Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/1Dbabq2T_pfZJBQlvQstDRkrm6U.roa
File:                     1Dbabq2T_pfZJBQlvQstDRkrm6U.roa (raw, json)
Hash identifier:          YipjHa0fT0muj32Nj26mRRvkY0GnQ6zeXCjUhuymHcw=
Subject key identifier:   D4:36:DA:6E:AD:93:FE:97:D9:24:14:25:BD:0B:2D:0D:19:2B:9B:A5
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019C6E136E69931B161571728D816975E45F
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/1Dbabq2T_pfZJBQlvQstDRkrm6U.roa
Signing time:             Wed 18 Feb 2026 00:08:12 +0000
ROA not before:           Wed 18 Feb 2026 00:08:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200912
IP address blocks:        2a06:9801:59::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 24 Feb 2026 05:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6e:13:6e:69:93:1b:16:15:71:72:8d:81:69:75:e4:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Feb 18 00:08:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d436da6ead93fe97d9241425bd0b2d0d192b9ba5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:2b:60:67:f5:51:e0:ef:45:11:4e:09:ae:e2:
                    ad:73:c3:1e:4f:9d:4e:5a:27:37:1f:2a:81:2e:12:
                    22:3f:08:8e:25:93:4f:b0:b8:3b:5f:35:47:24:d7:
                    8d:0a:16:6d:fd:58:33:c8:6a:55:27:77:71:71:fe:
                    9a:59:e6:a5:b7:07:89:f2:16:5b:c2:8d:89:1d:0c:
                    dc:d9:ad:aa:55:bc:de:59:11:28:b7:97:a7:95:3b:
                    56:fc:22:0d:e6:0c:49:b6:59:29:a6:72:c8:56:74:
                    eb:ce:28:58:74:72:ef:2a:73:b0:fb:b1:ba:d4:8f:
                    dd:ff:ad:de:d0:a3:5d:9e:cf:a5:ee:03:a8:35:51:
                    40:00:72:57:cb:2c:34:79:d6:92:7c:2e:b3:f9:03:
                    c0:2d:28:bf:75:3f:0f:a1:49:ef:41:33:53:4d:d0:
                    81:90:57:62:ff:e7:7b:ad:f9:8d:af:d5:62:a4:a2:
                    73:4b:f8:84:97:95:b1:91:48:2a:6a:54:49:61:86:
                    77:d2:40:b8:1a:f0:c0:74:26:7f:21:99:d6:6d:27:
                    85:63:ae:9e:12:00:73:c3:a0:84:ec:5e:6f:9e:ae:
                    35:4e:f7:98:2a:71:6b:bd:27:0f:57:3e:10:82:d4:
                    a6:89:03:c4:7f:64:7a:bf:81:96:df:23:bc:2b:ef:
                    27:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:36:DA:6E:AD:93:FE:97:D9:24:14:25:BD:0B:2D:0D:19:2B:9B:A5
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/1Dbabq2T_pfZJBQlvQstDRkrm6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:59::/48

    Signature Algorithm: sha256WithRSAEncryption
         b8:a1:fe:f4:8a:cd:e2:8e:42:80:de:4a:5e:e4:50:14:4a:93:
         ae:88:4d:97:ad:26:c0:a9:74:7a:ee:68:2c:59:c4:1f:71:b8:
         e9:59:1d:87:d7:03:e5:a1:f3:7d:93:df:cc:a6:17:f8:df:e0:
         02:0a:e9:5b:0c:2d:ba:ed:60:09:ab:6f:65:f3:d3:b5:40:98:
         c8:43:26:cb:72:4d:9d:1a:1f:a8:96:63:91:87:af:10:c3:f0:
         12:1d:24:54:28:0e:8f:aa:65:b1:7c:91:63:c5:93:b5:99:8b:
         38:e6:78:13:8b:c6:4e:a5:cd:73:83:31:dd:5f:08:3d:fc:d0:
         19:c3:7b:d0:a6:92:fe:c9:8b:c2:ea:8c:e0:0d:68:29:2a:1d:
         d6:85:9f:54:c9:7e:33:45:69:d2:d7:03:73:71:f4:f1:dd:e0:
         df:29:b5:d6:b0:0c:00:64:d0:3f:51:02:22:76:ad:48:6b:9e:
         da:4e:41:24:b1:89:fb:5f:1c:21:b0:cb:83:f3:3e:5a:fb:4e:
         e4:17:58:7a:86:49:75:4f:45:43:8a:83:a8:f1:1f:e9:57:40:
         5f:e0:4b:4d:f2:04:6f:fa:67:82:6a:e4:d0:cf:41:9a:ba:68:
         46:bc:97:3d:54:92:f1:df:00:27:21:21:3b:72:49:ab:9d:39:
         38:12:5d:02
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZxuE25pkxsWFXFyjYFpdeRfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMjE4MDAwODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDM2ZGE2ZWFkOTNmZTk3ZDkyNDE0MjViZDBiMmQwZDE5MmI5YmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApStgZ/VR4O9FEU4JruKtc8MeT51O
Wic3HyqBLhIiPwiOJZNPsLg7XzVHJNeNChZt/VgzyGpVJ3dxcf6aWealtweJ8hZb
wo2JHQzc2a2qVbzeWREot5enlTtW/CIN5gxJtlkppnLIVnTrzihYdHLvKnOw+7G6
1I/d/63e0KNdns+l7gOoNVFAAHJXyyw0edaSfC6z+QPALSi/dT8PoUnvQTNTTdCB
kFdi/+d7rfmNr9VipKJzS/iEl5WxkUgqalRJYYZ30kC4GvDAdCZ/IZnWbSeFY66e
EgBzw6CE7F5vnq41TveYKnFrvScPVz4QgtSmiQPEf2R6v4GW3yO8K+8nxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNQ22m6tk/6X2SQUJb0LLQ0ZK5ulMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvMURiYWJxMlRfcGZaSkJRbHZRc3REUmtybTZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQBZ
MA0GCSqGSIb3DQEBCwUAA4IBAQC4of70is3ijkKA3kpe5FAUSpOuiE2XrSbAqXR6
7mgsWcQfcbjpWR2H1wPlofN9k9/Mphf43+ACCulbDC267WAJq29l89O1QJjIQybL
ck2dGh+olmORh68Qw/ASHSRUKA6PqmWxfJFjxZO1mYs45ngTi8ZOpc1zgzHdXwg9
/NAZw3vQppL+yYvC6ozgDWgpKh3WhZ9UyX4zRWnS1wNzcfTx3eDfKbXWsAwAZNA/
UQIidq1Ia57aTkEksYn7XxwhsMuD8z5a+07kF1h6hkl1T0VDioOo8R/pV0Bf4EtN
8gRv+meCauTQz0GaumhGvJc9VJLx3wAnISE7ckmrnTk4El0C
-----END CERTIFICATE-----