g1hpN9SKeozl23fV5PVg4X9yUjamcw44YzOIRgN
8CTSF495326FJTB3bBnbcmZAZ7++Kdwgf9Wn1IKKKX8h0p0WFQv4AVepiQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDH034HJaZ/BNnEM+z+u7HJvYeHIMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvTWZUZmdjbHBuOEUyY1F6N1A2N3NjbTloNGNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhKfAAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQCzUVuSkw7fOAvUuqLecMu9AK6tOOpycdfCU6w1
AFOB202K8lwZank7kBaeGiwie4ORHwcUnQ7U9svqwOlq1UDB1UkNZHHKCEsSeIy9
ebZ+lQHhjyhKVbF1S6yrjUgs8NA3gi4SLMlGkod8c0VWTbUxKQtAAJdKjkC7vxDW
s9pQIyG5MGIKN5JAwq8DY60O8kSUTfuqfB/7JjkrAPK3rhOm7ZnkoxHAxy4ts6uH
O21Qs3v+lQQv1Uudt2JvlMcxfpoXHEgPMIFFYJBFY7wrPiGazy9bGSOnuZefHA3V
jaPWd1XTzArnePyAL6xqo3q+gZ1xRBluxYJFm/UHfXsx/9KJ
-----END CERTIFICATE-----