Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/8FJGaZ8MbZPDXJ8q8JZarY-F95A.roa
File:                     8FJGaZ8MbZPDXJ8q8JZarY-F95A.roa (raw, json)
Hash identifier:          tFsnUzuCOPHEkB4f570fqaA0O4nTZQAQw1SUPG3ufxw=
Subject key identifier:   F0:52:46:69:9F:0C:6D:93:C3:5C:9F:2A:F0:96:5A:AD:8F:85:F7:90
Certificate issuer:       /CN=40b97406244b4107262687db1b9642c3d9e8f843
Certificate serial:       019C81C1CB25AA308CD83983F7F5F0535DBD
Authority key identifier: 40:B9:74:06:24:4B:41:07:26:26:87:DB:1B:96:42:C3:D9:E8:F8:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QLl0BiRLQQcmJofbG5ZCw9no-EM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/8FJGaZ8MbZPDXJ8q8JZarY-F95A.roa
Signing time:             Sat 21 Feb 2026 19:51:27 +0000
ROA not before:           Sat 21 Feb 2026 19:51:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197537
IP address blocks:        2a14:4600::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/QLl0BiRLQQcmJofbG5ZCw9no-EM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/QLl0BiRLQQcmJofbG5ZCw9no-EM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QLl0BiRLQQcmJofbG5ZCw9no-EM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 15:05:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:81:c1:cb:25:aa:30:8c:d8:39:83:f7:f5:f0:53:5d:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40b97406244b4107262687db1b9642c3d9e8f843
        Validity
            Not Before: Feb 21 19:51:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f05246699f0c6d93c35c9f2af0965aad8f85f790
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:6d:52:ba:38:e9:b9:c5:15:7b:b6:b8:39:97:
                    84:49:89:fb:76:64:8c:61:ad:0e:25:a9:09:7a:3c:
                    48:24:7d:aa:3f:73:d7:f9:c2:52:f6:3a:32:fa:70:
                    85:f5:ef:c8:15:af:26:a5:dd:95:3a:b9:18:05:83:
                    ad:2a:cc:b7:a1:03:64:fe:a6:e1:27:80:cd:cc:23:
                    24:1a:fb:e7:ac:d2:39:aa:6b:d1:63:28:ba:8c:84:
                    ca:90:94:0f:84:62:37:d6:9c:81:41:3c:3a:01:15:
                    0d:d2:d3:57:35:4f:7a:ba:4d:a9:a2:8f:a8:a6:f6:
                    d1:77:f9:a1:e2:bc:ce:aa:d6:39:fa:51:04:b2:ed:
                    0d:22:46:71:2e:6f:9b:5c:52:80:94:54:f7:4c:63:
                    59:01:6e:67:63:e1:e8:65:91:1c:0b:5e:95:13:d9:
                    e7:a8:d3:e9:28:fd:86:c6:c5:e7:61:fc:a9:d4:d8:
                    97:ea:fa:ea:7f:ae:49:35:8b:76:32:1a:be:da:73:
                    40:f1:77:b4:26:eb:1d:c3:fd:3d:47:d1:9b:ac:cb:
                    e1:66:57:43:21:bb:40:d3:1d:90:09:27:24:df:dd:
                    a0:6b:e1:8d:5b:a8:f9:b0:cb:09:71:86:e4:f4:92:
                    25:e2:7a:8b:6f:98:ed:2c:4e:67:2f:66:20:26:c7:
                    8b:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:52:46:69:9F:0C:6D:93:C3:5C:9F:2A:F0:96:5A:AD:8F:85:F7:90
            X509v3 Authority Key Identifier:
                keyid:40:B9:74:06:24:4B:41:07:26:26:87:DB:1B:96:42:C3:D9:E8:F8:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QLl0BiRLQQcmJofbG5ZCw9no-EM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/8FJGaZ8MbZPDXJ8q8JZarY-F95A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/QLl0BiRLQQcmJofbG5ZCw9no-EM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4600::/29

    Signature Algorithm: sha256WithRSAEncryption
         80:b0:bc:c7:c1:d9:39:ac:d1:f9:b2:3b:44:83:d0:9b:40:04:
         73:f0:7c:68:7c:89:44:e2:00:40:6b:43:51:f2:09:95:35:01:
         16:7e:0f:40:45:43:68:88:53:25:fa:d5:17:77:c4:a9:cb:6b:
         51:c3:f3:12:da:9c:cf:5c:b2:f7:07:80:79:f6:4a:1f:d4:ac:
         06:9e:d2:d4:98:68:dc:0c:7b:31:32:da:ef:95:fa:f9:e1:92:
         2e:a0:6c:0a:c2:87:f0:c4:bf:0e:48:6f:cd:ed:f7:85:57:6b:
         1f:00:0d:ed:7e:6f:1f:20:78:07:23:15:fe:18:bf:53:34:21:
         5e:0a:f3:58:2a:63:2d:83:e8:fe:21:c3:9f:12:4c:b0:65:14:
         e8:0f:86:df:ed:f5:51:25:34:06:ae:b9:12:46:57:63:b5:6f:
         a3:b8:a1:bf:67:55:63:37:77:c5:23:3d:be:13:ca:20:bf:97:
         f8:9d:0b:1f:6d:e7:5b:33:07:6c:0b:1e:28:68:20:12:f7:50:
         3e:c5:ee:c3:c3:d7:74:a4:61:30:72:07:a2:44:60:3b:2b:a7:
         84:98:46:1b:a6:ec:d7:75:ab:ea:4d:48:fd:96:c5:2b:a7:97:
         56:2c:fc:12:9b:c3:45:20:6c:b9:dd:98:ba:26:91:21:ea:c1:
         b6:c4:69:e1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZyBwcslqjCM2DmD9/XwU129MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwYjk3NDA2MjQ0YjQxMDcyNjI2ODdkYjFiOTY0MmMzZDll
OGY4NDMwHhcNMjYwMjIxMTk1MTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDUyNDY2OTlmMGM2ZDkzYzM1YzlmMmFmMDk2NWFhZDhmODVmNzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3G1SujjpucUVe7a4OZeESYn7dmSM
Ya0OJakJejxIJH2qP3PX+cJS9joy+nCF9e/IFa8mpd2VOrkYBYOtKsy3oQNk/qbh
J4DNzCMkGvvnrNI5qmvRYyi6jITKkJQPhGI31pyBQTw6ARUN0tNXNU96uk2poo+o
pvbRd/mh4rzOqtY5+lEEsu0NIkZxLm+bXFKAlFT3TGNZAW5nY+HoZZEcC16VE9nn
qNPpKP2GxsXnYfyp1NiX6vrqf65JNYt2Mhq+2nNA8Xe0Jusdw/09R9GbrMvhZldD
IbtA0x2QCSck392ga+GNW6j5sMsJcYbk9JIl4nqLb5jtLE5nL2YgJseLNQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPBSRmmfDG2Tw1yfKvCWWq2PhfeQMB8GA1UdIwQY
MBaAFEC5dAYkS0EHJiaH2xuWQsPZ6PhDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUxsMEJpUkxRUWNtSm9mYkc1WkN3OW5vLUVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8wYjMyMWUtNzRlYS00MGIzLTg4YTct
YjE4ZDY3NTgzOTk0LzEvOEZKR2FaOE1iWlBEWEo4cThKWmFyWS1GOTVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8wYjMyMWUtNzRlYS00MGIzLTg4YTctYjE4ZDY3NTgzOTk0
LzEvUUxsMEJpUkxRUWNtSm9mYkc1WkN3OW5vLUVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRGADAN
BgkqhkiG9w0BAQsFAAOCAQEAgLC8x8HZOazR+bI7RIPQm0AEc/B8aHyJROIAQGtD
UfIJlTUBFn4PQEVDaIhTJfrVF3fEqctrUcPzEtqcz1yy9weAefZKH9SsBp7S1Jho
3Ax7MTLa75X6+eGSLqBsCsKH8MS/Dkhvze33hVdrHwAN7X5vHyB4ByMV/hi/UzQh
XgrzWCpjLYPo/iHDnxJMsGUU6A+G3+31USU0Bq65EkZXY7Vvo7ihv2dVYzd3xSM9
vhPKIL+X+J0LH23nWzMHbAseKGggEvdQPsXuw8PXdKRhMHIHokRgOyunhJhGG6bs
13Wr6k1I/ZbFK6eXViz8EpvDRSBsud2YuiaRIerBtsRp4Q==
-----END CERTIFICATE-----