Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/55cca6-27d0-451c-bf75-62be34bac632/1/IAsVodo77dbg-h6rQj-fdEgsD9c.roa
File:                     IAsVodo77dbg-h6rQj-fdEgsD9c.roa (raw, json)
Hash identifier:          a6RE8kj0IdT5Q3ggVRunq2rBj3jd9EStyQVhRJPPz6Q=
Subject key identifier:   20:0B:15:A1:DA:3B:ED:D6:E0:FA:1E:AB:42:3F:9F:74:48:2C:0F:D7
Certificate issuer:       /CN=33a34724945da76930fe791f60896c96dffcec84
Certificate serial:       019C519740B8E3F2EAF216EEA5DB5533FB45
Authority key identifier: 33:A3:47:24:94:5D:A7:69:30:FE:79:1F:60:89:6C:96:DF:FC:EC:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M6NHJJRdp2kw_nkfYIlslt_87IQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/55cca6-27d0-451c-bf75-62be34bac632/1/IAsVodo77dbg-h6rQj-fdEgsD9c.roa
Signing time:             Thu 12 Feb 2026 11:23:12 +0000
ROA not before:           Thu 12 Feb 2026 11:23:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        2a14:f286::/32 maxlen: 32
                          2a14:f287::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/55cca6-27d0-451c-bf75-62be34bac632/1/M6NHJJRdp2kw_nkfYIlslt_87IQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/55cca6-27d0-451c-bf75-62be34bac632/1/M6NHJJRdp2kw_nkfYIlslt_87IQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M6NHJJRdp2kw_nkfYIlslt_87IQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Feb 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:51:97:40:b8:e3:f2:ea:f2:16:ee:a5:db:55:33:fb:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33a34724945da76930fe791f60896c96dffcec84
        Validity
            Not Before: Feb 12 11:23:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=200b15a1da3bedd6e0fa1eab423f9f74482c0fd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:37:aa:fd:4e:09:5d:1b:b2:9e:13:d1:4a:4a:
                    8c:1d:dc:46:f8:a1:f2:e6:ad:6d:ba:28:17:c6:5d:
                    d4:a1:c9:a0:6e:0a:bf:4d:37:d4:59:5b:02:d8:7b:
                    56:c1:76:a8:a2:d4:b4:1c:a4:be:39:3c:1f:21:8b:
                    50:77:83:db:08:4c:fe:7d:10:5f:96:24:ad:cc:51:
                    9f:b4:65:89:6f:07:48:d3:ef:35:92:66:9d:34:b4:
                    62:a8:5c:1c:b2:a1:f8:e0:67:52:fa:d3:05:7d:58:
                    48:0e:f9:cb:02:7f:9b:ac:cc:ac:5e:60:98:82:70:
                    bd:7c:67:92:3b:7a:2e:5d:16:b7:36:d1:8e:c5:06:
                    fe:15:9d:3d:79:ea:50:42:df:5b:52:9e:6f:8c:00:
                    a4:f0:8b:4d:a8:56:32:46:f7:f1:ef:3c:fa:46:64:
                    ab:ca:7f:a6:f9:4c:32:b3:5d:01:79:44:15:9b:58:
                    f1:87:ec:a6:0e:38:f5:f6:d5:47:4a:c8:ac:b6:3b:
                    7f:a1:6a:7e:49:6f:a7:5d:b5:87:4d:cb:16:31:f2:
                    b8:e6:55:c1:96:65:f4:01:28:9a:33:58:ff:16:8a:
                    1e:02:be:a8:e8:43:d6:5e:f2:f4:fb:1c:6b:9a:40:
                    f4:ce:03:bc:f2:7c:0a:d4:ae:29:d6:12:fc:17:da:
                    8c:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:0B:15:A1:DA:3B:ED:D6:E0:FA:1E:AB:42:3F:9F:74:48:2C:0F:D7
            X509v3 Authority Key Identifier:
                keyid:33:A3:47:24:94:5D:A7:69:30:FE:79:1F:60:89:6C:96:DF:FC:EC:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M6NHJJRdp2kw_nkfYIlslt_87IQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/55cca6-27d0-451c-bf75-62be34bac632/1/IAsVodo77dbg-h6rQj-fdEgsD9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/55cca6-27d0-451c-bf75-62be34bac632/1/M6NHJJRdp2kw_nkfYIlslt_87IQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:f286::/31

    Signature Algorithm: sha256WithRSAEncryption
         7f:98:b4:24:6c:0e:32:1d:fd:c5:fe:ca:5f:7c:5f:35:6a:7d:
         37:6d:90:48:53:d3:9b:f9:ae:54:11:ef:57:44:55:82:44:e0:
         09:6f:99:7d:45:d3:ee:7e:93:2a:d7:9a:4f:bf:17:c6:36:52:
         2f:44:2b:0a:8a:c8:4b:27:0a:2b:2c:db:ba:96:90:1c:1e:4a:
         11:90:39:16:4c:b0:d1:70:ba:5b:a6:02:04:95:2c:03:dc:8f:
         82:62:7c:d4:b8:d6:c0:c3:4f:32:bc:21:92:28:63:54:b4:3f:
         fd:0b:e3:28:72:e8:00:3a:5e:00:e5:05:d6:d7:4b:03:03:b5:
         c5:71:5c:8f:0d:6b:b1:d0:e6:46:c0:95:34:a7:1e:75:8c:cc:
         24:14:05:42:69:33:e0:a3:48:0b:2f:ad:ac:51:c6:b1:7c:c0:
         9e:9d:ad:62:11:23:66:de:0b:37:27:6d:86:4c:86:f7:39:56:
         32:7d:74:90:07:4f:a1:ec:c5:ae:30:ad:87:76:f1:43:17:73:
         51:da:1a:08:aa:9a:47:a7:e8:6c:8b:37:2f:b3:ba:8c:cc:7c:
         b4:cc:19:77:63:4b:45:91:fd:d2:73:3d:be:71:f4:2c:4f:f8:
         f8:3a:66:d6:45:de:89:4f:3f:07:0a:e3:33:40:b9:6f:ef:06:
         e9:74:f3:2d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZxRl0C44/Lq8hbupdtVM/tFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzYTM0NzI0OTQ1ZGE3NjkzMGZlNzkxZjYwODk2Yzk2ZGZm
Y2VjODQwHhcNMjYwMjEyMTEyMzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDBiMTVhMWRhM2JlZGQ2ZTBmYTFlYWI0MjNmOWY3NDQ4MmMwZmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAizeq/U4JXRuynhPRSkqMHdxG+KHy
5q1tuigXxl3Uocmgbgq/TTfUWVsC2HtWwXaootS0HKS+OTwfIYtQd4PbCEz+fRBf
liStzFGftGWJbwdI0+81kmadNLRiqFwcsqH44GdS+tMFfVhIDvnLAn+brMysXmCY
gnC9fGeSO3ouXRa3NtGOxQb+FZ09eepQQt9bUp5vjACk8ItNqFYyRvfx7zz6RmSr
yn+m+Uwys10BeUQVm1jxh+ymDjj19tVHSsistjt/oWp+SW+nXbWHTcsWMfK45lXB
lmX0ASiaM1j/FooeAr6o6EPWXvL0+xxrmkD0zgO88nwK1K4p1hL8F9qMrQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCALFaHaO+3W4Poeq0I/n3RILA/XMB8GA1UdIwQY
MBaAFDOjRySUXadpMP55H2CJbJbf/OyEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTZOSEpKUmRwMmt3X25rZllJbHNsdF84N0lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC81NWNjYTYtMjdkMC00NTFjLWJmNzUt
NjJiZTM0YmFjNjMyLzEvSUFzVm9kbzc3ZGJnLWg2clFqLWZkRWdzRDljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC81NWNjYTYtMjdkMC00NTFjLWJmNzUtNjJiZTM0YmFjNjMy
LzEvTTZOSEpKUmRwMmt3X25rZllJbHNsdF84N0lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKhTyhjAN
BgkqhkiG9w0BAQsFAAOCAQEAf5i0JGwOMh39xf7KX3xfNWp9N22QSFPTm/muVBHv
V0RVgkTgCW+ZfUXT7n6TKteaT78XxjZSL0QrCorISycKKyzbupaQHB5KEZA5Fkyw
0XC6W6YCBJUsA9yPgmJ81LjWwMNPMrwhkihjVLQ//QvjKHLoADpeAOUF1tdLAwO1
xXFcjw1rsdDmRsCVNKcedYzMJBQFQmkz4KNICy+trFHGsXzAnp2tYhEjZt4LNydt
hkyG9zlWMn10kAdPoezFrjCth3bxQxdzUdoaCKqaR6fobIs3L7O6jMx8tMwZd2NL
RZH90nM9vnH0LE/4+Dpm1kXeiU8/BwrjM0C5b+8G6XTzLQ==
-----END CERTIFICATE-----