Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/e282e7-4bf1-4cb8-ae6e-69baa11d578f/1/DCZgz3VaJZPCqv-Xdr9kw9h7brE.roa
File:                     DCZgz3VaJZPCqv-Xdr9kw9h7brE.roa (raw, json)
Hash identifier:          DyiZMiJQd8x2jp86BuGzWff7b7OfU0LvcqAW62QVCmg=
Subject key identifier:   0C:26:60:CF:75:5A:25:93:C2:AA:FF:97:76:BF:64:C3:D8:7B:6E:B1
Certificate issuer:       /CN=554c24d437a0d56b9bd0be488a60cfd5ccc8f9bf
Certificate serial:       019C81C48A8448BC6E3B5B838E7765E1F0CF
Authority key identifier: 55:4C:24:D4:37:A0:D5:6B:9B:D0:BE:48:8A:60:CF:D5:CC:C8:F9:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VUwk1Deg1Wub0L5IimDP1czI-b8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/e282e7-4bf1-4cb8-ae6e-69baa11d578f/1/DCZgz3VaJZPCqv-Xdr9kw9h7brE.roa
Signing time:             Sat 21 Feb 2026 19:54:27 +0000
ROA not before:           Sat 21 Feb 2026 19:54:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202736
IP address blocks:        2a14:e00::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/e282e7-4bf1-4cb8-ae6e-69baa11d578f/1/VUwk1Deg1Wub0L5IimDP1czI-b8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/e282e7-4bf1-4cb8-ae6e-69baa11d578f/1/VUwk1Deg1Wub0L5IimDP1czI-b8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VUwk1Deg1Wub0L5IimDP1czI-b8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 07:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:81:c4:8a:84:48:bc:6e:3b:5b:83:8e:77:65:e1:f0:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=554c24d437a0d56b9bd0be488a60cfd5ccc8f9bf
        Validity
            Not Before: Feb 21 19:54:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0c2660cf755a2593c2aaff9776bf64c3d87b6eb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:ac:61:89:34:43:84:13:0a:f3:aa:23:76:79:
                    b0:ec:ee:98:de:87:f8:64:ee:4e:d8:11:b7:98:2b:
                    15:07:9e:48:f6:bb:32:b8:c4:c8:89:05:bb:5e:05:
                    d2:1d:89:bb:5e:96:e5:6c:99:50:7a:8f:d9:6d:70:
                    2c:7a:a6:f8:71:51:ba:d4:d1:18:99:5b:13:04:1f:
                    a3:bb:e7:b3:61:37:04:b9:8b:11:5a:88:f0:e2:36:
                    41:d1:54:06:d9:20:26:95:db:28:e0:3c:fa:15:36:
                    49:02:16:a7:55:74:3a:13:28:0d:b9:2f:30:42:7a:
                    6a:9f:ba:1a:9f:68:a9:3a:7f:17:0d:28:2f:59:b6:
                    ac:da:eb:d7:4e:01:0d:3b:9f:0a:1f:98:37:e7:80:
                    29:3e:c7:1d:dc:23:86:a5:65:0d:0b:f0:a6:c3:9f:
                    0a:d7:1e:65:04:c1:18:cb:04:9b:43:fa:e4:3a:34:
                    00:b5:36:8c:73:29:70:e2:f0:2f:82:e8:57:06:76:
                    39:4d:e2:a0:d2:94:30:15:c4:03:d4:62:19:7c:61:
                    14:93:0a:d7:9a:dd:a4:75:1b:04:83:c4:78:61:ac:
                    88:d0:b5:cd:90:1c:08:33:e9:5b:a8:b1:b5:ba:08:
                    06:4f:1b:c0:13:29:77:ee:31:1c:06:88:ce:96:e6:
                    42:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:26:60:CF:75:5A:25:93:C2:AA:FF:97:76:BF:64:C3:D8:7B:6E:B1
            X509v3 Authority Key Identifier:
                keyid:55:4C:24:D4:37:A0:D5:6B:9B:D0:BE:48:8A:60:CF:D5:CC:C8:F9:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VUwk1Deg1Wub0L5IimDP1czI-b8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/e282e7-4bf1-4cb8-ae6e-69baa11d578f/1/DCZgz3VaJZPCqv-Xdr9kw9h7brE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/e282e7-4bf1-4cb8-ae6e-69baa11d578f/1/VUwk1Deg1Wub0L5IimDP1czI-b8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         69:02:88:aa:0a:03:89:42:84:d5:16:cb:c8:b0:47:b8:87:29:
         90:12:ea:7a:c0:50:6a:a0:86:24:96:69:7a:70:e8:21:76:fd:
         bb:f9:cc:c8:ac:54:eb:56:58:a8:8d:69:1c:7d:c5:5e:1c:bd:
         25:ba:c1:bb:96:7d:47:ab:d9:2d:ed:00:15:53:24:a5:87:34:
         f8:4c:a0:ee:9a:dd:0f:12:1c:81:41:5d:ec:91:c6:d3:5d:54:
         0a:94:16:84:95:6a:d7:9b:85:2d:e1:7f:86:5f:bb:1a:e9:e2:
         ab:3e:be:d6:1e:33:08:b7:9f:20:1d:87:d5:c8:35:6e:03:44:
         96:ea:6a:55:1e:86:f8:3d:a1:bc:6d:2d:dd:d2:ba:85:31:42:
         08:b3:6a:0a:43:cf:e5:f0:62:d8:06:6f:4b:11:97:f0:97:5e:
         1d:13:81:23:09:2f:43:91:57:69:01:0b:60:8f:12:98:09:b7:
         df:1f:f6:19:4c:7d:c7:01:b4:67:4d:dd:6a:0a:20:ef:3d:48:
         14:41:01:63:6f:74:65:c4:a8:4e:80:cc:ce:2f:b1:90:49:74:
         c2:8f:3d:1c:b5:55:3f:2d:63:85:56:64:ef:7d:21:52:73:c6:
         ba:ae:79:f5:62:18:20:8a:0f:5e:97:0b:84:55:d9:83:cf:4f:
         de:2b:f3:ba
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZyBxIqESLxuO1uDjndl4fDPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1NGMyNGQ0MzdhMGQ1NmI5YmQwYmU0ODhhNjBjZmQ1Y2Nj
OGY5YmYwHhcNMjYwMjIxMTk1NDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzI2NjBjZjc1NWEyNTkzYzJhYWZmOTc3NmJmNjRjM2Q4N2I2ZWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy6xhiTRDhBMK86ojdnmw7O6Y3of4
ZO5O2BG3mCsVB55I9rsyuMTIiQW7XgXSHYm7XpblbJlQeo/ZbXAseqb4cVG61NEY
mVsTBB+ju+ezYTcEuYsRWojw4jZB0VQG2SAmldso4Dz6FTZJAhanVXQ6EygNuS8w
Qnpqn7oan2ipOn8XDSgvWbas2uvXTgENO58KH5g354ApPscd3COGpWUNC/Cmw58K
1x5lBMEYywSbQ/rkOjQAtTaMcylw4vAvguhXBnY5TeKg0pQwFcQD1GIZfGEUkwrX
mt2kdRsEg8R4YayI0LXNkBwIM+lbqLG1uggGTxvAEyl37jEcBojOluZC5wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAwmYM91WiWTwqr/l3a/ZMPYe26xMB8GA1UdIwQY
MBaAFFVMJNQ3oNVrm9C+SIpgz9XMyPm/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlV3azFEZWcxV3ViMEw1SWltRFAxY3pJLWI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9lMjgyZTctNGJmMS00Y2I4LWFlNmUt
NjliYWExMWQ1NzhmLzEvRENaZ3ozVmFKWlBDcXYtWGRyOWt3OWg3YnJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9lMjgyZTctNGJmMS00Y2I4LWFlNmUtNjliYWExMWQ1Nzhm
LzEvVlV3azFEZWcxV3ViMEw1SWltRFAxY3pJLWI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhQOADAN
BgkqhkiG9w0BAQsFAAOCAQEAaQKIqgoDiUKE1RbLyLBHuIcpkBLqesBQaqCGJJZp
enDoIXb9u/nMyKxU61ZYqI1pHH3FXhy9JbrBu5Z9R6vZLe0AFVMkpYc0+Eyg7prd
DxIcgUFd7JHG011UCpQWhJVq15uFLeF/hl+7Guniqz6+1h4zCLefIB2H1cg1bgNE
lupqVR6G+D2hvG0t3dK6hTFCCLNqCkPP5fBi2AZvSxGX8JdeHROBIwkvQ5FXaQEL
YI8SmAm33x/2GUx9xwG0Z03dagog7z1IFEEBY290ZcSoToDMzi+xkEl0wo89HLVV
Py1jhVZk730hUnPGuq559WIYIIoPXpcLhFXZg89P3ivzug==
-----END CERTIFICATE-----