Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/9U3tcnBGYWawUw04f7IUnsCZ-DM.roa
File:                     9U3tcnBGYWawUw04f7IUnsCZ-DM.roa (raw, json)
Hash identifier:          6cL6CGKgrq7XfSTd2buhfSF+sZ4UHzQGThl4NN2xiUo=
Subject key identifier:   F5:4D:ED:72:70:46:61:66:B0:53:0D:38:7F:B2:14:9E:C0:99:F8:33
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019C75742BADAAFF4922C57088311C8D9551
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/9U3tcnBGYWawUw04f7IUnsCZ-DM.roa
Signing time:             Thu 19 Feb 2026 10:31:13 +0000
ROA not before:           Thu 19 Feb 2026 10:31:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        2a0c:b641:1d0::/44 maxlen: 48
                          2a0c:b641:7b0::/44 maxlen: 128
                          2a0c:b641:990::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Feb 2026 22:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:75:74:2b:ad:aa:ff:49:22:c5:70:88:31:1c:8d:95:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Feb 19 10:31:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f54ded7270466166b0530d387fb2149ec099f833
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:24:87:52:82:21:43:46:0a:e5:00:d0:08:01:
                    77:b1:1a:65:a2:2f:2d:ac:e4:3d:9d:6e:49:1f:42:
                    df:3d:99:12:30:fb:8d:cb:d3:6f:4d:f6:ce:37:15:
                    69:5a:f3:3d:66:8a:d6:bd:bf:32:d8:93:46:89:f7:
                    13:70:ca:34:43:fb:4a:82:00:9f:8c:6e:29:f8:70:
                    22:29:e5:72:fa:15:89:9c:a7:a4:b9:63:fa:23:6a:
                    78:08:36:2f:34:3a:94:c1:c7:50:e5:ee:77:07:b2:
                    e2:4e:6b:d1:77:db:4f:f5:53:c2:35:13:b9:97:6c:
                    c0:8d:95:b6:86:13:59:b2:11:c9:b6:60:a3:82:22:
                    a0:02:bf:1c:2d:55:a5:c8:ea:bd:d1:65:68:11:d3:
                    44:fa:04:e0:d7:2d:bc:28:86:4c:30:20:43:a4:ec:
                    fd:68:67:0e:9a:c0:43:8f:9b:2a:fd:aa:b3:7a:cb:
                    0d:45:fa:a0:e0:b8:20:cb:8f:63:b5:41:08:48:fe:
                    bf:58:15:57:e6:ca:47:80:c9:7a:c5:85:f8:0e:6a:
                    4a:4b:1f:fb:19:66:b4:78:43:16:e6:5e:83:6e:da:
                    96:bd:2f:ad:40:54:55:16:bf:7c:38:56:3e:d2:77:
                    a7:f4:ab:9f:29:03:4b:95:8a:19:ce:0f:e3:7e:d9:
                    e5:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:4D:ED:72:70:46:61:66:B0:53:0D:38:7F:B2:14:9E:C0:99:F8:33
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/9U3tcnBGYWawUw04f7IUnsCZ-DM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:1d0::/44
                  2a0c:b641:7b0::/44
                  2a0c:b641:990::/44

    Signature Algorithm: sha256WithRSAEncryption
         55:4d:65:4a:06:f5:34:34:58:26:ee:ed:79:32:b6:81:60:31:
         20:a4:0a:54:29:d2:35:50:b3:6c:5e:d3:37:93:06:2c:fa:4e:
         ac:37:ed:2c:eb:ae:a3:1e:d9:b7:1f:41:7a:4b:d5:58:0a:13:
         2f:e6:3b:77:27:5f:a8:9c:1b:4f:dd:0a:f6:0c:8c:e4:d3:85:
         ce:50:28:1c:97:27:9e:e8:e2:4b:71:30:90:cf:cb:23:27:8c:
         f0:fc:87:aa:4f:1b:32:d1:09:69:93:5c:e6:49:65:2f:58:eb:
         d8:31:bd:eb:4d:29:0d:3f:de:42:aa:69:20:1b:51:76:91:87:
         42:f3:a5:b6:27:ff:e4:79:1f:55:d7:29:8c:d0:5f:0e:cd:70:
         cd:08:2b:59:84:a7:d2:83:f1:69:de:7d:2e:d4:3d:ed:cb:d2:
         cd:c2:57:65:4e:69:91:01:62:e9:8b:9f:01:74:4e:11:65:40:
         70:f0:b5:d7:f5:72:03:a2:4d:55:22:4a:f2:a2:17:6f:86:6e:
         f1:81:33:39:78:6c:52:0d:0e:f3:86:7c:8c:b9:c5:bf:df:a4:
         43:41:75:8d:26:90:8f:10:82:d1:c3:ba:ef:ef:d9:f6:a3:51:
         90:b7:92:54:72:13:b9:73:bc:6e:9e:53:41:8d:f7:8f:33:8f:
         71:25:19:34
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZx1dCutqv9JIsVwiDEcjZVRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMjE5MTAzMTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTRkZWQ3MjcwNDY2MTY2YjA1MzBkMzg3ZmIyMTQ5ZWMwOTlmODMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvySHUoIhQ0YK5QDQCAF3sRploi8t
rOQ9nW5JH0LfPZkSMPuNy9NvTfbONxVpWvM9ZorWvb8y2JNGifcTcMo0Q/tKggCf
jG4p+HAiKeVy+hWJnKekuWP6I2p4CDYvNDqUwcdQ5e53B7LiTmvRd9tP9VPCNRO5
l2zAjZW2hhNZshHJtmCjgiKgAr8cLVWlyOq90WVoEdNE+gTg1y28KIZMMCBDpOz9
aGcOmsBDj5sq/aqzessNRfqg4Lggy49jtUEISP6/WBVX5spHgMl6xYX4DmpKSx/7
GWa0eEMW5l6DbtqWvS+tQFRVFr98OFY+0nen9KufKQNLlYoZzg/jftnlmwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPVN7XJwRmFmsFMNOH+yFJ7AmfgzMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvOVUzdGNuQkdZV2F3VXcwNGY3SVVuc0NaLURNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcEKgy2QQHQ
AwcEKgy2QQewAwcEKgy2QQmQMA0GCSqGSIb3DQEBCwUAA4IBAQBVTWVKBvU0NFgm
7u15MraBYDEgpApUKdI1ULNsXtM3kwYs+k6sN+0s666jHtm3H0F6S9VYChMv5jt3
J1+onBtP3Qr2DIzk04XOUCgclyee6OJLcTCQz8sjJ4zw/IeqTxsy0Qlpk1zmSWUv
WOvYMb3rTSkNP95CqmkgG1F2kYdC86W2J//keR9V1ymM0F8OzXDNCCtZhKfSg/Fp
3n0u1D3ty9LNwldlTmmRAWLpi58BdE4RZUBw8LXX9XIDok1VIkryohdvhm7xgTM5
eGxSDQ7zhnyMucW/36RDQXWNJpCPEILRw7rv79n2o1GQt5JUchO5c7xunlNBjfeP
M49xJRk0
-----END CERTIFICATE-----