Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/8tarpahfou-ZfMieSTr1Nv19O7E.roa
File:                     8tarpahfou-ZfMieSTr1Nv19O7E.roa (raw, json)
Hash identifier:          9nxA3XqZhHAkKO2Q8U2w5Q1Up9MIL44O1002o5w88ew=
Subject key identifier:   F2:D6:AB:A5:A8:5F:A2:EF:99:7C:C8:9E:49:3A:F5:36:FD:7D:3B:B1
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       019CAAFDD3A10B802D7C21DE519706C46CEE
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/8tarpahfou-ZfMieSTr1Nv19O7E.roa
Signing time:             Sun 01 Mar 2026 20:01:27 +0000
ROA not before:           Sun 01 Mar 2026 20:01:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26042
IP address blocks:        2a12:bec4:1980::/44 maxlen: 44
                          2a12:bec4:1ec0::/44 maxlen: 44
                          2a12:bec4:1f20::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Mar 2026 01:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:aa:fd:d3:a1:0b:80:2d:7c:21:de:51:97:06:c4:6c:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Mar  1 20:01:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f2d6aba5a85fa2ef997cc89e493af536fd7d3bb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:ad:0e:b9:8a:67:59:a7:89:07:22:a3:cc:33:
                    f9:ef:69:7e:a8:48:fc:02:eb:62:4c:d5:3b:42:9b:
                    99:68:31:46:40:57:ca:b0:c6:7c:08:7d:21:2b:9f:
                    75:8e:8f:c5:68:43:1f:3f:c3:7c:92:ef:f3:bb:58:
                    51:a3:2a:13:62:84:d9:df:9c:f2:2b:d9:4e:34:17:
                    80:ec:80:76:1d:56:5a:c6:bb:25:a1:cc:f1:31:90:
                    7b:83:85:d5:3a:97:d9:49:40:85:08:78:5c:29:43:
                    8b:f5:93:96:27:04:01:3c:cf:3c:16:ee:59:54:9f:
                    26:1e:8d:01:6a:5c:cc:0a:f2:6d:2e:66:50:49:a1:
                    a1:5d:13:28:9c:97:fd:51:f6:ab:66:1e:9f:b4:38:
                    b1:bc:9c:2f:af:b6:b0:a2:11:8b:4d:2f:82:31:82:
                    3c:11:28:75:67:17:11:50:84:16:81:f9:a2:64:9f:
                    b6:9f:74:c2:54:ba:4e:f8:60:60:e4:19:56:ae:94:
                    43:c7:14:ee:50:77:17:8e:9a:f9:59:a6:f3:1f:18:
                    5c:6d:96:1d:d5:9e:4e:f3:25:01:5f:17:1a:20:9f:
                    25:23:69:cd:3a:9a:e1:85:d2:53:1b:c5:b2:28:c0:
                    75:8c:1b:5c:f4:9a:54:a9:2d:91:62:e4:31:64:93:
                    fa:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:D6:AB:A5:A8:5F:A2:EF:99:7C:C8:9E:49:3A:F5:36:FD:7D:3B:B1
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/8tarpahfou-ZfMieSTr1Nv19O7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1980::/44
                  2a12:bec4:1ec0::/44
                  2a12:bec4:1f20::/44

    Signature Algorithm: sha256WithRSAEncryption
         22:af:95:06:d7:88:2c:27:85:3c:d1:0e:2e:e8:39:c3:99:db:
         f3:e7:3a:47:2b:74:cb:95:44:d7:c0:fc:55:ae:b1:80:93:3a:
         27:88:81:4b:a1:21:8a:40:ad:4e:d1:ca:94:d5:7b:8e:06:c5:
         4d:a2:a7:ab:8d:6a:4d:9e:dc:aa:f7:f1:8c:e3:05:db:87:d7:
         db:3a:61:a7:f3:87:80:e2:51:8c:7a:b6:c7:f9:6a:68:02:f1:
         31:df:72:93:40:de:76:58:0e:ee:f9:2e:37:8a:6d:3a:09:2d:
         83:09:84:f9:50:70:a6:c0:f2:2e:f2:fc:56:47:38:57:41:e3:
         e9:09:05:cf:09:e9:ce:37:75:cb:e9:df:f4:93:63:14:b1:72:
         65:60:a1:9a:02:33:7d:7e:e7:be:74:96:45:58:36:cc:1c:1e:
         fb:d6:a9:0c:c4:77:74:82:13:5e:7e:8f:0c:17:48:de:1e:bb:
         a7:d2:eb:85:80:31:c4:db:7e:b0:22:f7:a3:17:66:77:3a:62:
         e3:a7:38:74:af:45:dc:d9:ed:b6:27:41:c6:55:97:d1:e2:48:
         af:7a:47:94:4d:6b:78:ab:8c:ae:a8:db:99:81:8b:ef:0b:2c:
         21:09:ba:de:65:ef:eb:7c:57:c8:99:bc:c1:89:61:27:19:dd:
         45:3e:2e:d0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZyq/dOhC4AtfCHeUZcGxGzuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjYwMzAxMjAwMTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmQ2YWJhNWE4NWZhMmVmOTk3Y2M4OWU0OTNhZjUzNmZkN2QzYmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA860OuYpnWaeJByKjzDP572l+qEj8
AutiTNU7QpuZaDFGQFfKsMZ8CH0hK591jo/FaEMfP8N8ku/zu1hRoyoTYoTZ35zy
K9lONBeA7IB2HVZaxrsloczxMZB7g4XVOpfZSUCFCHhcKUOL9ZOWJwQBPM88Fu5Z
VJ8mHo0BalzMCvJtLmZQSaGhXRMonJf9UfarZh6ftDixvJwvr7awohGLTS+CMYI8
ESh1ZxcRUIQWgfmiZJ+2n3TCVLpO+GBg5BlWrpRDxxTuUHcXjpr5WabzHxhcbZYd
1Z5O8yUBXxcaIJ8lI2nNOprhhdJTG8WyKMB1jBtc9JpUqS2RYuQxZJP6rwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPLWq6WoX6LvmXzInkk69Tb9fTuxMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvOHRhcnBhaGZvdS1aZk1pZVNUcjFOdjE5TzdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcEKhK+xBmA
AwcEKhK+xB7AAwcEKhK+xB8gMA0GCSqGSIb3DQEBCwUAA4IBAQAir5UG14gsJ4U8
0Q4u6DnDmdvz5zpHK3TLlUTXwPxVrrGAkzoniIFLoSGKQK1O0cqU1XuOBsVNoqer
jWpNntyq9/GM4wXbh9fbOmGn84eA4lGMerbH+WpoAvEx33KTQN52WA7u+S43im06
CS2DCYT5UHCmwPIu8vxWRzhXQePpCQXPCenON3XL6d/0k2MUsXJlYKGaAjN9fue+
dJZFWDbMHB771qkMxHd0ghNefo8MF0jeHrun0uuFgDHE236wIvejF2Z3OmLjpzh0
r0Xc2e22J0HGVZfR4kivekeUTWt4q4yuqNuZgYvvCywhCbreZe/rfFfImbzBiWEn
Gd1FPi7Q
-----END CERTIFICATE-----