Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/9LWJR2We5UNR7Cghi_bhxu2hbrY.roa
File:                     9LWJR2We5UNR7Cghi_bhxu2hbrY.roa (raw, json)
Hash identifier:          jvw7c9J3PzjDWbINNPneqLQ5M3uAcSm7AvEU2gk66OQ=
Subject key identifier:   F4:B5:89:47:65:9E:E5:43:51:EC:28:21:8B:F6:E1:C6:ED:A1:6E:B6
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       019C34F3B66179D3496D946C6303E286B151
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/9LWJR2We5UNR7Cghi_bhxu2hbrY.roa
Signing time:             Fri 06 Feb 2026 21:55:12 +0000
ROA not before:           Fri 06 Feb 2026 21:55:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31898
IP address blocks:        2a05:1082:f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Feb 2026 20:53:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:34:f3:b6:61:79:d3:49:6d:94:6c:63:03:e2:86:b1:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Feb  6 21:55:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f4b58947659ee54351ec28218bf6e1c6eda16eb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:d6:41:3d:df:00:73:a0:5e:86:75:50:a0:bd:
                    84:07:bc:af:44:d0:40:70:f0:7c:b4:f7:3e:4b:c7:
                    33:34:38:62:e5:61:36:2c:c3:6a:56:fd:d5:81:19:
                    74:0f:3e:d9:18:9c:36:c5:38:74:80:9c:8d:6e:7b:
                    df:65:00:5b:52:1e:91:48:40:23:f6:3c:14:7a:44:
                    6a:c7:59:86:75:8f:fa:08:af:cf:75:2c:04:df:07:
                    c1:0a:7b:08:3c:c7:30:02:2e:c0:fc:8f:17:1b:cd:
                    7f:0b:19:70:a0:e6:1e:ba:93:6d:19:91:e5:da:b5:
                    92:2a:b7:da:fa:31:82:42:23:cb:b2:63:22:79:61:
                    60:cf:4b:e0:03:bf:a8:96:57:1e:58:38:17:0c:6c:
                    d3:2e:5e:13:9e:2e:07:50:a8:42:a5:7c:69:20:b6:
                    f8:20:42:c1:cc:92:6b:11:1e:a7:64:a2:ad:7c:bd:
                    71:d9:77:4b:92:62:44:a4:63:f0:a9:18:67:4f:36:
                    d9:aa:33:60:c7:48:d3:33:37:93:2e:f2:a3:58:43:
                    55:41:70:56:6c:5c:23:67:79:ba:0c:89:98:16:ff:
                    41:81:89:2a:a0:b3:c4:ba:1e:94:ce:9c:f0:3e:42:
                    41:4b:e3:97:9d:12:d9:78:85:db:aa:35:d6:d2:1e:
                    92:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:B5:89:47:65:9E:E5:43:51:EC:28:21:8B:F6:E1:C6:ED:A1:6E:B6
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/9LWJR2We5UNR7Cghi_bhxu2hbrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:1082:f::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:5d:d5:07:3d:29:78:b9:48:95:cf:1c:16:c7:90:12:3b:07:
         f0:32:45:12:5f:1b:64:eb:e1:f5:2a:8b:0e:56:35:b9:5f:ea:
         5e:a1:b1:01:2e:e0:8e:35:55:f1:35:fc:cb:bf:5e:6c:0a:f5:
         6d:c3:13:fc:fa:ee:80:e5:ff:49:4b:1c:9b:6b:38:ef:f2:82:
         76:2c:19:50:bc:30:f2:d0:54:77:01:5d:d2:34:3f:54:63:59:
         fa:2f:95:f3:6b:ee:8f:2b:35:14:7b:49:18:c6:cc:b8:3a:8d:
         58:26:2a:5e:b9:ab:bc:af:0a:64:d0:de:cc:d7:d8:99:59:e0:
         e5:78:d5:99:f6:a4:3d:c6:68:32:46:48:84:85:d4:81:60:ee:
         50:c0:89:7c:f5:d3:b0:13:76:24:6c:86:02:6e:e2:e3:0b:d6:
         b1:e7:aa:67:e4:d0:d7:2f:06:08:e4:c7:dc:46:dc:d5:7a:05:
         1f:29:26:3c:81:74:6f:d2:5f:7b:0c:d7:59:48:11:a1:37:d9:
         32:ef:7c:ea:11:c6:92:6d:a7:42:27:6c:2b:b5:6f:ba:69:c4:
         50:21:d9:e2:70:16:3d:3f:44:18:2d:a8:c7:22:2b:db:de:f1:
         39:38:a9:77:b9:c2:51:09:77:fe:35:42:bf:78:ef:eb:0c:9e:
         fd:51:f0:ad
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZw087ZhedNJbZRsYwPihrFRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjYwMjA2MjE1NTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGI1ODk0NzY1OWVlNTQzNTFlYzI4MjE4YmY2ZTFjNmVkYTE2ZWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NZBPd8Ac6BehnVQoL2EB7yvRNBA
cPB8tPc+S8czNDhi5WE2LMNqVv3VgRl0Dz7ZGJw2xTh0gJyNbnvfZQBbUh6RSEAj
9jwUekRqx1mGdY/6CK/PdSwE3wfBCnsIPMcwAi7A/I8XG81/CxlwoOYeupNtGZHl
2rWSKrfa+jGCQiPLsmMieWFgz0vgA7+ollceWDgXDGzTLl4Tni4HUKhCpXxpILb4
IELBzJJrER6nZKKtfL1x2XdLkmJEpGPwqRhnTzbZqjNgx0jTMzeTLvKjWENVQXBW
bFwjZ3m6DImYFv9BgYkqoLPEuh6UzpzwPkJBS+OXnRLZeIXbqjXW0h6SBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPS1iUdlnuVDUewoIYv24cbtoW62MB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvOUxXSlIyV2U1VU5SN0NnaGlfYmh4dTJoYnJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgUQggAP
MA0GCSqGSIb3DQEBCwUAA4IBAQBKXdUHPSl4uUiVzxwWx5ASOwfwMkUSXxtk6+H1
KosOVjW5X+peobEBLuCONVXxNfzLv15sCvVtwxP8+u6A5f9JSxybazjv8oJ2LBlQ
vDDy0FR3AV3SND9UY1n6L5Xza+6PKzUUe0kYxsy4Oo1YJipeuau8rwpk0N7M19iZ
WeDleNWZ9qQ9xmgyRkiEhdSBYO5QwIl89dOwE3YkbIYCbuLjC9ax56pn5NDXLwYI
5MfcRtzVegUfKSY8gXRv0l97DNdZSBGhN9ky73zqEcaSbadCJ2wrtW+6acRQIdni
cBY9P0QYLajHIivb3vE5OKl3ucJRCXf+NUK/eO/rDJ79UfCt
-----END CERTIFICATE-----