Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/54151a-fd97-491a-af3b-40f48226ecef/1/DdwiTnVe_gHYJdCJIEPlLB30T9Y.roa
File:                     DdwiTnVe_gHYJdCJIEPlLB30T9Y.roa (raw, json)
Hash identifier:          2WHjEkehzyIY1Nql2UGpjFGbX6oy4qVHNlnSkH/UcUk=
Subject key identifier:   0D:DC:22:4E:75:5E:FE:01:D8:25:D0:89:20:43:E5:2C:1D:F4:4F:D6
Certificate issuer:       /CN=a63b07ebd3747e600f8c264d9792de344f8aa7ad
Certificate serial:       019C771A3A4CB280E9A59C3138DB977B253A
Authority key identifier: A6:3B:07:EB:D3:74:7E:60:0F:8C:26:4D:97:92:DE:34:4F:8A:A7:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pjsH69N0fmAPjCZNl5LeNE-Kp60.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/54151a-fd97-491a-af3b-40f48226ecef/1/DdwiTnVe_gHYJdCJIEPlLB30T9Y.roa
Signing time:             Thu 19 Feb 2026 18:12:13 +0000
ROA not before:           Thu 19 Feb 2026 18:12:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        2a10:7987:8000::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/54151a-fd97-491a-af3b-40f48226ecef/1/pjsH69N0fmAPjCZNl5LeNE-Kp60.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/54151a-fd97-491a-af3b-40f48226ecef/1/pjsH69N0fmAPjCZNl5LeNE-Kp60.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pjsH69N0fmAPjCZNl5LeNE-Kp60.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Feb 2026 21:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:77:1a:3a:4c:b2:80:e9:a5:9c:31:38:db:97:7b:25:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a63b07ebd3747e600f8c264d9792de344f8aa7ad
        Validity
            Not Before: Feb 19 18:12:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0ddc224e755efe01d825d0892043e52c1df44fd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:bd:5c:9a:d7:15:25:7d:6b:59:44:10:05:ee:
                    69:ec:84:f7:cc:f0:f0:80:32:b1:81:97:19:58:1a:
                    b9:b2:2b:af:76:75:53:0b:ac:41:c0:c8:a0:5d:44:
                    6f:10:e8:4f:01:52:93:b6:1b:1e:f8:34:6d:b1:6d:
                    6d:ac:f9:ed:d0:df:b4:fe:8d:df:08:13:d2:cb:93:
                    ee:e0:48:e7:08:73:52:34:5b:ab:25:c9:ae:bc:28:
                    51:c9:90:82:6f:6b:22:4d:a1:3f:a7:e6:62:7f:8f:
                    81:35:64:0e:78:4e:50:6f:31:d1:bf:09:ba:44:54:
                    75:70:ec:66:ad:f1:9d:2a:df:92:ea:75:06:b4:05:
                    c7:35:3c:ec:37:5b:dc:c8:e4:52:83:59:d8:5e:0f:
                    99:bb:3c:26:28:09:2c:70:14:87:fe:f7:e3:f9:ef:
                    06:77:0d:0c:7c:db:d0:0d:87:93:1d:1b:52:03:80:
                    e3:e7:d9:eb:6b:b6:0a:47:61:16:70:14:d5:a8:a9:
                    60:12:83:57:bc:42:20:bf:48:96:63:c1:93:73:72:
                    d5:58:11:f7:bf:36:f3:79:da:de:0a:1e:77:35:6d:
                    9e:3a:9f:56:a4:06:ce:af:b6:52:c5:af:1e:d7:6c:
                    0a:f1:6d:0a:d8:bb:41:c2:7d:43:bf:4c:a4:e8:a3:
                    cf:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:DC:22:4E:75:5E:FE:01:D8:25:D0:89:20:43:E5:2C:1D:F4:4F:D6
            X509v3 Authority Key Identifier:
                keyid:A6:3B:07:EB:D3:74:7E:60:0F:8C:26:4D:97:92:DE:34:4F:8A:A7:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pjsH69N0fmAPjCZNl5LeNE-Kp60.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/54151a-fd97-491a-af3b-40f48226ecef/1/DdwiTnVe_gHYJdCJIEPlLB30T9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/54151a-fd97-491a-af3b-40f48226ecef/1/pjsH69N0fmAPjCZNl5LeNE-Kp60.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:7987:8000::/44

    Signature Algorithm: sha256WithRSAEncryption
         18:e0:ef:c4:a1:d9:b4:d2:9d:5b:57:a0:0b:c9:8c:d5:6b:b4:
         3c:7d:71:5d:3b:19:63:a2:74:aa:43:11:10:79:34:74:fa:c6:
         6c:e3:80:ab:a2:17:15:1b:77:a8:07:0f:43:02:ce:54:6a:dd:
         27:fc:ae:49:ab:c9:db:57:e5:77:12:9f:39:15:6f:bf:3e:cf:
         6f:74:b4:69:36:52:42:f1:49:bf:0a:aa:18:30:80:de:cf:9c:
         4a:e6:dc:da:21:b7:a7:ae:a0:00:b8:71:06:52:ce:ff:12:56:
         55:0f:2c:d6:c3:f2:50:21:01:37:ff:09:2e:ef:93:f2:50:42:
         8d:ca:47:ea:d1:dd:e1:f3:19:0a:f3:79:c1:16:33:0c:b0:a9:
         99:27:5e:aa:ff:55:26:bd:c5:56:56:4e:69:8b:d6:eb:a3:8a:
         52:c5:c1:20:b1:bb:a9:30:d5:fd:58:30:7f:c5:1a:10:7b:46:
         ee:c5:24:04:c6:70:c7:6f:85:6f:7a:37:cb:7c:4f:b4:b6:25:
         cf:97:37:ec:98:86:0c:02:b2:04:0e:98:09:3c:9f:da:76:c1:
         9a:84:15:df:f3:f3:70:87:c4:6c:f4:0e:38:37:17:e0:4a:53:
         25:fe:75:5e:eb:7b:f0:89:4d:a6:f8:d4:84:8a:88:87:cc:d0:
         bd:20:05:1e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZx3GjpMsoDppZwxONuXeyU6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2M2IwN2ViZDM3NDdlNjAwZjhjMjY0ZDk3OTJkZTM0NGY4
YWE3YWQwHhcNMjYwMjE5MTgxMjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGRjMjI0ZTc1NWVmZTAxZDgyNWQwODkyMDQzZTUyYzFkZjQ0ZmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv71cmtcVJX1rWUQQBe5p7IT3zPDw
gDKxgZcZWBq5siuvdnVTC6xBwMigXURvEOhPAVKTthse+DRtsW1trPnt0N+0/o3f
CBPSy5Pu4EjnCHNSNFurJcmuvChRyZCCb2siTaE/p+Zif4+BNWQOeE5QbzHRvwm6
RFR1cOxmrfGdKt+S6nUGtAXHNTzsN1vcyORSg1nYXg+ZuzwmKAkscBSH/vfj+e8G
dw0MfNvQDYeTHRtSA4Dj59nra7YKR2EWcBTVqKlgEoNXvEIgv0iWY8GTc3LVWBH3
vzbzedreCh53NW2eOp9WpAbOr7ZSxa8e12wK8W0K2LtBwn1Dv0yk6KPPRwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA3cIk51Xv4B2CXQiSBD5Swd9E/WMB8GA1UdIwQY
MBaAFKY7B+vTdH5gD4wmTZeS3jRPiqetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGpzSDY5TjBmbUFQakNaTmw1TGVORS1LcDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny81NDE1MWEtZmQ5Ny00OTFhLWFmM2It
NDBmNDgyMjZlY2VmLzEvRGR3aVRuVmVfZ0hZSmRDSklFUGxMQjMwVDlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny81NDE1MWEtZmQ5Ny00OTFhLWFmM2ItNDBmNDgyMjZlY2Vm
LzEvcGpzSDY5TjBmbUFQakNaTmw1TGVORS1LcDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhB5h4AA
MA0GCSqGSIb3DQEBCwUAA4IBAQAY4O/Eodm00p1bV6ALyYzVa7Q8fXFdOxljonSq
QxEQeTR0+sZs44CrohcVG3eoBw9DAs5Uat0n/K5Jq8nbV+V3Ep85FW+/Ps9vdLRp
NlJC8Um/CqoYMIDez5xK5tzaIbenrqAAuHEGUs7/ElZVDyzWw/JQIQE3/wku75Py
UEKNykfq0d3h8xkK83nBFjMMsKmZJ16q/1UmvcVWVk5pi9bro4pSxcEgsbupMNX9
WDB/xRoQe0buxSQExnDHb4VvejfLfE+0tiXPlzfsmIYMArIEDpgJPJ/adsGahBXf
8/Nwh8Rs9A44NxfgSlMl/nVe63vwiU2m+NSEioiHzNC9IAUe
-----END CERTIFICATE-----