Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/e282e7-4bf1-4cb8-ae6e-69baa11d578f/1/z-M8hA9YhJMehJj6l7J_V1Cf40s.roa
File:                     z-M8hA9YhJMehJj6l7J_V1Cf40s.roa (raw, json)
Hash identifier:          8tsU5K53aTtChU1kltfQFAvWJiRSonY1j+RJ+vsZrJY=
Subject key identifier:   CF:E3:3C:84:0F:58:84:93:1E:84:98:FA:97:B2:7F:57:50:9F:E3:4B
Certificate issuer:       /CN=554c24d437a0d56b9bd0be488a60cfd5ccc8f9bf
Certificate serial:       019C81C3A26E8638EDDBEAA52C45CB410D66
Authority key identifier: 55:4C:24:D4:37:A0:D5:6B:9B:D0:BE:48:8A:60:CF:D5:CC:C8:F9:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VUwk1Deg1Wub0L5IimDP1czI-b8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/e282e7-4bf1-4cb8-ae6e-69baa11d578f/1/z-M8hA9YhJMehJj6l7J_V1Cf40s.roa
Signing time:             Sat 21 Feb 2026 19:53:27 +0000
ROA not before:           Sat 21 Feb 2026 19:53:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216138
IP address blocks:        2a14:e00::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/e282e7-4bf1-4cb8-ae6e-69baa11d578f/1/VUwk1Deg1Wub0L5IimDP1czI-b8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/e282e7-4bf1-4cb8-ae6e-69baa11d578f/1/VUwk1Deg1Wub0L5IimDP1czI-b8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VUwk1Deg1Wub0L5IimDP1czI-b8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 15:05:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:81:c3:a2:6e:86:38:ed:db:ea:a5:2c:45:cb:41:0d:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=554c24d437a0d56b9bd0be488a60cfd5ccc8f9bf
        Validity
            Not Before: Feb 21 19:53:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cfe33c840f5884931e8498fa97b27f57509fe34b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e6:65:63:97:ea:2d:3d:3f:2d:29:bf:20:29:
                    37:99:c7:71:9b:b0:d3:ad:b0:fa:0e:31:49:39:ae:
                    4b:8c:9c:71:8c:ef:fc:c0:1c:46:94:2e:f0:7d:f1:
                    04:7f:e1:eb:a0:64:15:36:dd:15:1b:3f:2c:e1:34:
                    7c:23:d4:98:ef:5c:3f:5a:2e:1b:fd:59:cc:05:4d:
                    c8:c3:54:df:10:0d:e8:9f:62:62:fa:d7:a6:94:9d:
                    db:80:f9:da:18:bc:dd:d4:2b:f1:2f:56:64:b8:ee:
                    3f:0e:a8:a8:bd:08:23:3d:e6:7d:f5:88:1b:70:12:
                    19:de:21:1f:5f:6e:01:65:15:bd:20:6c:3d:68:a2:
                    8a:95:4b:e7:5c:a3:fd:ab:ed:2c:73:73:66:9a:ba:
                    ed:0a:01:bb:02:be:11:e0:63:f8:f4:f3:ba:af:cc:
                    3c:f0:20:fa:c9:a1:52:d6:8a:38:21:9b:63:0d:56:
                    90:23:a5:7f:2d:c5:d7:17:6e:e4:94:7a:5d:8c:7c:
                    c6:54:65:87:be:10:3e:d3:1e:fa:3c:f6:2e:a4:9c:
                    25:7b:e8:b9:da:2b:ba:16:2c:e4:53:0b:5f:02:34:
                    22:eb:c9:87:57:00:d5:e1:c0:3e:7d:f7:f1:0f:3c:
                    c8:79:51:df:12:f2:1b:4f:a6:15:64:84:10:f2:2c:
                    39:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:E3:3C:84:0F:58:84:93:1E:84:98:FA:97:B2:7F:57:50:9F:E3:4B
            X509v3 Authority Key Identifier:
                keyid:55:4C:24:D4:37:A0:D5:6B:9B:D0:BE:48:8A:60:CF:D5:CC:C8:F9:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VUwk1Deg1Wub0L5IimDP1czI-b8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/e282e7-4bf1-4cb8-ae6e-69baa11d578f/1/z-M8hA9YhJMehJj6l7J_V1Cf40s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/e282e7-4bf1-4cb8-ae6e-69baa11d578f/1/VUwk1Deg1Wub0L5IimDP1czI-b8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         46:d5:5f:c1:68:a5:4f:9e:52:e5:db:cd:35:f4:34:92:e9:d7:
         73:f7:1d:f8:47:54:96:8f:12:3c:a5:60:d3:bc:a3:80:57:48:
         84:cc:9c:b9:fa:63:1c:9c:96:08:0b:6d:ec:3c:f6:c3:d0:10:
         fa:56:40:1d:ad:cf:a0:07:8d:7d:f4:94:89:10:f4:c7:a7:53:
         3f:8a:aa:37:69:78:ce:cb:3e:19:6f:dd:62:02:3d:9b:c7:5d:
         a8:0e:38:58:e9:6b:a5:d3:43:c0:99:11:c4:b3:a4:74:69:37:
         38:25:c8:09:4c:df:2e:b4:9a:23:86:9b:0b:39:95:df:42:54:
         8a:b9:08:ec:b2:c6:fd:a3:e4:93:b1:96:5c:b5:22:c4:a2:8f:
         47:17:6e:aa:cb:fb:67:53:9c:43:cb:99:e3:88:97:2c:3c:6c:
         64:1a:96:cc:e4:d8:2d:fc:e5:5a:56:92:90:38:27:7d:5c:98:
         65:be:5d:e7:37:67:c5:3f:6d:64:ec:ff:9e:83:df:0c:cd:8f:
         76:eb:5e:cc:56:78:91:f2:3c:c0:14:01:ba:51:35:98:43:60:
         32:c0:34:16:24:5c:db:26:61:0f:3c:45:49:9b:c1:96:69:6e:
         f6:01:2c:35:0a:82:f9:ed:1d:ae:bd:90:c6:a0:3f:d6:e4:47:
         03:1d:0d:10
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZyBw6Juhjjt2+qlLEXLQQ1mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1NGMyNGQ0MzdhMGQ1NmI5YmQwYmU0ODhhNjBjZmQ1Y2Nj
OGY5YmYwHhcNMjYwMjIxMTk1MzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmUzM2M4NDBmNTg4NDkzMWU4NDk4ZmE5N2IyN2Y1NzUwOWZlMzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuZlY5fqLT0/LSm/ICk3mcdxm7DT
rbD6DjFJOa5LjJxxjO/8wBxGlC7wffEEf+HroGQVNt0VGz8s4TR8I9SY71w/Wi4b
/VnMBU3Iw1TfEA3on2Ji+temlJ3bgPnaGLzd1CvxL1ZkuO4/DqiovQgjPeZ99Ygb
cBIZ3iEfX24BZRW9IGw9aKKKlUvnXKP9q+0sc3NmmrrtCgG7Ar4R4GP49PO6r8w8
8CD6yaFS1oo4IZtjDVaQI6V/LcXXF27klHpdjHzGVGWHvhA+0x76PPYupJwle+i5
2iu6FizkUwtfAjQi68mHVwDV4cA+fffxDzzIeVHfEvIbT6YVZIQQ8iw5NwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFM/jPIQPWISTHoSY+peyf1dQn+NLMB8GA1UdIwQY
MBaAFFVMJNQ3oNVrm9C+SIpgz9XMyPm/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlV3azFEZWcxV3ViMEw1SWltRFAxY3pJLWI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9lMjgyZTctNGJmMS00Y2I4LWFlNmUt
NjliYWExMWQ1NzhmLzEvei1NOGhBOVloSk1laEpqNmw3Sl9WMUNmNDBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9lMjgyZTctNGJmMS00Y2I4LWFlNmUtNjliYWExMWQ1Nzhm
LzEvVlV3azFEZWcxV3ViMEw1SWltRFAxY3pJLWI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhQOADAN
BgkqhkiG9w0BAQsFAAOCAQEARtVfwWilT55S5dvNNfQ0kunXc/cd+EdUlo8SPKVg
07yjgFdIhMycufpjHJyWCAtt7Dz2w9AQ+lZAHa3PoAeNffSUiRD0x6dTP4qqN2l4
zss+GW/dYgI9m8ddqA44WOlrpdNDwJkRxLOkdGk3OCXICUzfLrSaI4abCzmV30JU
irkI7LLG/aPkk7GWXLUixKKPRxduqsv7Z1OcQ8uZ44iXLDxsZBqWzOTYLfzlWlaS
kDgnfVyYZb5d5zdnxT9tZOz/noPfDM2PdutezFZ4kfI8wBQBulE1mENgMsA0FiRc
2yZhDzxFSZvBlmlu9gEsNQqC+e0drr2QxqA/1uRHAx0NEA==
-----END CERTIFICATE-----