Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/54151a-fd97-491a-af3b-40f48226ecef/1/Icyf-d0jWAqbVPgT3Gkt0wMpnFo.roa
File:                     Icyf-d0jWAqbVPgT3Gkt0wMpnFo.roa (raw, json)
Hash identifier:          vaMTX6MtsNb86w0hbuVy7Fy/w/HNrgsjpE8nNXBtDyA=
Subject key identifier:   21:CC:9F:F9:DD:23:58:0A:9B:54:F8:13:DC:69:2D:D3:03:29:9C:5A
Certificate issuer:       /CN=a63b07ebd3747e600f8c264d9792de344f8aa7ad
Certificate serial:       019C709B9F5DE89881EF7AFC9770875337A3
Authority key identifier: A6:3B:07:EB:D3:74:7E:60:0F:8C:26:4D:97:92:DE:34:4F:8A:A7:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pjsH69N0fmAPjCZNl5LeNE-Kp60.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/54151a-fd97-491a-af3b-40f48226ecef/1/Icyf-d0jWAqbVPgT3Gkt0wMpnFo.roa
Signing time:             Wed 18 Feb 2026 11:56:12 +0000
ROA not before:           Wed 18 Feb 2026 11:56:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201043
IP address blocks:        2a10:7987:8000::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/54151a-fd97-491a-af3b-40f48226ecef/1/pjsH69N0fmAPjCZNl5LeNE-Kp60.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/54151a-fd97-491a-af3b-40f48226ecef/1/pjsH69N0fmAPjCZNl5LeNE-Kp60.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pjsH69N0fmAPjCZNl5LeNE-Kp60.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Feb 2026 21:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:70:9b:9f:5d:e8:98:81:ef:7a:fc:97:70:87:53:37:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a63b07ebd3747e600f8c264d9792de344f8aa7ad
        Validity
            Not Before: Feb 18 11:56:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=21cc9ff9dd23580a9b54f813dc692dd303299c5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:75:c7:36:91:65:8c:ad:eb:a2:9e:b4:df:5d:
                    da:ba:d1:5a:05:47:95:d6:54:a7:67:c4:f6:77:9d:
                    d8:0f:2b:fe:63:16:09:d2:b7:20:3d:38:58:1c:8f:
                    69:2e:c0:66:d4:b8:ae:d1:60:56:84:39:ae:88:06:
                    1e:94:7d:ec:1f:c1:b4:07:ec:4d:6c:e5:87:9a:30:
                    1a:4e:9a:3f:51:d7:f9:95:65:f7:14:c5:28:30:f6:
                    1a:68:d6:1c:9b:c5:2f:85:e3:56:25:7b:1a:60:29:
                    e2:83:b6:ad:d8:a5:6f:d6:e1:17:a1:0b:1f:f4:a2:
                    1e:f8:56:31:41:4a:4f:2b:7b:76:76:5e:a4:7f:76:
                    89:65:d9:53:9e:81:50:60:45:ee:7f:0c:f6:99:51:
                    4f:82:98:ee:20:17:93:b9:4c:72:b6:6b:04:65:e8:
                    fc:4b:cb:dc:04:0a:8d:c2:05:d0:b3:86:80:5f:29:
                    97:f4:2a:c7:1c:ca:88:06:7d:a6:0a:95:ec:24:c1:
                    fd:f4:bd:07:2f:7e:8d:60:34:6b:6b:2f:dd:42:b6:
                    a0:2e:62:ea:66:23:67:20:3a:b9:36:00:1f:a8:20:
                    4e:b7:81:76:1c:4d:42:c1:cf:63:6c:70:c5:1b:11:
                    df:41:c3:a0:94:09:0a:e2:dc:06:f0:b3:17:a9:a3:
                    f6:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:CC:9F:F9:DD:23:58:0A:9B:54:F8:13:DC:69:2D:D3:03:29:9C:5A
            X509v3 Authority Key Identifier:
                keyid:A6:3B:07:EB:D3:74:7E:60:0F:8C:26:4D:97:92:DE:34:4F:8A:A7:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pjsH69N0fmAPjCZNl5LeNE-Kp60.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/54151a-fd97-491a-af3b-40f48226ecef/1/Icyf-d0jWAqbVPgT3Gkt0wMpnFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/54151a-fd97-491a-af3b-40f48226ecef/1/pjsH69N0fmAPjCZNl5LeNE-Kp60.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:7987:8000::/44

    Signature Algorithm: sha256WithRSAEncryption
         2e:3b:98:0c:16:ed:57:c8:19:50:70:16:e1:f4:6e:35:5a:6d:
         48:43:54:a4:ae:81:1c:05:2e:15:46:7a:0a:82:04:93:ff:1a:
         4e:73:8f:ef:b8:f2:86:7e:8f:56:2d:00:dd:56:0c:89:68:32:
         41:eb:8f:7d:64:d8:44:be:d1:05:30:03:81:ff:1a:00:28:7b:
         cd:06:28:9d:c7:c6:64:b7:76:11:b7:65:bf:63:09:23:14:5f:
         f8:b6:aa:97:f4:3c:e3:ed:e4:1a:d0:65:5a:01:94:bc:f4:87:
         a6:95:92:a8:b1:4b:8f:bf:76:bb:3a:b5:0b:23:df:99:53:45:
         20:29:b9:e6:cd:c4:4c:2b:ed:80:c6:57:ea:f6:e1:e3:57:a5:
         52:a5:bf:b4:53:4f:e0:a4:01:7d:ea:5f:d1:da:b4:aa:ba:c2:
         1f:95:54:cf:54:86:00:08:3e:0e:6b:54:9d:02:9b:90:17:d4:
         00:b8:6c:55:71:bf:6c:44:b1:9a:9f:83:dc:f6:13:79:75:d7:
         49:de:73:a4:1e:6c:4b:19:90:a1:ee:b8:b0:00:ce:35:9a:6e:
         4d:31:3d:dc:47:68:5e:23:65:a5:37:1a:25:6d:45:e6:47:08:
         f4:a1:16:5d:64:38:cd:4b:55:d0:4a:a3:06:bc:a4:58:2a:13:
         cb:34:33:12
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZxwm59d6JiB73r8l3CHUzejMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2M2IwN2ViZDM3NDdlNjAwZjhjMjY0ZDk3OTJkZTM0NGY4
YWE3YWQwHhcNMjYwMjE4MTE1NjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWNjOWZmOWRkMjM1ODBhOWI1NGY4MTNkYzY5MmRkMzAzMjk5YzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnXHNpFljK3rop60313autFaBUeV
1lSnZ8T2d53YDyv+YxYJ0rcgPThYHI9pLsBm1Liu0WBWhDmuiAYelH3sH8G0B+xN
bOWHmjAaTpo/Udf5lWX3FMUoMPYaaNYcm8UvheNWJXsaYCnig7at2KVv1uEXoQsf
9KIe+FYxQUpPK3t2dl6kf3aJZdlTnoFQYEXufwz2mVFPgpjuIBeTuUxytmsEZej8
S8vcBAqNwgXQs4aAXymX9CrHHMqIBn2mCpXsJMH99L0HL36NYDRray/dQragLmLq
ZiNnIDq5NgAfqCBOt4F2HE1Cwc9jbHDFGxHfQcOglAkK4twG8LMXqaP2ZQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCHMn/ndI1gKm1T4E9xpLdMDKZxaMB8GA1UdIwQY
MBaAFKY7B+vTdH5gD4wmTZeS3jRPiqetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGpzSDY5TjBmbUFQakNaTmw1TGVORS1LcDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny81NDE1MWEtZmQ5Ny00OTFhLWFmM2It
NDBmNDgyMjZlY2VmLzEvSWN5Zi1kMGpXQXFiVlBnVDNHa3Qwd01wbkZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny81NDE1MWEtZmQ5Ny00OTFhLWFmM2ItNDBmNDgyMjZlY2Vm
LzEvcGpzSDY5TjBmbUFQakNaTmw1TGVORS1LcDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhB5h4AA
MA0GCSqGSIb3DQEBCwUAA4IBAQAuO5gMFu1XyBlQcBbh9G41Wm1IQ1SkroEcBS4V
RnoKggST/xpOc4/vuPKGfo9WLQDdVgyJaDJB6499ZNhEvtEFMAOB/xoAKHvNBiid
x8Zkt3YRt2W/YwkjFF/4tqqX9Dzj7eQa0GVaAZS89IemlZKosUuPv3a7OrULI9+Z
U0UgKbnmzcRMK+2Axlfq9uHjV6VSpb+0U0/gpAF96l/R2rSqusIflVTPVIYACD4O
a1SdApuQF9QAuGxVcb9sRLGan4Pc9hN5dddJ3nOkHmxLGZCh7riwAM41mm5NMT3c
R2heI2WlNxolbUXmRwj0oRZdZDjNS1XQSqMGvKRYKhPLNDMS
-----END CERTIFICATE-----