Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/0HR7OlgVsN6el8WaHefZC1bVuuI.roa
File:                     0HR7OlgVsN6el8WaHefZC1bVuuI.roa (raw, json)
Hash identifier:          l1VbbEivm6yxThSTyk7Djf67KfprrRMIJL+aTYhbs+I=
Subject key identifier:   D0:74:7B:3A:58:15:B0:DE:9E:97:C5:9A:1D:E7:D9:0B:56:D5:BA:E2
Certificate issuer:       /CN=40b97406244b4107262687db1b9642c3d9e8f843
Certificate serial:       019C81C1CC33BF756BDDABBDEE210654EC12
Authority key identifier: 40:B9:74:06:24:4B:41:07:26:26:87:DB:1B:96:42:C3:D9:E8:F8:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QLl0BiRLQQcmJofbG5ZCw9no-EM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/0HR7OlgVsN6el8WaHefZC1bVuuI.roa
Signing time:             Sat 21 Feb 2026 19:51:27 +0000
ROA not before:           Sat 21 Feb 2026 19:51:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216138
IP address blocks:        2a14:4600::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/QLl0BiRLQQcmJofbG5ZCw9no-EM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/QLl0BiRLQQcmJofbG5ZCw9no-EM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QLl0BiRLQQcmJofbG5ZCw9no-EM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 15:05:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:81:c1:cc:33:bf:75:6b:dd:ab:bd:ee:21:06:54:ec:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40b97406244b4107262687db1b9642c3d9e8f843
        Validity
            Not Before: Feb 21 19:51:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d0747b3a5815b0de9e97c59a1de7d90b56d5bae2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:f2:c6:88:29:10:18:24:73:f7:43:e7:01:d9:
                    22:f6:4e:76:fc:ac:95:10:53:dc:d4:c8:8f:9b:b6:
                    67:1c:ac:19:95:19:77:29:31:dd:c2:32:e0:5e:8e:
                    00:61:3b:9c:2b:3f:ca:c2:a1:9c:c0:53:dd:9d:d0:
                    27:0a:b6:93:d3:5c:53:a5:42:43:c4:84:4a:44:5b:
                    be:a4:a0:23:22:e2:49:7d:de:f7:07:cb:11:0f:04:
                    e2:df:2f:0f:dc:be:2a:db:5f:9f:b4:ac:86:5b:6f:
                    f9:08:2f:96:c3:95:c0:46:2a:69:f7:86:79:3b:5f:
                    15:4f:72:34:05:aa:71:b9:40:76:f5:ac:09:5f:17:
                    47:7a:07:32:7f:a4:9f:77:94:58:d1:c5:1d:31:53:
                    74:3e:25:ea:9f:77:b5:40:d9:fc:57:9b:fb:1e:18:
                    30:b2:9a:2c:f7:29:4d:d6:e5:18:db:b8:bd:65:06:
                    12:e0:e8:7c:fd:0b:a3:41:98:d2:70:b8:72:7b:e4:
                    8e:11:b2:3d:2b:2f:b0:66:ad:b7:46:66:15:61:f3:
                    0b:77:bb:3f:10:2d:e0:fe:b2:46:bf:52:91:2d:b1:
                    86:ca:da:37:af:69:74:24:06:de:18:38:6a:43:9c:
                    3a:33:5b:1d:2e:d5:4b:0b:47:9f:6e:9e:2e:ef:f7:
                    33:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:74:7B:3A:58:15:B0:DE:9E:97:C5:9A:1D:E7:D9:0B:56:D5:BA:E2
            X509v3 Authority Key Identifier:
                keyid:40:B9:74:06:24:4B:41:07:26:26:87:DB:1B:96:42:C3:D9:E8:F8:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QLl0BiRLQQcmJofbG5ZCw9no-EM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/0HR7OlgVsN6el8WaHefZC1bVuuI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/QLl0BiRLQQcmJofbG5ZCw9no-EM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4600::/29

    Signature Algorithm: sha256WithRSAEncryption
         85:b4:52:a4:5b:0a:5c:94:46:ab:3e:00:05:44:fb:da:d1:35:
         16:99:7a:01:ac:ce:43:42:09:96:91:4c:c2:2a:c0:d2:bd:b8:
         cf:db:2a:a0:d0:ad:5f:be:dc:d4:c8:9f:2d:8f:f7:c1:85:ba:
         2f:88:ca:9a:90:2f:da:f1:32:bf:48:fd:08:9f:19:4d:90:22:
         c5:0b:74:fd:8a:d2:d8:ad:7e:c2:be:fe:03:9c:71:a7:ea:c8:
         d6:70:22:c8:5a:ee:67:b7:cc:16:4d:41:09:a1:5c:cb:a6:7d:
         95:ac:6d:fb:9b:fd:e0:d8:a8:ed:7c:ae:30:97:33:94:d6:cb:
         ad:cc:bc:13:47:c5:57:81:af:a0:0b:30:ae:af:47:ba:6a:99:
         c7:3d:15:6c:d8:e2:98:8e:a3:d9:a2:87:45:9c:5a:96:a9:0e:
         04:db:a9:ba:c0:f8:99:3e:9e:7d:43:66:77:63:80:93:47:38:
         62:1b:cd:dd:8a:0f:46:f4:64:81:79:6b:dc:d5:a7:a6:b0:d4:
         c2:2e:05:da:48:ef:dd:0c:b6:f4:f7:84:c2:ca:38:2b:19:ec:
         f0:0e:be:dd:1a:ee:1c:d4:5d:de:75:33:85:77:f2:82:3b:60:
         07:fc:e3:6a:f9:c0:76:35:c6:f8:dc:f4:4f:56:16:d4:2b:6c:
         94:d8:39:d6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZyBwcwzv3Vr3au97iEGVOwSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwYjk3NDA2MjQ0YjQxMDcyNjI2ODdkYjFiOTY0MmMzZDll
OGY4NDMwHhcNMjYwMjIxMTk1MTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDc0N2IzYTU4MTViMGRlOWU5N2M1OWExZGU3ZDkwYjU2ZDViYWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/LGiCkQGCRz90PnAdki9k52/KyV
EFPc1MiPm7ZnHKwZlRl3KTHdwjLgXo4AYTucKz/KwqGcwFPdndAnCraT01xTpUJD
xIRKRFu+pKAjIuJJfd73B8sRDwTi3y8P3L4q21+ftKyGW2/5CC+Ww5XARipp94Z5
O18VT3I0BapxuUB29awJXxdHegcyf6Sfd5RY0cUdMVN0PiXqn3e1QNn8V5v7Hhgw
spos9ylN1uUY27i9ZQYS4Oh8/QujQZjScLhye+SOEbI9Ky+wZq23RmYVYfMLd7s/
EC3g/rJGv1KRLbGGyto3r2l0JAbeGDhqQ5w6M1sdLtVLC0efbp4u7/czTwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNB0ezpYFbDenpfFmh3n2QtW1briMB8GA1UdIwQY
MBaAFEC5dAYkS0EHJiaH2xuWQsPZ6PhDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUxsMEJpUkxRUWNtSm9mYkc1WkN3OW5vLUVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8wYjMyMWUtNzRlYS00MGIzLTg4YTct
YjE4ZDY3NTgzOTk0LzEvMEhSN09sZ1ZzTjZlbDhXYUhlZlpDMWJWdXVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8wYjMyMWUtNzRlYS00MGIzLTg4YTctYjE4ZDY3NTgzOTk0
LzEvUUxsMEJpUkxRUWNtSm9mYkc1WkN3OW5vLUVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRGADAN
BgkqhkiG9w0BAQsFAAOCAQEAhbRSpFsKXJRGqz4ABUT72tE1Fpl6AazOQ0IJlpFM
wirA0r24z9sqoNCtX77c1MifLY/3wYW6L4jKmpAv2vEyv0j9CJ8ZTZAixQt0/YrS
2K1+wr7+A5xxp+rI1nAiyFruZ7fMFk1BCaFcy6Z9laxt+5v94Nio7XyuMJczlNbL
rcy8E0fFV4GvoAswrq9HumqZxz0VbNjimI6j2aKHRZxalqkOBNupusD4mT6efUNm
d2OAk0c4YhvN3YoPRvRkgXlr3NWnprDUwi4F2kjv3Qy29PeEwso4Kxns8A6+3Rru
HNRd3nUzhXfygjtgB/zjavnAdjXG+Nz0T1YW1CtslNg51g==
-----END CERTIFICATE-----