Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/e282e7-4bf1-4cb8-ae6e-69baa11d578f/1/q5A4k1LuI-8fQrtHp3b5trdFPzQ.roa
File:                     q5A4k1LuI-8fQrtHp3b5trdFPzQ.roa (raw, json)
Hash identifier:          KFUng+vVrjLAjS4gi17nWldghXXi/irFXTH6lAnJMPU=
Subject key identifier:   AB:90:38:93:52:EE:23:EF:1F:42:BB:47:A7:76:F9:B6:B7:45:3F:34
Certificate issuer:       /CN=554c24d437a0d56b9bd0be488a60cfd5ccc8f9bf
Certificate serial:       019C51BBDF6B2818AF44501F7FF855FDBD59
Authority key identifier: 55:4C:24:D4:37:A0:D5:6B:9B:D0:BE:48:8A:60:CF:D5:CC:C8:F9:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VUwk1Deg1Wub0L5IimDP1czI-b8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/e282e7-4bf1-4cb8-ae6e-69baa11d578f/1/q5A4k1LuI-8fQrtHp3b5trdFPzQ.roa
Signing time:             Thu 12 Feb 2026 12:03:12 +0000
ROA not before:           Thu 12 Feb 2026 12:03:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     55201
IP address blocks:        2a14:e00::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/e282e7-4bf1-4cb8-ae6e-69baa11d578f/1/VUwk1Deg1Wub0L5IimDP1czI-b8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/e282e7-4bf1-4cb8-ae6e-69baa11d578f/1/VUwk1Deg1Wub0L5IimDP1czI-b8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VUwk1Deg1Wub0L5IimDP1czI-b8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 15:05:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:51:bb:df:6b:28:18:af:44:50:1f:7f:f8:55:fd:bd:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=554c24d437a0d56b9bd0be488a60cfd5ccc8f9bf
        Validity
            Not Before: Feb 12 12:03:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab90389352ee23ef1f42bb47a776f9b6b7453f34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ec:9a:f3:0b:88:af:55:3c:2d:b0:16:25:76:
                    9a:79:eb:b6:ce:38:9b:5c:cb:20:0f:27:cd:9e:3c:
                    65:58:5d:17:b9:b7:ce:82:56:81:4d:10:ac:9e:62:
                    83:71:00:3f:05:89:96:20:a6:7c:f9:2a:21:95:23:
                    13:bd:94:d2:18:a9:75:7a:dc:4b:9f:0f:ea:f4:3f:
                    d9:98:45:e1:a5:95:72:6f:8f:9f:c6:cd:d8:bc:f9:
                    da:24:ed:e8:28:b5:19:19:2a:11:93:59:9b:f1:cd:
                    80:9b:6f:e0:c5:a5:f4:33:14:1b:1b:34:92:bf:b1:
                    bf:1a:4d:bb:1c:cd:03:00:ac:27:04:a5:83:54:84:
                    40:86:ad:40:3d:19:31:62:3d:ec:68:4d:65:65:f6:
                    e8:0d:95:fd:ac:c7:c3:80:6f:86:e7:df:00:3a:28:
                    f8:df:da:4e:19:ff:98:2c:07:92:c0:46:15:ac:02:
                    ef:c1:da:24:10:66:18:ae:bb:d8:da:5f:5f:6f:a3:
                    e0:a7:44:de:fe:55:b5:89:c9:e5:9c:1b:47:8e:34:
                    ca:d7:72:61:aa:2a:96:4c:8f:af:e1:39:3d:9a:d7:
                    7a:de:3b:bf:e5:cb:6b:08:79:d7:e8:10:ce:30:6d:
                    f7:ba:64:77:c5:2a:e7:c4:45:f9:73:64:cd:77:b7:
                    b9:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:90:38:93:52:EE:23:EF:1F:42:BB:47:A7:76:F9:B6:B7:45:3F:34
            X509v3 Authority Key Identifier:
                keyid:55:4C:24:D4:37:A0:D5:6B:9B:D0:BE:48:8A:60:CF:D5:CC:C8:F9:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VUwk1Deg1Wub0L5IimDP1czI-b8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/e282e7-4bf1-4cb8-ae6e-69baa11d578f/1/q5A4k1LuI-8fQrtHp3b5trdFPzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/e282e7-4bf1-4cb8-ae6e-69baa11d578f/1/VUwk1Deg1Wub0L5IimDP1czI-b8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         77:5c:8b:7a:05:1c:56:1b:0a:93:29:7e:aa:bd:50:14:1b:30:
         03:6c:f0:d8:72:6d:85:b8:3f:73:96:82:ad:73:cd:4b:43:48:
         23:31:48:58:57:10:c9:42:28:70:a8:ab:65:72:38:52:0a:5d:
         7e:ea:69:08:df:bc:9c:6a:35:1b:3c:5b:59:a4:d2:2e:aa:cb:
         dd:8a:af:64:11:45:cb:43:89:5c:ec:e0:d6:e4:0a:df:00:11:
         23:3e:b7:0c:b8:45:16:42:34:a0:72:75:5b:a5:b6:25:c5:02:
         ce:19:58:01:38:bb:74:9f:7f:9d:e4:0b:5f:9e:49:d8:e3:7f:
         13:13:f3:a5:88:d3:fc:de:4b:58:c0:87:02:0f:6a:ba:12:12:
         00:5e:91:1d:e3:06:1a:03:a8:39:c0:78:45:c4:b7:35:fb:d7:
         70:5a:b9:ae:4b:08:c6:9b:55:28:d4:58:ac:50:dd:17:54:02:
         3d:01:fe:65:99:95:eb:4c:c1:e5:b0:91:ac:45:fe:f5:44:97:
         87:68:61:06:cf:19:f8:3b:a3:88:2a:5f:ca:2c:74:e2:d4:58:
         9a:cd:72:ec:27:4d:dc:35:a0:37:d0:23:80:99:b5:42:a4:56:
         ca:3e:bb:9f:3d:6f:53:b0:6b:a6:73:6b:cb:5a:ee:f4:ac:b2:
         ac:e2:b5:85
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZxRu99rKBivRFAff/hV/b1ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1NGMyNGQ0MzdhMGQ1NmI5YmQwYmU0ODhhNjBjZmQ1Y2Nj
OGY5YmYwHhcNMjYwMjEyMTIwMzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjkwMzg5MzUyZWUyM2VmMWY0MmJiNDdhNzc2ZjliNmI3NDUzZjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+ya8wuIr1U8LbAWJXaaeeu2zjib
XMsgDyfNnjxlWF0XubfOglaBTRCsnmKDcQA/BYmWIKZ8+SohlSMTvZTSGKl1etxL
nw/q9D/ZmEXhpZVyb4+fxs3YvPnaJO3oKLUZGSoRk1mb8c2Am2/gxaX0MxQbGzSS
v7G/Gk27HM0DAKwnBKWDVIRAhq1APRkxYj3saE1lZfboDZX9rMfDgG+G598AOij4
39pOGf+YLAeSwEYVrALvwdokEGYYrrvY2l9fb6Pgp0Te/lW1icnlnBtHjjTK13Jh
qiqWTI+v4Tk9mtd63ju/5ctrCHnX6BDOMG33umR3xSrnxEX5c2TNd7e5gQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKuQOJNS7iPvH0K7R6d2+ba3RT80MB8GA1UdIwQY
MBaAFFVMJNQ3oNVrm9C+SIpgz9XMyPm/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlV3azFEZWcxV3ViMEw1SWltRFAxY3pJLWI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9lMjgyZTctNGJmMS00Y2I4LWFlNmUt
NjliYWExMWQ1NzhmLzEvcTVBNGsxTHVJLThmUXJ0SHAzYjV0cmRGUHpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9lMjgyZTctNGJmMS00Y2I4LWFlNmUtNjliYWExMWQ1Nzhm
LzEvVlV3azFEZWcxV3ViMEw1SWltRFAxY3pJLWI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhQOADAN
BgkqhkiG9w0BAQsFAAOCAQEAd1yLegUcVhsKkyl+qr1QFBswA2zw2HJthbg/c5aC
rXPNS0NIIzFIWFcQyUIocKirZXI4UgpdfuppCN+8nGo1GzxbWaTSLqrL3YqvZBFF
y0OJXOzg1uQK3wARIz63DLhFFkI0oHJ1W6W2JcUCzhlYATi7dJ9/neQLX55J2ON/
ExPzpYjT/N5LWMCHAg9quhISAF6RHeMGGgOoOcB4RcS3NfvXcFq5rksIxptVKNRY
rFDdF1QCPQH+ZZmV60zB5bCRrEX+9USXh2hhBs8Z+DujiCpfyix04tRYms1y7CdN
3DWgN9AjgJm1QqRWyj67nz1vU7BrpnNry1ru9KyyrOK1hQ==
-----END CERTIFICATE-----