Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/SUFovk6qJ3aHBwQ1spRRB5HT97Q.roa
File:                     SUFovk6qJ3aHBwQ1spRRB5HT97Q.roa (raw, json)
Hash identifier:          OZ93pp09r2YFfCLiA/kPhUxrZqcuc7aGG1ruFt9SumM=
Subject key identifier:   49:41:68:BE:4E:AA:27:76:87:07:04:35:B2:94:51:07:91:D3:F7:B4
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019C691AD9ACDCF5ED9B79A281DC8E20A6EB
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/SUFovk6qJ3aHBwQ1spRRB5HT97Q.roa
Signing time:             Tue 17 Feb 2026 00:58:13 +0000
ROA not before:           Tue 17 Feb 2026 00:58:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201159
IP address blocks:        2a06:9801:15::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:69:1a:d9:ac:dc:f5:ed:9b:79:a2:81:dc:8e:20:a6:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Feb 17 00:58:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=494168be4eaa277687070435b294510791d3f7b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:61:14:a3:f2:05:6d:98:df:b6:4f:8e:11:da:
                    df:cb:a9:3b:f9:71:61:67:91:1b:fd:87:b9:bf:7c:
                    a8:17:db:51:4c:e8:db:94:6c:3d:65:54:ad:18:00:
                    2c:73:1f:d6:0c:24:47:9a:86:d8:e2:da:5c:98:a5:
                    9e:fc:c0:4f:bd:c7:40:a8:9d:61:a0:d7:29:f2:14:
                    09:cd:b4:f8:03:e7:ba:39:ab:f1:f1:b1:79:82:ce:
                    b1:b6:a3:0a:af:26:39:46:73:90:54:db:65:a4:12:
                    24:27:bd:39:94:3f:3d:8f:c8:76:ef:df:7e:8a:45:
                    82:d9:49:6f:4f:80:09:2d:19:fa:69:be:46:9e:45:
                    40:7b:78:4c:f0:74:b5:3d:8d:da:26:d4:57:78:92:
                    83:99:e5:f6:70:0a:28:73:3f:ba:7a:41:f8:f8:6f:
                    b1:b2:82:f3:3a:50:a7:78:40:0d:46:cd:ab:72:fc:
                    d6:f8:fa:27:ec:23:60:b7:4f:ba:9a:bf:c8:3b:b7:
                    9d:1e:a2:82:fe:92:d1:cc:a6:fc:fb:52:f9:e5:69:
                    87:64:6b:23:1e:d8:e7:f1:77:8c:91:cd:25:88:2b:
                    b7:ea:0e:96:20:4a:31:f9:38:0f:7c:29:42:80:4f:
                    70:8d:d9:ad:7f:5d:d8:dc:27:bb:00:df:0d:ab:fb:
                    dd:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:41:68:BE:4E:AA:27:76:87:07:04:35:B2:94:51:07:91:D3:F7:B4
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/SUFovk6qJ3aHBwQ1spRRB5HT97Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:15::/48

    Signature Algorithm: sha256WithRSAEncryption
         ad:36:30:27:39:2f:ca:f5:99:87:1b:51:36:1c:77:d5:9d:09:
         6f:d3:41:f1:0a:28:0d:a1:cd:f5:53:bf:0f:d0:05:3b:2e:13:
         ec:39:4e:6a:7a:bd:9c:96:45:c1:64:c2:4f:19:48:be:3e:f2:
         42:10:1b:e8:b1:f0:95:88:c8:99:c0:74:ab:5b:d9:2c:99:41:
         63:d1:2c:a6:58:65:0b:d6:cc:70:6a:b2:20:ce:e5:88:b4:23:
         1c:a6:61:87:2e:21:30:be:79:87:bf:92:88:8c:7d:d0:e9:3e:
         af:53:7e:28:0c:65:35:7a:33:70:86:ce:ee:7b:20:e9:89:63:
         d4:ec:9a:3e:c1:81:d7:41:ff:ea:a7:5b:02:82:bf:44:ec:52:
         50:af:a9:7b:dd:59:9d:f2:47:4f:c9:26:fd:52:04:98:74:14:
         8d:e8:3e:64:f5:b0:7a:ce:07:db:f7:ab:72:5e:90:62:25:95:
         d1:40:37:08:cb:fc:e2:6d:05:5c:bd:f9:d9:55:5e:e7:e5:2f:
         ee:ee:fd:0a:b3:d0:9f:a4:44:fe:fa:6e:75:cb:e3:04:4c:0c:
         06:ba:9d:3a:91:25:c7:35:b9:8a:e5:7b:e4:95:c7:99:f3:a4:
         12:31:69:bd:49:3f:12:c4:4a:5f:06:0d:df:1d:11:8a:e2:73:
         e8:9b:2c:ab
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZxpGtms3PXtm3migdyOIKbrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMjE3MDA1ODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTQxNjhiZTRlYWEyNzc2ODcwNzA0MzViMjk0NTEwNzkxZDNmN2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGEUo/IFbZjftk+OEdrfy6k7+XFh
Z5Eb/Ye5v3yoF9tRTOjblGw9ZVStGAAscx/WDCRHmobY4tpcmKWe/MBPvcdAqJ1h
oNcp8hQJzbT4A+e6Oavx8bF5gs6xtqMKryY5RnOQVNtlpBIkJ705lD89j8h2799+
ikWC2UlvT4AJLRn6ab5GnkVAe3hM8HS1PY3aJtRXeJKDmeX2cAoocz+6ekH4+G+x
soLzOlCneEANRs2rcvzW+Pon7CNgt0+6mr/IO7edHqKC/pLRzKb8+1L55WmHZGsj
Htjn8XeMkc0liCu36g6WIEox+TgPfClCgE9wjdmtf13Y3Ce7AN8Nq/vdOQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFElBaL5Oqid2hwcENbKUUQeR0/e0MB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvU1VGb3ZrNnFKM2FIQndRMXNwUlJCNUhUOTdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQAV
MA0GCSqGSIb3DQEBCwUAA4IBAQCtNjAnOS/K9ZmHG1E2HHfVnQlv00HxCigNoc31
U78P0AU7LhPsOU5qer2clkXBZMJPGUi+PvJCEBvosfCViMiZwHSrW9ksmUFj0Sym
WGUL1sxwarIgzuWItCMcpmGHLiEwvnmHv5KIjH3Q6T6vU34oDGU1ejNwhs7ueyDp
iWPU7Jo+wYHXQf/qp1sCgr9E7FJQr6l73Vmd8kdPySb9UgSYdBSN6D5k9bB6zgfb
96tyXpBiJZXRQDcIy/zibQVcvfnZVV7n5S/u7v0Ks9CfpET++m51y+METAwGup06
kSXHNbmK5XvklceZ86QSMWm9ST8SxEpfBg3fHRGK4nPomyyr
-----END CERTIFICATE-----